From fa666cd02657894c7f987acf2e04287288fc7781 Mon Sep 17 00:00:00 2001
From: Kevin Reeuwijk <kevin.reeuwijk@spectrocloud.com>
Date: Mon, 8 Sep 2025 14:25:20 +0200
Subject: [PATCH 1/3] Kubeflow and OAuth2 Proxy

---
 packs/kubeflow-1.9.1/README.md                |    10 +
 packs/kubeflow-1.9.1/charts/kserve-0.13.0.tgz |   Bin 0 -> 46987 bytes
 .../kubeflow-1.9.1/charts/kserve/.helmignore  |    23 +
 packs/kubeflow-1.9.1/charts/kserve/Chart.yaml |    24 +
 .../charts/kserve/crds/kserve.yaml            | 21920 ++++++++++++++++
 .../charts/kserve/values_lint.yaml            |     0
 .../kubeflow-1.9.1/charts/kubeflow-0.5.1.tgz  |   Bin 0 -> 81408 bytes
 .../charts/kubeflow/.helmignore               |    23 +
 .../kubeflow-1.9.1/charts/kubeflow/Chart.yaml |    27 +
 .../pipelines-profile-controller/sync.py      |   425 +
 .../mlpipeline-minio-artifact.txt             |    12 +
 ...e-accesskey-secretaccesskey-secret-ref.txt |     3 +
 .../charts/kubeflow/templates/_NOTES.txt      |    22 +
 .../kubeflow/templates/_deployment.yaml       |    61 +
 .../kubeflow/templates/_helpers/_helpers.tpl  |   398 +
 .../_helpers/kubeflow.admissionWebhook.tpl    |   301 +
 .../_helpers/kubeflow.centraldashboard.tpl    |   221 +
 .../_helpers/kubeflow.dexIntegration.tpl      |    61 +
 .../kubeflow.istio.authorizationPolicy.tpl    |    14 +
 .../_helpers/kubeflow.istioIntegration.tpl    |   133 +
 .../_helpers/kubeflow.katib.controller.tpl    |   332 +
 .../_helpers/kubeflow.katib.dbmanager.tpl     |   358 +
 .../templates/_helpers/kubeflow.katib.tpl     |   265 +
 .../templates/_helpers/kubeflow.katib.ui.tpl  |   277 +
 .../_helpers/kubeflow.knativeIntegration.tpl  |    43 +
 .../_helpers/kubeflow.kserveModelsWebApp.tpl  |   125 +
 .../_helpers/kubeflow.kubeflowRoles.tpl       |   121 +
 .../_helpers/kubeflow.modelRegistry.tpl       |   269 +
 .../_helpers/kubeflow.networkPolicies.tpl     |    31 +
 .../kubeflow.notebooks.controller.tpl         |   272 +
 .../kubeflow.notebooks.jupyterWebApp.tpl      |   241 +
 ...kubeflow.notebooks.pvcviewerController.tpl |   368 +
 .../templates/_helpers/kubeflow.notebooks.tpl |   126 +
 .../kubeflow.notebooks.volumesWebApp.tpl      |   229 +
 .../kubeflow.oauth2ProxyIntegration.tpl       |     6 +
 .../kubeflow.pipelines.cache.config.tpl       |   108 +
 .../_helpers/kubeflow.pipelines.cache.tpl     |   252 +
 .../kubeflow.pipelines.metadataEnvoy.tpl      |   197 +
 ...ow.pipelines.metadataGrpcServer.config.tpl |    76 +
 .../kubeflow.pipelines.metadataGrpcServer.tpl |   209 +
 .../kubeflow.pipelines.metadataWriter.tpl     |   204 +
 .../kubeflow.pipelines.mlPipeline.config.tpl  |   243 +
 .../kubeflow.pipelines.mlPipeline.tpl         |   220 +
 .../kubeflow.pipelines.persistenceAgent.tpl   |   208 +
 ...low.pipelines.profileController.config.tpl |    51 +
 .../kubeflow.pipelines.profileController.tpl  |   227 +
 .../kubeflow.pipelines.scheduledWorkflow.tpl  |   209 +
 .../templates/_helpers/kubeflow.pipelines.tpl |   150 +
 .../_helpers/kubeflow.pipelines.ui.config.tpl |    51 +
 .../_helpers/kubeflow.pipelines.ui.tpl        |   233 +
 .../_helpers/kubeflow.pipelines.viewerCrd.tpl |   209 +
 .../kubeflow.pipelines.visualization.tpl      |   213 +
 .../_helpers/kubeflow.profilesController.tpl  |   205 +
 .../kubeflow.tensorboard.controller.tpl       |   314 +
 ...ubeflow.tensorboard.tensorboardsWebApp.tpl |   220 +
 .../_helpers/kubeflow.tensorboard.tpl         |   126 +
 .../_helpers/kubeflow.trainingOperator.tpl    |   234 +
 .../templates/_helpers/validation.tpl         |    51 +
 .../charts/kubeflow/templates/_hpa.yaml       |    28 +
 .../charts/kubeflow/templates/_ingress.yaml   |    61 +
 .../charts/kubeflow/templates/_service.yaml   |    15 +
 .../kubeflow/templates/_serviceaccount.yaml   |    12 +
 .../certmanager.certificate.yaml              |    23 +
 .../admission-webhook/certmanager.issuer.yaml |    13 +
 .../cluster-role-binding.yaml                 |    18 +
 .../admission-webhook/clusterrole.main.yaml   |    23 +
 .../admission-webhook/clusterroles.user.yaml  |    52 +
 .../admission-webhook/deployment.yaml         |    88 +
 .../templates/admission-webhook/hpa.yaml      |    36 +
 .../admission-webhook/mutatingwebhook.yaml    |    42 +
 .../poddisruptionbudget.yaml                  |    18 +
 .../admission-webhook/service-account.yaml    |    15 +
 .../templates/admission-webhook/service.yaml  |    24 +
 .../authorizationpolicy.extAuthz.yaml         |    41 +
 .../centraldashboard/authorizationpolicy.yaml |    20 +
 .../centraldashboard/clusterrole-binding.yaml |    18 +
 .../centraldashboard/clusterrole.yaml         |    21 +
 .../configmap.centraldashboard-config.yaml    |    18 +
 .../centraldashboard/deployment.yaml          |    99 +
 .../templates/centraldashboard/hpa.yaml       |    36 +
 .../centraldashboard/poddisruptionbudget.yaml |    18 +
 .../centraldashboard/role-binding.yaml        |    19 +
 .../templates/centraldashboard/role.yaml      |    31 +
 .../centraldashboard/service-account.yaml     |    15 +
 .../templates/centraldashboard/service.yaml   |    25 +
 .../centraldashboard/virtual-service.yaml     |    27 +
 .../dex-integration/virtualservice.yaml       |    29 +
 .../cluster-jwks-proxy/deployment.yaml        |    55 +
 .../cluster-jwks-proxy/service-account.yaml   |     9 +
 .../cluster-jwks-proxy/service.yaml           |    16 +
 .../istio-integration/cluster-roles.yaml      |    60 +
 .../templates/istio-integration/gateway.yaml  |    16 +
 .../authorizationpolicy.jwt-require.yaml      |    41 +
 .../authorizationpolicy.oauth2-proxy.yaml     |    48 +
 .../requestauthentication.user-auth.yaml      |    26 +
 .../istio-m2m/requestauthentication.m2m.yaml  |    29 +
 .../controller/certmanager.certificate.yaml   |    22 +
 .../katib/controller/certmanager.issuer.yaml  |    12 +
 .../controller/configmap.katib-config.yaml    |    17 +
 .../katib/controller/deployment.yaml          |    80 +
 .../katib/controller/rbac/clusterrole.yaml    |   133 +
 .../controller/rbac/clusterrolebinding.yaml   |    18 +
 .../katib/controller/rbac/serviceaccount.yaml |    18 +
 .../templates/katib/controller/service.yaml   |    30 +
 .../katib/controller/trial-templates.yaml     |    80 +
 .../katib/controller/webhook.mutating.yaml    |    67 +
 .../katib/controller/webhook.validating.yaml  |    36 +
 .../katib/db-manager/deployment.yaml          |    56 +
 .../templates/katib/db-manager/service.yaml   |    24 +
 .../katib/ui/authorizationpolicy.yaml         |    22 +
 .../templates/katib/ui/deployment.yaml        |    52 +
 .../templates/katib/ui/rbac/clusterrole.yaml  |    44 +
 .../katib/ui/rbac/clusterrolebinding.yaml     |    18 +
 .../katib/ui/rbac/serviceaccount.yaml         |    16 +
 .../kubeflow/templates/katib/ui/service.yaml  |    25 +
 .../templates/katib/ui/virtualservice.yaml    |    38 +
 .../clusterrole.kubeflow-katib-admin.yaml     |    11 +
 .../clusterrole.kubeflow-katib-edit.yaml      |    35 +
 .../clusterrole.kubeflow-katib-view.yaml      |    17 +
 .../istio.authrizationpolicies.yaml           |    41 +
 .../istio.destinationrules.yaml               |    16 +
 .../operator.knative.eventing.yaml            |    11 +
 .../operator.knative.serving.yaml             |    10 +
 .../authorizationpolicy.yaml                  |    21 +
 .../cluster-role-binding.yaml                 |    18 +
 .../kserve-models-web-app/cluster-role.yaml   |    55 +
 .../templates/kserve-models-web-app/cm.yaml   |    15 +
 .../kserve-models-web-app/deployment.yaml     |    79 +
 .../service-account.yaml                      |    15 +
 .../kserve-models-web-app/service.yaml        |    24 +
 .../virtual-service.yaml                      |    25 +
 .../kubeflow-pipelines-roles.yaml             |   146 +
 .../kubeflow-roles/kubeflow-roles.yaml        |    43 +
 .../kubeflow-roles/kubernetes-roles.yaml      |   296 +
 .../model-registry/authorizationpolicy.yaml   |    18 +
 .../kubeflow/templates/model-registry/cm.yaml |    16 +
 .../templates/model-registry/deployment.yaml  |   156 +
 .../model-registry/destinationrule.yaml       |    16 +
 .../templates/model-registry/hpa.yaml         |    36 +
 .../model-registry/poddisruptionbudget.yaml   |    18 +
 .../templates/model-registry/service.yaml     |    29 +
 .../model-registry/serviceaccount.yaml        |    15 +
 .../model-registry/virtualservice.yaml        |    36 +
 .../networkpolicies/admission-webhook.yaml    |    30 +
 .../networkpolicies/centraldashboard.yaml     |    29 +
 .../default-allow-same-namespace.yaml         |    18 +
 .../networkpolicies/katib-controller.yaml     |    33 +
 .../networkpolicies/katib-db-manager.yaml     |    34 +
 .../templates/networkpolicies/katib-ui.yaml   |    32 +
 .../kserve-models-web-app.yaml                |    28 +
 .../ml-pipeline-apiserver.yaml                |    38 +
 .../networkpolicies/ml-pipeline-cache.yaml    |    30 +
 .../ml-pipeline-metadata-envoy.yaml           |    33 +
 .../ml-pipeline-metadata-grpc-server.yaml     |    33 +
 .../networkpolicies/ml-pipeline-ui.yaml       |    32 +
 .../networkpolicies/model-registry.yaml       |    39 +
 .../notebooks-jupyter-web-app.yaml            |    33 +
 .../networkpolicies/notebooks-pvcviewer.yaml  |    30 +
 .../notebooks-volumes-web-app.yaml            |    33 +
 .../networkpolicies/tensorboards-web-app.yaml |    35 +
 .../training-operator-webhook.yaml            |    26 +
 .../notebooks/controller/deployment.yaml      |    71 +
 .../controller/rbac/clusterrole.main.yaml     |    55 +
 .../rbac/clusterrolebinding.main.yaml         |    18 +
 .../controller/rbac/clusterroles.user.yaml    |    62 +
 .../controller/rbac/role.leader-election.yaml |    38 +
 .../rbac/rolebinding.leader-election.yaml     |    19 +
 .../controller/rbac/serviceaccount.yaml       |    15 +
 .../notebooks/controller/service.yaml         |    22 +
 .../notebooks/jupyter-web-app/NOTES.txt       |     1 +
 .../authorizationpolicy.extAuth.yaml          |    29 +
 .../jupyter-web-app/authorizationpolicy.yaml  |    20 +
 .../jupyter-web-app/cluster-role-binding.yaml |    18 +
 .../jupyter-web-app/cluster-role.yaml         |   123 +
 .../notebooks/jupyter-web-app/cm.logos.yaml   |   229 +
 .../jupyter-web-app/cm.spawner-ui.yaml        |    15 +
 .../notebooks/jupyter-web-app/deployment.yaml |   100 +
 .../jupyter-web-app/destination-rule.yaml     |    16 +
 .../notebooks/jupyter-web-app/hpa.yaml        |    36 +
 .../jupyter-web-app/poddisruptionbudget.yaml  |    18 +
 .../jupyter-web-app/service-account.yaml      |    15 +
 .../notebooks/jupyter-web-app/service.yaml    |    25 +
 .../jupyter-web-app/virtual-service.yaml      |    31 +
 .../certmanager.certificate.yaml              |    21 +
 .../certmanager.issuer.yaml                   |    13 +
 .../pvcviewer-controller/deployment.yaml      |   144 +
 .../rbac/clusterrole.manager.yaml             |    83 +
 .../rbac/clusterrole.metrics-reader.yaml      |    15 +
 .../rbac/clusterrole.proxy.yaml               |    23 +
 .../rbac/clusterrolebinding.manager.yaml      |    18 +
 .../rbac/clusterrolebinding.proxy.yaml        |    18 +
 .../rbac/role.leader-election.yaml            |    43 +
 .../rbac/rolebinding.leader-election.yaml     |    19 +
 .../rbac/volumesviewer_editor_role.yaml       |    36 +
 .../rbac/volumesviewer_viewer_role.yaml       |    32 +
 .../service.kube-rbac-proxy.yaml              |    25 +
 .../pvcviewer-controller/service.manager.yaml |    24 +
 .../pvcviewer-controller/serviceaccount.yaml  |    15 +
 .../webhook/mutating.yaml                     |    38 +
 .../webhook/validating.yaml                   |    38 +
 .../authorizationpolicy.extAuth.yaml          |    29 +
 .../volumes-web-app/authorizationpolicy.yaml  |    20 +
 .../volumes-web-app/cluster-role-binding.yaml |    18 +
 .../volumes-web-app/cluster-role.yaml         |   143 +
 .../notebooks/volumes-web-app/cm.yaml         |    59 +
 .../notebooks/volumes-web-app/deployment.yaml |    94 +
 .../volumes-web-app/destination-rule.yaml     |    16 +
 .../notebooks/volumes-web-app/hpa.yaml        |    36 +
 .../volumes-web-app/poddisruptionbudget.yaml  |    18 +
 .../volumes-web-app/service-account.yaml      |    15 +
 .../notebooks/volumes-web-app/service.yaml    |    25 +
 .../volumes-web-app/virtual-service.yaml      |    31 +
 .../virtualservice.yaml                       |    23 +
 .../kubeflow/templates/pipelines/_notes.txt   |     5 +
 .../pipelines/cache/authorizationpolicy.yaml  |    17 +
 .../cache/certmanager.certificate.yaml        |    23 +
 .../pipelines/cache/certmanager.issuer.yaml   |    13 +
 .../templates/pipelines/cache/deployment.yaml |   127 +
 .../pipelines/cache/mutatingwebhook.yaml      |    36 +
 .../pipelines/cache/role-or-clusterrole.yaml  |    57 +
 .../rolebinding-or-clusterrolebinding.yaml    |    22 +
 .../templates/pipelines/cache/sa.yaml         |    15 +
 .../templates/pipelines/cache/service.yaml    |    47 +
 .../apiserver/authorizationpolicy.yaml        |    41 +
 .../ml-pipeline/apiserver/deployment.yaml     |   162 +
 .../apiserver/destinationrule.yaml            |    16 +
 .../apiserver/role-or-clusterrole.yaml        |    85 +
 .../rolebinding-or-clusterrolebinding.yaml    |    19 +
 .../pipelines/ml-pipeline/apiserver/sa.yaml   |    15 +
 .../ml-pipeline/apiserver/service.yaml        |    32 +
 .../metadata-envoy/deployment.yaml            |    76 +
 .../ml-pipeline/metadata-envoy/sa.yaml        |    15 +
 .../ml-pipeline/metadata-envoy/service.yaml   |    41 +
 .../authorizationpolicy.yaml                  |    18 +
 .../metadata-grpc-server/deployment.yaml      |   103 +
 .../metadata-grpc-server/destinationrule.yaml |    16 +
 .../ml-pipeline/metadata-grpc-server/sa.yaml  |    15 +
 .../metadata-grpc-server/service.yaml         |    55 +
 .../metadata-grpc-server/virtualservice.yaml  |    28 +
 .../metadata-writer/deployment.yaml           |    84 +
 .../metadata-writer/role-or-clusterrole.yaml  |    38 +
 .../rolebinding-or-clusterrolebinding.yaml    |    19 +
 .../ml-pipeline/metadata-writer/sa.yaml       |    15 +
 .../persistenceagent/deployment.yaml          |   100 +
 .../persistenceagent/role-or-clusterrole.yaml |    42 +
 .../rolebinding-or-clusterrolebinding.yaml    |    19 +
 .../ml-pipeline/persistenceagent/sa.yaml      |    15 +
 .../scheduledworkflow/deployment.yaml         |    87 +
 .../role-or-clusterrole.yaml                  |    44 +
 .../rolebinding-or-clusterrolebinding.yaml    |    19 +
 .../ml-pipeline/scheduledworkflow/sa.yaml     |    15 +
 .../secret.mlpipeline-minio-artifact.yaml     |    27 +
 .../ui/authorizationpolicy.extAuth.yaml       |    27 +
 .../ml-pipeline/ui/authorizationpolicy.yaml   |    30 +
 .../pipelines/ml-pipeline/ui/configmap.yaml   |    18 +
 .../pipelines/ml-pipeline/ui/deployment.yaml  |   147 +
 .../ml-pipeline/ui/destinationrule.yaml       |    16 +
 .../ml-pipeline/ui/role-or-clusterrole.yaml   |    49 +
 .../ui/rolebinding-or-clusterrolebinding.yaml |    19 +
 .../pipelines/ml-pipeline/ui/sa.yaml          |    15 +
 .../pipelines/ml-pipeline/ui/service.yaml     |    25 +
 .../ml-pipeline/ui/virtualservice.yaml        |    28 +
 .../ml-pipeline/viewer-crd/deployment.yaml    |    85 +
 .../viewer-crd/role-or-clusterrole.yaml       |    38 +
 .../rolebinding-or-clusterrolebinding.yaml    |    19 +
 .../pipelines/ml-pipeline/viewer-crd/sa.yaml  |    15 +
 .../visualization/authorizationpolicy.yaml    |    25 +
 .../ml-pipeline/visualization/deployment.yaml |   101 +
 .../visualization/destinationrule.yaml        |    16 +
 .../ml-pipeline/visualization/sa.yaml         |    15 +
 .../ml-pipeline/visualization/service.yaml    |    25 +
 .../profile-controller/configmap.yaml         |    14 +
 .../decorator-controller.yaml                 |    50 +
 .../profile-controller/deployment.yaml        |   119 +
 .../pipelines/profile-controller/service.yaml |    21 +
 .../rbac/clusterrole.cache-deployer.yaml      |    45 +
 .../clusterrolebinding.cache-deployer.yaml    |    24 +
 .../pipelines/rbac/sa.cache-deployer.yaml     |    17 +
 .../kubeflow/templates/pipelines/rbac/sa.yaml |     5 +
 .../authorizationpolicy.yaml                  |    25 +
 .../configmap.namespace-labels.yaml           |    20 +
 .../profiles-controller/deployment.yaml       |   134 +
 .../rbac/clusterrolebinding.main.yaml         |    18 +
 .../rbac/profile_editor_role.yaml             |    29 +
 .../rbac/profile_viewer_role.yaml             |    25 +
 .../rbac/role.leader-election.yaml            |    37 +
 .../profiles-controller/rbac/role.yaml        |    44 +
 .../rbac/rolebinding.leader-election.yaml     |    18 +
 .../rbac/serviceaccount.yaml                  |    15 +
 .../profiles-controller/service.yaml          |    22 +
 .../profiles-controller/virtualservice.yaml   |    31 +
 .../tensorboard/controller/deployment.yaml    |   139 +
 .../controller/rbac/clusterrole.manager.yaml  |    83 +
 .../rbac/clusterrole.metrics-reader.yaml      |    15 +
 .../controller/rbac/clusterrole.proxy.yaml    |    23 +
 .../rbac/clusterrolebinding.manager.yaml      |    18 +
 .../rbac/clusterrolebinding.proxy.yaml        |    18 +
 .../controller/rbac/role.leader-election.yaml |    43 +
 .../rbac/rolebinding.leader-election.yaml     |    19 +
 ...ce.controller-manager-metrics-service.yaml |    28 +
 .../controller/serviceaccount.yaml            |    15 +
 .../authorizationpolicy.extAuth.yaml          |    29 +
 .../authorizationpolicy.yaml                  |    20 +
 .../cluster-role-binding.yaml                 |    18 +
 .../tensorboards-web-app/cluster-role.yaml    |   134 +
 .../tensorboards-web-app/deployment.yaml      |    84 +
 .../destination-rule.yaml                     |    16 +
 .../tensorboard/tensorboards-web-app/hpa.yaml |    36 +
 .../poddisruptionbudget.yaml                  |    18 +
 .../tensorboards-web-app/service-account.yaml |    15 +
 .../tensorboards-web-app/service.yaml         |    25 +
 .../tensorboards-web-app/virtual-service.yaml |    31 +
 .../templates/tests/_test-connection.yaml     |    15 +
 .../cluster-role-binding.yaml                 |    18 +
 .../training-operator/clusterrole.main.yaml   |   297 +
 .../training-operator/clusterroles.user.yaml  |   109 +
 .../training-operator/deployment.yaml         |   122 +
 .../templates/training-operator/hpa.yaml      |    36 +
 .../poddisruptionbudget.yaml                  |    18 +
 .../secret.webhook-cert.yaml                  |    13 +
 .../training-operator/service-account.yaml    |    15 +
 .../templates/training-operator/service.yaml  |    28 +
 .../validatingwebhookconfiguration.yaml       |   110 +
 .../charts/kubeflow/values_lint.yaml          |  2057 ++
 .../charts/metacontroller-4.11.22.tgz         |   Bin 0 -> 4115 bytes
 .../charts/metacontroller/.helmignore         |    23 +
 .../charts/metacontroller/Chart.yaml          |    24 +
 .../metacontroller/crds/controllers.yaml      |   827 +
 .../metacontroller/templates/clusterrole.yaml |    32 +
 .../templates/clusterrolebinding.yaml         |    12 +
 .../templates/serviceaccount.yaml             |     4 +
 .../metacontroller/templates/statefulset.yaml |    54 +
 .../charts/metacontroller/values_lint.yaml    |     0
 packs/kubeflow-1.9.1/charts/profile-0.1.0.tgz |   Bin 0 -> 2043 bytes
 .../kubeflow-1.9.1/charts/profile/.helmignore |    23 +
 .../kubeflow-1.9.1/charts/profile/Chart.yaml  |    24 +
 .../charts/profile/templates/_helpers.tpl     |    51 +
 .../authorizationpolicy.contributor.yaml      |    28 +
 .../authorizationpolicy.ext-auth.yaml         |    20 +
 .../charts/profile/templates/profile.yaml     |    21 +
 .../templates/rolebinding.contributor.yaml    |    26 +
 .../charts/profile/values_lint.yaml           |    28 +
 packs/kubeflow-1.9.1/logo.png                 |   Bin 0 -> 54864 bytes
 packs/kubeflow-1.9.1/pack.json                |    20 +
 packs/kubeflow-1.9.1/values.yaml              |  2097 ++
 packs/kubeflow-crds-1.9.1/README.md           |    10 +
 .../charts/kubeflow-crds-0.4.1.tgz            |   Bin 0 -> 362188 bytes
 .../charts/kubeflow-crds/.helmignore          |    23 +
 .../charts/kubeflow-crds/Chart.yaml           |    27 +
 .../templates/_helpers/_helpers.tpl           |   107 +
 .../kubeflowCrds.admissionWebhook.tpl         |    50 +
 .../kubeflowCrds.katib.controller.tpl         |    80 +
 .../templates/_helpers/kubeflowCrds.katib.tpl |    36 +
 .../kubeflowCrds.notebooks.controller.tpl     |    60 +
 ...flowCrds.notebooks.pvcviewerController.tpl |    67 +
 .../_helpers/kubeflowCrds.notebooks.tpl       |    34 +
 ...beflowCrds.pipelines.scheduledWorkflow.tpl |    55 +
 .../_helpers/kubeflowCrds.pipelines.tpl       |    34 +
 .../kubeflowCrds.pipelines.viewerCrd.tpl      |    55 +
 .../kubeflowCrds.profilesController.tpl       |    50 +
 .../kubeflowCrds.tensorboard.controller.tpl   |    56 +
 .../_helpers/kubeflowCrds.tensorboard.tpl     |    34 +
 .../kubeflowCrds.trainingOperator.tpl         |   110 +
 .../templates/admission-webhook/crd.yaml      |  2102 ++
 .../templates/katib/experiment.yaml           |    42 +
 .../templates/katib/suggestion.yaml           |    48 +
 .../kubeflow-crds/templates/katib/trial.yaml  |    42 +
 .../notebooks/kubeflow.org_notebooks.yaml     |  9513 +++++++
 .../pipeline/scheduled-workflow-crd.yaml      |    45 +
 .../templates/pipeline/viewer-crd.yaml        |    40 +
 .../profiles/kubeflow.org_profiles.yaml       |   696 +
 .../kubeflow.org_pvcviewers.yaml              |  3492 +++
 ...tensorboard.kubeflow.org_tensorboards.yaml |    91 +
 .../kubeflow.org_mpijobs.yaml                 |  7547 ++++++
 .../kubeflow.org_mxjobs.yaml                  |  7544 ++++++
 .../kubeflow.org_paddlejobs.yaml              |  8031 ++++++
 .../kubeflow.org_pytorchjobs.yaml             |  8068 ++++++
 .../kubeflow.org_tfjobs.yaml                  |  7546 ++++++
 .../kubeflow.org_xgboostjobs.yaml             |  7528 ++++++
 .../charts/kubeflow-crds/values.yaml          |    47 +
 packs/kubeflow-crds-1.9.1/logo.png            |   Bin 0 -> 54864 bytes
 packs/kubeflow-crds-1.9.1/pack.json           |    17 +
 packs/kubeflow-crds-1.9.1/values.yaml         |    52 +
 packs/oauth2-proxy-8.2.0/README.md            |   380 +
 .../charts/oauth2-proxy-8.2.0.tgz             |   Bin 0 -> 60874 bytes
 .../charts/oauth2-proxy/.helmignore           |    23 +
 .../charts/oauth2-proxy/Chart.lock            |     6 +
 .../charts/oauth2-proxy/Chart.yaml            |    39 +
 .../charts/oauth2-proxy/README.md             |   380 +
 .../oauth2-proxy/charts/redis-ha/.helmignore  |    25 +
 .../oauth2-proxy/charts/redis-ha/Chart.yaml   |    19 +
 .../oauth2-proxy/charts/redis-ha/README.md    |   485 +
 .../charts/redis-ha/templates/NOTES.txt       |    25 +
 .../charts/redis-ha/templates/_configs.tpl    |   730 +
 .../charts/redis-ha/templates/_helpers.tpl    |   130 +
 .../redis-ha/templates/redis-auth-secret.yaml |    15 +
 .../templates/redis-ha-announce-service.yaml  |    64 +
 .../templates/redis-ha-configmap.yaml         |    37 +
 .../redis-ha-exporter-script-configmap.yaml   |    14 +
 .../templates/redis-ha-health-configmap.yaml  |    20 +
 .../templates/redis-ha-network-policy.yaml    |    80 +
 .../redis-ha/templates/redis-ha-pdb.yaml      |    18 +
 .../templates/redis-ha-prometheus-rule.yaml   |    19 +
 .../redis-ha/templates/redis-ha-role.yaml     |    19 +
 .../templates/redis-ha-rolebinding.yaml       |    19 +
 .../redis-ha/templates/redis-ha-secret.yaml   |    32 +
 .../redis-ha/templates/redis-ha-service.yaml  |    57 +
 .../templates/redis-ha-serviceaccount.yaml    |    31 +
 .../templates/redis-ha-servicemonitor.yaml    |    39 +
 .../templates/redis-ha-statefulset.yaml       |   668 +
 .../templates/redis-haproxy-deployment.yaml   |   202 +
 .../redis-haproxy-network-policy.yaml         |    74 +
 .../redis-ha/templates/redis-haproxy-pdb.yaml |    18 +
 .../templates/redis-haproxy-role.yaml         |    22 +
 .../templates/redis-haproxy-rolebinding.yaml  |    22 +
 .../templates/redis-haproxy-service.yaml      |    60 +
 .../redis-haproxy-serviceaccount.yaml         |    15 +
 .../redis-haproxy-servicemonitor.yaml         |    39 +
 .../redis-ha/templates/redis-tls-secret.yaml  |    27 +
 .../templates/sentinel-auth-secret.yaml       |    15 +
 .../tests/test-redis-ha-configmap.yaml        |    32 +
 .../templates/tests/test-redis-ha-pod.yaml    |    29 +
 .../oauth2-proxy/charts/redis-ha/values.yaml  |  1010 +
 .../oauth2-proxy/ci/default-values.yaml       |     1 +
 .../ci/extra-args-as-dict-values.yaml         |     4 +
 .../ci/extra-args-as-list-values.yaml         |     5 +
 .../oauth2-proxy/ci/extra-env-tpl-values.yaml |     6 +
 .../oauth2-proxy/ci/extra-init-container.yaml |     7 +
 .../ci/horizontal-pod-autoscaling-values.yaml |     5 +
 .../ci/ingress-extra-paths-values.yaml        |    14 +
 .../charts/oauth2-proxy/ci/pdb-values.yaml    |     1 +
 .../ci/pod-security-context-values.yaml       |     4 +
 .../ci/redis-sentinel-array-values.yaml       |    34 +
 .../ci/redis-sentinel-comma-values.yaml       |    32 +
 .../ci/redis-standalone-values.yaml           |    65 +
 .../ci/servicemonitor-values.yaml             |    18 +
 .../charts/oauth2-proxy/ci/tpl-values.yaml    |    62 +
 .../oauth2-proxy/scripts/check-redis.sh       |    61 +
 .../charts/oauth2-proxy/templates/NOTES.txt   |     3 +
 .../oauth2-proxy/templates/_capabilities.tpl  |    23 +
 .../oauth2-proxy/templates/_helpers.tpl       |   161 +
 .../oauth2-proxy/templates/_ingress.tpl       |    46 +
 .../configmap-authenticated-emails-file.yaml  |    18 +
 .../templates/configmap-wait-for-redis.yaml   |    13 +
 .../oauth2-proxy/templates/configmap.yaml     |    18 +
 .../oauth2-proxy/templates/deployment.yaml    |   425 +
 .../oauth2-proxy/templates/deprecation.yaml   |    12 +
 .../templates/extra-manifests.yaml            |     4 +
 .../oauth2-proxy/templates/google-secret.yaml |    13 +
 .../charts/oauth2-proxy/templates/hpa.yaml    |    49 +
 .../oauth2-proxy/templates/ingress.yaml       |    44 +
 .../templates/poddisruptionbudget.yaml        |    27 +
 .../oauth2-proxy/templates/redis-secret.yaml  |    23 +
 .../oauth2-proxy/templates/secret-alpha.yaml  |    21 +
 .../secret-authenticated-emails-file.yaml     |    19 +
 .../templates/secret-htpasswd-file.yaml       |    16 +
 .../charts/oauth2-proxy/templates/secret.yaml |    17 +
 .../oauth2-proxy/templates/service.yaml       |    68 +
 .../templates/serviceaccount.yaml             |    60 +
 .../templates/servicemonitor.yaml             |    57 +
 .../charts/oauth2-proxy/values.yaml           |   569 +
 packs/oauth2-proxy-8.2.0/logo.png             |   Bin 0 -> 11087 bytes
 packs/oauth2-proxy-8.2.0/pack.json            |    17 +
 packs/oauth2-proxy-8.2.0/values.yaml          |   580 +
 464 files changed, 117804 insertions(+)
 create mode 100644 packs/kubeflow-1.9.1/README.md
 create mode 100644 packs/kubeflow-1.9.1/charts/kserve-0.13.0.tgz
 create mode 100644 packs/kubeflow-1.9.1/charts/kserve/.helmignore
 create mode 100644 packs/kubeflow-1.9.1/charts/kserve/Chart.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kserve/crds/kserve.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kserve/values_lint.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow-0.5.1.tgz
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/.helmignore
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/Chart.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/files/pipelines-profile-controller/sync.py
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/files/validation-messages/mlpipeline-minio-artifact.txt
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/files/validation-messages/objectstore-accesskey-secretaccesskey-secret-ref.txt
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_NOTES.txt
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/_helpers.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.admissionWebhook.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.centraldashboard.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.dexIntegration.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.istio.authorizationPolicy.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.istioIntegration.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.controller.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.dbmanager.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.ui.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.knativeIntegration.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.kserveModelsWebApp.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.kubeflowRoles.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.modelRegistry.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.networkPolicies.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.controller.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.jupyterWebApp.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.pvcviewerController.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.volumesWebApp.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.oauth2ProxyIntegration.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.cache.config.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.cache.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataEnvoy.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataGrpcServer.config.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataGrpcServer.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataWriter.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.mlPipeline.config.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.mlPipeline.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.persistenceAgent.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.profileController.config.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.profileController.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.scheduledWorkflow.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.ui.config.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.ui.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.viewerCrd.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.visualization.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.profilesController.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.tensorboard.controller.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.tensorboard.tensorboardsWebApp.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.tensorboard.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.trainingOperator.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/validation.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_hpa.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_ingress.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/_serviceaccount.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/certmanager.certificate.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/certmanager.issuer.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/cluster-role-binding.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/clusterrole.main.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/clusterroles.user.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/hpa.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/mutatingwebhook.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/poddisruptionbudget.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/service-account.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/authorizationpolicy.extAuthz.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/authorizationpolicy.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/clusterrole-binding.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/clusterrole.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/configmap.centraldashboard-config.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/hpa.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/poddisruptionbudget.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/role-binding.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/role.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/service-account.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/virtual-service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/dex-integration/virtualservice.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-jwks-proxy/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-jwks-proxy/service-account.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-jwks-proxy/service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-roles.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/gateway.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-external-auth/authorizationpolicy.jwt-require.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-external-auth/authorizationpolicy.oauth2-proxy.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-external-auth/requestauthentication.user-auth.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-m2m/requestauthentication.m2m.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/certmanager.certificate.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/certmanager.issuer.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/configmap.katib-config.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/rbac/clusterrole.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/rbac/clusterrolebinding.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/rbac/serviceaccount.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/trial-templates.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/webhook.mutating.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/webhook.validating.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/db-manager/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/db-manager/service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/authorizationpolicy.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/rbac/clusterrole.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/rbac/clusterrolebinding.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/rbac/serviceaccount.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/virtualservice.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/user-roles/clusterrole.kubeflow-katib-admin.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/user-roles/clusterrole.kubeflow-katib-edit.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/user-roles/clusterrole.kubeflow-katib-view.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/istio.authrizationpolicies.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/istio.destinationrules.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/operator.knative.eventing.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/operator.knative.serving.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/authorizationpolicy.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/cluster-role-binding.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/cluster-role.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/cm.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/service-account.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/virtual-service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/kubeflow-roles/kubeflow-pipelines-roles.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/kubeflow-roles/kubeflow-roles.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/kubeflow-roles/kubernetes-roles.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/authorizationpolicy.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/cm.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/destinationrule.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/hpa.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/poddisruptionbudget.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/serviceaccount.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/virtualservice.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/admission-webhook.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/centraldashboard.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/default-allow-same-namespace.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/katib-controller.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/katib-db-manager.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/katib-ui.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/kserve-models-web-app.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-apiserver.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-cache.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-metadata-envoy.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-metadata-grpc-server.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-ui.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/model-registry.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/notebooks-jupyter-web-app.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/notebooks-pvcviewer.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/notebooks-volumes-web-app.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/tensorboards-web-app.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/training-operator-webhook.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/clusterrole.main.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/clusterrolebinding.main.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/clusterroles.user.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/role.leader-election.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/rolebinding.leader-election.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/serviceaccount.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/NOTES.txt
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/authorizationpolicy.extAuth.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/authorizationpolicy.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cluster-role-binding.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cluster-role.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cm.logos.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cm.spawner-ui.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/destination-rule.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/hpa.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/poddisruptionbudget.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/service-account.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/virtual-service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/certmanager.certificate.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/certmanager.issuer.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrole.manager.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrole.metrics-reader.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrole.proxy.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrolebinding.manager.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrolebinding.proxy.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/role.leader-election.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/rolebinding.leader-election.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/volumesviewer_editor_role.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/volumesviewer_viewer_role.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/service.kube-rbac-proxy.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/service.manager.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/serviceaccount.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/webhook/mutating.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/webhook/validating.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/authorizationpolicy.extAuth.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/authorizationpolicy.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/cluster-role-binding.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/cluster-role.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/cm.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/destination-rule.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/hpa.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/poddisruptionbudget.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/service-account.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/virtual-service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/oauth2-proxy-integration/virtualservice.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/_notes.txt
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/authorizationpolicy.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/certmanager.certificate.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/certmanager.issuer.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/mutatingwebhook.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/role-or-clusterrole.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/rolebinding-or-clusterrolebinding.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/sa.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/authorizationpolicy.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/destinationrule.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/role-or-clusterrole.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/rolebinding-or-clusterrolebinding.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/sa.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-envoy/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-envoy/sa.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-envoy/service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/authorizationpolicy.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/destinationrule.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/sa.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/virtualservice.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/role-or-clusterrole.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/rolebinding-or-clusterrolebinding.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/sa.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/role-or-clusterrole.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/rolebinding-or-clusterrolebinding.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/sa.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/role-or-clusterrole.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/rolebinding-or-clusterrolebinding.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/sa.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/secret.mlpipeline-minio-artifact.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/authorizationpolicy.extAuth.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/authorizationpolicy.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/configmap.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/destinationrule.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/role-or-clusterrole.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/rolebinding-or-clusterrolebinding.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/sa.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/virtualservice.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/role-or-clusterrole.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/rolebinding-or-clusterrolebinding.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/sa.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/authorizationpolicy.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/destinationrule.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/sa.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/configmap.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/decorator-controller.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/clusterrole.cache-deployer.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/clusterrolebinding.cache-deployer.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/sa.cache-deployer.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/sa.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/authorizationpolicy.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/configmap.namespace-labels.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/clusterrolebinding.main.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/profile_editor_role.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/profile_viewer_role.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/role.leader-election.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/role.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/rolebinding.leader-election.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/serviceaccount.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/virtualservice.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrole.manager.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrole.metrics-reader.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrole.proxy.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrolebinding.manager.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrolebinding.proxy.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/role.leader-election.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/rolebinding.leader-election.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/service.controller-manager-metrics-service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/serviceaccount.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/authorizationpolicy.extAuth.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/authorizationpolicy.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/cluster-role-binding.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/cluster-role.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/destination-rule.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/hpa.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/poddisruptionbudget.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/service-account.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/virtual-service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/tests/_test-connection.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/cluster-role-binding.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/clusterrole.main.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/clusterroles.user.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/deployment.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/hpa.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/poddisruptionbudget.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/secret.webhook-cert.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/service-account.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/service.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/validatingwebhookconfiguration.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/kubeflow/values_lint.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/metacontroller-4.11.22.tgz
 create mode 100644 packs/kubeflow-1.9.1/charts/metacontroller/.helmignore
 create mode 100644 packs/kubeflow-1.9.1/charts/metacontroller/Chart.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/metacontroller/crds/controllers.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/metacontroller/templates/clusterrole.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/metacontroller/templates/clusterrolebinding.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/metacontroller/templates/serviceaccount.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/metacontroller/templates/statefulset.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/metacontroller/values_lint.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/profile-0.1.0.tgz
 create mode 100644 packs/kubeflow-1.9.1/charts/profile/.helmignore
 create mode 100644 packs/kubeflow-1.9.1/charts/profile/Chart.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/profile/templates/_helpers.tpl
 create mode 100644 packs/kubeflow-1.9.1/charts/profile/templates/authorizationpolicy.contributor.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/profile/templates/authorizationpolicy.ext-auth.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/profile/templates/profile.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/profile/templates/rolebinding.contributor.yaml
 create mode 100644 packs/kubeflow-1.9.1/charts/profile/values_lint.yaml
 create mode 100644 packs/kubeflow-1.9.1/logo.png
 create mode 100644 packs/kubeflow-1.9.1/pack.json
 create mode 100644 packs/kubeflow-1.9.1/values.yaml
 create mode 100644 packs/kubeflow-crds-1.9.1/README.md
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds-0.4.1.tgz
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/.helmignore
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/Chart.yaml
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/_helpers.tpl
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.admissionWebhook.tpl
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.katib.controller.tpl
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.katib.tpl
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.notebooks.controller.tpl
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.notebooks.pvcviewerController.tpl
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.notebooks.tpl
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.pipelines.scheduledWorkflow.tpl
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.pipelines.tpl
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.pipelines.viewerCrd.tpl
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.profilesController.tpl
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.tensorboard.controller.tpl
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.tensorboard.tpl
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.trainingOperator.tpl
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/admission-webhook/crd.yaml
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/katib/experiment.yaml
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/katib/suggestion.yaml
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/katib/trial.yaml
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/notebooks/kubeflow.org_notebooks.yaml
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/pipeline/scheduled-workflow-crd.yaml
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/pipeline/viewer-crd.yaml
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/profiles/kubeflow.org_profiles.yaml
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/pvcviewer-controller/kubeflow.org_pvcviewers.yaml
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/tensorboard/tensorboard.kubeflow.org_tensorboards.yaml
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_mpijobs.yaml
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_mxjobs.yaml
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_paddlejobs.yaml
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_pytorchjobs.yaml
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_tfjobs.yaml
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_xgboostjobs.yaml
 create mode 100644 packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/values.yaml
 create mode 100644 packs/kubeflow-crds-1.9.1/logo.png
 create mode 100644 packs/kubeflow-crds-1.9.1/pack.json
 create mode 100644 packs/kubeflow-crds-1.9.1/values.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/README.md
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy-8.2.0.tgz
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/.helmignore
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/Chart.lock
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/Chart.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/README.md
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/.helmignore
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/Chart.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/README.md
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/NOTES.txt
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/_configs.tpl
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/_helpers.tpl
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-auth-secret.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-announce-service.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-configmap.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-exporter-script-configmap.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-health-configmap.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-network-policy.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-pdb.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-prometheus-rule.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-role.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-rolebinding.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-secret.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-service.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-serviceaccount.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-servicemonitor.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-statefulset.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-deployment.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-network-policy.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-pdb.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-role.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-rolebinding.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-service.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-serviceaccount.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-servicemonitor.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-tls-secret.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/sentinel-auth-secret.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/tests/test-redis-ha-configmap.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/tests/test-redis-ha-pod.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/values.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/default-values.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/extra-args-as-dict-values.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/extra-args-as-list-values.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/extra-env-tpl-values.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/extra-init-container.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/horizontal-pod-autoscaling-values.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/ingress-extra-paths-values.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/pdb-values.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/pod-security-context-values.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/redis-sentinel-array-values.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/redis-sentinel-comma-values.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/redis-standalone-values.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/servicemonitor-values.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/tpl-values.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/scripts/check-redis.sh
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/NOTES.txt
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/_capabilities.tpl
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/_helpers.tpl
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/_ingress.tpl
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/configmap-wait-for-redis.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/configmap.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/deployment.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/deprecation.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/extra-manifests.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/google-secret.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/hpa.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/ingress.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/poddisruptionbudget.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/redis-secret.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/secret-alpha.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/secret-authenticated-emails-file.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/secret-htpasswd-file.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/secret.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/service.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/serviceaccount.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/servicemonitor.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/values.yaml
 create mode 100644 packs/oauth2-proxy-8.2.0/logo.png
 create mode 100644 packs/oauth2-proxy-8.2.0/pack.json
 create mode 100644 packs/oauth2-proxy-8.2.0/values.yaml

diff --git a/packs/kubeflow-1.9.1/README.md b/packs/kubeflow-1.9.1/README.md
new file mode 100644
index 00000000..43ddfea8
--- /dev/null
+++ b/packs/kubeflow-1.9.1/README.md
@@ -0,0 +1,10 @@
+# Description
+
+# Kubernetes versions supported:
+
+# Constraints:
+
+# Cloud types supported:
+
+# References:
+  - 
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kserve-0.13.0.tgz b/packs/kubeflow-1.9.1/charts/kserve-0.13.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..e180387ac07b370c9b90e6c19c2228499f23f40d
GIT binary patch
literal 46987
zcmZsi1CS(L_vTyE=Cn0!+qP}nn6_=(J#E`Ir)}GIwT<of{r<cAZNyf@$-0>*vu;)t
z;-2UC9K1+K6rg_|Ulc%82I7kJM&dH8((W8AhD@sT#!4&}no1n3a;mDVGHO<q1~$g-
z$_lnT;wDzsKo=js9S_(OXd$PM-%-7+bsOe48^)^7(#KaBe`idlFjmY{Hb{~cResKx
zxxf)35kz5t!SJ6bnoWH^HsSBnCb;2%5n&{}g<eVi2&?G$yKDFCXjasg>dW1OI@IO;
zv*8_YZ=P-2>u$2=^NvsL>uZv2`{L`1ZToXP=W}=6_vJ|M^Fi+GwZyjP?Fz5^<x%eI
z-FEv^=ynpw+g;T0Jm@9V)}y6~uN9d<p<J)9P7-~a?8(=IXw2bb+IGw5ZFAjr%XqF>
zG`ae9Jys3IMPjN)dxb6d&nO@<-G8gKMA0WFtbRg;63t|L1F-0L5zojntN6LSHRe@Z
z9L&n-gU$Q$l?wPY(fj<m%mAo=A_#o_(S|-Qq_Em^Qgr0MwWEqWFs;6oMx8H2InDYb
z`Sv);N4nfHM(U!Qvc{gVqLp?$%Dl`rD&2aoiaP&A#K4FyyE$Hna^-Rk$RF8yH&Pt2
zDEgJKoh&N5P%x1IacGnHwGG%N<wJi_%8xu77fDS}Oea<g_If+I99;ZzJZy}&{bb-+
zZb+j|(3`4BkjDH@D7W#cerdUWO|EBbPvBL2>3r<Eybce3Reo9kBKd46+mTK;JEch}
zQy(Ysw$?&#zqeaq9c;dC=cbWgOQJH{@4H{#cd?^%{p36?qr;I;kCW?jCtpcro_DGy
zitlx_Hut{W?w+<vS)+W}0b^QYzLtz{!>>L2TEIHDUz<HXchg^wC4k3+FRqj?(AmdN
zI!O||ENZl`dRxF}hj+z29-znDu_WT+?ZC?>E89C>by|j!?m!r|eC@<+E?k=Z<|Bg`
zNhD8)WXI)ZnpnblH)_h!Vyd{_&6BMsKG`t7xZKOy!|U#Gov-WTNG9Q6PxNR!Rz#y3
zF6ywS0!x}8tJ0&zD3Dm<W12Zfi)?Z)w){`J`|g7DTFba^k4}BtoUIkbyoi)i!SUhK
z=pBf2^!OHaNnZ7PIqh3fb>}OO+S130?oncWHKp2-BhhWMjjBi`W$~T%pA<pcgn?oY
z13MZmk3{0}GVR9)Y9tL+n%EJ#Xv$3HW6qpu)t+UO&-t@G#nyE|VoPM1TLuM{jYC>h
zWTol--U~ugpKF0Lt;npxu|q@Ls#(_Pdmt;*?#1@kHJ&Xx3*YZjN~aIyF*6zsGi8QL
zbMrn6LDad%WuI<Z!E&F$9a|+Ls;zEa>LlcbTMZaM@w8_)RLiT8&dH}%d}_<y`XQdR
z2bGy&18sZKV8?iDkC$uHlTbpEXzCn0$>pOSdO%&uURF;_l+EO%`K~pR@27uvS##ed
zo@zpqjCEEGIDOf|==_~tdykfU9@9(pzGq=fdsL>lk+BPdo^-F_V}pBj#Od&umHOw)
zM}hQlwLx)<1P8~tIn?E>OOJ89q@ILi6-;?l!&7Wgyo;3UGbDz#d8lQ3V%7PIaFzDD
zNTe=Q$>a{)W~7%aCbzwh=e^ZK8oemDzaHkxxi;pDv}5D^sv!qdks1uB&s@2GJ0JhB
zw!{bo$z4>ikza^9yQ~_!crstM^~GaD8u@ez4F``>+3`6<S#ir0Us>W<^E<CX@Y|J~
z{u6r2jk3!$S$n0K7FSb?IZx@7;SLzl?`AAP-*Ipi4VZ!p$s<PRHEpT=R1Nvs)n4Fm
zXZCYDRy)nG;J{!bZgBV|3ai`cY(S^(dLP$7T%UUdt@C4k7i-2YjVeL2iBj9B+IZ9`
zkq%~Pnw&%!8q6xi&sUrHpo;NYodUJM`%NOKb%6xlF4$FxgxpPH0sy(hNOeNc1+~Ns
zxAM<Ni}Nv<yvvF##4;$&)849-Yk?dZW)0oy6~)4YMZ$`~;{i+iFBsKGxJ|D%OZzZT
zUiT^U&K;*RM;`B2Bo(v5PkG`?s}4Gb*ch^d%`KkUPIYwG1ta{M%%LmmxRt=+U);)q
z<RQX%M1*!sU=Y6auExC_5sPTzmCfqbb!(PI<d!fP>=WmOZGFpsoT~lb{4#D&G)U9E
z;WxoiWpAS8<rks0A*;f5a;C#{a^Cc6&l~bG=$0QwE#nvW91WXVzkXB<hS+p#H;u3f
zdJeD&dJ!$~dl8{*<fX4Pja93-RQ2OUEj5i<Rz&_YpJ5Y=VACL*pzgev6`NodAKy4*
z(-YIgYj*g>#lWQY;g!)1Epky}^x1mL;mBUMwE_1<n6;@&Gl4!!SCq0f?v3TEe&g{Y
z%yy-cj`YHP1G#UKoZbO(vjK<}kZ|&;UV3kYvxXyY(d`GZuC?%841ULDUvofsf;%ga
zZzI{3CF!1}>SlF)9PavZ)77Zk(gL*-k`IQt^)l3<50<1llXDHV<!j{LshNHhOBT|*
z_jC`Ty3e?B)i&AJ6X5fh?_+rt@b%%^^Y+GO_I2$0KL34i{fzJP`px(2!?)`5My}`U
z1K{)Ygva+~=l$}@w*dG$2Ml_-sC}LH_&m9OAL*6!`T9QlYhLHD+|Fz*bFtu!*WUDM
zd_KXdZgp0~ZZZBwJU6*4KE`z`!tEH&8XR*|qds*uaU%vG&Y0NHGeL%I@p*f&rm;|?
zYQ~xPLPo==B3-j6eb)9?d8_?U>X7#M&_F(*JY~E~+hoy&f2*ce)WWhH>5%0dloiS9
zuAX5DU|)HD2&A8f-`wTt7XrEDYb*9(MV?M9`PEH?dn}fVY)4ARZ_r=<lU+jb_gxOD
zg%-k#u*4G$^81)^Anf)w2xZBo{en)+*`f$fyYRAA&o%UWp~NxvnFW)6a5$N)1Iz;I
z&~z4ruG#BpV)qs>*^D0vS(ae<@ytx3`HY6seaS5OvBFunlO0m<bP+^~{Mu=ftGyg(
zjX63*MgY^TbC!1BQtmu|3kA-laBXuOa9=(o>exMTNC`bx@GR5?##980sA}V#Vil76
zBDhYI_+F){;Tl6tuazo`_SD_G;xXmrN`+s$155m=Qo8Fs<bIl>mg}K#$6JKrYQVw1
zV__Qa14&q@S;i1DuAKgr*6|n~F`}_-Myr;!KPU35F!k%38bv)?&7LC`H*1_>9!Zzs
zBe)F-al(|*>;-yFh(JPI-`>fX0qs0`#AM05D)Ut21|-=$^vK2YQ(<IsSQ(X$rtaze
zRZ!z$#qppKBdmHY^X=Ga!X!Rx;0o+5Vurv8gcUf8_n@h~>zfsLm$WWU7bY0W*kTuT
zVN<H;_WdL8OBM0hIOq%~=hZx+T_367p(9a^ZFFM`=MyZ99FJeb*h12*DtO{s-W=J&
zjWcvxHtr5?s#=(Uj~}&>mjpeo93oHx39J<UBFL}%^c3R<c&}jut@hSrsd_v6bF>C4
zsQF+E<duM2Ed=55yplyf%^IR5opO2E@OQzZy;I5J_G<&Jq3tP2i=?TTh1RT+vc^Yq
zPYyRl_Pwi{a^u%)kdwl+vV4!+k3gidPS}JH-;ZPV4fUQr_6TZ_yG3h3AnkhfM&24i
zNCiG;ddubgL{x>S-`Xx{9y|Lcjdp)ToQJWc7hF+`W@Ss(u;~&<!~Yy#y&b&1Gs>=;
zBW}RIIfehuyiViEN~1b2$Is?^Sr|Qb6PsR2lsysLyh$V1>Sj<hj@ZPt4qn}yRZiH%
z?PmQRh+kZp6T7%}rW7D`aII|4c6htE_UhGk7{%&lb^H~t@JZ}Ohnmeqt7r)y0o4qM
zXpzM@#s(`>y~pU{!S|h&VT*O#1J9nQ1Yh7<H%Ny$Wbz~!e;$d=vC~4WR|*Hl_Q_zH
zr~!FQy<(6k$B0imyY(maf3fSsjc><GaQQpSYXNAIK-OK69G80AOF?TuiPJ&*V@oyP
zrf_wtjV{aUqTc`K2;IFJk2bnptu1rxi50c&njmbaMp;QA0y~+C4|)GBX+#vzB9k!j
ztSf}mlX|@#L*nRGjC&Y9cXHp5jh-!pV`Uj}aZKp@n&0%6>tK;nnV5~DX)ZU}>1O6j
z?{TFu_I#XOewgD_hoLf1=hZaX))k5qk({H<;QQWYHEGvP0CE-AncC~=5m8j$u@wlR
ztd1J3vAfaXQ3x$?)50k8P}#}sk?+MMtj?De(b--vdL|RYc?Y)PU&0ts^qd<Z&9^eb
z$dsjFZ(~dfQzGo6LTGyd+3?xvK|PCpxL0cWM_E&US(wGBz6zJfl_TXv9W(YW0Wg~Z
zeaGXWB+)JQ)HM2Z5<T#r*n-v@$->?)_|5?yUw+|!1^{NCP8K%{v{K99W0@QhD$1YR
zPU_j?Et^#@8yZ!mO<Z5?`~tDdFMMHkGN0bA{I|}%coWeb3<~k~`b1Qlf({HrlLZIZ
zAk2IFO;NG~LPry{=nM~~`3A72(BMRL`rAbdq!@nKWX1f&&fo&C6dc$$K4w!mw%6Ex
z8=gBSh@nRMosAL9&u#v_COr*4`vVRDdk)!Rz?i0Q2ao$+z1<$Ec3}Rt9J?1}zv&*4
ztV#zgazb>K;y>?y|B2{U)iAy3sz7D!gVH>BC7qbaSlS%Y(vD~e)FA|da%UXNdM|0*
z9cr@Sp>duMEbvW0ssdJ0Rv49C0@7`CxroNKi}LICY?M|xtp}7pRgO$Bo*hze#r?9%
z97QiXwQ(YhRc{7E&)n#NaMm_X(>-4?n?G{!v5TV5>TBwd=cG|BS#!K|yv|Q$o`BD`
zLgSg|J|<4J(_Pf>bUO*jkp1L1)!LB1-;mF&$ZY<}jwGw&0Z*C{FK}31yUv;S(_h-`
z(rGHtlNg9MUi781d%8ARKy@Z-SB(T&GmKI_=}Zc3u>F{CXE-2e0G{@wu1L2l79Hsb
z3{*mg<z#npN-6N!+U6j*-qrhs0QIzrvN)259$LwGZ0n@}4l>#M<CZ~E2MO~__Qeo1
zOu>f%19QJ?@zxFIJ5k5x>vIz2*Z<5^UAer&Ir}`n1r5rr6;aB?3VK4@e5RhmB5mT%
zb^38&Rt$642%yAkA0itfd#O(PSRNHa+((Ud8Hdkv#Lq_YF$(=5IuNrAJM3{goGO|$
zjoR{*z@=iWqr=;p#|GxxV;I6M5$G6AwvtMhx?1%PZuag7T01K2>je!Gmmmmky46+@
zjs`9P6Ev_31u0a(T_FM_F<mYzs4CJp+~Q*mCJPB(6K0`f9!2m<-BjKpNPosV29N7J
zP31&Ncg)sS-=bFI{THi$`*w<>z~*R*O^W~!vOk66R$JZL8Vh9ln&*Z{>gl?=d%eTc
z>`w~X{}!qEvDZ<)LgGO0w&+c4Ls<L6lK;7#@A}9GzxEmZ_mdT4r58qA^0I_d-LgJ#
zfjDK(Wmmlpx_F1M-~-g)1C-z+ru|hYst8d3TJ4s2<8(RKz9Mf@;%MG94!?<mYJ17l
zHN#9A6%$M79OCmw!Wr9(#AFhgI^G-ta~1#0528h&K8M&^Np~u<Ij1Zx2HmpD_dD&<
z)uznkHoMvE)#*ayG&>L;VFAj1LAqg!jOtR|bLxw0f?EDjEv%zH^;yG^8b~cr+;rt6
z=n<iM8Q_lAujXbmP-Zt32T<ji`3B1YJA>yJGW(Xx-xs!bc;<*qFz{=BG(T)ex_^m6
zBpBHsXNklYrmYLF3H7%tBcrNuLhW}EL%wk274Sivv<7unETLrQI%b6J!$@tk$%y})
zwuZjhy7H2{gD2+U29qdF#m5A27^LRA!6eXA^d$t@AUD7_z<+?Q-^d?x%(8W-*;zdN
zQdnCuW1n=Y)xnHnUn%Ba63K=UwyBM{C6g8J-B?E17^ly`-xw1xByj0br`dS6Dv<2w
zZR$q1D(=n@nUO@O8h_2nO+~n#ax|dvITgx`TKw&OVMAN{>hFP21DS0;m{RX)k<02Y
zm<Vrs*e4`>_Y&R%;?OT$^tQh3gJqEW`Zw^_q=mz)1rdJoaGx&uxqAYGA)2_J#|H=*
z!mdSr<<X<mtyZFXzT*=B#JC$2{d{DhvAtZQ0J7rm{zp|}sIp!bjdmz;IQ1H=c_N?Y
zWEYQMDGM-&Jmwu=bVY+bro07We$gwOvQ{3pxJl)^VK87unDP0fnf_f>Gk@U0kC`0d
zPCo)mok8Ng8JyQ=huP$vMR0;FRY?kNb4aYzi)5Iii%A4hmK|SEVDFL$dr*zJI=Xu1
zS(O7wip78$^G%x6nx+|Li;&o6IZJBh`L!uE_iGp$j~rC^&|sX8x?X<)1lkscpmNwQ
zF^)BPQ<xP?mup-Mv{fs-=?BYvE;SPye)PD0c5j~YLbtm5ROa^#GD>0>3{|r4AiK#u
z->ug3d82h`=Ro+bf~7rfd7~$1UYA*Je(5rKR%Fo*d2UU?KU?|Cs@Hr^!efp+`h#=L
z3!W@(Dwo;g=C_(sfv+W0Fs`Vt6%=s*WCg~Rwfydk8?*zni2e-FYqP!3f?CX*PN5h_
z9v$A37NM-DI0_gGIEY74Q=Z=ngyq5CTsI|k+VBr>`nbM>nQ6bg&|7RyZ(L#b?X8w7
z;*-g@5RU=r`0YM1a~A5oh*wFUo`M1Va$-U9nFzO>)%-ZMC#_9bwA$R%XY4Zqqk-iY
zY-q@m>M}X`2OBs6P~Lc;^Yr{+jb&l))t)?}6Q%x+uMeMJGFc%S<@@#A5^xK=kIM$m
zH>0*fUbp*+dTKAAS??()>wr1sX&Bck0I`!G!SQ>#nWT#$?bT0rg#)89e!nQ4egftv
zPqBFSh(_dL*-3D)F-m`!-Te4~T;HtojFRdFG7MMQ4+-d)y$?2r^2$h*+aqIw^t`1J
z6_K&muJ$c<eMDWJoL)F_ylQ5)E?ZthQJ~2I=AX==Uga@T3};vj4*p9Fgxu^PCBd>F
zmbpLEr+zZ@LRwKeyxbfkQAC#6-3kn>+DR5<Nu!6X1ZRiS*4hXbQ7cEIP%1AS0U~8F
zMlNH3kTv-tqC?!8DglfsvdwZ!qwE}Lvn>rsO>>HzT;r7*?H$T22whI8!&)q_kO<(F
z{G5G$s98U}hm55&!$%;0hea)~sXf7O;aYobR<Hr(Um3110z<(W)tz?H*cQbX!2Hm`
zrfZYT$se%0TEui;ecvUR1(o44;_j64g-tqpWSwTsgLo_HUs|d}w)u?0(~4kwZ-aiC
zcA>3J#i@U5d6^_lG`;Qle9CBOXkgQd7Y`>-_HwE(y|wA;dILOG&G~kIJ<23&vvA~S
zm6++JuxO7+Jd{hL+crCjMCQ-fV0U^lV2d8NF`FrAbn2XxWVDSjS(J~d$!z=nUrkCY
zJX~1ACuc+Duhz%grRZN8%2MXbV)2jZMj!l+%)m*H&MF(Wh|~4<cderBN=3!xsqF)I
ze-p!{cE0iO(uy9<;!h0~z2uQ(XFiwY*Fvi<D-&KeLR)~9%1F5(=X9_I%_FIVRXI9N
zofTjb>)CttxZ$vH!<XvzR<)A;@E;jS>$J<6BGNS#&-dlZ5)kT=y!vZkshoh(1baH|
zlFM1iaC_-&y*{NyN>@nqwi?%v2Ou*x)Y1gWWWDLc9SX~T_$ocCJZ+lKBXN6;8#m~!
zzrT`=3x_rp=qOip8aVq)57b7zItTonJSW$jb8V0sCr+R<aR9I#jyiv}Wx)nWid4S1
zkZ2zTIL5|?G9mY&g&B+wEE0#1C0dqLk^b`Vs%0q>o10r=#Wzf8?JOKoS7f$Q2eaZ|
zI3FR>ArfwxBh-XI5n$JR(Eq945$<+e73R7%V@f|QPIdt_1Fs+Lidn2cecRN;sk=-W
z9B)thYr{Ybi$fvS-YcBQ)hFiwS_E-sDvSnjp`xcZb=Ucb1hJf05iXrG*V#k{sh70Y
zPDLhdwm~qae>;mnDCTLseTu$H+Ft;<XA=R@_&3V)T>B;Piv-G~+@>j5w>S>G=j2$g
zXrz!1wwAOXYX+|f7XJ1}Yl=q`Kg2U(FLu`ACfPOLySe{ut`VZsiK6T85>%v^B7#uG
z+xW((@S1iAKXr%P+~~oH;W>9&ni?k$R}f7=^6k1k1}LQ}miwX8F(@Ld!iul~a*-K~
zRsO~DsFo;OUHINPVFtO@y`l_?ZM^p8xS*z|#k~xjZ}hZ}fCh4-R_{kbFZiG8kQ7rw
zWnQ-1*Clb!io2=4+`flDh|)5cCa8!U#oRExB5rBYz02%4chQi=YUFt;5Y$ReuSlD)
z4Xk}Xe-uTS`op_qiPv&MbUK35$SjNztN$r=4p&dP1|vuZ-q<YT;<8W!G!+;v?L#`t
z!>z^Zjc9WNOGxk8@D?#knnBnuP0cH7dIoKx)sM&K-|6`${Zg#VWM)!PmP7HO&ll__
za`Z4W#gE%w_*N{qYJ=R(N`D7F-S!*03leSYh9z){-^@{=+-yVB6~6A9B;`gzLtj7&
zg`pAYVO=_%d4B7dD<9qt-ae~6Du{(f86s<gHNJjB*+b*W&MJN*Szc#5291Gc=M*8>
zHC)`tCj0235z=*@_y$kCx*RSD+_ur1pi+iUz3D4FGyG&e*ZNQVj_Vh{R_F$={2y;G
ze!0<H0TWfd%D4<CiE*6N==zEXM>fi0EN?msMw?f!PSSh*VB6%nFI#*oG)QDE9ImSq
zoW9U@>Luk_V?tR_1gjKQ6!)7xg1Hgk|0sM#PoM-bC|=|7gZZgZe74M;x+5v*iEe#N
zc%en)eZ6kP6ueFTT`aoaN`+sXe0tAv4XYMA7HrJ7(PnyCHHjfz(%fqEX=6FpIB+Bb
ztSN8Du+I0eFE;fkCG86w4u4>Zt#V*j0T?A1=W)k<Cbs-<o~6)EGL5Ycr3&V!J+|Py
zfYQC4_eSY7I}j*SKb8B{5&o?cuL<M_c#M>-KMNxV)d{0_D#&;|H-Ob&Bv9{$bH=N@
z94CV!oM-_>Pgx8$OlOa-4F_Z80d<sjC9|PafkCTd%!>`Tb0^_v*~o51PL#K2Sc`gO
z2Fwb_m=9Xi<>y>~5z0sI1Ea}d=F?D*MNRANBoEZ!(r(kapeJtb%Hs=#o>{~v(aIX}
ztsoN^^sBZBU06bZ)zWP55^SAcR9!o8w$FHNqivm22U^;H?`ds<bKblWb}w4nWY{`C
zN!?W0c)E8ldegMDFPU8ST74obKD<ohns<LvHZL9jQzUX3kaxbX%IolbH9Kb8c7Uq|
zYHN=KYj9h+d8sxbLG=-7HnO{@bf0>f)#cq8E=8(vM26~AtmcQCOQ|fII#CpFttSZ8
z_&T)~zsNMYYb`x|)^X!ho_HL_j-4Q^ZIl^$<Y_`&VLCkNYeCGcI&;yXuXjy!V?E@p
zfnb}I3IToeACG52S2o5gt(JgK-!{?V25~K1YyIu)_HSRfHltgckqSmt92CaVD0HwC
zcE^U1IoU5?!b59P<+I`sa`E*F!EIbFIAimykO_uwMe}PAUbJczKwkT>10`%6vKq&-
z3u*@CMMEp$(7Q-pPlYoZ_0`l-9^-J=D$wl8%D6<AevtP0xIM*;y$qL9Qh}*xJM;f|
z>-oC+^5}TJn)dy))hisy{#*xq8EKqp7%c({k5n_CSXt@~+kdkpE`@8nRNlIB0nIuu
zrrA~S#Xx#kX!A=NDvr7ri0mls22UMy!~o(s6Anf3qvKZxy%>NaSErBKD2wq*f_1<C
zg#o;Yl$HmEn{=!8xzJ_K0!+JeV@vT%uhmd&!Xswr39~UkKJv)3<J$B2YW;a9L_ApK
zodZFA$j2>W({`bEA*HLY^86t(r;Gi5IfxtQ>v*|F)x?DXD+aq5xddo2^QiEOhu(HB
zzY5d0K*}I2)Q?(`aS$H1FBZ1)A98`vg_2x>D+umetmKoM=*Oy!X_ZPQo0xsla1YAU
z;c%9AEB|(c!DR|y8}72}?6Uvy4|Im^!t-su^RR{hAPRvWSG6y!Mn0}tg|w&#ucXKv
z_UO_uk;Xci;F$7~5NJ{xmx!Nqi2SUk{p%8~3peK)OKb%p@p{i_OePWFk{HxkKupjf
z`Ln)(Sl~`xVx^?2gFNVj&N`!ALi@k<edSb@N;C}`UNY6lZ&h8>>f~r#B~l3Idel*L
z|3`^b*7@mtY+!HR{8q5l1If|sO;G202U$A$`Cg0%EOGYyN*CNu&+C=IP)W$axDz8`
zFq@E_9fYG8Saz|xHIVQ{v<ezkttu1|Yhch&_bg_%XRO327CSsUrC&Vb!VS}T>$&|D
z-AK^ooV(b0EOqC1n04olUobA-tWI}_?YtT^^_pI?m1s{r`b{e{lc^PGFQVqL&!S<r
zL0I1rz@?1bp}P8yzW*FJ+pel%?Tqx#e3i|jrOnTxBfryQFGWl5j?>)U3IEYF>_^*U
zIhj;~e6>$1(=zPr?`(xdr?Z%s<#c+H>;JfJ;b)Pk-7dEsQ@m<8s2q*8O@Z!e+;-PG
zxFmX7ddSmS%Nan_Ryx;TAPUq3?S+AjH!AR!`3+W5uqe8j)F+9M!r)OC<v>_+N>$$v
z)R<2v^gt&LVu2+P{i=~R1G*;5>n9=YLv;3Gxw#IY7eh=>U?*Vr$EN|z-*itNTS?8b
zpq(~|I0+`bGK;V=TO>KvKui{KIbF@rugp&QDC~-M<cV4g)w0ENW((p<XY&eDkM&Al
z>Dt^1gx@Mg8<%nVHkXYYnw>^j29a5|NKYj+X12UDCNf#4vq&dTv1Va6)JAGb{;8)}
z6gbXT{o9IWx(53)Gs!uA@galv`gl+s(c$o_IvmR;<IHlnQ+b<nr8b`y?8sMjwKZL9
z?m=9Z*u<)#lW}&He8z#kq=T)X-ZZwiR?P`yLSIn_=CNo{SgS*Zbg)4TC^`*G14Gc0
znGh`RcmAc`h59@>Xa?o&>g&>VF=Bcyy1j5(<r^2wT$OhJ7Ur2Skr4}vi@d~`8^Y(A
z=t%d)+G9cgCzU(?z2?jN56;#c^~8{%^m*lGxjO6tHL4kMf!Q`$q>N3%c_<(4op}xo
zZ)p#==_BB<kIv&0P|?11RuTfcGoG{V=vVWq^0D^k$Hvz3uZ0lq9hXgZGZ0%#8`U#G
zw5e{I=n3VsM)&imKhnyYuKdzp@5f)?i=H0y?j+LWV9%w`qWGuj^zG%J0++}A66f6`
zo=xf{d|&PaXSld8%BXn7R2@nNDLStfPX{e&v2-vDQ}<q*F9J&?CO({=PZlrHBiRA3
zXnc|H(N3AdK9L7TX=-8U1iX0hoX&J~g(D6s;t0g(dyaQGTpbBpL^`s)2T$fY5*x!z
zqw*R$6i_#(O=LLJU2-_nn=cf@ju1nRO1D#_)Y|b_#=9P}bP}!bpV>fg>T)9j=TH=O
zJOpCbf1%!xnSFTjXn@+AZwyzF^EHXdZsp9!0-_tz-M-9;xA>aFqnXgENey?`z6>k-
zo$dBv0r=hQ%yIrftQRxDLNY+PprcZEDGKvbGa2IjbJIaAN%xGviSpK%?OG%TT&i<&
zJfQ&XE^PSqzJzNX>eKc8nN4b_t=WWJ9U7?3)r6T%8mR1yTrW6@piDRkJev~(5JbMS
zjw-U<Q|q6q9a#gG=%lJ0yoOCMzHSbduHwhyGum_RA(^sdrMAizMMX;zClhx4Y-oi^
zT%(cg%@_x66BbIp4QtMrzT*?!=%L)fr`LL~v5bLJ4Y^{_?7x|0{Cx4%EcslqAu`DJ
zPY`_+sBM&68H380r2*RCVJjxlUW2s1YsYJbO(rc{;?*w&zwhNGVv%;`aJj(cr8v$O
zdY$VpTd<c>E1^p`0I_3$i_avLy<_0btCubK|2Lg2^wWvSCW=R-+s`vnV<ZsL^=*oI
zk8F`gUW4MSPH1|j5ylbDqJMeT3~qzaps-9wdI6P;;uAL^e&kzrVlcKiBs8Rizp|<L
zI~E@X+=k0M?B8?*-pE_AmwOSHqf!KG!aU6^;B}hjAReq46B?KWQJco8B69Fs%KVhg
zKAFgWa3Vfm6B)2|iJwYMhysZyZX%ugW`%wA2c^hUsJ}b@VsOQ6DIt&qHne`A^d^-Q
z$B@Sj?<3Ukm-$<Q8z&|K?+EXYz2J-a2wX9e{tDS>rGP5wXeTQqr=MD2VA%l~fAjdc
zX8R$n2}?*cHr}EDrDO?BD)3PFGS7B>_|QLO@Xh=A4VQT<HUFt`6sB#OSPzpoXnCF`
zMNxcM&V}Vb%v#D19kP#8In_3E%jCV=(nszoCb>MpLqC3>S8In3M{61=?&5F{i=1eg
z1-#5Phr4wk>q8;(ETaIoI#<8vVLn*rl+L?V&|uJ`&{IVEe5pi8W4WD$pQE^ZNi;ww
zUTg8r{8;HIisKUKby@q$#e!D|5qI@p$mmVjNg|N5D*H&c6B#J*IT7GH`Ga=|rX%p!
zTPb}(674-*o*Z6f^dCG1)<k`GnjSMPZZ|tOLRBKg+O)D@dC8Qa`D|uoSy#3wT+$p|
zSJos|FjqfO@|%;FC_d9O+pw)YHMsF{?j(b}n|T1Opq8}{oao|Qc&YCR)(w;Fzd#v$
z+^rQHdTAL&K{Z-AS!wLGIi+EEWVBOIFC@wV9RG=dEHI7Z7-OF24+-h8l;_+Nqd+}h
z<f<#s0cAvL>xg8T##)Lc7E6spQiMf*Fe;J(K>{tZE*j(w57K*BU2hfgZ~Q^vcyr)?
zs5?u~rAZMzx2n*ge{4Zn#dEs^kH;F*ZQrRFA8ax%!K5Vez<&rqr09-0vR8%w+`$v@
zM{2S#yMrhKli8D(2}tw$hv%cWlu(3s`Ckt@g0fu9Ig~v0u-D=7(mei1%2=MtlNz0G
zsYR9rktXT?vNBzS>$pDLr86{u+pdtOC8OGsN}jaq?I;mU5`0cos{cZ~2N07&vyVyP
z2nv^Y?cN2x0R$A6IOp3ae1bSlZJ=?FEU&dQGM6}|A;f4oF_-udP5lM_={$t_V^rfA
z+o^9N(&Av9$45AiHYsNA64d_tUxKA5yt<aq5R@&ar$5K`CmOSs=2_#Bi~`@djLil@
z0+Dm3fkAVMcm$0kGzeeSq?8T($~7#Nq>NC(w0wO!9qgDfkWKWpS$qRUEYodAzT-hq
zvGB0S=SC`86MrQeZn7&49cCOxJO)(7%!HF|j3?{7e{@(D8)q{}IQu+Qs^Ch6w&b=;
zMuaxbc=efSUpZ+{^bk58eQb%MKGB|$Ov3bCPI_ogtA9R?WZexN<T&L&<ZKI+v`-Ul
zbz0=}UgY<az~LOP23c3y`t`32_nWCt{rioM-oH4P<&VB|gN9!5Vh@Xww&_I%;3kJ;
zDie6Vv|RK0)nWOp4(@b$%FxV?TCRK_2<45GI305wwZ#LH2Ehg<>1P`57Wcw0$B~WY
zoT%>3IkAgbQTjCGPfC%NMpgZRl#Czx5OGzf6A_L?Od9MYw-rA<!6h_9k7aUSj?7(+
zSg4BT1Une2)e@~YIr*23*7}o4xal|+di64e;NFkr;8}L$LE%|Wwn0L%z7>I|luc&w
z(!M&UUt+XYVMOTapg>qV>iJ{-h*gK3Vl~phPd~bm%~U3*MOwNdRg0p@?no)O`0Fjy
zc_j@7q&a(QVLN)T`{6<`*z7tMw`dWS!D=Pr_^522EtLUMRWu|w8k$tab8LTREcZ7~
zIUp8x6G?Npkj_TCrjD813D6<d{&qo*mp{^Dzz5t5`#=T{i(3!v(|C*!A3yA=su_f8
zt*_>{ok(ddTYgtmGn=;zFQ$%qVX6`C-k0yBubs5#USH}UY@DFtQ|VfwB<%lFSaFj5
z_ycd7Gq7=L314klve&_^^M0<mJ*xWa>24z0?$r7X7ng8?>E=0AghuU*O+WP}t@3+M
zf?WgOv!tfF=w-8o5HMGmk9c&t7B(telsZ>f&yx?tVgAh3<b&f;9qD8vz3e4oQ<sd)
z?FrgU_neC@;7U{JOV38&^yC;7<DUDoPga4Oq*N&5z|k*j<zACvXCUsr6?iAy;6*vS
zb`v-i@;<6cAbQ3iu{3p)WwxP7(XT!n9Z3RAo|dxI5F;lThzi_65UABqUWy=-KTw_f
zCtnaSO~{Q1{)!>~?>Jy|P<-?^KU(m=v@x9IK0@)i=t8~d2&8+&kV8Zg?6_g^RWQx8
zf^N|>#D_KrVW540$C>%K?TuI;!hB%Xx!@#1ZsWc@XgC%9u#1h@WCb9xJ#Hj^9CzoA
z(&;l%Ra9MlF}G%@ofx|;#9pG{W&JoYO3;E6Ap?8>F&H6ZvrKN5KsdGZiJ)LFA#|ED
zw4&$?*bn`mKPt5`XcZtC74TDu4Nipns)F%Re(0mjDntZGYqlrN)<y&rrv-o_?<7IG
zN`P?^6K368jEF!$2|yT_od_JFz!oT2njP(eW5EO>K?m|DSWWrk)p0B@0cAK+89G)I
zvL54ePFBTDwz**CxtRX4$*rTum^C@2f&8nYsE*q3Y+fl>e=pt)l2%6k25(?rCV?CR
z<}9E{Ca;FLOtk<8y?_E;NDM6uo>xQ@oCM|{x|0ZOeR|CkN-lkn2qaN2Bnt!qMTM{R
z0TE$9pz+E~m1DI#U+K9~PbN!J-6WnO{|6OCA6TT;hkS{v%oi*hawLuZ;8T1olipaY
z^aVNO0%rGwDdF;X5$4IhDp_|G)%*oDEK_={jy_Y`-|@6XgMaFl&=DT_OtkM9hqDVS
zVoqX#g<bJ@1{CL@4mD;~Lim!H*X#T9vnQW8u{ZRlCo;zkmFE^hBDEuyd&Ir;?(HUe
z#AQKzi&=3!AbG^i!>a|9o>D#H)&WXMzY|WW!5Q9SG#?)E-9#w0PC(NLaLq|pQi-`z
z5O++7K++b7#Sr#VezB+c<Vw(v`gX-&i9W(|<Q79LR_YKzNCw~zcz#N)UwQZ?<P#R=
zj~h28bHAMXW4A<qFxUctc#cVZ^{4#$u7_cOv>`w|C`^W-MCgmUs!DSIC_YIcjyg$C
zIpfSaNq3QU9SPRSSa^Z$XZ(~oLyS_=oVL%LCzuXJX`J`FAqXoGf{zXHlvH7+f27!?
zgt(C#MO7ONEyWlVz@4g-6cQq-aRwqhQ&$Z=!glnrQl4v{xmGAU{}~c5sheh(sr)KK
z2uGEiJs%d8%9%6~@Izrk8UAAB%@34|y|%!gy*3b(t8>5~_XGlGW%hm%2I_*ny81vp
z-gHkrKIE#tdq+J!#iwgT9f_`(%7-z;PUq(A1TnJ~Hni7nFWFVdeh(Rl$O0a5Sg3EF
zxO@uu7nMSQtG@B%{z0)A5-WtdBghn~{phKB#_%x(^bzTzC*;1(PfzLoEgb27d9bN{
zNQ{sHC|P($nrs1(zjtudi6+%K-{O_p6eL+m6?J4OXu+K}>U@m}sWyu7Lz-J>I<_8`
z_lj(><_Ph6YpM!2a;zSVJ)JVG&AY1>8LzfDwYQo*zgpL&aWGF!uF5O@hoEp3^V6>{
z;@a;rkTAEh@vEMWa>m7J!E)vUY8lez$H;~zg|x>yb{_AVC6U#ZxA={V2pUXNV^HvC
zVMNDL-Ah%Pmi1<bHq<(Apn{zb`lWI`W*-`9eHuE}5V8Xp3%bEmO@mhElh$}np%#Yd
z2W8v4+iXohO|#IKp^DQfJs_fz!K0dzyu?6*OECmpoGb*N^5t0;bu5c%jjh0&Y3(T;
z<1*uh9rKba3Hf_8+pQHg+l~3p;CoXABl@;QHDbQaO9(Rs(;sNs2r#=3P-Uwx*KY)T
zCX>P<gr}OhjnEppjdWKra1;L(V&pa!fkjxIB{|wXW<~=iLixS~+|Y4K$ZD#N<LLsK
z^%&8EM2jH9@se5aa)Nt<-^hSIe>`Ef`$O22a;#fOU0e2|fl&5heukIqQG&e=f$Y(O
z;CojvbEPDjy-tqF-Z1Ci@5KP`KR=ytZw&s<Nb~v;pgpc8MnAXr876Q<0KSXZWwMDY
zN=E@!*rvio3|1woi<tA`_^_0VSRGe+{0i>kjLs7JMU3U?a-@?O11U$B%MkH4(Ganj
z^sUc_nY06VvFynz97f_hDlL!ADn02-2u7k;?03{?exHbFl)!fmW|RP-qK%4|Z#YE!
z?Q5=63uPEx2k-rJFr1`Oi*J+=I~cLA9*=5YDK7MeLzQ4x2{|0mi1<H&G#tT<{2flI
z4?n&S-JgpLMbMLS7$vZMzcv%8J6U{6Cc~&}IK!x#31%V=Mz*bfTWh>~h2K1(iJyU|
zXXg27<Hs);1qr4s=dlLrqwL6o2H}IvSlVgTS<x-U=7r#geMe6>6B|xj4kPJzX>Ol*
zlWN6X0hdcge6#WsJ&C-ADGYspIXbHLsCIERZurG@CT>7(p4MAXKoP<u>#J_M7KLUL
zhIMw=u+DoJ%&*^K7((c7?T@r77KNEAuDv|KV^Rf;3YTK22kK{fLn>6qZMDs*yy|=|
zUjnWE_A}@ZPZ8TSUH)K5(Lq_Np^a#&{vXF#H_t`^o3cN_hQBM-iwPhXZ#l-~7R#QL
z21ayvF9gsQkkx^GdfC6fu$>+wUu%IPupWQs{$t#JR5SUuO}$fRDO9NeHXkoF5>oDB
z^voQJW!^AL=U7fRFf^Px#W<y;Ej;0FH2+w12yOScuiUGe-gR>IgP%yML{b+21>nTr
z<HB4e^zL{W+mn8h8{EqRHRz_oWp77-*wYzB0gG@A<3eDqN4fXrx*fHG_7<cnz<@-k
zhdenDOQxA(43xu$i;B{TAO`-3<q1)Xz_9g-av##J*a|bW3OP1O8&9Lo9HHWw<M8c;
z1NDiG$bLbhtM;xh`~Bn=;6020yYc|C8wE5JyvqsZG%W=0O1uT*G)5E|F4kNCBN}TO
zO2$bYfLoo7*c7wP9#6Qqf9hx(Z(?=T!F=iAam04*T7K%P8h2H*)*c+y*?{*sJSexx
z;w;nMg(^y$>M%>D72yH_F2DIsI?puwt9%z%OTHI2f9oT{8}lcV9T8`$sMA>-xfwS{
z+Q<U(%Ma+;tSDsr`jh69Rx$#W<}@+#Ac}5apo{1kc|sijEL!L45;?V^ctWn_U}w?N
zn2{)Q995m;*Q;)FRMN%8T&ap)pl<>hU{%Xat=qhf$We}j9Q+GTc>{`%3BR8nT=;7~
z|G3QE@`@N7&8<1xEtmZ?7>Kt!;xC_bh@cfYvp1wga9BJQzrgFIqfAEI%WTFz#Gb~U
z%%Gopx#`}`nJjN_M-tfx+Gdeyd21;wqnB^gg2T5Z-G)&i*g+2IuPXYYu3CoHg!;-M
z_^T1I)bXw=njQ>QW<4^AjTd}Y*w!OShI7g)mbF=%Spmje2$b_aQD9%F;KTc}LG9l)
zjlI6^>0oEd52<hW1yzYmBh^v(0|Wwb<3}ON5Cye|ORFoVn=~~EVYBXKEV|fDSQS=m
zolxZVk*F@YCwgS8V*FOQ;p-|gLffW9SQ?`VAYY7^n)2iI&}e}Z0<n-QxDXv*#A^T@
zI@4E83JUf8JHgERwbLb^7jyudr&cK)ec=RkwG30`dbl2`P1U`XA@CAe&530+sid(b
zo3B$g;gpvtS`XZ7cH-B7=}<kOn~A5PQ|Y!zmpCxBwCEGx3#yuq2RYqCKas|DYM&{)
zqpSlu@+IkzKhj9axJ@5pc@IxPHL);#GKjHPMoVh>s^K;#xL45uHu)F!W_L<&$J8yM
z+jG01#ya0DCV$dV#;qRn_FIM@NF5m;@9Vst6*6(scsn(^0t$RvSE|UT_*HOKpotZD
zG5?JM4&O=D9v>svmQAtdTp$1SJmCUgVPh?CqW8@zNC?9AP2CIK;7dPV&FxnjzWJHs
zNheJ(i9h~5(~Bctq?=Qxj~$2rxmrs7E1<-3Z%#oRy4`L|3>qBwrzWSl;#6hTDWk;~
z4;~-<H;yGYu)WN;^R~>><fb(}DE+Cjxc0)VWBVrr>)7%BG=-qYaJnirr(ksR*_s<F
z*299!L<5F;S!VLpXa-#9&Pr<9Es2>#7_a$5#(SYD^hgWjIZk^q!C5NO?_}L}Fq4W~
z)v3aptabbD@@WpP*fS$M`hPo61UQWQ&xZSRp`DEQmBY2s%@6`U_@iXt8nMl9%3w4r
zdr|Epq3d$W1HmA18)f`e!O@%%^9U>r?|MT{u)Pk4ltn~e{gTSKdkMqrM^=wC0%oVJ
zI%FUW*W2@^merB8JP8Cr41sNxFn$+c^sNhT4fl7bA!jN5hCWy(j*GP<WE7JT@L+~o
zyZn6?D%L3jybm`_u|<l~;FclCbHn94(?u;ICnq&Gyq*yCX4NP)+es_Ys=WJWWPPA=
zuoCr)2&PMNv$!@o<x|r+1KtJ+G2gJc3?gG*uU+)_pGOdvjDV%0VqG5i7O7VaUGs^l
zE4851#&swCjOhC{mkdKI>Anp+avsd#3jHir!?S7j)g_ZTuqr>Y>$kOEld#-aa}l$4
zQC1Wm<LGa@PXqfLyp~}uyuSW)KXsBj?rnYFPQiYaa&wb|nV+?83UlzJ#`Y*v?l}+2
zS)wd^YWI1*^BZ+s?=Tb&hb3noaCSvLiIOABt^jWt)1H64vYhRs+Qk&BaI#cXCI&~o
zyuTF{Bat@%&t2i&A-VA6l6Mwvplh6&-xf<B*7+a*$h=V0V&QLkf{r}L-FaCxl~zb$
z`0o0V>4ccCACcTl_O$7V%w=WwAD(>1swNwytL+})w#%xBs@jqmNac79Xl=!Y6d(~z
zH!vaUE|#<vd9k^&p-Yl^=o)xHH*Kjd?<xOSvZuo9#VF02%>p+Xp<wyKQi`N&+cBz>
zFOxqRI%TJqw9e%3EFFGix>lg$IB@J+`{Ar%KdgY#`nuTSVg|E%ld}3tJPM8gt6Uvv
znv)BPt9&Zir?8QvS1GK)<jas=qK!B9s~!p`)>H%*498V^-kqnIyutU|10_35mVirf
zIGVppepeOkIYU~1{%(Bx()p*6rD!(tXSb=`l?EpcFZaq{Cwc;TH&6+2KPi4;X}3&8
z`6R{IUhJ`T09<e<$hLgWh|t*h^#>X#DLHdJIdL_lPk4J?uUmecIiV%L_e|2hd(b0x
z|6}f^Eqtaau&jA~UTVp9X`7f~V;a~o(W?CP%1|y2NxUXPYz*wEetq7K{xGqk`FFQM
z?47*1XcF85^3)DB1@;+54se<hE6OuiL2)+%gUfHIY(Hd=Bn72~5=@q0W1ZC*Bxhy@
zvhfhn{QSRF7dM&{2O(!%Da*exZ%11)o)0=?yl#2&5&^WYfTr%mYYJ-ervq-KdJJw)
z&4iI*MI?Q7S11S*>oW?KQ28dYUauhIM4}O%ct?prBEGn1=W5$*ud*7uscge=;~1a6
zMhD6o=o}jhqk@f~u@EYln5f3iP0odWD;`sQ*tHlN);9T@UT{b>Y{>H?^2WDioT@{W
zcR_K<jWL+314x$Z!Fr5fiX>rMiVXe<|Kow8D*4v~wTUnFj|WQBJlc7p|BQ}J)u4&h
zS1&9Bhavyl3{FN779-zY`Na76%i!CrZGVTX<bVa63zwPzplLya^BuK}$v=_ly>oMz
zl^zCP)kmzpTGQi!Tt@t(0h)K3?@_n~=hW!;kr-}m5?CAzzUtgk@gosz*!00uYfF+y
z3~#K9b;co?S0uV?tHLvvWJs_W90ucQh)3Wepz%y19Hw!;>&{749xJV^IVqm^6SYj~
z=~gg;S}piqI|x7Zm(RJ7G-<hfwMsY<q1uUb_uWF^l1geKvPIMc?GX%Xr=+b3>$D2P
z2RqIE>ofq*gj4LNr=JUjHCx$Rm|pZO-FClYK!OpRAQ2qM9&7;Jtk9h=I2%UF6BGTh
zS?o?^oagh*A21JLL3y9)+%T}$?~W(cAC~oYb#~5PWBnpo5DrA%L`MIB+yDY!CqDSe
zNTKoC_B!I+y$61yUsAJ8I&f4mDxwOJFrasqX%QcqSke%PNk6d7SZ+RN#XEhikg?6E
zwPgnSo4y9sgU@${Ft-G}?5DD|e#B*g!f`qE$|Dy|>1MT9F&zv_!kHu=ezymzMXk;Y
zN3DV)89n0bF_<E(9HPgrHi)L0G_8wQx)2yPMS2ZdqF>yeD|85PiUk}cOfku(axTx8
z;8Bz(Y_OF#W?Mh~4l{ay+E%~FKGI!m8pI#o_j9Du(^weLT@?K$Cak!(V*!@W_beVB
zR&zm69IfN**V?0&b)>41(ckDKL!E}z$LXgfQYLIdX54Yq5X^z&uQI+yBG^MK^bhH8
zjDjY6BSXONrG!yZz*0AkMd+eIr1$;&eNXlp4QtlKsvU@RYa-p>Jjdnbp;V`v;vl2{
zaq3!zU>l`6OlOa4fc9oeZk1$;_J$YlTE-x1YH`5w2D46c<11j%P>4;hTJ!q?9uEz+
z;4Q*@^2Uld70uLCQo&y1H!c=ekK*Itj{X~~Gs%v6@h$3mG0zwmW3{aC;T~$sHpL!i
z)5m_<$^U3>g;`!vi-+G%9`_P#pt6w;<}&gi_jXo8MupQN<}#~c*zm+an`jO9|3`K^
zLu8r>O7l>rEOa)w453K=$5(b;+GFG-jrN4ZDI!S?dK5%*Ntc|(DP4sZ6(UGjdK{{Z
zj?D5wJ%)FP4BW_i@JEn4A56oH4%(C!3<j1D1x)?%!<M9U<WOM5S%CadAQLf2{MU>k
zB$+(JaBM$9UhXP^7ZPk7?f@3B{t7VSinm`);BK`X$N?u-qcddggTHVlq=q*NR87Nc
zgLB_faO~bedO$icNyeEZg`5>8FWk%I#|c^fg9H$Ya(SF$P$)IKa$X)ZY<$*RorA@J
zFpnso*w1SfxBsod0m)ObudB$U-f`FDiRUk*{p&R2#%h%+tLkv*2O>~l22Y7)#65e&
zxNWzdXAis%6Lk2;VTOQcD{?Q<wTM>91(lI2^7Tb2vb0O#BMZ@SRic?M0XTmGZ9?<F
zgjctC%TfMID7Ctywu^$&n`=SKlFz3m>>?S|K@5WXGhX(UwJRAVkCWf&#;_=4X7WE4
zv;MU-_g4R*e*K{SqIfmgRI4d#<P67OhK@0lZDu*O9HBE*tI(^Nze|w*kCdmAvK8=u
zaEp1iz{Flb9q;HIwj2tJf&G7>7Kji@PZLR`j&IabgI}!{;=_|c+#KUN)Xt=@&Q(YZ
z$qkkRYc3TE;1D(-%mEWmz;ys&7gq;fJ>!#yg&CbI(RlHfbCy5<)p8N86#kngfds|$
z#}9RWq)NPq2iY?`e=_B~%%3m86N8Bm@xDTTFJu3)nh~9Z{nM7@f+7m~U+Nty*`ze;
zVnHijl=z`Zt#T8u;2HpZWb}ckreK_nJ=G`U$3f*F$gmrw2&{7jQ6HUvL18w$d41~)
z3m#p;uqRD9?l2I9yOqkf+pIh<w^mwqfZKJOZ236V{!Jj9c+-F@hcgVDthuDc(L@Ke
z&4nzd^H%WudDX)pY_kl45!qze^&i6-Ak16LbD+DxEV%(Nq8H;WhEWHA{P6P@lhOM(
z$MP-w<#kYRTyXs(JKW=9S}fZBbT>oUyle1ah%N@gUz_`;Eph(wze}Dmn<2tcx1HXe
zZJ@3hHZ9|H4~UXD=CsKNR6}K6k$Cb7F_&u%a1lj=Fh_Q$C<VX%YRgNY_Ax8*mN?H5
z36K~(!LN3Vay^wI``oiqhPi`&(-vQ6saP%6(jP$8fyt*E<WEl3Fl2Z<OMKn?Vcg3I
zsiK<|+Omh984=p}GvJLa4`t+o(POAX?~Nad#$?CZatRaowpj@Z59#;mzenYJ=j5MD
znK?fyk1tonpDKRHSjK;7AIRx7y5K3(UM4#K6t5RQZA(K3Tp)-}`<vihd8t3_k?By2
za`rxVuRTt5U}M?1sro1mzTX_zGcDePg!NM0>IS5Vm8!NqnhZf!wo>v64?3C`jiMqe
zM<rX7n;jO-A_q_WvafQcyrr}Osp7+&JVQ*(;7eAZ*@sXue(i%N4*W0g8OdvVYAfS(
zMxT<1qV3P$q*6scT-_s7Wt&;<_=Uo(In_e$IuCkd3bgETR_X}hFU-wzK)HUxU+nb8
zpzVDJmZSc#y)()GN2XCvrI@Y)^I)tle{H+gST}dpqI&-qn;?LJND2ro-q<8%2A<u>
z_5N>Y@<*s=XRKUR;Q%$^7IUZWCyARG6Jzf6uH*c2q^`~oj>ja`La#tdXZ7ldqI93u
z%>LcN(I<2b#>20*mr4A)&dR3`BdAS6SYm_UyjVqkJpXA^y8U0wy>&ny&9Xj-OK^90
zf?IHR2yVeOK!UpmcemiK!QI^<xVu|$w?KACzVDoK@9*y2b9VpPKbYy4=ACJ3rt7J$
zr>a^Og^g>l)&&X{e*9gfY+{pF%22ls7g<_beKlPUB9Jk!D%+8mY?Ce=@FVg6h3C>U
z;E-;#Z9o9_xTz=shWhPE$1ym!e=5iVgS0;5e|28+Q3YvR`j56C(X5pZ8fGUZR!(H9
z*v@lvbg<i(l(~O>Yp`s}^k(cVCtaF@Y@u6}<4U;4ML05RkM#J((JAc8>+?gL16)s$
z9>rH8#z)ojS*HWN(ohD1J)M~42ZwK=hoZGlOvv>&KFUN+SfC6uNXsNh*f&Q@Q<CS?
zGm@bo2j-8ew6NGL8(wivig*(s1jw<tZ_#5vV+Z(>uQ%KV_~Z%6PCw8<=yL1Nf@kFq
zl})IpL(zJk*CF}EA$Ebl`o<#agR_KR-^b-fJxVFQk70s2n3#k{Hb6DI?xILS#2Uo}
zT^TH?h1uAfKmnXoC<H<v*bXyjun15olpc-x$N|2T$ZQ70RiBB}#0)ZF?M1vj_7Ya|
z&lAF_f9krJnmNHvj45~`m$DAaGv%=c2r2#)_;w=L`$D!g0I301yI~v)f{gsDXj-x>
zj#OS6WQxc(y<6es0Q-wjVF|HEM^>V6<@4a6mx{JPwXIYF32qLNt09e~*}rh@?|aV4
zZevr>U?J4Wn2BMVtW`7<9~|Bfn36YA!!&#^P&=Zs_++U*R)CqRY4M4#P<gp~VP+{`
z(fq^SG&@0NjN}-fJTo>7j)?@ou5TK5abO$hQB@<hn|6*!j@k&jf``DN$1eL<YZhf-
zV;+S?Pa0?4@p(`5q=9Mf#hVD<y@^dirnmL2ouWVQs^|z&y8|_(g-PV-8>ZA;KtIB*
zE0u~1`jk~g!F6hxyfMd`ZF>F#nj9JDqXbz#B2EF^Odd(kH5k7IzUQ_}J}KOYS_Lm*
zJRKp#9;wMWwr^MV;#D%}gs=OgkI?|XqK!|G%sYQlFf@NC32;IyjY++h4eU;G2>nKA
zmqB90Y&>QUYJACnDFc{`cMujPs`Te8V4BSMd`Sch$2JB*a6H=002lrh;KF-M04}@@
z;KH?O4TDAiE?oPS3%B{rg)3;R7BQgVW-$zbQ1~1o+89%H9w-SqK=ZGQjK>q7YsbSf
zZD>z`5%#gNY5p*KWxkUD=9?%<yJ$Tdxd~g)3R|4Em3gW`Y^#8COB5<-sZ3E&TlWW=
z-lrL`u3L-mIy{V+iRyG`jG$6jtNy}@4i}~)=ny)?bFex4kzGUKxqFe>4gQ6k)M^Z4
z^h|OLU7CnpgMIGd+uMltwYkLGs1gBLTZpXGxP%O1mYo`nZ1#A)T@<RC7?C<Op<j6X
zr(*&=WHe_%W|oaAAa}inAF8Z2RkJo%l+;Mzw-aj-H}C6fTbOa{=>hH;S$p}u8U{n;
z!h&nYTLgjg^#I5y8!AR~L&5Kv`(dp*6$+M}GjVKtFaW`J2kbM5AUM8^3Kw!tUE1Bj
zZdZ7pTpF@2on`_@hHOTW3;0lp!2@*w3hN<A56kh370f$q!<EhxHTM=l1<X!bp_kIe
z%@V~n#<~OI-t5`_rs*qhB%>(^a3qNcha5pfG;D#(RBGN<SSVb6i*|c-ea;_Cs96E9
zGBQCJ{DkWY8~!wiTG-M_6UwOJ=OD3uU@$~#HcT7(`rNIan)_%S-=;>8!YU8;?Jc&2
zD7ne^Tdd77sZOtEwT2A}hl7rs@$sb(ayGFEt~P!mc<T$m!1Eq6=g)^`zXa?!Aqc*}
z$v{bWKf+#WOixEZu?r9U%w8*<6P0HVCHocKwk8E3N<&Mk4{*L&V6U7ni~euUw+H%_
z^Ua2M<$RU&0nT?44E!AIi5LpX2r7~r%v~hL23#Z>{FU?l+4;)(ibemE^Cg9a;qGLN
z{RiipjqrbRzSlwk=Zg&UPtI3G7~p&d{Q=IGn*`u|{e=O}cY@0RW|#aPpM^;V;Cx|?
zWB|?=WC|AGe7}nToG-`^2!Qh~l7lIgd*ys5xB<?$^9Tauc!I>~59jOc1aQ7!hN%C_
z`Bw5khd4tqD<7bIM+eFHSI(C@_}}Jyjp+YJ&X@5zNR(V??NIqQ=R5y6bN85s^#pLf
zyMzA!-#FhV*u!D(cfUlen)1H>5^?f>eEBlijx484wm7NV*3Mb3a5s!7ID#a&W2_YE
zy=nX=ZA5Z>1SD_RAZMT2B|)SRT14?}NHdf~Ilh~>U+a1|GhGOEV()y1iw!Lz0uJAG
zDbgNj**5Yw6KY|wNYSCwqBf)jg1*xtD8pCYskQf%`WoCx0!a5iEjqnjB$&-51L&p$
zh9fv9i8_GpY0g!E9|uj7Vk4KoOcW8m!vF3l)Onqk?MB!;4a)!EH^E2q-G{^jRSuTS
z?Lew#-aw0wcmcMi=}F(K`x&Y4Su{pK1Z_ByvFW;KI`-AZTSP!6SI~XLs=sbD@zVs^
z;6?`Fqv4UGE~26b2Z3COYu5AK$S}H`-zLs9`oVrUiu2}9YMTuEGR{mXsMBl8EmGtQ
zqAPzMh&NO?5-2EvoeLYa!nYisO~FGoE*Mzp^4|s-H5+x6p>Jq5sDJD{Hwd`{U5Ut5
z1ebs|HIN(|ojv0S>xV#5A<OAN{cINtMI=4mDjJAPApNn+mpYz$AoSR?vx*e|?UW$?
z+wLk--7O82Yw$=6^T$vlvF7D{jTl0L&HqmNey0IQ-z+(R^eu`9NMB-Qfb`8(ekFZX
zev`h%ucYsqz$@w7JG^Z?ArbTTmGt$Z07zf##8=Wck>Zu~{qRcq*1nRy#v`w!ug$-b
zzF6;AtTAjf^Wd2*tfTDN+Z?A;=Sp-%X&&^cK~I8C=RuZ1<PLkB2Elo7Fy=YAC7BK|
za_53U-z!;@feBI`o=T!ZsCY+3?;XRNc_TiHwpqgs(FXhS$9N`sf@YfO$2xeu0gZ*%
zxB)?yvU_{2TG%B)=yB5HO(s(93GE{eRSAm2WcSltL4qJrOF7S?$02$UJeUcV@NxrH
z7CO*448&?jRTIL-{vg;Vj(vgB1@{7HT~VH#ty3c9eA8D5{Y{GCguhR3xu*sOqzn0X
z1kjZjb-S<K>MS|u?mqb0ixl3R!Z$)7k<<cR8xiPGVliGt_24MGLBZ%i_}>JWha{L_
z=WVte86=l4FAZoCf3M@4o~!KK2Z;1?-)IkCO`t{qiP60RipO9-g=(PL0^d$ZzJ3OB
z)MGaEbC!`;JQ^E9S<s_zNRm2;zaj}>edL<{tMySj_-|Stm&m`Zk1qAjf3-e5DP&zG
zyy4I<`IG)wAHII)v@TiLAO3qRAE%J!A?E$Y{JLn#69_W~giNZT2^zgcsAGiYT;7lf
z`@{k&<ZZpI%~A3MtIG{I;U;2DZcN5H;xy!so@E0!(7$8%`iR=EUEyS0VP*6grrs`)
zVB@FoW#WL)H)7Q?Ivt}ymRmPcJy9zV37OeMw{HewJlDY?j!J;-`MG-s!EX&Zq4WfG
z$Hgdf!-HM~kkjd@!tpkM=%MFidHrR4ENo7#$~!fRe)1t;cyhcvEK6P3R6^m=R-;(l
zWU-1d36ja=7pw^qo)&XVo)A2ggrbIxw(=(90S%1=6Mc97K<HKg0XmT_>+Lh{gLzJ!
zkv%!ZC|pm?)eBKY`y@Cj^o$sg+#|TxZPULI5z|hO`mPU!iiLB=D#Ca8LMiiJDHju_
z-qh%H$+fDo)zI||teL|BC3>i6kbqV})`Vic9I}rUyxd28S1b573f?}Ui#;1FpQ=5W
zIXjp!{52zdBderb0!W=mPFjc$R!KsWOuN*d!29EJlb4AT@r$Rv*&ItN!Z(qmMY3IU
zPJM$S9w2ak4Tl?x!h)^<0~~wRZwxqX^BiFYf^%0RCeJr*+EV=Wd-}eL6=8?M4rD{&
zf9iZaOsoR2Z^1MFPS_hG(kZUfmOs<{#JAcD<4e&#JV{-I5eb^`Bq?a@M1wnLk;X3M
zZ78dTrDaIpY7jNpOVd6Cy@(&4#bVHxaAh20=^4<SNO6?dt&E@Y&>-uhI`3oFMK?F!
zGij_FT&3p{dn(Q+f{aUOXmYcyU)%?R4N2H8blZ6NXT)aRLq+4G`=3?%`uUuJPH&zl
zmlsaox-*IX_{e=^toz|R-`DS^A%iVzcyr9jsy49=@$`-cEpxD2*-eM7I1$VjfJ;p*
zu}NC&Xyp;%FqxKAC8y>#OuwJl7+$!ac!g3NAMBuy7?Bx@#0Z%MibOY!874KD8OHgs
z2ixBQ<=(6o6ZDV|;kD1e$Q<|riSE$aC~@~Vw*U1TG^qYVhS5&Wr`}FZ5_)DPM9p{L
zkxWc-_6AV>u5yL_g}~x~*E@_E=Ch%4N!_@`r_Ic&;=TekwDcv+{(?D%2<Z`)%<{wg
za8bKcW+($Rln>DBtQ#gf&Od(2rLPwwIkt_R&9uN>@!VkDN+&39F@_K&R!Cp=T-t`w
z(P{leZLLc)z5QlNOY~!oEX@+R1Z*$coz5Gt6sZQQRSk@-B>cEh23@shFf#mj@b$1D
zblksm2+>lt5HYJp(Na|(vZ`^?YgHP@iB^O6S?ai7Gr{=XT%%axs)pwy$S5Hh4@)%}
z8Baa3)G~9m(Pwb4iuc`vkpuEbU4xMuSgkWCJrK}BPT{IZWTGs><bNHy%L&ATwJ`x3
znN0N5DHVmZrNqQvve8OBcqbatS_<*QIdTx4%^+A1odeK#jkwHQ?S+ZK2W8f0<ODO^
z!SzNVeMccrmgS2=D)gZ5FDV`@`g#TN;A@8{6w=gBf7;ily~w0+>5lyoZp#`fHWc>B
z%}y&MDSaqL8YDOmj*7KgG)xMl;1nzhTO7=EsDg}8m?1u>IMgvds25xC@e88x@r~0&
zP}0U>of5fqFp}fS*spzfGOP+)h!@hgR!}HjP||toNlb3?&gSB0i&Wxgu;w9??i0;8
z7y*;+DR8WA<M!O_{Cxamo3^s>@fv8Unq{6JmEnGczo+M@OF5XSXX2=HGXIC7j<t{S
zK}`)F<i5`UWh4`r-`ijMsqJ2L<mgqts*{xYxubF*CC$J~>Sw!~YV5jtl$No<;uiE|
z*)H}}6v?w$kD;VM;I)xt2O_YLs^;a<2DF@*L__N0CTbO=QzIbA!UikDAQ`b^n-2-b
zK_kFpBw+ac7)2hL^N2(q>s}vYp5C9w80|G6Z`>K}_4_e`FG2ZS8&UHIZvA~&py*NX
z80oHhYeL<=YQ>7K=UfNh2R%Qk;DP^XgC1D65N^E&%>qjo#I3)VFW8|`WLQwgkP-~x
z+Tcv+>jgXJ5W-C8MASs^eFF*}X22DIQ^qMXx}I{`pY~chHhQL20+r|%X)E0A-TCj3
znEBX`V=hQ+_smedt>H{7)aU5CI^UFxKRhLn_296ik@VnLq4{BfUK@6XVUI;`!sCn~
zGmhB=zVEdO<asvW6sd>tVABlqzGe%0?W?R}>%loit}s6Ph`edaDdH9YYjo`J^<#Lt
zr(t+{bRxD9bXjVZ47O2W6O+*~Z=v$`^foIhAzZ&rAUhB%zhuf$cRs!_15Dr$IZHSr
z<<DQm^G%ZF=N&x6NxAN@$0|dDOa0Dp&RH(woV_l`<ky0lb@!>xRs$Y}p5WZihZk?Y
z_FB)VQ#?dGHi}^;(tD|_X-2*dESiHZkkyz|B#`x(*r}0jq^2i;fI-K>p(UAs0Yytc
zXv8bs!|jODsZpgD@vEwoQ)9T6@#5xGA=1P#^Q#b8(hT5YY6*I9>Nz&<mdN2vU4Du}
z!JEQ(b;%GgXGQ$J#c$!9G5;ktKz2<^fvhX1oIN<=hi<Z3Nt^IdM(Vajph37cuZLRX
zzeAt_S>iV_0Ta^B0GN=Q@UIgR*>@8jn2@g{1}5a|37C+Z@W6!p-3BJ)2K>lk=?!Z1
z#Xk0z$cz2@kjalAZp>z^;Q|Bq_Td6SSf)RlC=Gu$rN1z};A=tf<CcjDy2*6C_RVXg
zT<kjqt5-X-2A{LO;J0=A3n@0suu>26GgC`T%D{*E&W-A$!G}(1CkZKLOc!4qUf{qY
ztr`4mO8I}zZUC+?`d22yLj+5Q;@-Pq5uJ)Fyxr68pW+VzZ3;UM2Qpg{eI>C!i(FO!
z?+9iGm=*o+K}+CaZjUp+;BSvRBJ*e`?k;Y2BYtJzZeIP4_%--{_iy|b0``~k0Ldjl
z8k%_L?v|+inLJ*k;Qg849UJ+P*c1J)|N9@|+$H@bHsEX8G~45r&S@9>ISzaU^xyC8
z2dYYby9|CGG=oJDZjW}{N30Bgaz$!mS7HIr$_}CP-aa+95CsO1XO;&b;O+73S(ew6
zYcp_%_jP~TZqA?X?Zt;bID$^Ky>(fpjhGUzvxW_ZJZ!*MFH76+UMklD|MDd>jl=vc
zE9)(x(HZmY8VB<fBA`IcgR1VZ-J`1R&bPwb=0(HX8m5W**NpyBpl6c5`*3AgZ`b}-
zp#5vPfC43!bvB3cU!;Qa2NWo%0iZz5{6K*^V64R7|5l(rGU09N|Aqpsx=Z<6fp(1V
z-7Ws)|E)kX0R_5l+EF>5oc0D#pjm(dB~tmLK(QtO1^PN@K!G0f0mD6R`;Qgqs}KN5
z{8pg1x_=btg8QoiU2y+Pf&RY5AK?)GB{tw2F>g(d+fE``Z*}9#2WkUw+|M|jF#eis
zHbp{kwnbgQEVo{KAKo?)0|$QVONJ$04vG!beZ6D@Bf)k@ibr}KF<-6b?~^<r{)%F?
zKkYL)cz5gP$W!ReC6f`dtRx!-_|f6>##>zyA9;}HFpv7>PfxmgdOYjRWm`<+JR;P&
z-}ChJykmU@mnOD@N^r1AgI$!Le%B+a5=rP9r1n4Ko)v>|f(yewImTiaMt_5HHTKNH
zRw|HE0HlQo$e5}eIY!X!5r8t9N@<Sqc%=^|bDT)G{1qGMACXB>P}>&hLjS#XwQonj
zlMzvRk@u|K5wclnHYfD(oJWG(bHKNSoXG?ALt2Qy7Tk@Vfmg1H-+n_*uv2Uw>HJnC
zc!XLHyaTl~{VB-#Alr<uH|f+lD+qFkI4iuNYM^L_*o|V><i~Sql-%!;%;O6<6L^Y&
zqvx%3_FQoRXs-DZkIg(bnF6EBYo5oo@*Iv2o7(KT65k_X$b!Ytd#_14CnFAgCv$N(
zLlDD0`j=3NGDC?5N*vQ#=sBT(5O->mnJ(W4_X7V?nBrv$dHC|JOlxqE=V|kc_Rkp|
z<@uduErT698Z6K1d^2Z#klEE;r6e_L22z}E*{4sksP+yre8_Ly77&NFGVbEqa6O4D
z*(XUK=QJw98&;&k8?=>}TB*Qu&%%^IqlBGl^k+*9^uMZi0giId-zjdx+b;(Cgc^l~
zqM1H3=$%l>&FX3*<L#eF4J-X~D<QTj!ynn7LUX)vEf;K6NLzo*a8fk(!<&X>#VwE$
zpQEp6i_S}l76#LudiFaX)9uu$jx|0n=R*&iRBR|x{b05#Rmy+wO3@&L)E<ixpf}2E
zyF78MRtJ=I<el0zDyL-el-}0<{<~tw&nO;j%*GqEK*+W7Gy@+T%p?P!%<1B;G8Ve?
zf10ciSo9ICb}tT27N6?8x(nu<c3*SL`U>Xkx$Ee|-<Rp&CM25h>r7wZgzT(bp^wbA
z84C)Qa+)4q$zhlt%5cgMnI0akgP9&KSH#&nIHG}rsr8!Qs8Mj0t^LNyF~51uG1kA6
zxCl=j*AaiTW-gisvWZb+=Db|6e4<vk$vPhF34K{I379;qV2eXz9$&p1x_K~ZCEOtK
z<0+k`U%TiI>SlhVCg9g%1TQAL0co!MsW#i+y`gCuX&4mN!TD-M0s4H*tGb6m3GUct
zu_8|1dKCcN(1p!vTEK-3SlT?=kJq3nd_egM1W6{WS(9qF_uQhFD)6Jp8mwN%>x8&U
zF4L<<8E4t1(k0nqQq}QJ1xUImW}s19IJkX;kd}&e!LY#V>*l=S735+WOIvMHfSvfO
zujg_;mXx0HChQ;XYOTV>$lYg1Wf&^|_mVqJUX9v9haC;YgCs==KNszO7pDjqgflrp
zUmW60jw5G%p?Yg{NWV!l7HioG=VLEp?(o?3HekytA-Ybxr`lt3$y1@JR(?*(nv%11
zK!fnexH6X@WtuxXYWV9iH;#pZOU99Z=xo$Zi`?KINAz8awz(>&Q@$jjg<*bWcc;A}
z)r=~|Uca1pC1(5+&3rl|Pj)F-MlL5wIT)Y1t*}l|Wm@0PN0_ECv{>EuMO@(_I#K3u
z>WSyAI||@mY!TVdGX?(gb!UBn!~ayNN42iyG)<fh1ypCjZ>l7T)YeA;G4nPGp@kN%
zO}rv(V}V@3x|d5+Wf#C&y=Bl;4QL|T#)l!V2;9v@7yq6I4nI=))IzeNA8ZTWpmlNr
zCiDTM1mdA)E3iWRrhR5f2{kjn&XCsA5BB$h(_WB(-~5}<Bje5%om=C8!G~F02hN8<
z>zwoRf>D=NF{EUm^zh0L%p;r6E&Vf5&9#nY;$IEl=)e)hS#zj+n&l_;%#B&+j2~5x
z-9=H@;IMk{ls1{D_+Dj=rqdQ+eY02cK0Lo28nb5MLp$L}Y(SxcD;Xu9N3v99iX_-x
zV2)hnVE%*vz-C>b?J@R1r0p>Pn??X^8ok11)!(pb&GNesfX&F&f52wdD{MAO1F)$M
zz@|C?n_a2^Y}WdAsRFRsIQ%zk3JHcA{X4K}d;Cw>blhtg`#I<Oy6!ky0brB6qw;HH
znwqE7Pfk|=HmUx==6o*zo3DcgU=yDQ7%qOxe+-+iLI5Q38#W_#{=g=u(<^LpI{gis
zuebOk975JVVgtSbz$ShR0Gp9Ie_(Uq^#2Yvjs6uj2dw_U<^Uo9o4|;90N8vz0kAnx
z4#4K`HUOIg41+9UbV?l<jkSW%R-*e;!DDcQQMX-eQE9TqKe&{9j*sfzbh%-!VvYs9
z^T!oAa`l&kzfXqbqX!ui{r>4frdVG1ukh_%;qi>4Zf-J_0Ya>R9y?pItGCG`Gc5)F
zqe_jnO6^mcJE-v+u?5_Du#)`7^30TP_;8CF?TdPgLCc*(!;&*Xk;I_6wd8q^JA_#U
zySGa?e@+WKRVp-l=h{j_K<=;$!v$`oTI}sfSf_FI)|~TZ9bw&58Zy@ol<+LRDbqqb
zofUR2PNrp`)zJU1@!NwUcs9kDzazMNrPc8cqGIUMgS0+)(3jc_%f&Zdi18VqjCjlO
zYE^wOO)i^sN_6K4C9zDZgr-{1KhIWJ&*RM1ep*busK#Lg4h<ob%%E<}2T9>y`OMCd
zw@uW0T^3=tO`bwt|G+&M>JJ9tZ<|nse_d5exu|yj+mzSkcs1qmTVz;+xA~cajQ~@A
zD|l{n!v%h80Wjt90c81Y%73xwbXoj&R$PoNf3LXg<S539d$|$<ffZMp^lAWC;S}6R
zQTO?KnJse3lGro|^A*yt4uS1bG0R=-*MGyj$FS9+f8=B9@qhj<o3QF~Y@0N^uAz0E
z{=CaBi?8pp%i`bf^6M>fd6ID$@%AwLN7k$|UxmYCmmmJMZTV!o407AV+8JLPx_?AG
zltuTJFg;$U@1M>%;lDK`+O~=PPPcd4#$Z6qXAs~z@w^d&F#RJ?yMC|N!z)XCJuOf3
z^^aJ6OZd}nLF*YQ7jw|a)4R}L-|yy5c%hg-Tuqqn?>TL(l|N>8AQ96aQo=4|!XY|!
zJz+xCuDBft%MD)oc7ZKS?v;w?ntiN8$1g4BRuXz>n%-wpAiLOda4{1m-Qo3sT{i{_
zaVSUPtR%5E2O~abN0aTV*WnS~zfaV9cOQ@aONh?zO)5EeCSV^Kc8GV*yR%Y%nN*c9
zDs`nDS(XyDZ&Z*Yn}2_9g2tx{(R|!l&K+qDscy0PRm#v*9$_uWVSg4{8a8YicgIXY
zMh-n$O>7UZUom2h#3Ug35vL7X!~=mDYn)x3;;!qjxO$kg<e77LuyP76D?_MJ%l9+H
zdH(pp@$jj587Uue#oBpGxDm8u%s$#LXojA$_D(*Y6Mzu97csoI+;4-Ey1;fMnw`Qn
z&SdyUY0=guj_K(38s{+_M^@*Jo>K3yx$KV#8wW+?B!T*-f7KQ}v{kF}6s$#}Bv<*#
zbWWg1yV14B4+#;<5ag%BaPuhyvE9D@5N}A3#NhB+O!JEg$13GvUl4e37q>g*qqK?G
zpAdWYYZgl}(X6CAXboA^H`sCEPn*wyImAp9TK^2O$H6}cHf63<;(EIpw=bT#1BBS8
zxMx~VdrbVUGK!9j`~8qNP;TF+TJ^QO=>6CUr{3&-+CR#RdcVm%DPcVnrA*7hXEC@j
z>YA@7>Gv+u#i1J`gn06SiNi5_r$C4?TdU#ob_)|DaFa$FayMWhU+^t>7<cf*gio|o
z&$%#Gjo_m<1QV`4N-yV*#T8xGfoc6}fgk7(2HfiWtPh<PT9R4XkuB)`OBxviI;3Yt
zo2w-uW5w){m!DAwCD>y~QsNZ&QXo!l*>8qenq+|Z`cc6q84dnnoi{hVXEQ=~)#QA9
z^io9DGAySxlMG^4&E%U(0ec-Q6d&n7mfaJ502Ha>N~ZzdiELx7n+I8$SgiiZR2My%
zu*!Fi8~rQt57%nZiKI$BsxL9#Qg5`srnud3t}q;$x@I%;wCI&#I<0VMQDkTKMtqN|
zWQMfw$-Xwmujsx+xpQSG&DXhvl%4pYNav-uoSW<;A)?8wN$I5}{p+&p#1E2+aQs41
zr1t6o&Lif)KUw;&q2t*B3`vEMFkV1;xT+<@&W(ZSOR-AtQE29jM)iCZ<k<yy#7Vc`
zKr|tlnqBPCHNzTSwk)Rsv`bu5>D|$MQIvWoSBhG3&F^}ndsk;)Q^d2rLxEgz?~xt5
z2`aisH8EDtOzyl-9yUTlTeo0l&aeOE{pkz?bDpR3s%A7Pht7z<K`zAwslX&ALDQ85
z)6yAb28!yu5l64*hWr6?4l5bD+&&?AjVI)uMM4i5%Nd-cs8^D;)S`D@<*<x;eRTCC
zpt`vIYvW7z@to?7dfhs=)h;+TxMR6)VHdWY^k_%_sF<2<*MMQRQuai|w5@*p5~q)g
zV$_N0My{^i;J$Ai+>h$5$Xsfhn-c4jG0f_1`Wn7yY&_pD23<qcTOUlR3?ya`a3!R*
zz<2{VwQd=q;^L34?io`%FU-_>bE>hNe08E|hL6`j6^2b;gcwUmyH=ZV4tspwCaeuP
z<`ziy;Af<?d~bf8<6p5D=bnfdgoJd<L?8=;z9xu@x`B#}f<{<~j-Ee5b{=?n>n=i4
z(fMwM>N5J0#iOIo8}>~E-J6iNzIr)U)Jz%F<SD_p3PfzXE`-_7feH(QC;$HlxkqJu
z(MkE?x><gc?k{g3)I_zP981_b=J`gG?LmW9S*Y1Zp=epu=cDJE@;AinPf^|vFhi6Q
z(e9-Cv7r)P#1}`}>%0$2dYfr{eW*kD&w&Gj#nlXUjm2>R)F3s%3MR%X(X+F2F<^#A
zT+r5?hBggNAx>B9qO~jE!7F9UFXZ@D2ZoazGmxue=a|V-IfX4-&Se4xzd=lD(NZeJ
zzAo}#cnx>iFy#1y8}W?IYvT^PVcI5GClOra%hLkbx$-JCQ#%-Y-$!Ck=D}9Pp^HjT
z>&&_1xJOk26-XN&LTI=Upe6!kfEo%~VSydS>=KIClpC(RO=bl~eilqH>dq$>g#Mpl
zzL)w;I4JTdok4MHcD@Yt)>jKn3;P{6FVFf)`5M(c{wYC<w5y9}_F96pU-xX5Zvxeb
zMA;8A+<iNP*hxt9Ca)KA>EeVpY8tQ1vLrdEvY2UFjuI-I#-=#h5~!n>d?4rH^|}^s
zH#N1<K_Td_8OFxx=tmL<-{)K^X!N2y&-L)lojt$`$@BL2eqvc_vl9fr<}rDUV7Zw>
zY8W4SH|u#;Y@R&?3c>_RG6-5ii2O;`Dxm#GEz_1?g{KAtT{<)vnGX1ZH~yq_q#;6-
zHbS@>pAXEeq+;>4<P1PA(+pp4plTC!Es`FP*TcZ@LcR;iq;0FD(ofwm?=|(1;EO3O
zyPUT5Q-t)Tgon1Te%+49NPB%Ogo{nD_qE`RH99(5iz@wVw6mv2+tJ9ZXo0->+9GRw
zrnKd10$M*Fo}_`oLolfK6f2&Kr|Pn(hYQLp*}N$QW&=b$gWtvma7Q!{Ab#KDN24^E
zJnN8-ks_z7pxojP;EUwKJ|H~+J6=`7-XKL`IV~l8Ei{8fRum-#)k<Db1J{*7y`(5`
zokisEJ<86v{;;e!;Nyn3f8TKLT-BejXWxHBznPiuBuuYKQ2*PGfIpith+gEA)ME$K
z!Tt*s&51&riRbG1Ij?QD$=N%8!(BV8pdh>%2#L$$r^qS}Hi?DFBg=EKRyilh4&s8W
z{Z2FDe~LlQOrp63VV<wG@t+i$dB*)f-4Wg70>-)kUz3|KMV(Fn#QkR!Of8XFpPU<P
zAK(qV#rU96|GUWMP&QCxvzrjX(AL_D8qB^pdB)yZl-cj&xG9t%T)X~wyS1uhmAs?I
z83j2;Pn(<WUnOQRT()9@0Qy?Symp!<wod;c?fLg+47x}#(E`hVIVf&tjLS<)gp*Hq
z;v_Kt>8kjcV}bQzQrBq@XVw>vo@^Kdr<V37yiUec03dye|5wr{BS!6+^4Xd<r&(65
zLJC^&pbprRfe5kcqqN-K=tOjP>M7xs2NIvMCPJCLt0HC5M0i^`m}Y0LOQ3j_gpgJ|
zzM-#1LiQR#<2s3MYF?;Ca<Ns%iLYp4@nhXOg~9CRf8o8`qS4J=i}il~cjCKDc3-@y
z&|Zi0VZq!lH#K_D{@KQSrfqmvr5$i<yzQACsJ^e+{hvzBsJ)h&QBM2UQZrAsY5+r?
zZh8|ocj`AxkvNHWR`omj8HQ<$NuuT3^XujedOM1qkjQv}IPrh&%^;nRtZKP)sViKJ
zW42d+Do25=^4rUS{bqnkPU7vf$~cf@O*Jf_m!~>gJXmrMQhI6(@mZ)TQ&R=+GX|kb
z%po+7x5ax?wKTlsp>CQOy@Z7t=_zhrYp_v0i59$)4>Sph-Y))>wjYk>K${7tG0W*T
zT>*aVWeXt61isk);Z}rxVRFvscgVFj92W=)BShw30mO<3ep4qd$OOm$sw$$t8T~$=
zo5|{Z@<K?>w>?uN5I(^FQHA!O`#*jJXukPZ|3^B*Km8xZ<Ru6HlmCN9iw(=u{75r`
zp%1+olb>=O9;%qLBZR+VgnL~eall7Z&wiu`VqYkgM^%<lWj_yOdh<|ue|#*sn*qLK
z&z&VxG<2re-IYWvu|(MIShlzSW;wx-<pX}G)*_)IDUi;}BhP21GlU8&h)Y%z_F$M^
zKBbjB3Peu}$icO}Ts=u7kD;`&NCNf8Bo3LQL_X_H045)*ojJYTVm*mr?9c>ToG5v6
z3YbR@JG~n<KIEHkrhW;GahxQe_Ik=TjOOK&2myIBd08tK?Hcs>o2)tZE>C2`uSrn`
z`BncVDavR1cT$wAaB)NLjJx5|Q%D2_C`JYJo26$(BJI*Zi~-u*qP_qhSAb9Ewk*%@
za_G#$>as{XK|Ui&&%Au;>c@doXRWfaoE~8tJ4aNqO3nQ6zvM){P3+v|u|R`)_a7IX
zlNJ`BcL1{$>*?l8X~yqF;FAT}lJIP}F?L1zEE6NG)&gWaVUen}462tpbun}h*74-o
zlbbOd@^1gx!zw0+7U}%bq(n~yzeN7N-|&v@?prxM6c-_Mn%2W`4(07P4pev5hQnxe
zOqHI(ipgoCI7->UE}ed#eQC8Y_9{&aa<#DK-cMB*xp4|%8^+N){=BAay2P1RlF!)$
z2Gpi42d1d^iIp~?)^9+!QoA_`fX%Gtkb!Kfhftk4{jYjaBPp|1WK~N6!LtmP7$rJD
ztvZR5%hyz@dgnmvHxC6iV#lcKBu*jDUc(HwP9b*>-qvr79Lj-YuJPd6trx6POuXg?
zyIIn8^wY_aW}0hEV7t2XgWk{CA;?UNFLI;l<(Gpxvq^8xrW`IRK6_GWA*ng$>$u)o
zVLs*(<iISdnr>Y%hG~}1SPO1xtrxpe5(>al!I3)_Rg|0DZnk5%ex<|+V3MB~2e#>J
z14<;Gcz?3Bo5*jr0k(rnJ0eZTn`YOG(X!Zuh~n;rXEP`uOn76iqtRj@4e8s?B|czm
zOO&mg*UKWZA<%_Qc&!PPybBOj7)Sb(3LY;oT*!#}U6;s7mV{8zx0DrERz{z!xwJvn
zO@w+*{r$Bc=&k~?{^DInLK1bdDfm?~H3mp}i@Z>p0s^$m)pAKbvYf`9<@cYJ-P^xx
zK-x8|pQ*jqLVY#Jl<$V8Jjfw_Mq>nQ1RsBqadHgDM)MG9+l*4HHJn5Vz5n*vDADGv
zG8usumW9qewOlz(k(5$3jQ~913X2EsW$M$Uyy#IJ2z8MPNj?nH2b&^c5e#fno;#!6
zslgDpaIeTxcIFBztp~qSD`VB{kAx2NF7+iT4EwI9(7e7!-(Ss;Vk8ZM{kqq^pCG^n
zB#iVSjJfmH{Gm8?{v=(2`NGeOW~!hcR26u`lKLXeJ5(NdeWOUZZub&U_?-Q96QXi!
zmWtEZ_C0j-8wsKCh9j!?tZz&;(H3b?PGeylBt^Low`~U435c7q1yxs1;UbG8gwN*w
zS<OUv^G{tnfMFixLaO2#*juTQUq}-<NU#X77^|Cxsbjse0gnji3TBY8?)pbbZ?<vb
zj~9~~nZ}0^RG}%AjcD1IO)>Kg;!9fT;3D~LEcwB!!0u14VX`6}8ShcG26&8CahOU8
zlu#iEedVEQ^Ly^_bC_b}!N`XYxj^yBOT8^_h^PYtj1Q+ve|8pf7db|0-S!su)?p5z
zzNzsAqsxMsL+W#*x{2yU`+EzhA-}<n?9JN&CEWZP6o=l|qTW1ja(!&BafWWMegr%<
z&V|N(EC~IfxPl~}cgdphO_PY^<PL6U=P_n}au+X6rehS$ZqCrhh&O>Wuz5CS<7*a^
zk~}oq2knEDsIQaTZJ4u>M&5qB^|TRA+_MS_8kAIq87*gVM^___&sn0er<LjQ1icYx
z%hStE)#ahuEphU?uGx-1E!voRPiMfBL#nrV$ixa3oPjJWKEw6Nn&Cy~9maunvhW3G
zf3ME=+=7bVeJKmhGZQ+PR<{JNp|+2a;XqxxkXF{v(}xdjN#e>N$d=|u{<edigLTS3
z;g|h-L#>-VJsKeHldRY!881<W@y!{~4NH0`pMx_LrouljR3gHVb;Ix2m||rAGGHjm
z3)N4d$(-gsjLC|vbPqaS-AQ+!ffaDW!{}`Vow}UrXwDy?$D0AW|Fz(Lch+x7Zs73c
zv;(Zre*8IhQPQc9iWMg_HGRBll_2xFXWogb<z0HJkECRG5;-<VeA)M%FTW5$+Qm>I
zL#s{R+1?)K(N`)^qrXuV<nulv4*qIGJ5NOyyEB&a+#`>V4{?0!JB@)b=$i(M1dXk<
z)Jb2z*2A1J>D`^Qe$v|elG~y!F}NSCK~<}+!6Rm$4-ct<i^U(xb+uNV$A@Q5K&O!3
z|MEnwp~ph0H|ZT*7Yz|@JPB!^Av&<dZVIcv=xj>#iEgb*a?}C(>WO%X^$b|tPowQ1
zM8vk-*_wXa&f&t;C3y?>op<Y70;|@?@C<LqI~@=?!M7*y3qrjxTds8BjGU>;FgN(~
zDXyFoUT6yUX4Yy0%uNs6get7<`7z^GeUY~tr0DnlXqlq1TN|{2;&<HT-}ji#Rbt8+
zLjs3*NxchO!&JmghFWuJ;LEr__i=?t3`9cDZ;1~?mPSMpAZ$lP5|}w0V-xUbE*&gP
zPTek6Z5x>E9=x4e5!Z`>a*%LkehjVMxFPox^S>_MRR#Nm^I74HEVUj1QeAViK@_Hy
z_*R&>Q)dFitr3fYM#$zELZgZpc8Eq1>bs|e&4ZhY*)9gvW{sad1=fDL;YaVWyUf%z
zx@NENrZe_=RdDC(9Vix4W?c|HA)<`J(7U&s`UfZ3k{@}p?cdxTGeEVG9-9U2denZ!
zJ5Id7!=;xi4iF{Y5*##4Cf9eX4|yO*T;L{;X^q8~sWvnD5X`wj2V+)ykNl+JWJOzK
z0ei8k+HGlm-Q`wY5_p`4XPu7`bbl)1ubu?u^6|^E+s-tkrOdK2K8WfOrx&@LgL#5w
zlJ2|%rH4sVCPZ430zC?GY0`5Qk~gw8q<4A_;xT0F3xo&+AtdtB8{a0t<{R=X=K!*|
zBGBK`k}Da~(8E0kioYwfuldX>L%CxsSY=kYLG0)?%jsr~m<7jEom|Hj-nR?GwgOVv
zF=S<1y{g$xrbHvY4BEsgu!`6TJxTJ#fVkN>$x-YQmruPpe%k7Tdloz+aq>c8PHe=P
zndt72#)*6BEuY%c*z#*@fJ^P^bOhF@?yPFbSq87fGitVd;L|$rS+NDX#B-iIa<<)a
z)ODLT+ie2)WyGz&nzOzlv)a=dAvNxZNcU6JE=kLh2BF>ZWdCKfk?UX;Z=Mx!LW~zD
zT(fxU)<;YSE{9;LvQG#6h&x(s$0?@!)ynTs<IgtT)(1_w?ra9uGs5q=m;fWGe`i`?
z$K{NV=`4F3SI1l>-*azdNW?~Yi-Y!5TMK-a!2=qv9ri$jEsJM33~0mY%Cl6BYY4WM
zG@bNSdAmUV&=B-+nXdtw5_lE4pF9VSiY~anWk<{_ZadD5iQ`n{Hg81k?Ya=K>q@ZK
z16`o2in`(Riu5jgLq|nblubO>Rg|t}5$r<)DLc!X0(0a<aLQzN$52M^FXe3xH&aG6
z;#$ps51M$NW9K^~*@wb7=E&Ct4NIlg;3`ks;W~jnr)wfN$NrQZOEm1yu>w08kWToY
zW6#1c-#vyJTV7+BV}H5E5X!9>1ZK(<FjEpafN4@Ush-yq(N2nR5P4|`{7u)9)MIG)
z?_nTVmP+x@k)K(}$pEK{dSHNa&ZSa_Ng0-gpcye)j(#n!!ypBgeVqDXVoyAnqT~VJ
z&sN6CrRk7{(ER;Qvqq%$ER9bn3^8HdJ+0s>$Xl-x>|wfrw>h>K^rkYu`tw&XoGCMR
zVw5W$Pw%oCRgiK?LEc5(kmDDw7I{d7xlpuPjmPrEz%m#;)D_ykl>-ZQ=S@n6iPBXO
zqUMabI>%x|Imx1R?*=*rLi=G(%Xg~8AB#P4Y82(b=z7&IiIJSXMC?W$Wxeguxq7Ob
zjnNmR$Y%M$P#5sM>Q~-0(U;6&D>8^;BbaxNwCLV^>paE76bJL<;ox*W7fc(9g4`Eg
z)P>K!2;3KT2y`H>2+I@-s8YDGCt}IxHiB!YL*_@*?hRf%Lb_=VKXGHDFP!isM{pT8
z(?kg_B++_}s%FtEnDuJ)4wjLSHt9n$Ayx@FKvdY!ap|4D*uj&Z^+%*~WZCl@+wM6r
z8XTm8$hyCW=KZh*W7h_61RvdSRe9z8$kAifDfsfeM-Jq)4StqbkZ@$927fF6xBwd-
z5`HTJ-V@!2n$Bk3=v<oX5l;Xj-9WuWEy@r(AdVAJQj#<ToL++a5ZcASyCYZF(rb{u
zTmw$Ne%%GkHV6;Cavu^J5A*;F>MKd-k?TYNPwzUM3k}i-*+x?yhpv^j#V-HT{VqhP
zvyD2$FSd4<DnxP_S}l3)O#>P87;Ycc&)@3T*I)$y%z!Pv9jtP>`IXUr6gVU1QPrE4
zCsS;L%52rq3F0mDksr>sr6kbNstx}m@zyHCg7ViS0;F!RZreh5oZf!2E3ON=486|x
z4kCdUoQh`Kk<O@8`j7-d46;3MLA+~F*b+cx^@j{GEBhX4_aL6A=ul&gmNt`_VS*0#
zwU?K_!U^VOLgg0{fCnR2!c?d48dOz#PNuct8fY1WfwDRK_Q2zhFx{TNIA3Krk1E@X
z==Xt9aczRGrjtT!TutM@6ij2}n0ZbIah65r?!U>(eLAW!hqUyn+`9+8DBYInL%dQ6
zxIg_7xZ*2M6Bb8*9skDM;Ts0a{R8L3Aj;Lyg@+s&?L2sM8ExhKqYd5^76+f;7i`Jt
zCY{&=5%S7BL%ECZPT8y*mhQtJ(><kYPL3Ox!*qTyc~)GI#QDhg-R!M5cAct?cQ<U&
zbqXt;wRpR}Q;)sq%1GMpKIQdZ8H>ZVmoiwZX$hP5dFpL;=}npC7x0Y6tFkyJku&@0
z-aSNv@lNC-Ca8@f0@IrQCEA2s==+YcEo<YxAK2sOrH4Wi&w}JT^jO`_p>3o4_n`ah
z7BoTx0@@i!{reTANVE(LTrJUWeO=NVbYbT<edn~+PY~cS+SmH>j&)c?gEZ`;dPg4g
z<!MR6ij1QzK=kpNgDjz{-Ws6nBhfLi=r){5Nf;w6$biA<JGMak?&~c?j7HQm6{2ve
z&LiG_sket(oMyYUoOV&jcmC>bV*DfG))?J3O3c35C5+yjWV0j{bJUM!tEHyHJ7_bv
zwWR^lGa=P|kNO>VDwI6OHt*`{YVSbw;7IyvH_|C>kD<N1zz%HX)svI_L>B~7VTllX
zM0(mZ@F2uk;EFVKBZ5BLFYm4{R>h}{#UeuA<($kff9(+qT7wm_u*h5$Z%BF?z)BqX
zrYK-DgR~b9!EbhU=U0Inc^Ksnr%xDCdgG!cUkLtwwz5ys)9!w^k&A{JG322>&Z)pt
ziCYKd>Fx(%y^wAYZie?ltu9Yj;al1bFZMz9vt;w<>P*!R$Fv3Az$oi_&?%mj#Hs^A
z>00=@XAHA)wPledL%}Ta@ZF^pgn>=N%=?+dG)S&Bq3QJ@JX|HgcCpIuwqMyIFHNHI
zht;YfhSe@&{r#7ZojCPycnVQf1ZsV7P(wWFs={JmF$KW1Rl0O=I=N#?s`>D*p(WO5
zGTi)9zkK`j39=kNs)+wFj)UAg-*33AFcI{M8(W`vzITrg+D>5OhMh9PqYx>LCE;!Y
zCXmT)nD;2_I?6)J>aMr`W7e2iDX4@yX)1&UT;s}P6-TYOO%qq9(eothXu9(IqoIl-
zDx&1QLHvT7*xaIdbL%Cio8XbM0gtD78isdfqg!@I?r3^Gn_eTn^{wVY%PaL+&-D@C
zEGxCJX1=I*eJ1_7Jg7<b8R1t9h**B2R)^mlpJv_4sScUVc_>W-{lW_0lw+mODyjZR
z*?e<SJx2fYP3#F9W6`+W&D$W!CA${W^ii6n`jtS=BscpW&!Hg$D-3^Qe8yuOs$~Ty
zQUx^^uovByJ|>=wi0RO#S!Pt`D#rB*pLP3@(F?z3Gw30-aLIUX=R<jcHg^b6+J**n
zC9@v}lm2#Yf~Q_Hq+8RMnZ^^%Yfrna@1V@$dCpdXu1P#7_Cc?#0>e-)t9lKgnUiT&
zkcglVbU~-gvZsq-X~{!&qBqy&*&_sx&xlW6M4${(VG+7zRCHsL5bD>d=ihPYH-m%_
zunIYYIEfi}wei3Ryxn6PWPu8a_D8~EdQU3wQKxDD2Q^rJ7a5FIV1<Dk`BPw>>mKO*
z2UCkWRFwAbevHBRw;;C2A>fKhp`f|NtrU?_XidEN-9~T0zUncxv4ejxIV}r<YzH^#
z1h##LKM*+uduSlZcNvD<k3lUao{t!?_d#K0VBW#J$v(poS4LVjZOm%&ZJt=UAO=f&
z`KZ+rvcxmTzZ(K?OAN23N{1`Q<BskYKa}tyXf6YijU0#GL6Ss1c5*=kH*nEa8%%%^
z=`K0Tl{rm3qsKCoGhk1(C7>{j#(qwG{ZV_3h5vl^A$Ms1%6Mw7H?5ek-hfC)gL}c#
z#nk7p(_iozTF?_;+s&o-`cC=BZhmdRc7)8a^W>wb50)j~xX9PR^T%L5n3?&Sq9{ES
zPSiRxzUPof7qlksnLAQ0-Y5l6;sqR)=e>++I&ZWT^pnG(ck?S`BH<x!`(!jriR}?>
zcJc6RZePv@`Eg`J=av^y5Oz|&)?I|x)VAX&hSsm{9j8;|n`xbn6DBK%&ap!D)LMcw
ze^YQn+dzRdN#Zaw3pDqvE=NBBHK{d{OUyY52|lebIjiVD=8bkWdT?OxnY=u)%H7oh
zex8Eq)<4~>e|8e-RMV(fi3^dJs=Yckhly!P;*K{c<8V=&qm<P#2`;%l5Q^eo+`+$X
zBirY8B;pj@YVaSOtDjM~8Pn}V9pb%*L!yGC-RV3nh!t&YJ9lA>23Ln1%BUwCB$=DQ
zzX#)haK2j9XVhysPlUTL+)y$$E*l*tG2qV`mJUZaTx4@AO5hRLMU`|T({xApKrQ9M
zNxXk{r@={IN#5YH0M4=}iz-i(T`+gi_~GRF*0JUdN}8ApreM4om2WCJq@OzV`%PVV
zPjO%+XuR;Vmw^kxi5Ouz-TLIKHG;eR`&^+N%8k8?Nmo`rhnR>e81;A8^6fD544*!p
z6s0hzL?%spBkWcFGV{=q2q?%u*_omDgQSEdOqo?D)kT%NT}$9mp8)$&27S|3-nBM~
z+M`|Iw8vz1;|^8@XRIP4t=-AFN+l2N?Q~5^z1Lf~_A#eL%|_TT*}}$cp0KlhJj84T
zzrM`g&O_M6y|OKV-U3NX4Mb;a@zJ(hYusz3A$`R=H&|*Vr5Gk7)eMiE7qg#^ls*}G
zgL5Ik6#7X}h?wVXGE_Wk<(-7t&us;tc!J|S5NP6HOx|052Lvc=>dsgg*KXLv-j3Rj
z_@E-K<O_O8uu+hp7avHWeQ@lnbLdcdgm*;;E$2n-cr&LX;e*t8aKAw%V`ug9mWb58
zIp55*1)=jq(0-1By$gO0nc8h5vhp@vbb-o`@12`xV4^Eo0PO)g)O31kK_hufi%Cuw
zWN19r)=xiC<#+5()hVoNj}MFRE5(T!+<S!tCFcqUgWRcdLCFrbnlx<~(TD&nPm#<K
zjD%;D<t<3+i-44^#q)=ViA=oIcOruxsM>W?{rz@?VLS^cq{sV7P`v_&{(hlPJ7f-K
z2?!iMG|9a_o}w^JE$`nIf3H-YJc~B}WYp2kCdtVawO59-PYgljtdgN&1r#3WV{(K3
z-cwH(NW5vCAfdn+ddTP_K?#%dewaj*R4acJ)~)2+t*7#rbWM2voyn^ej5Ha$A;{3e
zm~wSmsB-XCOy<n_m^Q?yA234>zcSsQCAE?hYKdMu9}(|QzJZ?U7_`DFZ$@+Kp^F<6
zsnEA1l3}Tmg>$2HIMJq<ZitIsh;zs%vaHKGP19kZV3gc(K2k&u^mtjB>f#Uo;YeY-
zGj0L@4SO9?=BAn@aZzAi)^RN*+d-OK;?fz_Dvwvzww9>urfkwVZdlvYN<Bcq)l;B%
z{<zk&^AzJ$do={19wiMcjh++b1W_67I(-c4<Vyp`=cy*rCc0DPu0-}D-HIWo2%S+%
zj%l32pY!CTt*V)o$@8nYGGU4f%vXr<Z;?JSQ{g^Kp{|M^bEF)2f2u;sTL2lCZJA>A
zv@d?4PiCL-k{u<yt`Nw0PZ?*LfA8#XBz;OA;xJoqIQq^|da>(AAFGZydOEpq^*Kv`
zi}W7%FY>UAgtv^=+AQvLv1yQ?n{kjK1)(4{{!sjzxGo&mKWrYiN{Xj;{FFZ6;txn1
zh|9lwx~nD52FtP*3S-#I<Sr%Gw8{MvZ2ovwe8`c1{6TGe(Pbic6wy3i(JwIhSHhvn
zoF^FV4ibVudv<rJDn2<rG#>WhIz$Afl(*~iyeSN9RI%9jI`b^Yd#QvRw&In9x2L;Q
zbdued7~K%h%9WBG@!7>G7c=WBH}HM94xM}M<?oZa%>sJoh3^v9EVuRro>|J;w32-s
z3Xi@mE;S}|Ko9$MEoW!$=%jU;!t>s6b}jOSM019}6X(>mFg(S|S#;2B>lAA3Wvuo*
zpqJA4CNpM;N}!ka>;CfFtw_u5d`5nbDk}Tzi{;6R8gJV(S4B3l+rH77c32p|FsBaV
zF=ygCdm#B3JVtYErrj5Ykb38|XF{-PrZJKx{(3l$bO{;dgmekw%FCQ_=>nU^|Gahg
zt#==Nb(soroH?gKV(>%98}~LSyNaTDGPh=|j|_6AACAyU_EG1Lv`NN?$Y8m~Kb%FY
zi(lcs8`uDkNZr1$igdq%Y^89hf&kJYhpARbwm*9*X|<$CIXZ!(Vpo4$M6aK>$Rd@Y
zF;O=c+Wg#o;*Qx^B>@S&AdbU7e6HAKZoa*T{chlenv*F{zc<q&qg8FSi@T3MuEsYq
z`B$E`W$0nCDz;|L<ow1WOV4d?3)5*Ke>T5Tsr5?(;o`bm=!jQgzZ!URCSlP!tZ#i+
z^|+L;n`x;1INH9)w=8}txF2HBZ9Qx88MVY^*2xF7DUokiuZkS+^_M+t6>sr5Li-fy
ztm+l%<~p$Z48c?6)#*;VJDm%X@famBYrN^_1O)q%(fAp7ES36AB&RP>R;|?OQ>fhg
z_=<22%nBpsmpeJuHX`1+Ob~44NLu8IUh~4Ivp}r&I2t4Id_vdi<OnTOw1_Y)sY4*G
zCls<XrfPu-2iHyrT4M1#+|QcNlAO8_E5b5kYlqpjY<*lY+nzOj4!ihK13Fshe#7;D
zjxLf>xQ?S8CW28I!O{ceM?|#w_UsQAV9(DoUx9_?l37Iy$GX=Wen!`Fr>^hEA}RUQ
zZp|p1E^sDR?E66&+?9~vi8FCDpT$xFF+>f>ku#83FyPRD1@Ux%hd#tGO`K=EH?W*)
z@94WgGH&zZmexn;R5U&<;*XPYtOVmMRZBQJf!V2TYseL(8eazeQcJb=$ttp>crtL7
z#V+u)K81_&sixq=Ww$zy<}z<KeyKQyot|!Hd6D<G7f#I%=<k!YAw8b!d+LZOdg1xx
zyxhXSe(e+ex>}E8e0h1;7a)>*xgGi9^<w+&*S5Ug&*!i&roZmT8QbrFUS)o9d3t=@
zI>vhJ>-Z8Gd*1)^Xg%|n?Ee+dD=^f~egOjc;)}okU+!1sG?Ej>CuVjVi8R|<#%2$`
z1v5nUX9t?{h2zPq+j#Q!9cCZu+#wW_@VjI_C;Yp0NB(uYSPiqB{4`oz(~z)4zNJAx
zw*Z-DetnB0ydWWo<OSoc4@7owI*Tpusu{VBT~y>@ZGyg4wHnM99kRn}!h<%n-E#F<
z7~;+3srQdahy6HUVJ(Qj1dB?5CFu&yZcVx!J<b;8e%1JfpKm>YyPa{ar`)b;b~|3p
zZs%SBw=~`P#?{*FvBHiPr}GG|D-5?g?|Gfwtxxy$?qPxUSaK&T)X@&@Yl-%<Mfcts
z9mF1WwMciqMZtFIJ?~IA>vTNDEdzW)r#NsZa7Ml^%M~~p$QtNYg$FLR`xeK5jpeeb
zpiJ+?@Gi{m!srg{*q;?+PUiG(Fnh^J#BtSjx@rS$XBuu>NLNF+NP^&k1=QQF7;Zr4
z#9Mno2SzZSiJ6dB61QJpxd21DI_YMmnQh=9$PG`q?T>f719LB>j9(Lglert=mP`O(
zB6mV4e7`5yZ@E?6Y&-W2bkWezRz7<>9;J^bokgRmch}Q!+95mhql<U*n63nyO{QgS
zKOb@juuOF!vxk2tRVy*1tdw4S#k`wGBrQLAUVKP~0d|Zzxsog%)u2%g8r2|68`U7_
z2csI)^wp>ab&o%)K~Iwx_g)PGbPDK-L_~-S&SqQRKH0S-m&gO4cJ#2JMZg7{V;Ur!
zTrW8hOBPtB1y4Ny-6{(n54JL}eZQ;p3C6#ULY`-L5XWWR#6W%kX~ys+fysD>4dA2+
zgLj~-2E5Z}S|_b{$8Y>#O&6}^I%&9Y?G~olI*<z{O~4w2yY}FyIc%vlK(*IBmR&TW
zlH%Z$1bBT#JQmq%TMmDm#e`GlKhWSJ@jN2LgPr9-OW^@ek56h(-~R@bgoiZJ0ot!Q
z_Q*xA-SC$`55tWn2IE2YB7k1qDg=N_)S_(@72)9ZW1LaDf={yMqFlrGj*<iC7lXOO
zC~yxqnL*<!V$LM<nAKm#Cv%(x@(5j@TnsZd)CsP_K3&^&826c)%nYcI+KK0etULJ}
zj_4#Ox&sOZ@es!?-*AF`I$n3Qbsn!fntG1c9kwyY>yE}YUUxLM@w($vF^$ISj`6x<
z>+#3y4)7P_bw{mza@QT42>Ls*MI;P%X_3VyLIP+VM7)rgOWP!zphC^)@`UVN3p5|b
z;s%7wWE0vt+o2a=YEyebn(+e%Kf!fXke=%3uwmCZ``xPm@pZp3LE1+oq+NHQsAoQ0
z;ECvZ9y*<ddmGZe)gkQ=VN1lgv`=nnVVVNulm*aR5HI0Wu1{Db$z6vg43qpg2-xif
zrz;we1vwKQ4zR6)2s}#F!!e%GfZCZDeokS3@9%99^0_S<;^DCb$9AO5VIez|Ct}XL
zw=9V)MjTkx#QyszSYI+GU(tYwwUES;LJNv1PoiV-nzO{Rl*8LSdgOO3QnMOxE+0g5
zZtq=AMUXc%O77mrtr^aX=1_NttOy{U-bGVoUGd;O0P3zo0!*x{=L8VA{RQzn7RDEx
z&8dw-4(rD}9Ox%&2we1_ly|5*u#N}O6mMzdvs*Fno>_zfpK#)nNKzbJ#gG^~2dZy^
zhb8)Qc{nl*;}HQkHKCFbm8IjrC=aDRYUMGB$9MFm&f`0JQ_t}o-8Sa<j^5bDcl5?K
zzN1?KK9M)K@g049N8ft<@f{uf#rTe1YoFXZx{yBYxN(M9avH?@s7vF7fGMroTOtHr
zknZ&101j>dx&14El-BRNC%R%m5|UG*l=S-uxbXEzkX-Cwp)g>~0n}lkn1!X|{bb2C
zi>NQt?_&)^HPE0-XdrSH;|1W=>0x-Icw>M8gxolZWHu-rQ+Q{0vGs;{;2n|k#9nNO
zTgGo_v^b?5WUvyzHua9lSf<f60iOyy3z|pmW~>E|y;CglS>(rzHovQNPFexz{qa)D
zc&pL#%)VDTq4V&CmbMH^w6dmaZsjg62wIC`-%lOjFbO1m%lziYwQfF)nBQ4b|9)nW
z#j&NeWn9?_G<5UYaS{jA!;OHuRb?R=#|!d33F3amm%D@q0-Q{p6ctIVj3VM|zIdh0
zgB_GZOC&Sgvz=nQeF!qAjMFat8fGDdG@@Y=9-$W&Y`P7om90k7o}Oot1%$VkHQ$O?
z$b1gqlg?G{tak$VUZIFv1RWSiK_jbW4!aWoF;w@J`nKm`7f%>_We2k3R-6S`Na}qT
zFz@C{GQRaQ>0ETxlr#;fOUIZ?YBz6&zl4MtE>N?@tls(Q05pLWNzDed@M@>kfPYUo
zIi=!eTYm7cx1`ZRoq>Zeg-^we-P^zc*oVvWL0}EY_&3z%8{p{WHv}WYcrRNXYo`yF
z=UemVt4<Fn7=I4C*G+Mq!T3`wF$aV#4JbQ`33PYM5Zh)AJrXbHTZjCFETWRxp7KG@
z_>TTbwkKu#bMgah<BUhU_l^T{z<N^f7dx0^#L)hl{cAnh{YwYjpBcArweM);ccFam
ziry~x`x9o!N2ze;^#r%&%QU-{UEv(wZU7uIg9o1i3y?aw41`wNndasO>E;LtFHhhw
zHJ7kjNI}wxMiQh|3>JKAmqtK>z{)Gaq%LTVedL)Z=+**()72m+^q^;6#C&p*%mONw
zSD*TUwTt_fV<|bECDKN%K5@gtQVwWXYcAeq1N!VXy2ac-zUa8{7|+;-Hs4`+e;m^v
zZBG@|=Ijiv(TDg=^c=y}Aw0(ie7N6JvG^ye_Y@gcUhR;T^Q5V;Xs{l$K>E&hMMc*G
zQnfi%_32yJr&nd4J<k1*wE+rY6|A=>(kDY_zl4vAWpdv(2LKoeW4Z2h9|K<I5}ziZ
zGz9j0N%}i^LqlqD)(6Q4H>uzt3-(k3^xpRnR*9D+B)rS+gz<{e^G^ay!)p@80hWV>
z*@r}8A4?21qCg@-fFj4;4qdFHb(9{yi&~)0M;hz~BWsGnR}M#mdudV}Q$QY)a_e!5
z+h1$99Kfx-s`CJ@MNcPs#^BE2@K49nc3Wk?%zr?Icx1ty4j^I-*AhP+Mh7IvEH`%+
zg(S@^H>WeCA4;aV)|E#6cn|fe{EXbIKlhMv$oW(?t$%{fa&w$tzr>y821(*sZhdZV
zE8n}_4xlY=2vFZ!0<^z&LbVNYTY&oQ5?GSZavND^WF7YpL`R^`W^+IILM%NUk4Qvo
z7*2D$w^JGDaZqkOSr-y6Fz|rd%iob8J!o%QZ!G)i1pT!fh%ZF-i)`WcPdCy#>`iOD
zU~}8{u;{hYyOw3!ThM6$-bsLkfIs>;5+jS&hrP}91ivHf!7Bn!v?5~Cy)>XP0iEU@
zx0UzqA{r!*JPJr+z990apWf}Eqx$VFwPm-tf3zSR8j!mm_4a+5K4J`#$oAnKm_`Tg
zme%ihy)S>TdBD7z?c)G^EU_3c<|&2u;lm&f>;O6}bdoVag(Q(2BINNYguurBU<-Qx
zL5K$Vt$2dUOA@oK_Xg$qwg5DD03l;0=z!o>)b4jUV3<gO|5i&ABtjCtec&KTGw)cA
z5AaUi!(czyy5xlD-c(&)M}T$HN$5L?1Y5Sj2rY*Z(m;{4CH1HnAQHk`;`lg`%Tp>m
zwjwY&0;pD$g1s_#mcsxY@DMdQeI*0<r9vV8HiXnnSM@wn;>`N=y}yQX%(%q1+q8$U
zYe%!BvGu+6GglZFdbRIOaMItp)?}jiz4P}n(%T5&t@C3=+iNU)sbiR$755kdZ*hN~
zr1)&J*l}(T{#ZDfZhiVHAdlFp%JJWdvP&jew7>SYe~)4FYOt+n$+)~_e4s1Pz0K$F
zDAO6loT*>ChT8j3OOV^);K7!FL=gP|gR$+^xvxKkvo}RgrvYeeW6@lr9P22$dpSWP
zAL}DI5~Gh7gsTq(C`zknJ$xTrJs);jZwi)6qCNnu$RN7!Fkn!ie9<1i404HY-*zn2
zE9SjuTlh>l$H5OUYCn%F*C_cqqK-~fXaHBBtc~YPsr8AvFQM6cgY}BUFWMG+%rQE@
zXg%DiP20w)x(cD!gdd56wP}O7S)1k>*<Z8=kf#oD|8+bcOq}-9RQF5sbQ-|iv40v`
z*J$|_ZM6JG%de~dJz0Kf_3dNNV@V{h*$n|%D9$;*5}%UJnv2!uyeQ-@roaLj)dnx2
zS;x+0&%5k)$GN*^0|M?<2QCD69mom#w}j2sU8zrC+_|tPDR_|Ee@+%u$bnqmB#Cfy
zsWoR%17-cro;U8%3D3|I@B*?8SMu4`FCRmC0EKulP-zab*5=X>u=coe0b@gWc#Ix6
zE$va18qk}jv&Rs{2!w|Na{hjggvA0&a*KyKaAM9R@suKV%0k>#tlI(TxTzXj-%TY%
za29ozfh;2eAgBq79jxM23h!blnJm^ql3{WzLSttKluGID?Cg`XbayXJhpl9n<+f_?
zJv_#O6%ZuGf)$+|ZOY`3btVR`um;)VM*6a?op<-vzwVP)00uq9%HRMA4ToaWm57&w
zlf82V&6Sscdh0=aIBPHmUN*aX$l#8qojxAcrGJPj)$L<W3fF_WRoFV3kXR-g{MgdH
z;m_LL->*DiryNrKTQVy$X`+Aq@oX}gJS%x3Askb3CrPC9ZcT5#5mU+zRxh6E<f`Z-
z5t4<MDTGrp*HL9GdRERAjiZRka`A3O4bFmq@X3NiQzf5f2@QP0HSlcc)#3ETSJT61
z2nD6YL^zI*(2bs6_U~yS;S>NZX^SrApOP#3`${JY#8f|NM2o5EG^OlWmWSHh_@d1Y
zX*O1agqi)dfvGFm>purn$R9R-dP9X-l{iQ^4r;jQU&NAeeSGIDK0(rG;etksB*47-
z*)xQM$JDClBGrGE*LP2$Oe$$Gl)}bO)aEKD&zPWp3Kr=Nj;4m`rU@?x1sVE%xO}t0
zaJB8;1j=KP!9e`{_s{?LRDJjDxBu&sV1NC;zW62WwK16f-D$Xt-=-cXn$@mpNQA^;
zyaD{Ua(`n$`&edwG@Vv2a1bwXR&8H+OA?k6pR<@m#~0^6zPzga(0-V-yZ5!q&ZY#$
zt)1Jlv$so_hRo|-Cn1gIgp<f4SLQviNw#(#1DbK0zOtRabB;rD%Xn){jP>*hN!XDf
zz~W^E^`!!NOzoXtR4?zR^eFkjTcfWnr071NC&iMt{B9Ps<;McMRu*kM-@8umI`=np
z3G;IRFk18Z-nA33?{gv=w}@>6ogAMK-k#FI%C@$rc`JY}<H!1O!dtCm%eS4n+=g0G
z`x%@;Y8xbq^RWqb$2F7PW(ly6*BnQJX6IqMhyw_&kO<NFUI>7}2^L-M?EnyhtO%#F
z!^(#MY218HAY`X4Xa!(5P&QPf>d$I~VeJ=$*vwcBuSrCVqf8TeHgA~j!?I;FcMxp1
zHct*Q<%uR6C^vVmDxOdkBgf4|p^=bS3DmUPq+}9>IKmm_Hor8#`jgq({o6*vs0&C@
ze*!5;^MKuM5QopOH^qruGERTjOtWDnUb28}L98yc1A=|RCp!N$WzmGIp_&orNnqA{
zl9wMTSz8`s+^11_0{XWNPMM&9U_s2zToFDi15w5Y$^W?^viK-70@Xi~I5jvLQF;En
zZDbP#8sfNd^w!~SvGkU0Nanbp>?XX_*Czql4$*^>9P7Zh1q;Vv$%<qNo0?aq2lJko
z%vw9-;dH+l-tFd6?1xmR6G|PHAnY0@O3R5Bw`8_t?8YojVm=jluN4lcZ|T>~?K!Vl
zxUtG%wS~X!T6i3%jNdRzpTq%MhnDrfM_d!hgolIdJZnH%GaZX04r1nK{j)2=hsM9J
z5b6+teWjjtSMLK=@)M_@Xm%VeX8yg5V_w0wq<ssyol()c7dE<A$L#yT-4FhXh`eR|
zhDM7i6_T<JvA&{QCOCK^=pW2!gai8fzKFjqW&%@qTsB1sneL;WMhi{^OgY^>4f8h?
zrB$!U)F-P)u?c(Ny>IN>X9~mfZPO!Kvr1uf?6f~mB1uCcEI;op&HK%EALwr`OKOkR
zkA|-K75#$acq!Wc{%HB8K92`vm>iXg;BNfo@soQWBxIXtd@3?=kA&f-cgCZkVg>bW
zXt<a6WHD!VYtSuOB9|nR)Pr1)Np?dbPF9rMcCU8pP<5KL@_3>jD@=8I`-plC77I=m
z8u(=r=m#gSpz~E)b}@JNX{_Sbw07y8_>}R*K{f`NNH)oSnWQwwen_Ju^jz|UJl_kJ
z=sTh6Omfz0ns3Tp=;vSdW+U{SHSwt|O?psnXrrMT)3QScP&ArO#6ccJYVzFt(_=yU
z#I)Vv<7f)E8EES7oF$Uf|5@+Ua@$}1^9JO!21>(UfQQOGQTws)PIUxWx0CAhIJVQs
z`Wa<<K9YY&BcDc#dweUOr6aaHnX`bTAu!p>cFg5j<`;cgJi>QB)TbIz%GixQ76?Hc
z6$W!vD2a#NE=Kv$H(P|B<SvV}uBYWsnA(Nuusd3p%#(Yj^y<a4jAXx(I~>LVIYQ4r
zv$T)VXQ;DfJ<k67`0d4;Gj#I)-K+E0A1;rt&)>hR^yr3R#X~{4UQ&T(0rPGU6)0j7
zVNWJF2-awxM4s`)tP1Zh)pxT*8ow`rBttY%>%*}mNG=J&D@+4C3rO`t^<7#;6yeB6
zKJ${0L{fbdA{rr#Zt)t)C6)>qW3bU#K-7nl>4X!){QM8KD4q<EQhNV^q?&~p3xznI
zevCddlOuv4p;xAgN{&Z}*J!4Gj4AOEOC(}*J)DA=E^102g>n+n$S08`zCvh56xM3S
ziVsY;6xW=J-V#R(LzW5#Q$zo6K@FY#_r;sz^LJ;LS2cEkeXmA3Gn4rkk-IoB_smD=
z-;<9KLjO|#PqmNFF_#~o9~FNwf7RJHK0ZfB=;L#<Zw@e*lN{2==U-MoNW;j_)pzNB
zQD8ql53nRcete#F|3m%99}2%?F40*A5Ty!Hoq^CM@+Dji5Ml+=HCgnT$u*M2jtR5A
zW<E9esg9M8V?IncomL>i=~qKUk1DHVtm4&;PlmO@D-BYr;|5+TvsU{5e~b{Ab+4}9
zUmm|cL+9_#ug{O)od17kmpyqHm6$m5Fg@4h)b!PB14A@YKK*h+OP{U|r!QVk56gV~
z@wo|hxFo+NnhpxYi^IdWw5it{8q%!K>sk*lPU=9yjUHtHwIA_!N#qCQB&$X74u{0_
zZ0`7DTBAORbd5vP^?*q4K#1VL)3JjSk8mlf-xHm9<W!dly;ylAFbc#R2ZC&N*P(VE
z=8avvI4S?GrXDs?uh!{nMdO^=Kr7w3Yf}iQwBk*Bbt`Tu5UH?@I>;0%-278a&9CZ+
z5JaLm<ND`D3?nLw2-c|sV-`C+!$xyghD)ISF(f7(%wLeD*aaIj@#17VG^{(Uf<_ZD
zhCrcd3ztW3+Q%6h`5)0O4T6$NqI3zZ`4lQ?UkojBqyg2MB*~Bs)gO>9)0*RwyC-TI
z&eko{-41m}$yS<CyKKwCq6NBL61gNi)iXUDWfNU_X>`0uizo-{X<72jOI;L=V$N37
zC%)1S(}^aWs(Bl2vD!NWX+|?keh^0Tz`Q4ADyHUv2I_o<IM!&(C616-hXIXl5S4~=
z#1eDjr=v~LE5=dCxT5=9aXUdvDPwVTaIm0qnarjh3lCDsm;MhGA|c}7tG~YdEBLIC
zJRwc=&*XgiPaokRV7CITncjUlC5-BiaD?8UoEMW$h4yS+0-Ok?@!+&R6#8)a2HjG*
zRNsDl&OCZ_aPaYY8b~|^onBR8k)xdQz7iCv;L;X>mLIvzk_h7GJRV~q=!%#CMFpZ*
zJ#;QLgUv{3G_`S7gs)M+Zof1Z){-TGucUz{6!F!@!qFQ2kelF0OP$Nq$iNbXbg`7m
zPA@ZQ$5Grp-Sm)nj5BUmEvmCls9&G;hx1dEL_Xn$mu{ETTc(mP?HF^GvZ!x<z%(i|
zs!&RJM59G{qh7I)lqZt;|D-cWgVT)dY0OK`m_(l+elbPob8Vd~isjOP`f8wn%q2=9
z$r5i#eDry$^?XqxMQMtP4lfRSY4RtRXQyZHloEf{PiOZyQN}aHL4)=7@p&pLuVUg|
z<%yNdx@B6JIb}*md+}BN#c>{Bntofqr9asCqyli^i3SsR;fa$R{Z}*~1#$~7V2M9b
z44A%sPf9bL{!=JSa)Y;w`pbra#LHtX{eB?p^V4FG<Dag6Jw7=(ySn=IhqM3r_55_h
z<`yr_g!0d;A77oFT%KK*U^D<YON*~>S{G@D4}yHJ4vf|gmt>I>zTxK|38(Y*)zzD>
z5q>nDz27C?4e3Nh%`_k!%La3()GK1qI%G*{{aU-992-R=>rlC-(EmTZGNS@vv<TR&
zemhnOM4#P80mHsJpVFgz&RJ+q5ydf?ZZOqg|A!@7K(ZC#ocg4Esg=Q=t#$ecI$tZG
z`l_vnrbaBvUT#q8u8$bk0hZKDLki4L*_og2i1g^E?BJHn1eN3<#7Zuu3W(W0*`_%V
zFV+8PI7*wq=(mJ=H;9w;i3{NwOC&n}=?a~_`w^`$r|P5?NBR@>=aYaQ<v94v6H|OE
zrZ~jEvq&o-UO*4b?ZbhRbBl!fME!A+QG-lKv|3><rb`(H8t`{avI6RiN%k@Ysemh}
zs}~2^jiV;m0gm%w(jh7rbPDumTD?%CQO+Xu=_H?!8a8DJg8s3wZU3RqhJQ5f%72)G
zS^{BC5Q~C!$~A^P@?}@r^sQ1F(={wf74-S}@muskodO0j`hl#G8R`p-l>)7yVsoZd
zy>n1V<dPXiRcmtfa+=SDtCOD1^;ac4H82{X8B^+26SNeoOBNVKKfQZL>E%26zflL$
zN{z-SV$p<zv0S4S4w8yCJ++-6pP|MRq<SY{_JKC0(sO;85~xhw`u@$&{%J9omILM<
zIah?tYE`#rX6mRvBi(o9p*0Q*SguE38Hch6NENIU0ezue8crJoN~y|3j6zWBH+8xc
zdpQ?ar9t$<l<4r2nzK>Eiwq$8BgT~qm2y(diKhtcsYN|%8Lu?Ve>HbWg=kICbz!53
zItV(A%w^O*vsue4b5ar9ik}vYErOcp@76j#LycNTzP=*eq5;u(r!!l4qQuKP*J3(m
zjBf=JFY{y0>=^9(>4gF3M8r(L3!;*Q#X)gsD4un^F8Hiw<f>EgWw8lMChvB~U%L+X
z8QM4uYD*?wW+v_pSt~VOt>1QPU>$*mQ)d&2l<P~lG$FE`T3N#@Q!zJ@A(`^&q?Fdc
zXA0`(t&Vv>R8vlP$^%M0N}|$V^d&?p_EVj0S{>mywMw-RH0R=>KImUeVY+f1VWTkD
zsKL!2(+xe-itq;fE>*iWNUnA_l4YfT)kDcZ90(C0k8nxnN)C{XaV<Lh=7Lo8`COwV
z1rFvm7H1)S>4eqlL~L{39Tq~v;DwFQG;+!mlH*9s3D-LzAo&aJ#=sVfqiOaH=0^u6
zIO|<eN6KuOt0Eor0h>HEbTjj(#*Q&oN&-W;%ok{8x~7OLdH?<O^~F`CPnO=Gftq$x
z%jIt3{N3xzv#Y+Z<CR;AG@7&dInn&~+T?xDUW$y1-6T6IvVW(YCyT82mz$7M6*+~Z
zV_viG($7pF?8GF9pNf??O|Oln0rS+lmZ9oD!LZX^n{g{csUq0;u@i>r<V*#MkI#_?
zn>t!3Gp*XY$Od*^{!Yu(pUXc_svuC)Z<811*Iyd&ISH^3=42~YqKb>JhrT9Z9OV1|
zU;jc=eYF1Z$0Yl2^G5T>A5-;*3fkz8KdK-T9_UP#DKvEi)yAYk=|SfTn^fq1&qVWk
zY}PlOP@0f4@0xF`cK-ehRr$Ln2GSq1st4x1jIRhHcarc32TG34=hQ3Tc`6Gf`=Geo
zEi4oorJ1eJ|C4pgAG-eQpz^o>DuI3X{`&05D3mqF9%W6ZO6)APLp7E>P`DTQN{s2F
zDO<>6Z7rv9-zdQA>NC{#yML3^nT=c}^^yr$*6B0Sr)JM|Pbe{v^eWA!EP84*$ygz?
z+STD<e#y{G*-y_WeKpHQduW1fCzx9Z1mhk3MX?9>goAc*#%%7cRPI&@WCVHn3aI>!
zWilD3cQ*+S%9J{v*8o$2%x#r^+bx|zIY=yWHxx5&Z_0CgTOxVGZtOl&OT)IEsx>+l
z-O3~rDb4aL!EU1M>I|<;sD6mI99)I3Z&_>2er-Iw%vFC@HAGu_bdFd^rGBX|IT>YO
zs)8rugEG|o{-NSW?K4jtcr5ZrEX6?<f-xzQkQ}5V9DJ4znIAEpn)lAwszWs@jak)>
zY6~E<KkIw2G|gqSNIyDAc%XkFSnb6uRwlpWo2`+@!WoU!C)w4Iz6LxhPr7nk)?uK}
zQKp~$@dx^%_MK7LT0btn&2+m8gyO-`2BPRGrZ;3=2c$ztZ7@unY18LbUDNcg>z~yR
z=Gn&17pN@Ia@Nj&byjzq*nc4I98euEI|F1Id5wb=iwg5YMRe5HNDGMkuR3Ey?Eoo8
zs2(1(bxv=66}3UR4s)Tr51TE9*84EMn>$YG&(L=TVy1KHXe(=9=0kG<f7*ft6~;FR
z{cxo%2cHogbx?Lf(SeFaY_J#wWJQAfW+)@GTqYvbH+0wn3RtutJkRf2S5-phliHjF
zk?Dy=g?Z-Em(3bG<7<WWV=iKvT!kDq6BS4#am=_hE-G1=U1^N!HMG^wDo%pn;H#J4
z9DWJDpw@B02gNiGZdk%8;lGv+4baY0M_g_5WyW1y)tkCmrwyE0wND!vGwoU&+*#*M
zkx*M&s~KF|E-{u%$3sishRv|r0o?~z-3*?yAYixULri2ZcG=r%*SIxZ^x@7sN5;+^
z2*3LJuf2`|2q%`8G4%?~%&PiS4oZha$;;g3vhmIP*RO|(VhGq`0gqh33lhn_j#Wqx
ziVr*}j;N!9gG^zaadty^iR!KM@AT(4Ux8it8_8B0sgJ{cib5~<eAF~N+(X|!^bY*-
zy9V8f_q}DnRu(LsH#slX?f)tpDY>c?vy7`u7-Z#!(oiRLG1dx$lKc%Cnk)aiNS*JF
zuTQ=oM(oV6^p-o5J9U}TL+Ut)oDkoAr>1j7e@{jK%da+iyup%0-rD^B_2J=RX${(m
z(J6$|&$g37jiSI!5@mRRMbYccI3af-1Q>M(QmAv(ZYJs@gKWc9nX;nnmbo$;DC3+E
z-_bA$4R|C}4>e*s+7!au)sa%}ZW|}aevVK`gMbR+vB($YLDkG}F*OeUX&RV<1XK8C
zauI09ug~6H4<XLX)_T-RR8GLQxpc}R{n3N!Lk5HGq7~hxkag4@$e@lfccKV&kJrLQ
zF5B?({fFye)C!#t2&`44z4vV=mVaF8>^U2bnIE6WoW*#N8k;}=lK)nY6EO437MLm;
z<-X_2_HMW)Y$agl?#~7SZvPItZzls%JRZU(vJbrjNzgUuPDFuaK!8njk@2l@y3B2y
zl+jZc@zmv(#G+~j;Ru~)O#52%Y#DYIz(T0L#!J26H7s(6J(&)YJ|Z$5XN!J*%>o=P
zN|&jeEXZ9}uT%U|8sPKnswuu%Oc!kGlhuLl9Uq8wB=Oz<Ua%L_uU<@Fezx@a<VyeT
z3pJ;FyP_}&B#i@-&3Nj*+e<&`UysX)i|P)6=;QNiBIM+IlZWe14Zr{Cnq!Yl&iy}?
za%~{gBvf3)`svxloA>|ob|4kYT)S;ZrrhE^&9CL&GC$Q-uku^F(#g~UC^y%ufLbi~
z+VyXClbPO^>&w=Hp$b>se5?YqFVQ8wEymRPuMU-bOT==jV^u^wEQ@T6k7a&$s^2T}
zfo5y{ioOx7wV68bz^_bvy5YoLA9F<ol?^lM|9VjR&m3-*I&Pqg_w8Q`<O|R_nH|Au
z=hu*k<w0*IblFF5&#o`ePX_TU4T<E`6US*%O162@=W*$}=W&sS*i6Pa^5r5V>wUpl
zNaT_v;>zPVrqLoj@zee#rKCp!fLXw1*$Vs?lRJ5Ed3JpI_G}vZpgHBi|MfYQ-JlH^
zR7$*D+AT%oh_LS?GuXrcoRk4dhRBNWb&glIXNw@H{Ir`f77&~TJE8Nrei=+>(ugjN
z&~FJz(u8z6R5N{HB+&}3Fwb2>bT?$W<!5=0lq|VWA(5^pQnD;RtQ@(dx(u7l^7z)_
zOGUkO7L^cK%(dH+Nur@$*O{-sa>0*^s&nmUX~0-MqFM~qOX+4g&e_>i>Q`Ak^tZ#m
z9e!zElW(aYjX+Bjt;26v8TCn>Ct$MR`7>19H0Xqf|H>1W8=FCW)Oca={L7+eMXP^)
zgp5wV*+Xll`uEqBUkfcc{Wz@sT6}2IX#epHmG5hZ#Qb%CyxWm3LoD6psUKf{Rr@u)
zR#U%yeRz0SOt=>GTAg%r=%@lx4IC{7>&lp*zq98{C;?k|Lg~x-Owzw?Mj0y5fEdH)
z8Kgf-2*2DIVk10Gf!_#@D^b{d)DX&+eYg?Gw()Tmh^D^S_%Vz2YW&fJYBm0pM^m*y
zt;9ODbt>YLT6=7U1T}We!gBPF`C8<>Sg7w6Hf+|w6pTXuDj2$&#Ie4KF_-n_Zra)9
z{E5|Bpr)LL3KtXXpU<i^tx`-xbzW7Me+48<2YZkw3{PE@b0lis@#>=<uJHx9va7Vl
z0OB~_{CNqbK5o_<Q#6ir3S7x|ccWMCL7J1I=u&m#QyrY0_zGaTgPek+6x-4`&Av*x
zTTs1U)qN=ImNQJ@xbQem&(aUY8+AsdjTh=-t2V0l)h*JZiz?unX2lw`X(*anrf)uQ
zaTRJMaP>m-!S$2oe3jN&bR?SG1Ey)r=2tsF+S2r?ZjDL$%HOspl*{tT)%#`{t?FCY
zOr!Mc^B2`gRuhBi4qv~e*#f2s$Fq43of*Ae3L;g{fK~tV6z)cm*-_f|v=sToTnJ4}
zmH>AQ_53O*mP|E+XJP*+oRmFtgr0x%=Rd!E-te>WzfP0<H2%(UOiG14wk$4^dZtd|
z07uq@@ufdY#sZOMuvg4AJ$zoL@FtMd5EYY@FIvd0EMqkxeIJn3pE95evY4NbkRoLI
z2Z{ND$P4}FtfNTlSnUOYocQQbEo_ek-B`YuGs!#_9HHxzi*ZTaq*qV!H*cOQ^m`?F
zot`+3MN!nFFufk_R<W#6mC_AG_v-Tl&Cqd<fLUe^{3)KL#n33#&p_4EauzjQGo?Jg
zBtAk_R1gx>Cm!Z`we$lT{gZgIs!vzBpqWxYS~*h-Kre){70$Y+mjgM73Br6)`nUPp
zBtJ8;@AGe8eD&Aq;q-9&;^>>hZw@#5mMbBZe)L!v;>fSVKB&(EArh_Xy$pda-k<*Z
z?)dH5)y472S)~Uu_tvjC3y*3)AQN+x*1~E0P3g`@IsZ)at<i`?dVQtvXhNY)Ix0Q9
z)L&aAS>J<=wapBY`WF{T5L~c;dg~)}9NglyDD?>FibO<+3(jVwI@vj<LBh%Pk`u9H
zfq#U)uKcc!wbw+}DHLnM94rYA<ns6WkLK(={N_dFht#Y(B>`Sv83)KC^rFfpl7@sO
zGXJ@ZjG^)-SCkHpVo7oyHfP4)ild|oZsRbiOr+t=N4kO=_9>X4wJCN}RDoU(NYI#Y
z%KS!pc2j$!N}XxOHKvZd7bj}u!?5;uW9J>Am&!t}{FZt3xI+4>21%z5qjG)1B1!IQ
zRMoi_FF0M%fGo(F@Nl5Te)%fNv{hm3Zm?3AS<y%6K!)+b%{QX9hqFj0V^cTsS#6i2
zl#AX+!P*$tR!M7;q)h@UB#E@VB|?0As0Hrf(KmGlSDz%YkeuM~+w_X5DxVKF1vFbo
zCZta||F(it)?xMSiw((hgccrGXO%j+W(f^^!u5Yo_zZjIEjE=}FE(~_t)Jtr-k3CM
zFvN0z4V$@@dw3EZi+3!#WK34pM^uWLy#v%SQ`!g*X{0&tHOC&gsP4&}q-lkN@}b+v
zJmxl_N}E(sdCPoqg#P?hRS1au*{Jgns%y9EkJ(hJ)$5A<VnbUH<(*_vMwQ;cqOMtG
zQJ{H2QnB)$A>>E;Dm*tfoIcjElss1&3_;HIAD<NrC`d3DbP*AMLbKn7UWIhf!53f?
zbBjqZzta7W(7*oJw2=Ie3iY3yET}F}*HjMiZ6bAq?N5dtl{}{1*H?Aw80CB7;fc;p
zk>h(%W2`Km`I?4ANF2sTC`y80H#dyajR)Ol>B?u7Z8Iue>f-1r^-6VCS1)EnVk1Aj
zfRacW8s#c`dhdILP8Q#OTa{IXpnw_aMc?|G=c3dchM`)u{1Ggx+Dq9a#dcDsg9eZ)
zNSU(w3e%vpaW+WTi0w2Lcj=zXYXlo&ZPemL9kqhZveG)qH_5IVi_^@MwSFg;XUErP
zl|OyBI4%FFQJrclORP-Fv-w;X(nRlAL>@nr#LO4NEq~1Xi3ZGSwL-5d7Zm9g#o1k~
zbfxODP0$TlA60GX($bifX8Z`9G9unFd3Ki-erCGFsq;viP92TgqdvSI*N~1A8m*Y|
z+Q{g4K7U7uPke`cP&gHIF}^F$w=j6V?wdT_@2L1O&1d>#4vVY=O{EO^6Fo7~WVFp^
z1`gsSelcmJ2S9W*)3I58q<FBMA0K8;yE{J`Cp~UBn097@zCPWZRwabX>1-(X#P?Qp
zw&SK6O&-g(+O^ShZ#!#GjGl38m9NA`&CppT{IqnzQ3-U|RFY#F5#Ll4`*gQdnGApp
zRiWAw-%jPZwrr;VaB1m_zKMnYHK384u5lPR!LYT%!^6YB{Q1xNe-952>;J3&`^DFX
zU;pK+zkK!L<;(v#eDU(HfByPE(BYt1w6sJ>%>UzX>#^#S8{62%Hnu%)|0e(d|Nov6
JG$8;Q4*)iNqd))v

literal 0
HcmV?d00001

diff --git a/packs/kubeflow-1.9.1/charts/kserve/.helmignore b/packs/kubeflow-1.9.1/charts/kserve/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kserve/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/packs/kubeflow-1.9.1/charts/kserve/Chart.yaml b/packs/kubeflow-1.9.1/charts/kserve/Chart.yaml
new file mode 100644
index 00000000..43e9bfd4
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kserve/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: kserve
+description: KServe CRDs
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.13.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.13.0"
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kserve/crds/kserve.yaml b/packs/kubeflow-1.9.1/charts/kserve/crds/kserve.yaml
new file mode 100644
index 00000000..cc727039
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kserve/crds/kserve.yaml
@@ -0,0 +1,21920 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.12.0
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+  name: clusterservingruntimes.serving.kserve.io
+spec:
+  group: serving.kserve.io
+  names:
+    kind: ClusterServingRuntime
+    listKind: ClusterServingRuntimeList
+    plural: clusterservingruntimes
+    singular: clusterservingruntime
+  scope: Cluster
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .spec.disabled
+          name: Disabled
+          type: boolean
+        - jsonPath: .spec.supportedModelFormats[*].name
+          name: ModelType
+          type: string
+        - jsonPath: .spec.containers[*].name
+          name: Containers
+          type: string
+        - jsonPath: .metadata.creationTimestamp
+          name: Age
+          type: date
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          properties:
+            apiVersion:
+              type: string
+            kind:
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                affinity:
+                  properties:
+                    nodeAffinity:
+                      properties:
+                        preferredDuringSchedulingIgnoredDuringExecution:
+                          items:
+                            properties:
+                              preference:
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                  matchFields:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              weight:
+                                format: int32
+                                type: integer
+                            required:
+                              - preference
+                              - weight
+                            type: object
+                          type: array
+                        requiredDuringSchedulingIgnoredDuringExecution:
+                          properties:
+                            nodeSelectorTerms:
+                              items:
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                  matchFields:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              type: array
+                          required:
+                            - nodeSelectorTerms
+                          type: object
+                          x-kubernetes-map-type: atomic
+                      type: object
+                    podAffinity:
+                      properties:
+                        preferredDuringSchedulingIgnoredDuringExecution:
+                          items:
+                            properties:
+                              podAffinityTerm:
+                                properties:
+                                  labelSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaceSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaces:
+                                    items:
+                                      type: string
+                                    type: array
+                                  topologyKey:
+                                    type: string
+                                required:
+                                  - topologyKey
+                                type: object
+                              weight:
+                                format: int32
+                                type: integer
+                            required:
+                              - podAffinityTerm
+                              - weight
+                            type: object
+                          type: array
+                        requiredDuringSchedulingIgnoredDuringExecution:
+                          items:
+                            properties:
+                              labelSelector:
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      type: string
+                                    type: object
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              namespaceSelector:
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      type: string
+                                    type: object
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              namespaces:
+                                items:
+                                  type: string
+                                type: array
+                              topologyKey:
+                                type: string
+                            required:
+                              - topologyKey
+                            type: object
+                          type: array
+                      type: object
+                    podAntiAffinity:
+                      properties:
+                        preferredDuringSchedulingIgnoredDuringExecution:
+                          items:
+                            properties:
+                              podAffinityTerm:
+                                properties:
+                                  labelSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaceSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaces:
+                                    items:
+                                      type: string
+                                    type: array
+                                  topologyKey:
+                                    type: string
+                                required:
+                                  - topologyKey
+                                type: object
+                              weight:
+                                format: int32
+                                type: integer
+                            required:
+                              - podAffinityTerm
+                              - weight
+                            type: object
+                          type: array
+                        requiredDuringSchedulingIgnoredDuringExecution:
+                          items:
+                            properties:
+                              labelSelector:
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      type: string
+                                    type: object
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              namespaceSelector:
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      type: string
+                                    type: object
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              namespaces:
+                                items:
+                                  type: string
+                                type: array
+                              topologyKey:
+                                type: string
+                            required:
+                              - topologyKey
+                            type: object
+                          type: array
+                      type: object
+                  type: object
+                annotations:
+                  additionalProperties:
+                    type: string
+                  type: object
+                builtInAdapter:
+                  properties:
+                    env:
+                      items:
+                        properties:
+                          name:
+                            type: string
+                          value:
+                            type: string
+                          valueFrom:
+                            properties:
+                              configMapKeyRef:
+                                properties:
+                                  key:
+                                    type: string
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                required:
+                                  - key
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              fieldRef:
+                                properties:
+                                  apiVersion:
+                                    type: string
+                                  fieldPath:
+                                    type: string
+                                required:
+                                  - fieldPath
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              resourceFieldRef:
+                                properties:
+                                  containerName:
+                                    type: string
+                                  divisor:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  resource:
+                                    type: string
+                                required:
+                                  - resource
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              secretKeyRef:
+                                properties:
+                                  key:
+                                    type: string
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                required:
+                                  - key
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            type: object
+                        required:
+                          - name
+                        type: object
+                      type: array
+                    memBufferBytes:
+                      type: integer
+                    modelLoadingTimeoutMillis:
+                      type: integer
+                    runtimeManagementPort:
+                      type: integer
+                    serverType:
+                      type: string
+                  type: object
+                containers:
+                  items:
+                    properties:
+                      args:
+                        items:
+                          type: string
+                        type: array
+                      command:
+                        items:
+                          type: string
+                        type: array
+                      env:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                            value:
+                              type: string
+                            valueFrom:
+                              properties:
+                                configMapKeyRef:
+                                  properties:
+                                    key:
+                                      type: string
+                                    name:
+                                      type: string
+                                    optional:
+                                      type: boolean
+                                  required:
+                                    - key
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                fieldRef:
+                                  properties:
+                                    apiVersion:
+                                      type: string
+                                    fieldPath:
+                                      type: string
+                                  required:
+                                    - fieldPath
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                resourceFieldRef:
+                                  properties:
+                                    containerName:
+                                      type: string
+                                    divisor:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                      x-kubernetes-int-or-string: true
+                                    resource:
+                                      type: string
+                                  required:
+                                    - resource
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                secretKeyRef:
+                                  properties:
+                                    key:
+                                      type: string
+                                    name:
+                                      type: string
+                                    optional:
+                                      type: boolean
+                                  required:
+                                    - key
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        type: array
+                      envFrom:
+                        items:
+                          properties:
+                            configMapRef:
+                              properties:
+                                name:
+                                  type: string
+                                optional:
+                                  type: boolean
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            prefix:
+                              type: string
+                            secretRef:
+                              properties:
+                                name:
+                                  type: string
+                                optional:
+                                  type: boolean
+                              type: object
+                              x-kubernetes-map-type: atomic
+                          type: object
+                        type: array
+                      image:
+                        type: string
+                      imagePullPolicy:
+                        type: string
+                      lifecycle:
+                        properties:
+                          postStart:
+                            properties:
+                              exec:
+                                properties:
+                                  command:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              httpGet:
+                                properties:
+                                  host:
+                                    type: string
+                                  httpHeaders:
+                                    items:
+                                      properties:
+                                        name:
+                                          type: string
+                                        value:
+                                          type: string
+                                      required:
+                                        - name
+                                        - value
+                                      type: object
+                                    type: array
+                                  path:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                  scheme:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              tcpSocket:
+                                properties:
+                                  host:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                  - port
+                                type: object
+                            type: object
+                          preStop:
+                            properties:
+                              exec:
+                                properties:
+                                  command:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              httpGet:
+                                properties:
+                                  host:
+                                    type: string
+                                  httpHeaders:
+                                    items:
+                                      properties:
+                                        name:
+                                          type: string
+                                        value:
+                                          type: string
+                                      required:
+                                        - name
+                                        - value
+                                      type: object
+                                    type: array
+                                  path:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                  scheme:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              tcpSocket:
+                                properties:
+                                  host:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                  - port
+                                type: object
+                            type: object
+                        type: object
+                      livenessProbe:
+                        properties:
+                          exec:
+                            properties:
+                              command:
+                                items:
+                                  type: string
+                                type: array
+                            type: object
+                          failureThreshold:
+                            format: int32
+                            type: integer
+                          grpc:
+                            properties:
+                              port:
+                                format: int32
+                                type: integer
+                              service:
+                                type: string
+                            required:
+                              - port
+                            type: object
+                          httpGet:
+                            properties:
+                              host:
+                                type: string
+                              httpHeaders:
+                                items:
+                                  properties:
+                                    name:
+                                      type: string
+                                    value:
+                                      type: string
+                                  required:
+                                    - name
+                                    - value
+                                  type: object
+                                type: array
+                              path:
+                                type: string
+                              port:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                x-kubernetes-int-or-string: true
+                              scheme:
+                                type: string
+                            required:
+                              - port
+                            type: object
+                          initialDelaySeconds:
+                            format: int32
+                            type: integer
+                          periodSeconds:
+                            format: int32
+                            type: integer
+                          successThreshold:
+                            format: int32
+                            type: integer
+                          tcpSocket:
+                            properties:
+                              host:
+                                type: string
+                              port:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                x-kubernetes-int-or-string: true
+                            required:
+                              - port
+                            type: object
+                          terminationGracePeriodSeconds:
+                            format: int64
+                            type: integer
+                          timeoutSeconds:
+                            format: int32
+                            type: integer
+                        type: object
+                      name:
+                        type: string
+                      ports:
+                        items:
+                          properties:
+                            containerPort:
+                              format: int32
+                              type: integer
+                            hostIP:
+                              type: string
+                            hostPort:
+                              format: int32
+                              type: integer
+                            name:
+                              type: string
+                            protocol:
+                              default: TCP
+                              type: string
+                          required:
+                            - containerPort
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                          - containerPort
+                          - protocol
+                        x-kubernetes-list-type: map
+                      readinessProbe:
+                        properties:
+                          exec:
+                            properties:
+                              command:
+                                items:
+                                  type: string
+                                type: array
+                            type: object
+                          failureThreshold:
+                            format: int32
+                            type: integer
+                          grpc:
+                            properties:
+                              port:
+                                format: int32
+                                type: integer
+                              service:
+                                type: string
+                            required:
+                              - port
+                            type: object
+                          httpGet:
+                            properties:
+                              host:
+                                type: string
+                              httpHeaders:
+                                items:
+                                  properties:
+                                    name:
+                                      type: string
+                                    value:
+                                      type: string
+                                  required:
+                                    - name
+                                    - value
+                                  type: object
+                                type: array
+                              path:
+                                type: string
+                              port:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                x-kubernetes-int-or-string: true
+                              scheme:
+                                type: string
+                            required:
+                              - port
+                            type: object
+                          initialDelaySeconds:
+                            format: int32
+                            type: integer
+                          periodSeconds:
+                            format: int32
+                            type: integer
+                          successThreshold:
+                            format: int32
+                            type: integer
+                          tcpSocket:
+                            properties:
+                              host:
+                                type: string
+                              port:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                x-kubernetes-int-or-string: true
+                            required:
+                              - port
+                            type: object
+                          terminationGracePeriodSeconds:
+                            format: int64
+                            type: integer
+                          timeoutSeconds:
+                            format: int32
+                            type: integer
+                        type: object
+                      resizePolicy:
+                        items:
+                          properties:
+                            resourceName:
+                              type: string
+                            restartPolicy:
+                              type: string
+                          required:
+                            - resourceName
+                            - restartPolicy
+                          type: object
+                        type: array
+                        x-kubernetes-list-type: atomic
+                      resources:
+                        properties:
+                          claims:
+                            items:
+                              properties:
+                                name:
+                                  type: string
+                              required:
+                                - name
+                              type: object
+                            type: array
+                            x-kubernetes-list-map-keys:
+                              - name
+                            x-kubernetes-list-type: map
+                          limits:
+                            additionalProperties:
+                              anyOf:
+                                - type: integer
+                                - type: string
+                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                              x-kubernetes-int-or-string: true
+                            type: object
+                          requests:
+                            additionalProperties:
+                              anyOf:
+                                - type: integer
+                                - type: string
+                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                              x-kubernetes-int-or-string: true
+                            type: object
+                        type: object
+                      restartPolicy:
+                        type: string
+                      securityContext:
+                        properties:
+                          allowPrivilegeEscalation:
+                            type: boolean
+                          capabilities:
+                            properties:
+                              add:
+                                items:
+                                  type: string
+                                type: array
+                              drop:
+                                items:
+                                  type: string
+                                type: array
+                            type: object
+                          privileged:
+                            type: boolean
+                          procMount:
+                            type: string
+                          readOnlyRootFilesystem:
+                            type: boolean
+                          runAsGroup:
+                            format: int64
+                            type: integer
+                          runAsNonRoot:
+                            type: boolean
+                          runAsUser:
+                            format: int64
+                            type: integer
+                          seLinuxOptions:
+                            properties:
+                              level:
+                                type: string
+                              role:
+                                type: string
+                              type:
+                                type: string
+                              user:
+                                type: string
+                            type: object
+                          seccompProfile:
+                            properties:
+                              localhostProfile:
+                                type: string
+                              type:
+                                type: string
+                            required:
+                              - type
+                            type: object
+                          windowsOptions:
+                            properties:
+                              gmsaCredentialSpec:
+                                type: string
+                              gmsaCredentialSpecName:
+                                type: string
+                              hostProcess:
+                                type: boolean
+                              runAsUserName:
+                                type: string
+                            type: object
+                        type: object
+                      startupProbe:
+                        properties:
+                          exec:
+                            properties:
+                              command:
+                                items:
+                                  type: string
+                                type: array
+                            type: object
+                          failureThreshold:
+                            format: int32
+                            type: integer
+                          grpc:
+                            properties:
+                              port:
+                                format: int32
+                                type: integer
+                              service:
+                                type: string
+                            required:
+                              - port
+                            type: object
+                          httpGet:
+                            properties:
+                              host:
+                                type: string
+                              httpHeaders:
+                                items:
+                                  properties:
+                                    name:
+                                      type: string
+                                    value:
+                                      type: string
+                                  required:
+                                    - name
+                                    - value
+                                  type: object
+                                type: array
+                              path:
+                                type: string
+                              port:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                x-kubernetes-int-or-string: true
+                              scheme:
+                                type: string
+                            required:
+                              - port
+                            type: object
+                          initialDelaySeconds:
+                            format: int32
+                            type: integer
+                          periodSeconds:
+                            format: int32
+                            type: integer
+                          successThreshold:
+                            format: int32
+                            type: integer
+                          tcpSocket:
+                            properties:
+                              host:
+                                type: string
+                              port:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                x-kubernetes-int-or-string: true
+                            required:
+                              - port
+                            type: object
+                          terminationGracePeriodSeconds:
+                            format: int64
+                            type: integer
+                          timeoutSeconds:
+                            format: int32
+                            type: integer
+                        type: object
+                      stdin:
+                        type: boolean
+                      stdinOnce:
+                        type: boolean
+                      terminationMessagePath:
+                        type: string
+                      terminationMessagePolicy:
+                        type: string
+                      tty:
+                        type: boolean
+                      volumeDevices:
+                        items:
+                          properties:
+                            devicePath:
+                              type: string
+                            name:
+                              type: string
+                          required:
+                            - devicePath
+                            - name
+                          type: object
+                        type: array
+                      volumeMounts:
+                        items:
+                          properties:
+                            mountPath:
+                              type: string
+                            mountPropagation:
+                              type: string
+                            name:
+                              type: string
+                            readOnly:
+                              type: boolean
+                            subPath:
+                              type: string
+                            subPathExpr:
+                              type: string
+                          required:
+                            - mountPath
+                            - name
+                          type: object
+                        type: array
+                      workingDir:
+                        type: string
+                    required:
+                      - name
+                    type: object
+                  type: array
+                disabled:
+                  type: boolean
+                grpcDataEndpoint:
+                  type: string
+                grpcEndpoint:
+                  type: string
+                httpDataEndpoint:
+                  type: string
+                imagePullSecrets:
+                  items:
+                    properties:
+                      name:
+                        type: string
+                    type: object
+                    x-kubernetes-map-type: atomic
+                  type: array
+                labels:
+                  additionalProperties:
+                    type: string
+                  type: object
+                multiModel:
+                  type: boolean
+                nodeSelector:
+                  additionalProperties:
+                    type: string
+                  type: object
+                protocolVersions:
+                  items:
+                    type: string
+                  type: array
+                replicas:
+                  type: integer
+                storageHelper:
+                  properties:
+                    disabled:
+                      type: boolean
+                  type: object
+                supportedModelFormats:
+                  items:
+                    properties:
+                      autoSelect:
+                        type: boolean
+                      name:
+                        type: string
+                      priority:
+                        format: int32
+                        minimum: 1
+                        type: integer
+                      version:
+                        type: string
+                    required:
+                      - name
+                    type: object
+                  type: array
+                tolerations:
+                  items:
+                    properties:
+                      effect:
+                        type: string
+                      key:
+                        type: string
+                      operator:
+                        type: string
+                      tolerationSeconds:
+                        format: int64
+                        type: integer
+                      value:
+                        type: string
+                    type: object
+                  type: array
+                volumes:
+                  items:
+                    properties:
+                      awsElasticBlockStore:
+                        properties:
+                          fsType:
+                            type: string
+                          partition:
+                            format: int32
+                            type: integer
+                          readOnly:
+                            type: boolean
+                          volumeID:
+                            type: string
+                        required:
+                          - volumeID
+                        type: object
+                      azureDisk:
+                        properties:
+                          cachingMode:
+                            type: string
+                          diskName:
+                            type: string
+                          diskURI:
+                            type: string
+                          fsType:
+                            type: string
+                          kind:
+                            type: string
+                          readOnly:
+                            type: boolean
+                        required:
+                          - diskName
+                          - diskURI
+                        type: object
+                      azureFile:
+                        properties:
+                          readOnly:
+                            type: boolean
+                          secretName:
+                            type: string
+                          shareName:
+                            type: string
+                        required:
+                          - secretName
+                          - shareName
+                        type: object
+                      cephfs:
+                        properties:
+                          monitors:
+                            items:
+                              type: string
+                            type: array
+                          path:
+                            type: string
+                          readOnly:
+                            type: boolean
+                          secretFile:
+                            type: string
+                          secretRef:
+                            properties:
+                              name:
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          user:
+                            type: string
+                        required:
+                          - monitors
+                        type: object
+                      cinder:
+                        properties:
+                          fsType:
+                            type: string
+                          readOnly:
+                            type: boolean
+                          secretRef:
+                            properties:
+                              name:
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          volumeID:
+                            type: string
+                        required:
+                          - volumeID
+                        type: object
+                      configMap:
+                        properties:
+                          defaultMode:
+                            format: int32
+                            type: integer
+                          items:
+                            items:
+                              properties:
+                                key:
+                                  type: string
+                                mode:
+                                  format: int32
+                                  type: integer
+                                path:
+                                  type: string
+                              required:
+                                - key
+                                - path
+                              type: object
+                            type: array
+                          name:
+                            type: string
+                          optional:
+                            type: boolean
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      csi:
+                        properties:
+                          driver:
+                            type: string
+                          fsType:
+                            type: string
+                          nodePublishSecretRef:
+                            properties:
+                              name:
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          readOnly:
+                            type: boolean
+                          volumeAttributes:
+                            additionalProperties:
+                              type: string
+                            type: object
+                        required:
+                          - driver
+                        type: object
+                      downwardAPI:
+                        properties:
+                          defaultMode:
+                            format: int32
+                            type: integer
+                          items:
+                            items:
+                              properties:
+                                fieldRef:
+                                  properties:
+                                    apiVersion:
+                                      type: string
+                                    fieldPath:
+                                      type: string
+                                  required:
+                                    - fieldPath
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                mode:
+                                  format: int32
+                                  type: integer
+                                path:
+                                  type: string
+                                resourceFieldRef:
+                                  properties:
+                                    containerName:
+                                      type: string
+                                    divisor:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                      x-kubernetes-int-or-string: true
+                                    resource:
+                                      type: string
+                                  required:
+                                    - resource
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              required:
+                                - path
+                              type: object
+                            type: array
+                        type: object
+                      emptyDir:
+                        properties:
+                          medium:
+                            type: string
+                          sizeLimit:
+                            anyOf:
+                              - type: integer
+                              - type: string
+                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                            x-kubernetes-int-or-string: true
+                        type: object
+                      ephemeral:
+                        properties:
+                          volumeClaimTemplate:
+                            properties:
+                              metadata:
+                                type: object
+                              spec:
+                                properties:
+                                  accessModes:
+                                    items:
+                                      type: string
+                                    type: array
+                                  dataSource:
+                                    properties:
+                                      apiGroup:
+                                        type: string
+                                      kind:
+                                        type: string
+                                      name:
+                                        type: string
+                                    required:
+                                      - kind
+                                      - name
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  dataSourceRef:
+                                    properties:
+                                      apiGroup:
+                                        type: string
+                                      kind:
+                                        type: string
+                                      name:
+                                        type: string
+                                      namespace:
+                                        type: string
+                                    required:
+                                      - kind
+                                      - name
+                                    type: object
+                                  resources:
+                                    properties:
+                                      claims:
+                                        items:
+                                          properties:
+                                            name:
+                                              type: string
+                                          required:
+                                            - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - name
+                                        x-kubernetes-list-type: map
+                                      limits:
+                                        additionalProperties:
+                                          anyOf:
+                                            - type: integer
+                                            - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        type: object
+                                      requests:
+                                        additionalProperties:
+                                          anyOf:
+                                            - type: integer
+                                            - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        type: object
+                                    type: object
+                                  selector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  storageClassName:
+                                    type: string
+                                  volumeMode:
+                                    type: string
+                                  volumeName:
+                                    type: string
+                                type: object
+                            required:
+                              - spec
+                            type: object
+                        type: object
+                      fc:
+                        properties:
+                          fsType:
+                            type: string
+                          lun:
+                            format: int32
+                            type: integer
+                          readOnly:
+                            type: boolean
+                          targetWWNs:
+                            items:
+                              type: string
+                            type: array
+                          wwids:
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      flexVolume:
+                        properties:
+                          driver:
+                            type: string
+                          fsType:
+                            type: string
+                          options:
+                            additionalProperties:
+                              type: string
+                            type: object
+                          readOnly:
+                            type: boolean
+                          secretRef:
+                            properties:
+                              name:
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                        required:
+                          - driver
+                        type: object
+                      flocker:
+                        properties:
+                          datasetName:
+                            type: string
+                          datasetUUID:
+                            type: string
+                        type: object
+                      gcePersistentDisk:
+                        properties:
+                          fsType:
+                            type: string
+                          partition:
+                            format: int32
+                            type: integer
+                          pdName:
+                            type: string
+                          readOnly:
+                            type: boolean
+                        required:
+                          - pdName
+                        type: object
+                      gitRepo:
+                        properties:
+                          directory:
+                            type: string
+                          repository:
+                            type: string
+                          revision:
+                            type: string
+                        required:
+                          - repository
+                        type: object
+                      glusterfs:
+                        properties:
+                          endpoints:
+                            type: string
+                          path:
+                            type: string
+                          readOnly:
+                            type: boolean
+                        required:
+                          - endpoints
+                          - path
+                        type: object
+                      hostPath:
+                        properties:
+                          path:
+                            type: string
+                          type:
+                            type: string
+                        required:
+                          - path
+                        type: object
+                      iscsi:
+                        properties:
+                          chapAuthDiscovery:
+                            type: boolean
+                          chapAuthSession:
+                            type: boolean
+                          fsType:
+                            type: string
+                          initiatorName:
+                            type: string
+                          iqn:
+                            type: string
+                          iscsiInterface:
+                            type: string
+                          lun:
+                            format: int32
+                            type: integer
+                          portals:
+                            items:
+                              type: string
+                            type: array
+                          readOnly:
+                            type: boolean
+                          secretRef:
+                            properties:
+                              name:
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          targetPortal:
+                            type: string
+                        required:
+                          - iqn
+                          - lun
+                          - targetPortal
+                        type: object
+                      name:
+                        type: string
+                      nfs:
+                        properties:
+                          path:
+                            type: string
+                          readOnly:
+                            type: boolean
+                          server:
+                            type: string
+                        required:
+                          - path
+                          - server
+                        type: object
+                      persistentVolumeClaim:
+                        properties:
+                          claimName:
+                            type: string
+                          readOnly:
+                            type: boolean
+                        required:
+                          - claimName
+                        type: object
+                      photonPersistentDisk:
+                        properties:
+                          fsType:
+                            type: string
+                          pdID:
+                            type: string
+                        required:
+                          - pdID
+                        type: object
+                      portworxVolume:
+                        properties:
+                          fsType:
+                            type: string
+                          readOnly:
+                            type: boolean
+                          volumeID:
+                            type: string
+                        required:
+                          - volumeID
+                        type: object
+                      projected:
+                        properties:
+                          defaultMode:
+                            format: int32
+                            type: integer
+                          sources:
+                            items:
+                              properties:
+                                configMap:
+                                  properties:
+                                    items:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          mode:
+                                            format: int32
+                                            type: integer
+                                          path:
+                                            type: string
+                                        required:
+                                          - key
+                                          - path
+                                        type: object
+                                      type: array
+                                    name:
+                                      type: string
+                                    optional:
+                                      type: boolean
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                downwardAPI:
+                                  properties:
+                                    items:
+                                      items:
+                                        properties:
+                                          fieldRef:
+                                            properties:
+                                              apiVersion:
+                                                type: string
+                                              fieldPath:
+                                                type: string
+                                            required:
+                                              - fieldPath
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          mode:
+                                            format: int32
+                                            type: integer
+                                          path:
+                                            type: string
+                                          resourceFieldRef:
+                                            properties:
+                                              containerName:
+                                                type: string
+                                              divisor:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              resource:
+                                                type: string
+                                            required:
+                                              - resource
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                        required:
+                                          - path
+                                        type: object
+                                      type: array
+                                  type: object
+                                secret:
+                                  properties:
+                                    items:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          mode:
+                                            format: int32
+                                            type: integer
+                                          path:
+                                            type: string
+                                        required:
+                                          - key
+                                          - path
+                                        type: object
+                                      type: array
+                                    name:
+                                      type: string
+                                    optional:
+                                      type: boolean
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                serviceAccountToken:
+                                  properties:
+                                    audience:
+                                      type: string
+                                    expirationSeconds:
+                                      format: int64
+                                      type: integer
+                                    path:
+                                      type: string
+                                  required:
+                                    - path
+                                  type: object
+                              type: object
+                            type: array
+                        type: object
+                      quobyte:
+                        properties:
+                          group:
+                            type: string
+                          readOnly:
+                            type: boolean
+                          registry:
+                            type: string
+                          tenant:
+                            type: string
+                          user:
+                            type: string
+                          volume:
+                            type: string
+                        required:
+                          - registry
+                          - volume
+                        type: object
+                      rbd:
+                        properties:
+                          fsType:
+                            type: string
+                          image:
+                            type: string
+                          keyring:
+                            type: string
+                          monitors:
+                            items:
+                              type: string
+                            type: array
+                          pool:
+                            type: string
+                          readOnly:
+                            type: boolean
+                          secretRef:
+                            properties:
+                              name:
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          user:
+                            type: string
+                        required:
+                          - image
+                          - monitors
+                        type: object
+                      scaleIO:
+                        properties:
+                          fsType:
+                            type: string
+                          gateway:
+                            type: string
+                          protectionDomain:
+                            type: string
+                          readOnly:
+                            type: boolean
+                          secretRef:
+                            properties:
+                              name:
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          sslEnabled:
+                            type: boolean
+                          storageMode:
+                            type: string
+                          storagePool:
+                            type: string
+                          system:
+                            type: string
+                          volumeName:
+                            type: string
+                        required:
+                          - gateway
+                          - secretRef
+                          - system
+                        type: object
+                      secret:
+                        properties:
+                          defaultMode:
+                            format: int32
+                            type: integer
+                          items:
+                            items:
+                              properties:
+                                key:
+                                  type: string
+                                mode:
+                                  format: int32
+                                  type: integer
+                                path:
+                                  type: string
+                              required:
+                                - key
+                                - path
+                              type: object
+                            type: array
+                          optional:
+                            type: boolean
+                          secretName:
+                            type: string
+                        type: object
+                      storageos:
+                        properties:
+                          fsType:
+                            type: string
+                          readOnly:
+                            type: boolean
+                          secretRef:
+                            properties:
+                              name:
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          volumeName:
+                            type: string
+                          volumeNamespace:
+                            type: string
+                        type: object
+                      vsphereVolume:
+                        properties:
+                          fsType:
+                            type: string
+                          storagePolicyID:
+                            type: string
+                          storagePolicyName:
+                            type: string
+                          volumePath:
+                            type: string
+                        required:
+                          - volumePath
+                        type: object
+                    required:
+                      - name
+                    type: object
+                  type: array
+              required:
+                - containers
+              type: object
+            status:
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.12.0
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+  name: clusterstoragecontainers.serving.kserve.io
+spec:
+  group: serving.kserve.io
+  names:
+    kind: ClusterStorageContainer
+    listKind: ClusterStorageContainerList
+    plural: clusterstoragecontainers
+    singular: clusterstoragecontainer
+  scope: Cluster
+  versions:
+    - name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          properties:
+            apiVersion:
+              type: string
+            disabled:
+              type: boolean
+            kind:
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                container:
+                  properties:
+                    args:
+                      items:
+                        type: string
+                      type: array
+                    command:
+                      items:
+                        type: string
+                      type: array
+                    env:
+                      items:
+                        properties:
+                          name:
+                            type: string
+                          value:
+                            type: string
+                          valueFrom:
+                            properties:
+                              configMapKeyRef:
+                                properties:
+                                  key:
+                                    type: string
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                required:
+                                  - key
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              fieldRef:
+                                properties:
+                                  apiVersion:
+                                    type: string
+                                  fieldPath:
+                                    type: string
+                                required:
+                                  - fieldPath
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              resourceFieldRef:
+                                properties:
+                                  containerName:
+                                    type: string
+                                  divisor:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  resource:
+                                    type: string
+                                required:
+                                  - resource
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              secretKeyRef:
+                                properties:
+                                  key:
+                                    type: string
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                required:
+                                  - key
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            type: object
+                        required:
+                          - name
+                        type: object
+                      type: array
+                    envFrom:
+                      items:
+                        properties:
+                          configMapRef:
+                            properties:
+                              name:
+                                type: string
+                              optional:
+                                type: boolean
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          prefix:
+                            type: string
+                          secretRef:
+                            properties:
+                              name:
+                                type: string
+                              optional:
+                                type: boolean
+                            type: object
+                            x-kubernetes-map-type: atomic
+                        type: object
+                      type: array
+                    image:
+                      type: string
+                    imagePullPolicy:
+                      type: string
+                    lifecycle:
+                      properties:
+                        postStart:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                                - port
+                              type: object
+                          type: object
+                        preStop:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                                - port
+                              type: object
+                          type: object
+                      type: object
+                    livenessProbe:
+                      properties:
+                        exec:
+                          properties:
+                            command:
+                              items:
+                                type: string
+                              type: array
+                          type: object
+                        failureThreshold:
+                          format: int32
+                          type: integer
+                        grpc:
+                          properties:
+                            port:
+                              format: int32
+                              type: integer
+                            service:
+                              type: string
+                          required:
+                            - port
+                          type: object
+                        httpGet:
+                          properties:
+                            host:
+                              type: string
+                            httpHeaders:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                required:
+                                  - name
+                                  - value
+                                type: object
+                              type: array
+                            path:
+                              type: string
+                            port:
+                              anyOf:
+                                - type: integer
+                                - type: string
+                              x-kubernetes-int-or-string: true
+                            scheme:
+                              type: string
+                          required:
+                            - port
+                          type: object
+                        initialDelaySeconds:
+                          format: int32
+                          type: integer
+                        periodSeconds:
+                          format: int32
+                          type: integer
+                        successThreshold:
+                          format: int32
+                          type: integer
+                        tcpSocket:
+                          properties:
+                            host:
+                              type: string
+                            port:
+                              anyOf:
+                                - type: integer
+                                - type: string
+                              x-kubernetes-int-or-string: true
+                          required:
+                            - port
+                          type: object
+                        terminationGracePeriodSeconds:
+                          format: int64
+                          type: integer
+                        timeoutSeconds:
+                          format: int32
+                          type: integer
+                      type: object
+                    name:
+                      type: string
+                    ports:
+                      items:
+                        properties:
+                          containerPort:
+                            format: int32
+                            type: integer
+                          hostIP:
+                            type: string
+                          hostPort:
+                            format: int32
+                            type: integer
+                          name:
+                            type: string
+                          protocol:
+                            default: TCP
+                            type: string
+                        required:
+                          - containerPort
+                        type: object
+                      type: array
+                      x-kubernetes-list-map-keys:
+                        - containerPort
+                        - protocol
+                      x-kubernetes-list-type: map
+                    readinessProbe:
+                      properties:
+                        exec:
+                          properties:
+                            command:
+                              items:
+                                type: string
+                              type: array
+                          type: object
+                        failureThreshold:
+                          format: int32
+                          type: integer
+                        grpc:
+                          properties:
+                            port:
+                              format: int32
+                              type: integer
+                            service:
+                              type: string
+                          required:
+                            - port
+                          type: object
+                        httpGet:
+                          properties:
+                            host:
+                              type: string
+                            httpHeaders:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                required:
+                                  - name
+                                  - value
+                                type: object
+                              type: array
+                            path:
+                              type: string
+                            port:
+                              anyOf:
+                                - type: integer
+                                - type: string
+                              x-kubernetes-int-or-string: true
+                            scheme:
+                              type: string
+                          required:
+                            - port
+                          type: object
+                        initialDelaySeconds:
+                          format: int32
+                          type: integer
+                        periodSeconds:
+                          format: int32
+                          type: integer
+                        successThreshold:
+                          format: int32
+                          type: integer
+                        tcpSocket:
+                          properties:
+                            host:
+                              type: string
+                            port:
+                              anyOf:
+                                - type: integer
+                                - type: string
+                              x-kubernetes-int-or-string: true
+                          required:
+                            - port
+                          type: object
+                        terminationGracePeriodSeconds:
+                          format: int64
+                          type: integer
+                        timeoutSeconds:
+                          format: int32
+                          type: integer
+                      type: object
+                    resizePolicy:
+                      items:
+                        properties:
+                          resourceName:
+                            type: string
+                          restartPolicy:
+                            type: string
+                        required:
+                          - resourceName
+                          - restartPolicy
+                        type: object
+                      type: array
+                      x-kubernetes-list-type: atomic
+                    resources:
+                      properties:
+                        claims:
+                          items:
+                            properties:
+                              name:
+                                type: string
+                            required:
+                              - name
+                            type: object
+                          type: array
+                          x-kubernetes-list-map-keys:
+                            - name
+                          x-kubernetes-list-type: map
+                        limits:
+                          additionalProperties:
+                            anyOf:
+                              - type: integer
+                              - type: string
+                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                            x-kubernetes-int-or-string: true
+                          type: object
+                        requests:
+                          additionalProperties:
+                            anyOf:
+                              - type: integer
+                              - type: string
+                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                            x-kubernetes-int-or-string: true
+                          type: object
+                      type: object
+                    restartPolicy:
+                      type: string
+                    securityContext:
+                      properties:
+                        allowPrivilegeEscalation:
+                          type: boolean
+                        capabilities:
+                          properties:
+                            add:
+                              items:
+                                type: string
+                              type: array
+                            drop:
+                              items:
+                                type: string
+                              type: array
+                          type: object
+                        privileged:
+                          type: boolean
+                        procMount:
+                          type: string
+                        readOnlyRootFilesystem:
+                          type: boolean
+                        runAsGroup:
+                          format: int64
+                          type: integer
+                        runAsNonRoot:
+                          type: boolean
+                        runAsUser:
+                          format: int64
+                          type: integer
+                        seLinuxOptions:
+                          properties:
+                            level:
+                              type: string
+                            role:
+                              type: string
+                            type:
+                              type: string
+                            user:
+                              type: string
+                          type: object
+                        seccompProfile:
+                          properties:
+                            localhostProfile:
+                              type: string
+                            type:
+                              type: string
+                          required:
+                            - type
+                          type: object
+                        windowsOptions:
+                          properties:
+                            gmsaCredentialSpec:
+                              type: string
+                            gmsaCredentialSpecName:
+                              type: string
+                            hostProcess:
+                              type: boolean
+                            runAsUserName:
+                              type: string
+                          type: object
+                      type: object
+                    startupProbe:
+                      properties:
+                        exec:
+                          properties:
+                            command:
+                              items:
+                                type: string
+                              type: array
+                          type: object
+                        failureThreshold:
+                          format: int32
+                          type: integer
+                        grpc:
+                          properties:
+                            port:
+                              format: int32
+                              type: integer
+                            service:
+                              type: string
+                          required:
+                            - port
+                          type: object
+                        httpGet:
+                          properties:
+                            host:
+                              type: string
+                            httpHeaders:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                required:
+                                  - name
+                                  - value
+                                type: object
+                              type: array
+                            path:
+                              type: string
+                            port:
+                              anyOf:
+                                - type: integer
+                                - type: string
+                              x-kubernetes-int-or-string: true
+                            scheme:
+                              type: string
+                          required:
+                            - port
+                          type: object
+                        initialDelaySeconds:
+                          format: int32
+                          type: integer
+                        periodSeconds:
+                          format: int32
+                          type: integer
+                        successThreshold:
+                          format: int32
+                          type: integer
+                        tcpSocket:
+                          properties:
+                            host:
+                              type: string
+                            port:
+                              anyOf:
+                                - type: integer
+                                - type: string
+                              x-kubernetes-int-or-string: true
+                          required:
+                            - port
+                          type: object
+                        terminationGracePeriodSeconds:
+                          format: int64
+                          type: integer
+                        timeoutSeconds:
+                          format: int32
+                          type: integer
+                      type: object
+                    stdin:
+                      type: boolean
+                    stdinOnce:
+                      type: boolean
+                    terminationMessagePath:
+                      type: string
+                    terminationMessagePolicy:
+                      type: string
+                    tty:
+                      type: boolean
+                    volumeDevices:
+                      items:
+                        properties:
+                          devicePath:
+                            type: string
+                          name:
+                            type: string
+                        required:
+                          - devicePath
+                          - name
+                        type: object
+                      type: array
+                    volumeMounts:
+                      items:
+                        properties:
+                          mountPath:
+                            type: string
+                          mountPropagation:
+                            type: string
+                          name:
+                            type: string
+                          readOnly:
+                            type: boolean
+                          subPath:
+                            type: string
+                          subPathExpr:
+                            type: string
+                        required:
+                          - mountPath
+                          - name
+                        type: object
+                      type: array
+                    workingDir:
+                      type: string
+                  required:
+                    - name
+                  type: object
+                supportedUriFormats:
+                  items:
+                    properties:
+                      prefix:
+                        type: string
+                      regex:
+                        type: string
+                    type: object
+                  type: array
+              required:
+                - container
+                - supportedUriFormats
+              type: object
+          type: object
+      served: true
+      storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.12.0
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+  name: inferencegraphs.serving.kserve.io
+spec:
+  group: serving.kserve.io
+  names:
+    kind: InferenceGraph
+    listKind: InferenceGraphList
+    plural: inferencegraphs
+    shortNames:
+      - ig
+    singular: inferencegraph
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.url
+          name: URL
+          type: string
+        - jsonPath: .status.conditions[?(@.type=='Ready')].status
+          name: Ready
+          type: string
+        - jsonPath: .metadata.creationTimestamp
+          name: Age
+          type: date
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          properties:
+            apiVersion:
+              type: string
+            kind:
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                affinity:
+                  properties:
+                    nodeAffinity:
+                      properties:
+                        preferredDuringSchedulingIgnoredDuringExecution:
+                          items:
+                            properties:
+                              preference:
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                  matchFields:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              weight:
+                                format: int32
+                                type: integer
+                            required:
+                              - preference
+                              - weight
+                            type: object
+                          type: array
+                        requiredDuringSchedulingIgnoredDuringExecution:
+                          properties:
+                            nodeSelectorTerms:
+                              items:
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                  matchFields:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              type: array
+                          required:
+                            - nodeSelectorTerms
+                          type: object
+                          x-kubernetes-map-type: atomic
+                      type: object
+                    podAffinity:
+                      properties:
+                        preferredDuringSchedulingIgnoredDuringExecution:
+                          items:
+                            properties:
+                              podAffinityTerm:
+                                properties:
+                                  labelSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaceSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaces:
+                                    items:
+                                      type: string
+                                    type: array
+                                  topologyKey:
+                                    type: string
+                                required:
+                                  - topologyKey
+                                type: object
+                              weight:
+                                format: int32
+                                type: integer
+                            required:
+                              - podAffinityTerm
+                              - weight
+                            type: object
+                          type: array
+                        requiredDuringSchedulingIgnoredDuringExecution:
+                          items:
+                            properties:
+                              labelSelector:
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      type: string
+                                    type: object
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              namespaceSelector:
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      type: string
+                                    type: object
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              namespaces:
+                                items:
+                                  type: string
+                                type: array
+                              topologyKey:
+                                type: string
+                            required:
+                              - topologyKey
+                            type: object
+                          type: array
+                      type: object
+                    podAntiAffinity:
+                      properties:
+                        preferredDuringSchedulingIgnoredDuringExecution:
+                          items:
+                            properties:
+                              podAffinityTerm:
+                                properties:
+                                  labelSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaceSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaces:
+                                    items:
+                                      type: string
+                                    type: array
+                                  topologyKey:
+                                    type: string
+                                required:
+                                  - topologyKey
+                                type: object
+                              weight:
+                                format: int32
+                                type: integer
+                            required:
+                              - podAffinityTerm
+                              - weight
+                            type: object
+                          type: array
+                        requiredDuringSchedulingIgnoredDuringExecution:
+                          items:
+                            properties:
+                              labelSelector:
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      type: string
+                                    type: object
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              namespaceSelector:
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      type: string
+                                    type: object
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              namespaces:
+                                items:
+                                  type: string
+                                type: array
+                              topologyKey:
+                                type: string
+                            required:
+                              - topologyKey
+                            type: object
+                          type: array
+                      type: object
+                  type: object
+                maxReplicas:
+                  type: integer
+                minReplicas:
+                  type: integer
+                nodes:
+                  additionalProperties:
+                    properties:
+                      routerType:
+                        enum:
+                          - Sequence
+                          - Splitter
+                          - Ensemble
+                          - Switch
+                        type: string
+                      steps:
+                        items:
+                          properties:
+                            condition:
+                              type: string
+                            data:
+                              type: string
+                            dependency:
+                              enum:
+                                - Soft
+                                - Hard
+                              type: string
+                            name:
+                              type: string
+                            nodeName:
+                              type: string
+                            serviceName:
+                              type: string
+                            serviceUrl:
+                              type: string
+                            weight:
+                              format: int64
+                              type: integer
+                          type: object
+                        type: array
+                    required:
+                      - routerType
+                    type: object
+                  type: object
+                resources:
+                  properties:
+                    claims:
+                      items:
+                        properties:
+                          name:
+                            type: string
+                        required:
+                          - name
+                        type: object
+                      type: array
+                      x-kubernetes-list-map-keys:
+                        - name
+                      x-kubernetes-list-type: map
+                    limits:
+                      additionalProperties:
+                        anyOf:
+                          - type: integer
+                          - type: string
+                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                        x-kubernetes-int-or-string: true
+                      type: object
+                    requests:
+                      additionalProperties:
+                        anyOf:
+                          - type: integer
+                          - type: string
+                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                        x-kubernetes-int-or-string: true
+                      type: object
+                  type: object
+                scaleMetric:
+                  enum:
+                    - cpu
+                    - memory
+                    - concurrency
+                    - rps
+                  type: string
+                scaleTarget:
+                  type: integer
+                timeout:
+                  format: int64
+                  type: integer
+              required:
+                - nodes
+              type: object
+            status:
+              properties:
+                annotations:
+                  additionalProperties:
+                    type: string
+                  type: object
+                conditions:
+                  items:
+                    properties:
+                      lastTransitionTime:
+                        type: string
+                      message:
+                        type: string
+                      reason:
+                        type: string
+                      severity:
+                        type: string
+                      status:
+                        type: string
+                      type:
+                        type: string
+                    required:
+                      - status
+                      - type
+                    type: object
+                  type: array
+                observedGeneration:
+                  format: int64
+                  type: integer
+                url:
+                  type: string
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: kubeflow/serving-cert
+    controller-gen.kubebuilder.io/version: v0.12.0
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+  name: inferenceservices.serving.kserve.io
+spec:
+  group: serving.kserve.io
+  names:
+    kind: InferenceService
+    listKind: InferenceServiceList
+    plural: inferenceservices
+    shortNames:
+      - isvc
+    singular: inferenceservice
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.url
+          name: URL
+          type: string
+        - jsonPath: .status.conditions[?(@.type=='Ready')].status
+          name: Ready
+          type: string
+        - jsonPath: .status.components.predictor.traffic[?(@.tag=='prev')].percent
+          name: Prev
+          type: integer
+        - jsonPath: .status.components.predictor.traffic[?(@.latestRevision==true)].percent
+          name: Latest
+          type: integer
+        - jsonPath: .status.components.predictor.traffic[?(@.tag=='prev')].revisionName
+          name: PrevRolledoutRevision
+          type: string
+        - jsonPath: .status.components.predictor.traffic[?(@.latestRevision==true)].revisionName
+          name: LatestReadyRevision
+          type: string
+        - jsonPath: .metadata.creationTimestamp
+          name: Age
+          type: date
+      name: v1beta1
+      schema:
+        openAPIV3Schema:
+          properties:
+            apiVersion:
+              type: string
+            kind:
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                explainer:
+                  properties:
+                    activeDeadlineSeconds:
+                      format: int64
+                      type: integer
+                    affinity:
+                      properties:
+                        nodeAffinity:
+                          properties:
+                            preferredDuringSchedulingIgnoredDuringExecution:
+                              items:
+                                properties:
+                                  preference:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchFields:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  weight:
+                                    format: int32
+                                    type: integer
+                                required:
+                                  - preference
+                                  - weight
+                                type: object
+                              type: array
+                            requiredDuringSchedulingIgnoredDuringExecution:
+                              properties:
+                                nodeSelectorTerms:
+                                  items:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchFields:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  type: array
+                              required:
+                                - nodeSelectorTerms
+                              type: object
+                              x-kubernetes-map-type: atomic
+                          type: object
+                        podAffinity:
+                          properties:
+                            preferredDuringSchedulingIgnoredDuringExecution:
+                              items:
+                                properties:
+                                  podAffinityTerm:
+                                    properties:
+                                      labelSelector:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                operator:
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            type: object
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      namespaceSelector:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                operator:
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            type: object
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      namespaces:
+                                        items:
+                                          type: string
+                                        type: array
+                                      topologyKey:
+                                        type: string
+                                    required:
+                                      - topologyKey
+                                    type: object
+                                  weight:
+                                    format: int32
+                                    type: integer
+                                required:
+                                  - podAffinityTerm
+                                  - weight
+                                type: object
+                              type: array
+                            requiredDuringSchedulingIgnoredDuringExecution:
+                              items:
+                                properties:
+                                  labelSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaceSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaces:
+                                    items:
+                                      type: string
+                                    type: array
+                                  topologyKey:
+                                    type: string
+                                required:
+                                  - topologyKey
+                                type: object
+                              type: array
+                          type: object
+                        podAntiAffinity:
+                          properties:
+                            preferredDuringSchedulingIgnoredDuringExecution:
+                              items:
+                                properties:
+                                  podAffinityTerm:
+                                    properties:
+                                      labelSelector:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                operator:
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            type: object
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      namespaceSelector:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                operator:
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            type: object
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      namespaces:
+                                        items:
+                                          type: string
+                                        type: array
+                                      topologyKey:
+                                        type: string
+                                    required:
+                                      - topologyKey
+                                    type: object
+                                  weight:
+                                    format: int32
+                                    type: integer
+                                required:
+                                  - podAffinityTerm
+                                  - weight
+                                type: object
+                              type: array
+                            requiredDuringSchedulingIgnoredDuringExecution:
+                              items:
+                                properties:
+                                  labelSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaceSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaces:
+                                    items:
+                                      type: string
+                                    type: array
+                                  topologyKey:
+                                    type: string
+                                required:
+                                  - topologyKey
+                                type: object
+                              type: array
+                          type: object
+                      type: object
+                    annotations:
+                      additionalProperties:
+                        type: string
+                      type: object
+                    art:
+                      properties:
+                        args:
+                          items:
+                            type: string
+                          type: array
+                        command:
+                          items:
+                            type: string
+                          type: array
+                        config:
+                          additionalProperties:
+                            type: string
+                          type: object
+                        env:
+                          items:
+                            properties:
+                              name:
+                                type: string
+                              value:
+                                type: string
+                              valueFrom:
+                                properties:
+                                  configMapKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  fieldRef:
+                                    properties:
+                                      apiVersion:
+                                        type: string
+                                      fieldPath:
+                                        type: string
+                                    required:
+                                      - fieldPath
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  resourceFieldRef:
+                                    properties:
+                                      containerName:
+                                        type: string
+                                      divisor:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                      resource:
+                                        type: string
+                                    required:
+                                      - resource
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  secretKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                type: object
+                            required:
+                              - name
+                            type: object
+                          type: array
+                        envFrom:
+                          items:
+                            properties:
+                              configMapRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              prefix:
+                                type: string
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            type: object
+                          type: array
+                        image:
+                          type: string
+                        imagePullPolicy:
+                          type: string
+                        lifecycle:
+                          properties:
+                            postStart:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                            preStop:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                          type: object
+                        livenessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        name:
+                          type: string
+                        ports:
+                          items:
+                            properties:
+                              containerPort:
+                                format: int32
+                                type: integer
+                              hostIP:
+                                type: string
+                              hostPort:
+                                format: int32
+                                type: integer
+                              name:
+                                type: string
+                              protocol:
+                                default: TCP
+                                type: string
+                            required:
+                              - containerPort
+                            type: object
+                          type: array
+                          x-kubernetes-list-map-keys:
+                            - containerPort
+                            - protocol
+                          x-kubernetes-list-type: map
+                        readinessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        resizePolicy:
+                          items:
+                            properties:
+                              resourceName:
+                                type: string
+                              restartPolicy:
+                                type: string
+                            required:
+                              - resourceName
+                              - restartPolicy
+                            type: object
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        resources:
+                          properties:
+                            claims:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                required:
+                                  - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                                - name
+                              x-kubernetes-list-type: map
+                            limits:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                            requests:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                          type: object
+                        restartPolicy:
+                          type: string
+                        runtimeVersion:
+                          type: string
+                        securityContext:
+                          properties:
+                            allowPrivilegeEscalation:
+                              type: boolean
+                            capabilities:
+                              properties:
+                                add:
+                                  items:
+                                    type: string
+                                  type: array
+                                drop:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            privileged:
+                              type: boolean
+                            procMount:
+                              type: string
+                            readOnlyRootFilesystem:
+                              type: boolean
+                            runAsGroup:
+                              format: int64
+                              type: integer
+                            runAsNonRoot:
+                              type: boolean
+                            runAsUser:
+                              format: int64
+                              type: integer
+                            seLinuxOptions:
+                              properties:
+                                level:
+                                  type: string
+                                role:
+                                  type: string
+                                type:
+                                  type: string
+                                user:
+                                  type: string
+                              type: object
+                            seccompProfile:
+                              properties:
+                                localhostProfile:
+                                  type: string
+                                type:
+                                  type: string
+                              required:
+                                - type
+                              type: object
+                            windowsOptions:
+                              properties:
+                                gmsaCredentialSpec:
+                                  type: string
+                                gmsaCredentialSpecName:
+                                  type: string
+                                hostProcess:
+                                  type: boolean
+                                runAsUserName:
+                                  type: string
+                              type: object
+                          type: object
+                        startupProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                                - port
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        stdin:
+                          type: boolean
+                        stdinOnce:
+                          type: boolean
+                        storage:
+                          properties:
+                            key:
+                              type: string
+                            parameters:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            path:
+                              type: string
+                            schemaPath:
+                              type: string
+                          type: object
+                        storageUri:
+                          type: string
+                        terminationMessagePath:
+                          type: string
+                        terminationMessagePolicy:
+                          type: string
+                        tty:
+                          type: boolean
+                        type:
+                          type: string
+                        volumeDevices:
+                          items:
+                            properties:
+                              devicePath:
+                                type: string
+                              name:
+                                type: string
+                            required:
+                              - devicePath
+                              - name
+                            type: object
+                          type: array
+                        volumeMounts:
+                          items:
+                            properties:
+                              mountPath:
+                                type: string
+                              mountPropagation:
+                                type: string
+                              name:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              subPath:
+                                type: string
+                              subPathExpr:
+                                type: string
+                            required:
+                              - mountPath
+                              - name
+                            type: object
+                          type: array
+                        workingDir:
+                          type: string
+                      type: object
+                    automountServiceAccountToken:
+                      type: boolean
+                    batcher:
+                      properties:
+                        maxBatchSize:
+                          type: integer
+                        maxLatency:
+                          type: integer
+                        timeout:
+                          type: integer
+                      type: object
+                    canaryTrafficPercent:
+                      format: int64
+                      type: integer
+                    containerConcurrency:
+                      format: int64
+                      type: integer
+                    containers:
+                      items:
+                        properties:
+                          args:
+                            items:
+                              type: string
+                            type: array
+                          command:
+                            items:
+                              type: string
+                            type: array
+                          env:
+                            items:
+                              properties:
+                                name:
+                                  type: string
+                                value:
+                                  type: string
+                                valueFrom:
+                                  properties:
+                                    configMapKeyRef:
+                                      properties:
+                                        key:
+                                          type: string
+                                        name:
+                                          type: string
+                                        optional:
+                                          type: boolean
+                                      required:
+                                        - key
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    fieldRef:
+                                      properties:
+                                        apiVersion:
+                                          type: string
+                                        fieldPath:
+                                          type: string
+                                      required:
+                                        - fieldPath
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    resourceFieldRef:
+                                      properties:
+                                        containerName:
+                                          type: string
+                                        divisor:
+                                          anyOf:
+                                            - type: integer
+                                            - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        resource:
+                                          type: string
+                                      required:
+                                        - resource
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    secretKeyRef:
+                                      properties:
+                                        key:
+                                          type: string
+                                        name:
+                                          type: string
+                                        optional:
+                                          type: boolean
+                                      required:
+                                        - key
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                  type: object
+                              required:
+                                - name
+                              type: object
+                            type: array
+                          envFrom:
+                            items:
+                              properties:
+                                configMapRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                    optional:
+                                      type: boolean
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                prefix:
+                                  type: string
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                    optional:
+                                      type: boolean
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              type: object
+                            type: array
+                          image:
+                            type: string
+                          imagePullPolicy:
+                            type: string
+                          lifecycle:
+                            properties:
+                              postStart:
+                                properties:
+                                  exec:
+                                    properties:
+                                      command:
+                                        items:
+                                          type: string
+                                        type: array
+                                    type: object
+                                  httpGet:
+                                    properties:
+                                      host:
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              type: string
+                                            value:
+                                              type: string
+                                          required:
+                                            - name
+                                            - value
+                                          type: object
+                                        type: array
+                                      path:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        type: string
+                                    required:
+                                      - port
+                                    type: object
+                                  tcpSocket:
+                                    properties:
+                                      host:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                    required:
+                                      - port
+                                    type: object
+                                type: object
+                              preStop:
+                                properties:
+                                  exec:
+                                    properties:
+                                      command:
+                                        items:
+                                          type: string
+                                        type: array
+                                    type: object
+                                  httpGet:
+                                    properties:
+                                      host:
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              type: string
+                                            value:
+                                              type: string
+                                          required:
+                                            - name
+                                            - value
+                                          type: object
+                                        type: array
+                                      path:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        type: string
+                                    required:
+                                      - port
+                                    type: object
+                                  tcpSocket:
+                                    properties:
+                                      host:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                    required:
+                                      - port
+                                    type: object
+                                type: object
+                            type: object
+                          livenessProbe:
+                            properties:
+                              exec:
+                                properties:
+                                  command:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              failureThreshold:
+                                format: int32
+                                type: integer
+                              grpc:
+                                properties:
+                                  port:
+                                    format: int32
+                                    type: integer
+                                  service:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              httpGet:
+                                properties:
+                                  host:
+                                    type: string
+                                  httpHeaders:
+                                    items:
+                                      properties:
+                                        name:
+                                          type: string
+                                        value:
+                                          type: string
+                                      required:
+                                        - name
+                                        - value
+                                      type: object
+                                    type: array
+                                  path:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                  scheme:
+                                    type: string
+                                type: object
+                              initialDelaySeconds:
+                                format: int32
+                                type: integer
+                              periodSeconds:
+                                format: int32
+                                type: integer
+                              successThreshold:
+                                format: int32
+                                type: integer
+                              tcpSocket:
+                                properties:
+                                  host:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                  - port
+                                type: object
+                              terminationGracePeriodSeconds:
+                                format: int64
+                                type: integer
+                              timeoutSeconds:
+                                format: int32
+                                type: integer
+                            type: object
+                          name:
+                            type: string
+                          ports:
+                            items:
+                              properties:
+                                containerPort:
+                                  format: int32
+                                  type: integer
+                                hostIP:
+                                  type: string
+                                hostPort:
+                                  format: int32
+                                  type: integer
+                                name:
+                                  type: string
+                                protocol:
+                                  default: TCP
+                                  type: string
+                              required:
+                                - containerPort
+                              type: object
+                            type: array
+                            x-kubernetes-list-map-keys:
+                              - containerPort
+                              - protocol
+                            x-kubernetes-list-type: map
+                          readinessProbe:
+                            properties:
+                              exec:
+                                properties:
+                                  command:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              failureThreshold:
+                                format: int32
+                                type: integer
+                              grpc:
+                                properties:
+                                  port:
+                                    format: int32
+                                    type: integer
+                                  service:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              httpGet:
+                                properties:
+                                  host:
+                                    type: string
+                                  httpHeaders:
+                                    items:
+                                      properties:
+                                        name:
+                                          type: string
+                                        value:
+                                          type: string
+                                      required:
+                                        - name
+                                        - value
+                                      type: object
+                                    type: array
+                                  path:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                  scheme:
+                                    type: string
+                                type: object
+                              initialDelaySeconds:
+                                format: int32
+                                type: integer
+                              periodSeconds:
+                                format: int32
+                                type: integer
+                              successThreshold:
+                                format: int32
+                                type: integer
+                              tcpSocket:
+                                properties:
+                                  host:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                  - port
+                                type: object
+                              terminationGracePeriodSeconds:
+                                format: int64
+                                type: integer
+                              timeoutSeconds:
+                                format: int32
+                                type: integer
+                            type: object
+                          resizePolicy:
+                            items:
+                              properties:
+                                resourceName:
+                                  type: string
+                                restartPolicy:
+                                  type: string
+                              required:
+                                - resourceName
+                                - restartPolicy
+                              type: object
+                            type: array
+                            x-kubernetes-list-type: atomic
+                          resources:
+                            properties:
+                              claims:
+                                items:
+                                  properties:
+                                    name:
+                                      type: string
+                                  required:
+                                    - name
+                                  type: object
+                                type: array
+                                x-kubernetes-list-map-keys:
+                                  - name
+                                x-kubernetes-list-type: map
+                              limits:
+                                additionalProperties:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                type: object
+                              requests:
+                                additionalProperties:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                type: object
+                            type: object
+                          restartPolicy:
+                            type: string
+                          securityContext:
+                            properties:
+                              allowPrivilegeEscalation:
+                                type: boolean
+                              capabilities:
+                                properties:
+                                  add:
+                                    items:
+                                      type: string
+                                    type: array
+                                  drop:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              privileged:
+                                type: boolean
+                              procMount:
+                                type: string
+                              readOnlyRootFilesystem:
+                                type: boolean
+                              runAsGroup:
+                                format: int64
+                                type: integer
+                              runAsNonRoot:
+                                type: boolean
+                              runAsUser:
+                                format: int64
+                                type: integer
+                              seLinuxOptions:
+                                properties:
+                                  level:
+                                    type: string
+                                  role:
+                                    type: string
+                                  type:
+                                    type: string
+                                  user:
+                                    type: string
+                                type: object
+                              seccompProfile:
+                                properties:
+                                  localhostProfile:
+                                    type: string
+                                  type:
+                                    type: string
+                                required:
+                                  - type
+                                type: object
+                              windowsOptions:
+                                properties:
+                                  gmsaCredentialSpec:
+                                    type: string
+                                  gmsaCredentialSpecName:
+                                    type: string
+                                  hostProcess:
+                                    type: boolean
+                                  runAsUserName:
+                                    type: string
+                                type: object
+                            type: object
+                          startupProbe:
+                            properties:
+                              exec:
+                                properties:
+                                  command:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              failureThreshold:
+                                format: int32
+                                type: integer
+                              grpc:
+                                properties:
+                                  port:
+                                    format: int32
+                                    type: integer
+                                  service:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              httpGet:
+                                properties:
+                                  host:
+                                    type: string
+                                  httpHeaders:
+                                    items:
+                                      properties:
+                                        name:
+                                          type: string
+                                        value:
+                                          type: string
+                                      required:
+                                        - name
+                                        - value
+                                      type: object
+                                    type: array
+                                  path:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                  scheme:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              initialDelaySeconds:
+                                format: int32
+                                type: integer
+                              periodSeconds:
+                                format: int32
+                                type: integer
+                              successThreshold:
+                                format: int32
+                                type: integer
+                              tcpSocket:
+                                properties:
+                                  host:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                  - port
+                                type: object
+                              terminationGracePeriodSeconds:
+                                format: int64
+                                type: integer
+                              timeoutSeconds:
+                                format: int32
+                                type: integer
+                            type: object
+                          stdin:
+                            type: boolean
+                          stdinOnce:
+                            type: boolean
+                          terminationMessagePath:
+                            type: string
+                          terminationMessagePolicy:
+                            type: string
+                          tty:
+                            type: boolean
+                          volumeDevices:
+                            items:
+                              properties:
+                                devicePath:
+                                  type: string
+                                name:
+                                  type: string
+                              required:
+                                - devicePath
+                                - name
+                              type: object
+                            type: array
+                          volumeMounts:
+                            items:
+                              properties:
+                                mountPath:
+                                  type: string
+                                mountPropagation:
+                                  type: string
+                                name:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                subPath:
+                                  type: string
+                                subPathExpr:
+                                  type: string
+                              required:
+                                - mountPath
+                                - name
+                              type: object
+                            type: array
+                          workingDir:
+                            type: string
+                        required:
+                          - name
+                        type: object
+                      type: array
+                    deploymentStrategy:
+                      properties:
+                        rollingUpdate:
+                          properties:
+                            maxSurge:
+                              anyOf:
+                                - type: integer
+                                - type: string
+                              x-kubernetes-int-or-string: true
+                            maxUnavailable:
+                              anyOf:
+                                - type: integer
+                                - type: string
+                              x-kubernetes-int-or-string: true
+                          type: object
+                        type:
+                          type: string
+                      type: object
+                    dnsConfig:
+                      properties:
+                        nameservers:
+                          items:
+                            type: string
+                          type: array
+                        options:
+                          items:
+                            properties:
+                              name:
+                                type: string
+                              value:
+                                type: string
+                            type: object
+                          type: array
+                        searches:
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    dnsPolicy:
+                      type: string
+                    enableServiceLinks:
+                      type: boolean
+                    hostAliases:
+                      items:
+                        properties:
+                          hostnames:
+                            items:
+                              type: string
+                            type: array
+                          ip:
+                            type: string
+                        type: object
+                      type: array
+                    hostIPC:
+                      type: boolean
+                    hostNetwork:
+                      type: boolean
+                    hostPID:
+                      type: boolean
+                    hostUsers:
+                      type: boolean
+                    hostname:
+                      type: string
+                    imagePullSecrets:
+                      items:
+                        properties:
+                          name:
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      type: array
+                    initContainers:
+                      items:
+                        properties:
+                          args:
+                            items:
+                              type: string
+                            type: array
+                          command:
+                            items:
+                              type: string
+                            type: array
+                          env:
+                            items:
+                              properties:
+                                name:
+                                  type: string
+                                value:
+                                  type: string
+                                valueFrom:
+                                  properties:
+                                    configMapKeyRef:
+                                      properties:
+                                        key:
+                                          type: string
+                                        name:
+                                          type: string
+                                        optional:
+                                          type: boolean
+                                      required:
+                                        - key
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    fieldRef:
+                                      properties:
+                                        apiVersion:
+                                          type: string
+                                        fieldPath:
+                                          type: string
+                                      required:
+                                        - fieldPath
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    resourceFieldRef:
+                                      properties:
+                                        containerName:
+                                          type: string
+                                        divisor:
+                                          anyOf:
+                                            - type: integer
+                                            - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        resource:
+                                          type: string
+                                      required:
+                                        - resource
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    secretKeyRef:
+                                      properties:
+                                        key:
+                                          type: string
+                                        name:
+                                          type: string
+                                        optional:
+                                          type: boolean
+                                      required:
+                                        - key
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                  type: object
+                              required:
+                                - name
+                              type: object
+                            type: array
+                          envFrom:
+                            items:
+                              properties:
+                                configMapRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                    optional:
+                                      type: boolean
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                prefix:
+                                  type: string
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                    optional:
+                                      type: boolean
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              type: object
+                            type: array
+                          image:
+                            type: string
+                          imagePullPolicy:
+                            type: string
+                          lifecycle:
+                            properties:
+                              postStart:
+                                properties:
+                                  exec:
+                                    properties:
+                                      command:
+                                        items:
+                                          type: string
+                                        type: array
+                                    type: object
+                                  httpGet:
+                                    properties:
+                                      host:
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              type: string
+                                            value:
+                                              type: string
+                                          required:
+                                            - name
+                                            - value
+                                          type: object
+                                        type: array
+                                      path:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        type: string
+                                    required:
+                                      - port
+                                    type: object
+                                  tcpSocket:
+                                    properties:
+                                      host:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                    required:
+                                      - port
+                                    type: object
+                                type: object
+                              preStop:
+                                properties:
+                                  exec:
+                                    properties:
+                                      command:
+                                        items:
+                                          type: string
+                                        type: array
+                                    type: object
+                                  httpGet:
+                                    properties:
+                                      host:
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              type: string
+                                            value:
+                                              type: string
+                                          required:
+                                            - name
+                                            - value
+                                          type: object
+                                        type: array
+                                      path:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        type: string
+                                    required:
+                                      - port
+                                    type: object
+                                  tcpSocket:
+                                    properties:
+                                      host:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                    required:
+                                      - port
+                                    type: object
+                                type: object
+                            type: object
+                          livenessProbe:
+                            properties:
+                              exec:
+                                properties:
+                                  command:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              failureThreshold:
+                                format: int32
+                                type: integer
+                              grpc:
+                                properties:
+                                  port:
+                                    format: int32
+                                    type: integer
+                                  service:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              httpGet:
+                                properties:
+                                  host:
+                                    type: string
+                                  httpHeaders:
+                                    items:
+                                      properties:
+                                        name:
+                                          type: string
+                                        value:
+                                          type: string
+                                      required:
+                                        - name
+                                        - value
+                                      type: object
+                                    type: array
+                                  path:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                  scheme:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              initialDelaySeconds:
+                                format: int32
+                                type: integer
+                              periodSeconds:
+                                format: int32
+                                type: integer
+                              successThreshold:
+                                format: int32
+                                type: integer
+                              tcpSocket:
+                                properties:
+                                  host:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                  - port
+                                type: object
+                              terminationGracePeriodSeconds:
+                                format: int64
+                                type: integer
+                              timeoutSeconds:
+                                format: int32
+                                type: integer
+                            type: object
+                          name:
+                            type: string
+                          ports:
+                            items:
+                              properties:
+                                containerPort:
+                                  format: int32
+                                  type: integer
+                                hostIP:
+                                  type: string
+                                hostPort:
+                                  format: int32
+                                  type: integer
+                                name:
+                                  type: string
+                                protocol:
+                                  default: TCP
+                                  type: string
+                              required:
+                                - containerPort
+                              type: object
+                            type: array
+                            x-kubernetes-list-map-keys:
+                              - containerPort
+                              - protocol
+                            x-kubernetes-list-type: map
+                          readinessProbe:
+                            properties:
+                              exec:
+                                properties:
+                                  command:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              failureThreshold:
+                                format: int32
+                                type: integer
+                              grpc:
+                                properties:
+                                  port:
+                                    format: int32
+                                    type: integer
+                                  service:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              httpGet:
+                                properties:
+                                  host:
+                                    type: string
+                                  httpHeaders:
+                                    items:
+                                      properties:
+                                        name:
+                                          type: string
+                                        value:
+                                          type: string
+                                      required:
+                                        - name
+                                        - value
+                                      type: object
+                                    type: array
+                                  path:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                  scheme:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              initialDelaySeconds:
+                                format: int32
+                                type: integer
+                              periodSeconds:
+                                format: int32
+                                type: integer
+                              successThreshold:
+                                format: int32
+                                type: integer
+                              tcpSocket:
+                                properties:
+                                  host:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                  - port
+                                type: object
+                              terminationGracePeriodSeconds:
+                                format: int64
+                                type: integer
+                              timeoutSeconds:
+                                format: int32
+                                type: integer
+                            type: object
+                          resizePolicy:
+                            items:
+                              properties:
+                                resourceName:
+                                  type: string
+                                restartPolicy:
+                                  type: string
+                              required:
+                                - resourceName
+                                - restartPolicy
+                              type: object
+                            type: array
+                            x-kubernetes-list-type: atomic
+                          resources:
+                            properties:
+                              claims:
+                                items:
+                                  properties:
+                                    name:
+                                      type: string
+                                  required:
+                                    - name
+                                  type: object
+                                type: array
+                                x-kubernetes-list-map-keys:
+                                  - name
+                                x-kubernetes-list-type: map
+                              limits:
+                                additionalProperties:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                type: object
+                              requests:
+                                additionalProperties:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                type: object
+                            type: object
+                          restartPolicy:
+                            type: string
+                          securityContext:
+                            properties:
+                              allowPrivilegeEscalation:
+                                type: boolean
+                              capabilities:
+                                properties:
+                                  add:
+                                    items:
+                                      type: string
+                                    type: array
+                                  drop:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              privileged:
+                                type: boolean
+                              procMount:
+                                type: string
+                              readOnlyRootFilesystem:
+                                type: boolean
+                              runAsGroup:
+                                format: int64
+                                type: integer
+                              runAsNonRoot:
+                                type: boolean
+                              runAsUser:
+                                format: int64
+                                type: integer
+                              seLinuxOptions:
+                                properties:
+                                  level:
+                                    type: string
+                                  role:
+                                    type: string
+                                  type:
+                                    type: string
+                                  user:
+                                    type: string
+                                type: object
+                              seccompProfile:
+                                properties:
+                                  localhostProfile:
+                                    type: string
+                                  type:
+                                    type: string
+                                required:
+                                  - type
+                                type: object
+                              windowsOptions:
+                                properties:
+                                  gmsaCredentialSpec:
+                                    type: string
+                                  gmsaCredentialSpecName:
+                                    type: string
+                                  hostProcess:
+                                    type: boolean
+                                  runAsUserName:
+                                    type: string
+                                type: object
+                            type: object
+                          startupProbe:
+                            properties:
+                              exec:
+                                properties:
+                                  command:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              failureThreshold:
+                                format: int32
+                                type: integer
+                              grpc:
+                                properties:
+                                  port:
+                                    format: int32
+                                    type: integer
+                                  service:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              httpGet:
+                                properties:
+                                  host:
+                                    type: string
+                                  httpHeaders:
+                                    items:
+                                      properties:
+                                        name:
+                                          type: string
+                                        value:
+                                          type: string
+                                      required:
+                                        - name
+                                        - value
+                                      type: object
+                                    type: array
+                                  path:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                  scheme:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              initialDelaySeconds:
+                                format: int32
+                                type: integer
+                              periodSeconds:
+                                format: int32
+                                type: integer
+                              successThreshold:
+                                format: int32
+                                type: integer
+                              tcpSocket:
+                                properties:
+                                  host:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                  - port
+                                type: object
+                              terminationGracePeriodSeconds:
+                                format: int64
+                                type: integer
+                              timeoutSeconds:
+                                format: int32
+                                type: integer
+                            type: object
+                          stdin:
+                            type: boolean
+                          stdinOnce:
+                            type: boolean
+                          terminationMessagePath:
+                            type: string
+                          terminationMessagePolicy:
+                            type: string
+                          tty:
+                            type: boolean
+                          volumeDevices:
+                            items:
+                              properties:
+                                devicePath:
+                                  type: string
+                                name:
+                                  type: string
+                              required:
+                                - devicePath
+                                - name
+                              type: object
+                            type: array
+                          volumeMounts:
+                            items:
+                              properties:
+                                mountPath:
+                                  type: string
+                                mountPropagation:
+                                  type: string
+                                name:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                subPath:
+                                  type: string
+                                subPathExpr:
+                                  type: string
+                              required:
+                                - mountPath
+                                - name
+                              type: object
+                            type: array
+                          workingDir:
+                            type: string
+                        required:
+                          - name
+                        type: object
+                      type: array
+                    labels:
+                      additionalProperties:
+                        type: string
+                      type: object
+                    logger:
+                      properties:
+                        mode:
+                          enum:
+                            - all
+                            - request
+                            - response
+                          type: string
+                        url:
+                          type: string
+                      type: object
+                    maxReplicas:
+                      type: integer
+                    minReplicas:
+                      type: integer
+                    nodeName:
+                      type: string
+                    nodeSelector:
+                      additionalProperties:
+                        type: string
+                      type: object
+                      x-kubernetes-map-type: atomic
+                    os:
+                      properties:
+                        name:
+                          type: string
+                      type: object
+                    overhead:
+                      additionalProperties:
+                        anyOf:
+                          - type: integer
+                          - type: string
+                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                        x-kubernetes-int-or-string: true
+                      type: object
+                    preemptionPolicy:
+                      type: string
+                    priority:
+                      format: int32
+                      type: integer
+                    priorityClassName:
+                      type: string
+                    readinessGates:
+                      items:
+                        properties:
+                          conditionType:
+                            type: string
+                        required:
+                          - conditionType
+                        type: object
+                      type: array
+                    resourceClaims:
+                      items:
+                        properties:
+                          name:
+                            type: string
+                          source:
+                            properties:
+                              resourceClaimName:
+                                type: string
+                              resourceClaimTemplateName:
+                                type: string
+                            type: object
+                        required:
+                          - name
+                        type: object
+                      type: array
+                      x-kubernetes-list-map-keys:
+                        - name
+                      x-kubernetes-list-type: map
+                    restartPolicy:
+                      type: string
+                    runtimeClassName:
+                      type: string
+                    scaleMetric:
+                      enum:
+                        - cpu
+                        - memory
+                        - concurrency
+                        - rps
+                      type: string
+                    scaleTarget:
+                      type: integer
+                    schedulerName:
+                      type: string
+                    schedulingGates:
+                      items:
+                        properties:
+                          name:
+                            type: string
+                        required:
+                          - name
+                        type: object
+                      type: array
+                      x-kubernetes-list-map-keys:
+                        - name
+                      x-kubernetes-list-type: map
+                    securityContext:
+                      properties:
+                        fsGroup:
+                          format: int64
+                          type: integer
+                        fsGroupChangePolicy:
+                          type: string
+                        runAsGroup:
+                          format: int64
+                          type: integer
+                        runAsNonRoot:
+                          type: boolean
+                        runAsUser:
+                          format: int64
+                          type: integer
+                        seLinuxOptions:
+                          properties:
+                            level:
+                              type: string
+                            role:
+                              type: string
+                            type:
+                              type: string
+                            user:
+                              type: string
+                          type: object
+                        seccompProfile:
+                          properties:
+                            localhostProfile:
+                              type: string
+                            type:
+                              type: string
+                          required:
+                            - type
+                          type: object
+                        supplementalGroups:
+                          items:
+                            format: int64
+                            type: integer
+                          type: array
+                        sysctls:
+                          items:
+                            properties:
+                              name:
+                                type: string
+                              value:
+                                type: string
+                            required:
+                              - name
+                              - value
+                            type: object
+                          type: array
+                        windowsOptions:
+                          properties:
+                            gmsaCredentialSpec:
+                              type: string
+                            gmsaCredentialSpecName:
+                              type: string
+                            hostProcess:
+                              type: boolean
+                            runAsUserName:
+                              type: string
+                          type: object
+                      type: object
+                    serviceAccount:
+                      type: string
+                    serviceAccountName:
+                      type: string
+                    setHostnameAsFQDN:
+                      type: boolean
+                    shareProcessNamespace:
+                      type: boolean
+                    subdomain:
+                      type: string
+                    terminationGracePeriodSeconds:
+                      format: int64
+                      type: integer
+                    timeout:
+                      format: int64
+                      type: integer
+                    tolerations:
+                      items:
+                        properties:
+                          effect:
+                            type: string
+                          key:
+                            type: string
+                          operator:
+                            type: string
+                          tolerationSeconds:
+                            format: int64
+                            type: integer
+                          value:
+                            type: string
+                        type: object
+                      type: array
+                    topologySpreadConstraints:
+                      items:
+                        properties:
+                          labelSelector:
+                            properties:
+                              matchExpressions:
+                                items:
+                                  properties:
+                                    key:
+                                      type: string
+                                    operator:
+                                      type: string
+                                    values:
+                                      items:
+                                        type: string
+                                      type: array
+                                  required:
+                                    - key
+                                    - operator
+                                  type: object
+                                type: array
+                              matchLabels:
+                                additionalProperties:
+                                  type: string
+                                type: object
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          matchLabelKeys:
+                            items:
+                              type: string
+                            type: array
+                            x-kubernetes-list-type: atomic
+                          maxSkew:
+                            format: int32
+                            type: integer
+                          minDomains:
+                            format: int32
+                            type: integer
+                          nodeAffinityPolicy:
+                            type: string
+                          nodeTaintsPolicy:
+                            type: string
+                          topologyKey:
+                            type: string
+                          whenUnsatisfiable:
+                            type: string
+                        required:
+                          - maxSkew
+                          - topologyKey
+                          - whenUnsatisfiable
+                        type: object
+                      type: array
+                      x-kubernetes-list-map-keys:
+                        - topologyKey
+                        - whenUnsatisfiable
+                      x-kubernetes-list-type: map
+                    volumes:
+                      items:
+                        properties:
+                          awsElasticBlockStore:
+                            properties:
+                              fsType:
+                                type: string
+                              partition:
+                                format: int32
+                                type: integer
+                              readOnly:
+                                type: boolean
+                              volumeID:
+                                type: string
+                            required:
+                              - volumeID
+                            type: object
+                          azureDisk:
+                            properties:
+                              cachingMode:
+                                type: string
+                              diskName:
+                                type: string
+                              diskURI:
+                                type: string
+                              fsType:
+                                type: string
+                              kind:
+                                type: string
+                              readOnly:
+                                type: boolean
+                            required:
+                              - diskName
+                              - diskURI
+                            type: object
+                          azureFile:
+                            properties:
+                              readOnly:
+                                type: boolean
+                              secretName:
+                                type: string
+                              shareName:
+                                type: string
+                            required:
+                              - secretName
+                              - shareName
+                            type: object
+                          cephfs:
+                            properties:
+                              monitors:
+                                items:
+                                  type: string
+                                type: array
+                              path:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              secretFile:
+                                type: string
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              user:
+                                type: string
+                            required:
+                              - monitors
+                            type: object
+                          cinder:
+                            properties:
+                              fsType:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              volumeID:
+                                type: string
+                            required:
+                              - volumeID
+                            type: object
+                          configMap:
+                            properties:
+                              defaultMode:
+                                format: int32
+                                type: integer
+                              items:
+                                items:
+                                  properties:
+                                    key:
+                                      type: string
+                                    mode:
+                                      format: int32
+                                      type: integer
+                                    path:
+                                      type: string
+                                  required:
+                                    - key
+                                    - path
+                                  type: object
+                                type: array
+                              name:
+                                type: string
+                              optional:
+                                type: boolean
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          csi:
+                            properties:
+                              driver:
+                                type: string
+                              fsType:
+                                type: string
+                              nodePublishSecretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              readOnly:
+                                type: boolean
+                              volumeAttributes:
+                                additionalProperties:
+                                  type: string
+                                type: object
+                            required:
+                              - driver
+                            type: object
+                          downwardAPI:
+                            properties:
+                              defaultMode:
+                                format: int32
+                                type: integer
+                              items:
+                                items:
+                                  properties:
+                                    fieldRef:
+                                      properties:
+                                        apiVersion:
+                                          type: string
+                                        fieldPath:
+                                          type: string
+                                      required:
+                                        - fieldPath
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    mode:
+                                      format: int32
+                                      type: integer
+                                    path:
+                                      type: string
+                                    resourceFieldRef:
+                                      properties:
+                                        containerName:
+                                          type: string
+                                        divisor:
+                                          anyOf:
+                                            - type: integer
+                                            - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        resource:
+                                          type: string
+                                      required:
+                                        - resource
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                  required:
+                                    - path
+                                  type: object
+                                type: array
+                            type: object
+                          emptyDir:
+                            properties:
+                              medium:
+                                type: string
+                              sizeLimit:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                            type: object
+                          ephemeral:
+                            properties:
+                              volumeClaimTemplate:
+                                properties:
+                                  metadata:
+                                    type: object
+                                  spec:
+                                    properties:
+                                      accessModes:
+                                        items:
+                                          type: string
+                                        type: array
+                                      dataSource:
+                                        properties:
+                                          apiGroup:
+                                            type: string
+                                          kind:
+                                            type: string
+                                          name:
+                                            type: string
+                                        required:
+                                          - kind
+                                          - name
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      dataSourceRef:
+                                        properties:
+                                          apiGroup:
+                                            type: string
+                                          kind:
+                                            type: string
+                                          name:
+                                            type: string
+                                          namespace:
+                                            type: string
+                                        required:
+                                          - kind
+                                          - name
+                                        type: object
+                                      resources:
+                                        properties:
+                                          claims:
+                                            items:
+                                              properties:
+                                                name:
+                                                  type: string
+                                              required:
+                                                - name
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-map-keys:
+                                              - name
+                                            x-kubernetes-list-type: map
+                                          limits:
+                                            additionalProperties:
+                                              anyOf:
+                                                - type: integer
+                                                - type: string
+                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                              x-kubernetes-int-or-string: true
+                                            type: object
+                                          requests:
+                                            additionalProperties:
+                                              anyOf:
+                                                - type: integer
+                                                - type: string
+                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                              x-kubernetes-int-or-string: true
+                                            type: object
+                                        type: object
+                                      selector:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                operator:
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            type: object
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      storageClassName:
+                                        type: string
+                                      volumeMode:
+                                        type: string
+                                      volumeName:
+                                        type: string
+                                    type: object
+                                required:
+                                  - spec
+                                type: object
+                            type: object
+                          fc:
+                            properties:
+                              fsType:
+                                type: string
+                              lun:
+                                format: int32
+                                type: integer
+                              readOnly:
+                                type: boolean
+                              targetWWNs:
+                                items:
+                                  type: string
+                                type: array
+                              wwids:
+                                items:
+                                  type: string
+                                type: array
+                            type: object
+                          flexVolume:
+                            properties:
+                              driver:
+                                type: string
+                              fsType:
+                                type: string
+                              options:
+                                additionalProperties:
+                                  type: string
+                                type: object
+                              readOnly:
+                                type: boolean
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            required:
+                              - driver
+                            type: object
+                          flocker:
+                            properties:
+                              datasetName:
+                                type: string
+                              datasetUUID:
+                                type: string
+                            type: object
+                          gcePersistentDisk:
+                            properties:
+                              fsType:
+                                type: string
+                              partition:
+                                format: int32
+                                type: integer
+                              pdName:
+                                type: string
+                              readOnly:
+                                type: boolean
+                            required:
+                              - pdName
+                            type: object
+                          gitRepo:
+                            properties:
+                              directory:
+                                type: string
+                              repository:
+                                type: string
+                              revision:
+                                type: string
+                            required:
+                              - repository
+                            type: object
+                          glusterfs:
+                            properties:
+                              endpoints:
+                                type: string
+                              path:
+                                type: string
+                              readOnly:
+                                type: boolean
+                            required:
+                              - endpoints
+                              - path
+                            type: object
+                          hostPath:
+                            properties:
+                              path:
+                                type: string
+                              type:
+                                type: string
+                            required:
+                              - path
+                            type: object
+                          iscsi:
+                            properties:
+                              chapAuthDiscovery:
+                                type: boolean
+                              chapAuthSession:
+                                type: boolean
+                              fsType:
+                                type: string
+                              initiatorName:
+                                type: string
+                              iqn:
+                                type: string
+                              iscsiInterface:
+                                type: string
+                              lun:
+                                format: int32
+                                type: integer
+                              portals:
+                                items:
+                                  type: string
+                                type: array
+                              readOnly:
+                                type: boolean
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              targetPortal:
+                                type: string
+                            required:
+                              - iqn
+                              - lun
+                              - targetPortal
+                            type: object
+                          name:
+                            type: string
+                          nfs:
+                            properties:
+                              path:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              server:
+                                type: string
+                            required:
+                              - path
+                              - server
+                            type: object
+                          persistentVolumeClaim:
+                            properties:
+                              claimName:
+                                type: string
+                              readOnly:
+                                type: boolean
+                            required:
+                              - claimName
+                            type: object
+                          photonPersistentDisk:
+                            properties:
+                              fsType:
+                                type: string
+                              pdID:
+                                type: string
+                            required:
+                              - pdID
+                            type: object
+                          portworxVolume:
+                            properties:
+                              fsType:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              volumeID:
+                                type: string
+                            required:
+                              - volumeID
+                            type: object
+                          projected:
+                            properties:
+                              defaultMode:
+                                format: int32
+                                type: integer
+                              sources:
+                                items:
+                                  properties:
+                                    configMap:
+                                      properties:
+                                        items:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              mode:
+                                                format: int32
+                                                type: integer
+                                              path:
+                                                type: string
+                                            required:
+                                              - key
+                                              - path
+                                            type: object
+                                          type: array
+                                        name:
+                                          type: string
+                                        optional:
+                                          type: boolean
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    downwardAPI:
+                                      properties:
+                                        items:
+                                          items:
+                                            properties:
+                                              fieldRef:
+                                                properties:
+                                                  apiVersion:
+                                                    type: string
+                                                  fieldPath:
+                                                    type: string
+                                                required:
+                                                  - fieldPath
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              mode:
+                                                format: int32
+                                                type: integer
+                                              path:
+                                                type: string
+                                              resourceFieldRef:
+                                                properties:
+                                                  containerName:
+                                                    type: string
+                                                  divisor:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                    x-kubernetes-int-or-string: true
+                                                  resource:
+                                                    type: string
+                                                required:
+                                                  - resource
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                            required:
+                                              - path
+                                            type: object
+                                          type: array
+                                      type: object
+                                    secret:
+                                      properties:
+                                        items:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              mode:
+                                                format: int32
+                                                type: integer
+                                              path:
+                                                type: string
+                                            required:
+                                              - key
+                                              - path
+                                            type: object
+                                          type: array
+                                        name:
+                                          type: string
+                                        optional:
+                                          type: boolean
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    serviceAccountToken:
+                                      properties:
+                                        audience:
+                                          type: string
+                                        expirationSeconds:
+                                          format: int64
+                                          type: integer
+                                        path:
+                                          type: string
+                                      required:
+                                        - path
+                                      type: object
+                                  type: object
+                                type: array
+                            type: object
+                          quobyte:
+                            properties:
+                              group:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              registry:
+                                type: string
+                              tenant:
+                                type: string
+                              user:
+                                type: string
+                              volume:
+                                type: string
+                            required:
+                              - registry
+                              - volume
+                            type: object
+                          rbd:
+                            properties:
+                              fsType:
+                                type: string
+                              image:
+                                type: string
+                              keyring:
+                                type: string
+                              monitors:
+                                items:
+                                  type: string
+                                type: array
+                              pool:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              user:
+                                type: string
+                            required:
+                              - image
+                              - monitors
+                            type: object
+                          scaleIO:
+                            properties:
+                              fsType:
+                                type: string
+                              gateway:
+                                type: string
+                              protectionDomain:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              sslEnabled:
+                                type: boolean
+                              storageMode:
+                                type: string
+                              storagePool:
+                                type: string
+                              system:
+                                type: string
+                              volumeName:
+                                type: string
+                            required:
+                              - gateway
+                              - secretRef
+                              - system
+                            type: object
+                          secret:
+                            properties:
+                              defaultMode:
+                                format: int32
+                                type: integer
+                              items:
+                                items:
+                                  properties:
+                                    key:
+                                      type: string
+                                    mode:
+                                      format: int32
+                                      type: integer
+                                    path:
+                                      type: string
+                                  required:
+                                    - key
+                                    - path
+                                  type: object
+                                type: array
+                              optional:
+                                type: boolean
+                              secretName:
+                                type: string
+                            type: object
+                          storageos:
+                            properties:
+                              fsType:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              volumeName:
+                                type: string
+                              volumeNamespace:
+                                type: string
+                            type: object
+                          vsphereVolume:
+                            properties:
+                              fsType:
+                                type: string
+                              storagePolicyID:
+                                type: string
+                              storagePolicyName:
+                                type: string
+                              volumePath:
+                                type: string
+                            required:
+                              - volumePath
+                            type: object
+                        required:
+                          - name
+                        type: object
+                      type: array
+                  type: object
+                predictor:
+                  properties:
+                    activeDeadlineSeconds:
+                      format: int64
+                      type: integer
+                    affinity:
+                      properties:
+                        nodeAffinity:
+                          properties:
+                            preferredDuringSchedulingIgnoredDuringExecution:
+                              items:
+                                properties:
+                                  preference:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchFields:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  weight:
+                                    format: int32
+                                    type: integer
+                                required:
+                                  - preference
+                                  - weight
+                                type: object
+                              type: array
+                            requiredDuringSchedulingIgnoredDuringExecution:
+                              properties:
+                                nodeSelectorTerms:
+                                  items:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchFields:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  type: array
+                              required:
+                                - nodeSelectorTerms
+                              type: object
+                              x-kubernetes-map-type: atomic
+                          type: object
+                        podAffinity:
+                          properties:
+                            preferredDuringSchedulingIgnoredDuringExecution:
+                              items:
+                                properties:
+                                  podAffinityTerm:
+                                    properties:
+                                      labelSelector:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                operator:
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            type: object
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      namespaceSelector:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                operator:
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            type: object
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      namespaces:
+                                        items:
+                                          type: string
+                                        type: array
+                                      topologyKey:
+                                        type: string
+                                    required:
+                                      - topologyKey
+                                    type: object
+                                  weight:
+                                    format: int32
+                                    type: integer
+                                required:
+                                  - podAffinityTerm
+                                  - weight
+                                type: object
+                              type: array
+                            requiredDuringSchedulingIgnoredDuringExecution:
+                              items:
+                                properties:
+                                  labelSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaceSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaces:
+                                    items:
+                                      type: string
+                                    type: array
+                                  topologyKey:
+                                    type: string
+                                required:
+                                  - topologyKey
+                                type: object
+                              type: array
+                          type: object
+                        podAntiAffinity:
+                          properties:
+                            preferredDuringSchedulingIgnoredDuringExecution:
+                              items:
+                                properties:
+                                  podAffinityTerm:
+                                    properties:
+                                      labelSelector:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                operator:
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            type: object
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      namespaceSelector:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                operator:
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            type: object
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      namespaces:
+                                        items:
+                                          type: string
+                                        type: array
+                                      topologyKey:
+                                        type: string
+                                    required:
+                                      - topologyKey
+                                    type: object
+                                  weight:
+                                    format: int32
+                                    type: integer
+                                required:
+                                  - podAffinityTerm
+                                  - weight
+                                type: object
+                              type: array
+                            requiredDuringSchedulingIgnoredDuringExecution:
+                              items:
+                                properties:
+                                  labelSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaceSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaces:
+                                    items:
+                                      type: string
+                                    type: array
+                                  topologyKey:
+                                    type: string
+                                required:
+                                  - topologyKey
+                                type: object
+                              type: array
+                          type: object
+                      type: object
+                    annotations:
+                      additionalProperties:
+                        type: string
+                      type: object
+                    automountServiceAccountToken:
+                      type: boolean
+                    batcher:
+                      properties:
+                        maxBatchSize:
+                          type: integer
+                        maxLatency:
+                          type: integer
+                        timeout:
+                          type: integer
+                      type: object
+                    canaryTrafficPercent:
+                      format: int64
+                      type: integer
+                    containerConcurrency:
+                      format: int64
+                      type: integer
+                    containers:
+                      items:
+                        properties:
+                          args:
+                            items:
+                              type: string
+                            type: array
+                          command:
+                            items:
+                              type: string
+                            type: array
+                          env:
+                            items:
+                              properties:
+                                name:
+                                  type: string
+                                value:
+                                  type: string
+                                valueFrom:
+                                  properties:
+                                    configMapKeyRef:
+                                      properties:
+                                        key:
+                                          type: string
+                                        name:
+                                          type: string
+                                        optional:
+                                          type: boolean
+                                      required:
+                                        - key
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    fieldRef:
+                                      properties:
+                                        apiVersion:
+                                          type: string
+                                        fieldPath:
+                                          type: string
+                                      required:
+                                        - fieldPath
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    resourceFieldRef:
+                                      properties:
+                                        containerName:
+                                          type: string
+                                        divisor:
+                                          anyOf:
+                                            - type: integer
+                                            - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        resource:
+                                          type: string
+                                      required:
+                                        - resource
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    secretKeyRef:
+                                      properties:
+                                        key:
+                                          type: string
+                                        name:
+                                          type: string
+                                        optional:
+                                          type: boolean
+                                      required:
+                                        - key
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                  type: object
+                              required:
+                                - name
+                              type: object
+                            type: array
+                          envFrom:
+                            items:
+                              properties:
+                                configMapRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                    optional:
+                                      type: boolean
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                prefix:
+                                  type: string
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                    optional:
+                                      type: boolean
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              type: object
+                            type: array
+                          image:
+                            type: string
+                          imagePullPolicy:
+                            type: string
+                          lifecycle:
+                            properties:
+                              postStart:
+                                properties:
+                                  exec:
+                                    properties:
+                                      command:
+                                        items:
+                                          type: string
+                                        type: array
+                                    type: object
+                                  httpGet:
+                                    properties:
+                                      host:
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              type: string
+                                            value:
+                                              type: string
+                                          required:
+                                            - name
+                                            - value
+                                          type: object
+                                        type: array
+                                      path:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        type: string
+                                    required:
+                                      - port
+                                    type: object
+                                  tcpSocket:
+                                    properties:
+                                      host:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                    required:
+                                      - port
+                                    type: object
+                                type: object
+                              preStop:
+                                properties:
+                                  exec:
+                                    properties:
+                                      command:
+                                        items:
+                                          type: string
+                                        type: array
+                                    type: object
+                                  httpGet:
+                                    properties:
+                                      host:
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              type: string
+                                            value:
+                                              type: string
+                                          required:
+                                            - name
+                                            - value
+                                          type: object
+                                        type: array
+                                      path:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        type: string
+                                    required:
+                                      - port
+                                    type: object
+                                  tcpSocket:
+                                    properties:
+                                      host:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                    required:
+                                      - port
+                                    type: object
+                                type: object
+                            type: object
+                          livenessProbe:
+                            properties:
+                              exec:
+                                properties:
+                                  command:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              failureThreshold:
+                                format: int32
+                                type: integer
+                              grpc:
+                                properties:
+                                  port:
+                                    format: int32
+                                    type: integer
+                                  service:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              httpGet:
+                                properties:
+                                  host:
+                                    type: string
+                                  httpHeaders:
+                                    items:
+                                      properties:
+                                        name:
+                                          type: string
+                                        value:
+                                          type: string
+                                      required:
+                                        - name
+                                        - value
+                                      type: object
+                                    type: array
+                                  path:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                  scheme:
+                                    type: string
+                                type: object
+                              initialDelaySeconds:
+                                format: int32
+                                type: integer
+                              periodSeconds:
+                                format: int32
+                                type: integer
+                              successThreshold:
+                                format: int32
+                                type: integer
+                              tcpSocket:
+                                properties:
+                                  host:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                  - port
+                                type: object
+                              terminationGracePeriodSeconds:
+                                format: int64
+                                type: integer
+                              timeoutSeconds:
+                                format: int32
+                                type: integer
+                            type: object
+                          name:
+                            type: string
+                          ports:
+                            items:
+                              properties:
+                                containerPort:
+                                  format: int32
+                                  type: integer
+                                hostIP:
+                                  type: string
+                                hostPort:
+                                  format: int32
+                                  type: integer
+                                name:
+                                  type: string
+                                protocol:
+                                  default: TCP
+                                  type: string
+                              required:
+                                - containerPort
+                              type: object
+                            type: array
+                            x-kubernetes-list-map-keys:
+                              - containerPort
+                              - protocol
+                            x-kubernetes-list-type: map
+                          readinessProbe:
+                            properties:
+                              exec:
+                                properties:
+                                  command:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              failureThreshold:
+                                format: int32
+                                type: integer
+                              grpc:
+                                properties:
+                                  port:
+                                    format: int32
+                                    type: integer
+                                  service:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              httpGet:
+                                properties:
+                                  host:
+                                    type: string
+                                  httpHeaders:
+                                    items:
+                                      properties:
+                                        name:
+                                          type: string
+                                        value:
+                                          type: string
+                                      required:
+                                        - name
+                                        - value
+                                      type: object
+                                    type: array
+                                  path:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                  scheme:
+                                    type: string
+                                type: object
+                              initialDelaySeconds:
+                                format: int32
+                                type: integer
+                              periodSeconds:
+                                format: int32
+                                type: integer
+                              successThreshold:
+                                format: int32
+                                type: integer
+                              tcpSocket:
+                                properties:
+                                  host:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                  - port
+                                type: object
+                              terminationGracePeriodSeconds:
+                                format: int64
+                                type: integer
+                              timeoutSeconds:
+                                format: int32
+                                type: integer
+                            type: object
+                          resizePolicy:
+                            items:
+                              properties:
+                                resourceName:
+                                  type: string
+                                restartPolicy:
+                                  type: string
+                              required:
+                                - resourceName
+                                - restartPolicy
+                              type: object
+                            type: array
+                            x-kubernetes-list-type: atomic
+                          resources:
+                            properties:
+                              claims:
+                                items:
+                                  properties:
+                                    name:
+                                      type: string
+                                  required:
+                                    - name
+                                  type: object
+                                type: array
+                                x-kubernetes-list-map-keys:
+                                  - name
+                                x-kubernetes-list-type: map
+                              limits:
+                                additionalProperties:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                type: object
+                              requests:
+                                additionalProperties:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                type: object
+                            type: object
+                          restartPolicy:
+                            type: string
+                          securityContext:
+                            properties:
+                              allowPrivilegeEscalation:
+                                type: boolean
+                              capabilities:
+                                properties:
+                                  add:
+                                    items:
+                                      type: string
+                                    type: array
+                                  drop:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              privileged:
+                                type: boolean
+                              procMount:
+                                type: string
+                              readOnlyRootFilesystem:
+                                type: boolean
+                              runAsGroup:
+                                format: int64
+                                type: integer
+                              runAsNonRoot:
+                                type: boolean
+                              runAsUser:
+                                format: int64
+                                type: integer
+                              seLinuxOptions:
+                                properties:
+                                  level:
+                                    type: string
+                                  role:
+                                    type: string
+                                  type:
+                                    type: string
+                                  user:
+                                    type: string
+                                type: object
+                              seccompProfile:
+                                properties:
+                                  localhostProfile:
+                                    type: string
+                                  type:
+                                    type: string
+                                required:
+                                  - type
+                                type: object
+                              windowsOptions:
+                                properties:
+                                  gmsaCredentialSpec:
+                                    type: string
+                                  gmsaCredentialSpecName:
+                                    type: string
+                                  hostProcess:
+                                    type: boolean
+                                  runAsUserName:
+                                    type: string
+                                type: object
+                            type: object
+                          startupProbe:
+                            properties:
+                              exec:
+                                properties:
+                                  command:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              failureThreshold:
+                                format: int32
+                                type: integer
+                              grpc:
+                                properties:
+                                  port:
+                                    format: int32
+                                    type: integer
+                                  service:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              httpGet:
+                                properties:
+                                  host:
+                                    type: string
+                                  httpHeaders:
+                                    items:
+                                      properties:
+                                        name:
+                                          type: string
+                                        value:
+                                          type: string
+                                      required:
+                                        - name
+                                        - value
+                                      type: object
+                                    type: array
+                                  path:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                  scheme:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              initialDelaySeconds:
+                                format: int32
+                                type: integer
+                              periodSeconds:
+                                format: int32
+                                type: integer
+                              successThreshold:
+                                format: int32
+                                type: integer
+                              tcpSocket:
+                                properties:
+                                  host:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                  - port
+                                type: object
+                              terminationGracePeriodSeconds:
+                                format: int64
+                                type: integer
+                              timeoutSeconds:
+                                format: int32
+                                type: integer
+                            type: object
+                          stdin:
+                            type: boolean
+                          stdinOnce:
+                            type: boolean
+                          terminationMessagePath:
+                            type: string
+                          terminationMessagePolicy:
+                            type: string
+                          tty:
+                            type: boolean
+                          volumeDevices:
+                            items:
+                              properties:
+                                devicePath:
+                                  type: string
+                                name:
+                                  type: string
+                              required:
+                                - devicePath
+                                - name
+                              type: object
+                            type: array
+                          volumeMounts:
+                            items:
+                              properties:
+                                mountPath:
+                                  type: string
+                                mountPropagation:
+                                  type: string
+                                name:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                subPath:
+                                  type: string
+                                subPathExpr:
+                                  type: string
+                              required:
+                                - mountPath
+                                - name
+                              type: object
+                            type: array
+                          workingDir:
+                            type: string
+                        required:
+                          - name
+                        type: object
+                      type: array
+                    deploymentStrategy:
+                      properties:
+                        rollingUpdate:
+                          properties:
+                            maxSurge:
+                              anyOf:
+                                - type: integer
+                                - type: string
+                              x-kubernetes-int-or-string: true
+                            maxUnavailable:
+                              anyOf:
+                                - type: integer
+                                - type: string
+                              x-kubernetes-int-or-string: true
+                          type: object
+                        type:
+                          type: string
+                      type: object
+                    dnsConfig:
+                      properties:
+                        nameservers:
+                          items:
+                            type: string
+                          type: array
+                        options:
+                          items:
+                            properties:
+                              name:
+                                type: string
+                              value:
+                                type: string
+                            type: object
+                          type: array
+                        searches:
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    dnsPolicy:
+                      type: string
+                    enableServiceLinks:
+                      type: boolean
+                    hostAliases:
+                      items:
+                        properties:
+                          hostnames:
+                            items:
+                              type: string
+                            type: array
+                          ip:
+                            type: string
+                        type: object
+                      type: array
+                    hostIPC:
+                      type: boolean
+                    hostNetwork:
+                      type: boolean
+                    hostPID:
+                      type: boolean
+                    hostUsers:
+                      type: boolean
+                    hostname:
+                      type: string
+                    huggingface:
+                      properties:
+                        args:
+                          items:
+                            type: string
+                          type: array
+                        command:
+                          items:
+                            type: string
+                          type: array
+                        env:
+                          items:
+                            properties:
+                              name:
+                                type: string
+                              value:
+                                type: string
+                              valueFrom:
+                                properties:
+                                  configMapKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  fieldRef:
+                                    properties:
+                                      apiVersion:
+                                        type: string
+                                      fieldPath:
+                                        type: string
+                                    required:
+                                      - fieldPath
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  resourceFieldRef:
+                                    properties:
+                                      containerName:
+                                        type: string
+                                      divisor:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                      resource:
+                                        type: string
+                                    required:
+                                      - resource
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  secretKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                type: object
+                            required:
+                              - name
+                            type: object
+                          type: array
+                        envFrom:
+                          items:
+                            properties:
+                              configMapRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              prefix:
+                                type: string
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            type: object
+                          type: array
+                        image:
+                          type: string
+                        imagePullPolicy:
+                          type: string
+                        lifecycle:
+                          properties:
+                            postStart:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                            preStop:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                          type: object
+                        livenessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        name:
+                          type: string
+                        ports:
+                          items:
+                            properties:
+                              containerPort:
+                                format: int32
+                                type: integer
+                              hostIP:
+                                type: string
+                              hostPort:
+                                format: int32
+                                type: integer
+                              name:
+                                type: string
+                              protocol:
+                                default: TCP
+                                type: string
+                            required:
+                              - containerPort
+                            type: object
+                          type: array
+                          x-kubernetes-list-map-keys:
+                            - containerPort
+                            - protocol
+                          x-kubernetes-list-type: map
+                        protocolVersion:
+                          type: string
+                        readinessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        resizePolicy:
+                          items:
+                            properties:
+                              resourceName:
+                                type: string
+                              restartPolicy:
+                                type: string
+                            required:
+                              - resourceName
+                              - restartPolicy
+                            type: object
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        resources:
+                          properties:
+                            claims:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                required:
+                                  - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                                - name
+                              x-kubernetes-list-type: map
+                            limits:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                            requests:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                          type: object
+                        restartPolicy:
+                          type: string
+                        runtimeVersion:
+                          type: string
+                        securityContext:
+                          properties:
+                            allowPrivilegeEscalation:
+                              type: boolean
+                            capabilities:
+                              properties:
+                                add:
+                                  items:
+                                    type: string
+                                  type: array
+                                drop:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            privileged:
+                              type: boolean
+                            procMount:
+                              type: string
+                            readOnlyRootFilesystem:
+                              type: boolean
+                            runAsGroup:
+                              format: int64
+                              type: integer
+                            runAsNonRoot:
+                              type: boolean
+                            runAsUser:
+                              format: int64
+                              type: integer
+                            seLinuxOptions:
+                              properties:
+                                level:
+                                  type: string
+                                role:
+                                  type: string
+                                type:
+                                  type: string
+                                user:
+                                  type: string
+                              type: object
+                            seccompProfile:
+                              properties:
+                                localhostProfile:
+                                  type: string
+                                type:
+                                  type: string
+                              required:
+                                - type
+                              type: object
+                            windowsOptions:
+                              properties:
+                                gmsaCredentialSpec:
+                                  type: string
+                                gmsaCredentialSpecName:
+                                  type: string
+                                hostProcess:
+                                  type: boolean
+                                runAsUserName:
+                                  type: string
+                              type: object
+                          type: object
+                        startupProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                                - port
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        stdin:
+                          type: boolean
+                        stdinOnce:
+                          type: boolean
+                        storage:
+                          properties:
+                            key:
+                              type: string
+                            parameters:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            path:
+                              type: string
+                            schemaPath:
+                              type: string
+                          type: object
+                        storageUri:
+                          type: string
+                        terminationMessagePath:
+                          type: string
+                        terminationMessagePolicy:
+                          type: string
+                        tty:
+                          type: boolean
+                        volumeDevices:
+                          items:
+                            properties:
+                              devicePath:
+                                type: string
+                              name:
+                                type: string
+                            required:
+                              - devicePath
+                              - name
+                            type: object
+                          type: array
+                        volumeMounts:
+                          items:
+                            properties:
+                              mountPath:
+                                type: string
+                              mountPropagation:
+                                type: string
+                              name:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              subPath:
+                                type: string
+                              subPathExpr:
+                                type: string
+                            required:
+                              - mountPath
+                              - name
+                            type: object
+                          type: array
+                        workingDir:
+                          type: string
+                      type: object
+                    imagePullSecrets:
+                      items:
+                        properties:
+                          name:
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      type: array
+                    initContainers:
+                      items:
+                        properties:
+                          args:
+                            items:
+                              type: string
+                            type: array
+                          command:
+                            items:
+                              type: string
+                            type: array
+                          env:
+                            items:
+                              properties:
+                                name:
+                                  type: string
+                                value:
+                                  type: string
+                                valueFrom:
+                                  properties:
+                                    configMapKeyRef:
+                                      properties:
+                                        key:
+                                          type: string
+                                        name:
+                                          type: string
+                                        optional:
+                                          type: boolean
+                                      required:
+                                        - key
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    fieldRef:
+                                      properties:
+                                        apiVersion:
+                                          type: string
+                                        fieldPath:
+                                          type: string
+                                      required:
+                                        - fieldPath
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    resourceFieldRef:
+                                      properties:
+                                        containerName:
+                                          type: string
+                                        divisor:
+                                          anyOf:
+                                            - type: integer
+                                            - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        resource:
+                                          type: string
+                                      required:
+                                        - resource
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    secretKeyRef:
+                                      properties:
+                                        key:
+                                          type: string
+                                        name:
+                                          type: string
+                                        optional:
+                                          type: boolean
+                                      required:
+                                        - key
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                  type: object
+                              required:
+                                - name
+                              type: object
+                            type: array
+                          envFrom:
+                            items:
+                              properties:
+                                configMapRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                    optional:
+                                      type: boolean
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                prefix:
+                                  type: string
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                    optional:
+                                      type: boolean
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              type: object
+                            type: array
+                          image:
+                            type: string
+                          imagePullPolicy:
+                            type: string
+                          lifecycle:
+                            properties:
+                              postStart:
+                                properties:
+                                  exec:
+                                    properties:
+                                      command:
+                                        items:
+                                          type: string
+                                        type: array
+                                    type: object
+                                  httpGet:
+                                    properties:
+                                      host:
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              type: string
+                                            value:
+                                              type: string
+                                          required:
+                                            - name
+                                            - value
+                                          type: object
+                                        type: array
+                                      path:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        type: string
+                                    required:
+                                      - port
+                                    type: object
+                                  tcpSocket:
+                                    properties:
+                                      host:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                    required:
+                                      - port
+                                    type: object
+                                type: object
+                              preStop:
+                                properties:
+                                  exec:
+                                    properties:
+                                      command:
+                                        items:
+                                          type: string
+                                        type: array
+                                    type: object
+                                  httpGet:
+                                    properties:
+                                      host:
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              type: string
+                                            value:
+                                              type: string
+                                          required:
+                                            - name
+                                            - value
+                                          type: object
+                                        type: array
+                                      path:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        type: string
+                                    required:
+                                      - port
+                                    type: object
+                                  tcpSocket:
+                                    properties:
+                                      host:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                    required:
+                                      - port
+                                    type: object
+                                type: object
+                            type: object
+                          livenessProbe:
+                            properties:
+                              exec:
+                                properties:
+                                  command:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              failureThreshold:
+                                format: int32
+                                type: integer
+                              grpc:
+                                properties:
+                                  port:
+                                    format: int32
+                                    type: integer
+                                  service:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              httpGet:
+                                properties:
+                                  host:
+                                    type: string
+                                  httpHeaders:
+                                    items:
+                                      properties:
+                                        name:
+                                          type: string
+                                        value:
+                                          type: string
+                                      required:
+                                        - name
+                                        - value
+                                      type: object
+                                    type: array
+                                  path:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                  scheme:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              initialDelaySeconds:
+                                format: int32
+                                type: integer
+                              periodSeconds:
+                                format: int32
+                                type: integer
+                              successThreshold:
+                                format: int32
+                                type: integer
+                              tcpSocket:
+                                properties:
+                                  host:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                  - port
+                                type: object
+                              terminationGracePeriodSeconds:
+                                format: int64
+                                type: integer
+                              timeoutSeconds:
+                                format: int32
+                                type: integer
+                            type: object
+                          name:
+                            type: string
+                          ports:
+                            items:
+                              properties:
+                                containerPort:
+                                  format: int32
+                                  type: integer
+                                hostIP:
+                                  type: string
+                                hostPort:
+                                  format: int32
+                                  type: integer
+                                name:
+                                  type: string
+                                protocol:
+                                  default: TCP
+                                  type: string
+                              required:
+                                - containerPort
+                              type: object
+                            type: array
+                            x-kubernetes-list-map-keys:
+                              - containerPort
+                              - protocol
+                            x-kubernetes-list-type: map
+                          readinessProbe:
+                            properties:
+                              exec:
+                                properties:
+                                  command:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              failureThreshold:
+                                format: int32
+                                type: integer
+                              grpc:
+                                properties:
+                                  port:
+                                    format: int32
+                                    type: integer
+                                  service:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              httpGet:
+                                properties:
+                                  host:
+                                    type: string
+                                  httpHeaders:
+                                    items:
+                                      properties:
+                                        name:
+                                          type: string
+                                        value:
+                                          type: string
+                                      required:
+                                        - name
+                                        - value
+                                      type: object
+                                    type: array
+                                  path:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                  scheme:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              initialDelaySeconds:
+                                format: int32
+                                type: integer
+                              periodSeconds:
+                                format: int32
+                                type: integer
+                              successThreshold:
+                                format: int32
+                                type: integer
+                              tcpSocket:
+                                properties:
+                                  host:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                  - port
+                                type: object
+                              terminationGracePeriodSeconds:
+                                format: int64
+                                type: integer
+                              timeoutSeconds:
+                                format: int32
+                                type: integer
+                            type: object
+                          resizePolicy:
+                            items:
+                              properties:
+                                resourceName:
+                                  type: string
+                                restartPolicy:
+                                  type: string
+                              required:
+                                - resourceName
+                                - restartPolicy
+                              type: object
+                            type: array
+                            x-kubernetes-list-type: atomic
+                          resources:
+                            properties:
+                              claims:
+                                items:
+                                  properties:
+                                    name:
+                                      type: string
+                                  required:
+                                    - name
+                                  type: object
+                                type: array
+                                x-kubernetes-list-map-keys:
+                                  - name
+                                x-kubernetes-list-type: map
+                              limits:
+                                additionalProperties:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                type: object
+                              requests:
+                                additionalProperties:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                type: object
+                            type: object
+                          restartPolicy:
+                            type: string
+                          securityContext:
+                            properties:
+                              allowPrivilegeEscalation:
+                                type: boolean
+                              capabilities:
+                                properties:
+                                  add:
+                                    items:
+                                      type: string
+                                    type: array
+                                  drop:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              privileged:
+                                type: boolean
+                              procMount:
+                                type: string
+                              readOnlyRootFilesystem:
+                                type: boolean
+                              runAsGroup:
+                                format: int64
+                                type: integer
+                              runAsNonRoot:
+                                type: boolean
+                              runAsUser:
+                                format: int64
+                                type: integer
+                              seLinuxOptions:
+                                properties:
+                                  level:
+                                    type: string
+                                  role:
+                                    type: string
+                                  type:
+                                    type: string
+                                  user:
+                                    type: string
+                                type: object
+                              seccompProfile:
+                                properties:
+                                  localhostProfile:
+                                    type: string
+                                  type:
+                                    type: string
+                                required:
+                                  - type
+                                type: object
+                              windowsOptions:
+                                properties:
+                                  gmsaCredentialSpec:
+                                    type: string
+                                  gmsaCredentialSpecName:
+                                    type: string
+                                  hostProcess:
+                                    type: boolean
+                                  runAsUserName:
+                                    type: string
+                                type: object
+                            type: object
+                          startupProbe:
+                            properties:
+                              exec:
+                                properties:
+                                  command:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              failureThreshold:
+                                format: int32
+                                type: integer
+                              grpc:
+                                properties:
+                                  port:
+                                    format: int32
+                                    type: integer
+                                  service:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              httpGet:
+                                properties:
+                                  host:
+                                    type: string
+                                  httpHeaders:
+                                    items:
+                                      properties:
+                                        name:
+                                          type: string
+                                        value:
+                                          type: string
+                                      required:
+                                        - name
+                                        - value
+                                      type: object
+                                    type: array
+                                  path:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                  scheme:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              initialDelaySeconds:
+                                format: int32
+                                type: integer
+                              periodSeconds:
+                                format: int32
+                                type: integer
+                              successThreshold:
+                                format: int32
+                                type: integer
+                              tcpSocket:
+                                properties:
+                                  host:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                  - port
+                                type: object
+                              terminationGracePeriodSeconds:
+                                format: int64
+                                type: integer
+                              timeoutSeconds:
+                                format: int32
+                                type: integer
+                            type: object
+                          stdin:
+                            type: boolean
+                          stdinOnce:
+                            type: boolean
+                          terminationMessagePath:
+                            type: string
+                          terminationMessagePolicy:
+                            type: string
+                          tty:
+                            type: boolean
+                          volumeDevices:
+                            items:
+                              properties:
+                                devicePath:
+                                  type: string
+                                name:
+                                  type: string
+                              required:
+                                - devicePath
+                                - name
+                              type: object
+                            type: array
+                          volumeMounts:
+                            items:
+                              properties:
+                                mountPath:
+                                  type: string
+                                mountPropagation:
+                                  type: string
+                                name:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                subPath:
+                                  type: string
+                                subPathExpr:
+                                  type: string
+                              required:
+                                - mountPath
+                                - name
+                              type: object
+                            type: array
+                          workingDir:
+                            type: string
+                        required:
+                          - name
+                        type: object
+                      type: array
+                    labels:
+                      additionalProperties:
+                        type: string
+                      type: object
+                    lightgbm:
+                      properties:
+                        args:
+                          items:
+                            type: string
+                          type: array
+                        command:
+                          items:
+                            type: string
+                          type: array
+                        env:
+                          items:
+                            properties:
+                              name:
+                                type: string
+                              value:
+                                type: string
+                              valueFrom:
+                                properties:
+                                  configMapKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  fieldRef:
+                                    properties:
+                                      apiVersion:
+                                        type: string
+                                      fieldPath:
+                                        type: string
+                                    required:
+                                      - fieldPath
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  resourceFieldRef:
+                                    properties:
+                                      containerName:
+                                        type: string
+                                      divisor:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                      resource:
+                                        type: string
+                                    required:
+                                      - resource
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  secretKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                type: object
+                            required:
+                              - name
+                            type: object
+                          type: array
+                        envFrom:
+                          items:
+                            properties:
+                              configMapRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              prefix:
+                                type: string
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            type: object
+                          type: array
+                        image:
+                          type: string
+                        imagePullPolicy:
+                          type: string
+                        lifecycle:
+                          properties:
+                            postStart:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                            preStop:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                          type: object
+                        livenessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        name:
+                          type: string
+                        ports:
+                          items:
+                            properties:
+                              containerPort:
+                                format: int32
+                                type: integer
+                              hostIP:
+                                type: string
+                              hostPort:
+                                format: int32
+                                type: integer
+                              name:
+                                type: string
+                              protocol:
+                                default: TCP
+                                type: string
+                            required:
+                              - containerPort
+                            type: object
+                          type: array
+                          x-kubernetes-list-map-keys:
+                            - containerPort
+                            - protocol
+                          x-kubernetes-list-type: map
+                        protocolVersion:
+                          type: string
+                        readinessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        resizePolicy:
+                          items:
+                            properties:
+                              resourceName:
+                                type: string
+                              restartPolicy:
+                                type: string
+                            required:
+                              - resourceName
+                              - restartPolicy
+                            type: object
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        resources:
+                          properties:
+                            claims:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                required:
+                                  - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                                - name
+                              x-kubernetes-list-type: map
+                            limits:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                            requests:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                          type: object
+                        restartPolicy:
+                          type: string
+                        runtimeVersion:
+                          type: string
+                        securityContext:
+                          properties:
+                            allowPrivilegeEscalation:
+                              type: boolean
+                            capabilities:
+                              properties:
+                                add:
+                                  items:
+                                    type: string
+                                  type: array
+                                drop:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            privileged:
+                              type: boolean
+                            procMount:
+                              type: string
+                            readOnlyRootFilesystem:
+                              type: boolean
+                            runAsGroup:
+                              format: int64
+                              type: integer
+                            runAsNonRoot:
+                              type: boolean
+                            runAsUser:
+                              format: int64
+                              type: integer
+                            seLinuxOptions:
+                              properties:
+                                level:
+                                  type: string
+                                role:
+                                  type: string
+                                type:
+                                  type: string
+                                user:
+                                  type: string
+                              type: object
+                            seccompProfile:
+                              properties:
+                                localhostProfile:
+                                  type: string
+                                type:
+                                  type: string
+                              required:
+                                - type
+                              type: object
+                            windowsOptions:
+                              properties:
+                                gmsaCredentialSpec:
+                                  type: string
+                                gmsaCredentialSpecName:
+                                  type: string
+                                hostProcess:
+                                  type: boolean
+                                runAsUserName:
+                                  type: string
+                              type: object
+                          type: object
+                        startupProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                                - port
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        stdin:
+                          type: boolean
+                        stdinOnce:
+                          type: boolean
+                        storage:
+                          properties:
+                            key:
+                              type: string
+                            parameters:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            path:
+                              type: string
+                            schemaPath:
+                              type: string
+                          type: object
+                        storageUri:
+                          type: string
+                        terminationMessagePath:
+                          type: string
+                        terminationMessagePolicy:
+                          type: string
+                        tty:
+                          type: boolean
+                        volumeDevices:
+                          items:
+                            properties:
+                              devicePath:
+                                type: string
+                              name:
+                                type: string
+                            required:
+                              - devicePath
+                              - name
+                            type: object
+                          type: array
+                        volumeMounts:
+                          items:
+                            properties:
+                              mountPath:
+                                type: string
+                              mountPropagation:
+                                type: string
+                              name:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              subPath:
+                                type: string
+                              subPathExpr:
+                                type: string
+                            required:
+                              - mountPath
+                              - name
+                            type: object
+                          type: array
+                        workingDir:
+                          type: string
+                      type: object
+                    logger:
+                      properties:
+                        mode:
+                          enum:
+                            - all
+                            - request
+                            - response
+                          type: string
+                        url:
+                          type: string
+                      type: object
+                    maxReplicas:
+                      type: integer
+                    minReplicas:
+                      type: integer
+                    model:
+                      properties:
+                        args:
+                          items:
+                            type: string
+                          type: array
+                        command:
+                          items:
+                            type: string
+                          type: array
+                        env:
+                          items:
+                            properties:
+                              name:
+                                type: string
+                              value:
+                                type: string
+                              valueFrom:
+                                properties:
+                                  configMapKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  fieldRef:
+                                    properties:
+                                      apiVersion:
+                                        type: string
+                                      fieldPath:
+                                        type: string
+                                    required:
+                                      - fieldPath
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  resourceFieldRef:
+                                    properties:
+                                      containerName:
+                                        type: string
+                                      divisor:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                      resource:
+                                        type: string
+                                    required:
+                                      - resource
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  secretKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                type: object
+                            required:
+                              - name
+                            type: object
+                          type: array
+                        envFrom:
+                          items:
+                            properties:
+                              configMapRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              prefix:
+                                type: string
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            type: object
+                          type: array
+                        image:
+                          type: string
+                        imagePullPolicy:
+                          type: string
+                        lifecycle:
+                          properties:
+                            postStart:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                            preStop:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                          type: object
+                        livenessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        modelFormat:
+                          properties:
+                            name:
+                              type: string
+                            version:
+                              type: string
+                          required:
+                            - name
+                          type: object
+                        name:
+                          type: string
+                        ports:
+                          items:
+                            properties:
+                              containerPort:
+                                format: int32
+                                type: integer
+                              hostIP:
+                                type: string
+                              hostPort:
+                                format: int32
+                                type: integer
+                              name:
+                                type: string
+                              protocol:
+                                default: TCP
+                                type: string
+                            required:
+                              - containerPort
+                            type: object
+                          type: array
+                          x-kubernetes-list-map-keys:
+                            - containerPort
+                            - protocol
+                          x-kubernetes-list-type: map
+                        protocolVersion:
+                          type: string
+                        readinessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        resizePolicy:
+                          items:
+                            properties:
+                              resourceName:
+                                type: string
+                              restartPolicy:
+                                type: string
+                            required:
+                              - resourceName
+                              - restartPolicy
+                            type: object
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        resources:
+                          properties:
+                            claims:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                required:
+                                  - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                                - name
+                              x-kubernetes-list-type: map
+                            limits:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                            requests:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                          type: object
+                        restartPolicy:
+                          type: string
+                        runtime:
+                          type: string
+                        runtimeVersion:
+                          type: string
+                        securityContext:
+                          properties:
+                            allowPrivilegeEscalation:
+                              type: boolean
+                            capabilities:
+                              properties:
+                                add:
+                                  items:
+                                    type: string
+                                  type: array
+                                drop:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            privileged:
+                              type: boolean
+                            procMount:
+                              type: string
+                            readOnlyRootFilesystem:
+                              type: boolean
+                            runAsGroup:
+                              format: int64
+                              type: integer
+                            runAsNonRoot:
+                              type: boolean
+                            runAsUser:
+                              format: int64
+                              type: integer
+                            seLinuxOptions:
+                              properties:
+                                level:
+                                  type: string
+                                role:
+                                  type: string
+                                type:
+                                  type: string
+                                user:
+                                  type: string
+                              type: object
+                            seccompProfile:
+                              properties:
+                                localhostProfile:
+                                  type: string
+                                type:
+                                  type: string
+                              required:
+                                - type
+                              type: object
+                            windowsOptions:
+                              properties:
+                                gmsaCredentialSpec:
+                                  type: string
+                                gmsaCredentialSpecName:
+                                  type: string
+                                hostProcess:
+                                  type: boolean
+                                runAsUserName:
+                                  type: string
+                              type: object
+                          type: object
+                        startupProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                                - port
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        stdin:
+                          type: boolean
+                        stdinOnce:
+                          type: boolean
+                        storage:
+                          properties:
+                            key:
+                              type: string
+                            parameters:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            path:
+                              type: string
+                            schemaPath:
+                              type: string
+                          type: object
+                        storageUri:
+                          type: string
+                        terminationMessagePath:
+                          type: string
+                        terminationMessagePolicy:
+                          type: string
+                        tty:
+                          type: boolean
+                        volumeDevices:
+                          items:
+                            properties:
+                              devicePath:
+                                type: string
+                              name:
+                                type: string
+                            required:
+                              - devicePath
+                              - name
+                            type: object
+                          type: array
+                        volumeMounts:
+                          items:
+                            properties:
+                              mountPath:
+                                type: string
+                              mountPropagation:
+                                type: string
+                              name:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              subPath:
+                                type: string
+                              subPathExpr:
+                                type: string
+                            required:
+                              - mountPath
+                              - name
+                            type: object
+                          type: array
+                        workingDir:
+                          type: string
+                      type: object
+                    nodeName:
+                      type: string
+                    nodeSelector:
+                      additionalProperties:
+                        type: string
+                      type: object
+                      x-kubernetes-map-type: atomic
+                    onnx:
+                      properties:
+                        args:
+                          items:
+                            type: string
+                          type: array
+                        command:
+                          items:
+                            type: string
+                          type: array
+                        env:
+                          items:
+                            properties:
+                              name:
+                                type: string
+                              value:
+                                type: string
+                              valueFrom:
+                                properties:
+                                  configMapKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  fieldRef:
+                                    properties:
+                                      apiVersion:
+                                        type: string
+                                      fieldPath:
+                                        type: string
+                                    required:
+                                      - fieldPath
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  resourceFieldRef:
+                                    properties:
+                                      containerName:
+                                        type: string
+                                      divisor:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                      resource:
+                                        type: string
+                                    required:
+                                      - resource
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  secretKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                type: object
+                            required:
+                              - name
+                            type: object
+                          type: array
+                        envFrom:
+                          items:
+                            properties:
+                              configMapRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              prefix:
+                                type: string
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            type: object
+                          type: array
+                        image:
+                          type: string
+                        imagePullPolicy:
+                          type: string
+                        lifecycle:
+                          properties:
+                            postStart:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                            preStop:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                          type: object
+                        livenessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        name:
+                          type: string
+                        ports:
+                          items:
+                            properties:
+                              containerPort:
+                                format: int32
+                                type: integer
+                              hostIP:
+                                type: string
+                              hostPort:
+                                format: int32
+                                type: integer
+                              name:
+                                type: string
+                              protocol:
+                                default: TCP
+                                type: string
+                            required:
+                              - containerPort
+                            type: object
+                          type: array
+                          x-kubernetes-list-map-keys:
+                            - containerPort
+                            - protocol
+                          x-kubernetes-list-type: map
+                        protocolVersion:
+                          type: string
+                        readinessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        resizePolicy:
+                          items:
+                            properties:
+                              resourceName:
+                                type: string
+                              restartPolicy:
+                                type: string
+                            required:
+                              - resourceName
+                              - restartPolicy
+                            type: object
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        resources:
+                          properties:
+                            claims:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                required:
+                                  - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                                - name
+                              x-kubernetes-list-type: map
+                            limits:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                            requests:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                          type: object
+                        restartPolicy:
+                          type: string
+                        runtimeVersion:
+                          type: string
+                        securityContext:
+                          properties:
+                            allowPrivilegeEscalation:
+                              type: boolean
+                            capabilities:
+                              properties:
+                                add:
+                                  items:
+                                    type: string
+                                  type: array
+                                drop:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            privileged:
+                              type: boolean
+                            procMount:
+                              type: string
+                            readOnlyRootFilesystem:
+                              type: boolean
+                            runAsGroup:
+                              format: int64
+                              type: integer
+                            runAsNonRoot:
+                              type: boolean
+                            runAsUser:
+                              format: int64
+                              type: integer
+                            seLinuxOptions:
+                              properties:
+                                level:
+                                  type: string
+                                role:
+                                  type: string
+                                type:
+                                  type: string
+                                user:
+                                  type: string
+                              type: object
+                            seccompProfile:
+                              properties:
+                                localhostProfile:
+                                  type: string
+                                type:
+                                  type: string
+                              required:
+                                - type
+                              type: object
+                            windowsOptions:
+                              properties:
+                                gmsaCredentialSpec:
+                                  type: string
+                                gmsaCredentialSpecName:
+                                  type: string
+                                hostProcess:
+                                  type: boolean
+                                runAsUserName:
+                                  type: string
+                              type: object
+                          type: object
+                        startupProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                                - port
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        stdin:
+                          type: boolean
+                        stdinOnce:
+                          type: boolean
+                        storage:
+                          properties:
+                            key:
+                              type: string
+                            parameters:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            path:
+                              type: string
+                            schemaPath:
+                              type: string
+                          type: object
+                        storageUri:
+                          type: string
+                        terminationMessagePath:
+                          type: string
+                        terminationMessagePolicy:
+                          type: string
+                        tty:
+                          type: boolean
+                        volumeDevices:
+                          items:
+                            properties:
+                              devicePath:
+                                type: string
+                              name:
+                                type: string
+                            required:
+                              - devicePath
+                              - name
+                            type: object
+                          type: array
+                        volumeMounts:
+                          items:
+                            properties:
+                              mountPath:
+                                type: string
+                              mountPropagation:
+                                type: string
+                              name:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              subPath:
+                                type: string
+                              subPathExpr:
+                                type: string
+                            required:
+                              - mountPath
+                              - name
+                            type: object
+                          type: array
+                        workingDir:
+                          type: string
+                      type: object
+                    os:
+                      properties:
+                        name:
+                          type: string
+                      type: object
+                    overhead:
+                      additionalProperties:
+                        anyOf:
+                          - type: integer
+                          - type: string
+                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                        x-kubernetes-int-or-string: true
+                      type: object
+                    paddle:
+                      properties:
+                        args:
+                          items:
+                            type: string
+                          type: array
+                        command:
+                          items:
+                            type: string
+                          type: array
+                        env:
+                          items:
+                            properties:
+                              name:
+                                type: string
+                              value:
+                                type: string
+                              valueFrom:
+                                properties:
+                                  configMapKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  fieldRef:
+                                    properties:
+                                      apiVersion:
+                                        type: string
+                                      fieldPath:
+                                        type: string
+                                    required:
+                                      - fieldPath
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  resourceFieldRef:
+                                    properties:
+                                      containerName:
+                                        type: string
+                                      divisor:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                      resource:
+                                        type: string
+                                    required:
+                                      - resource
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  secretKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                type: object
+                            required:
+                              - name
+                            type: object
+                          type: array
+                        envFrom:
+                          items:
+                            properties:
+                              configMapRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              prefix:
+                                type: string
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            type: object
+                          type: array
+                        image:
+                          type: string
+                        imagePullPolicy:
+                          type: string
+                        lifecycle:
+                          properties:
+                            postStart:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                            preStop:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                          type: object
+                        livenessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        name:
+                          type: string
+                        ports:
+                          items:
+                            properties:
+                              containerPort:
+                                format: int32
+                                type: integer
+                              hostIP:
+                                type: string
+                              hostPort:
+                                format: int32
+                                type: integer
+                              name:
+                                type: string
+                              protocol:
+                                default: TCP
+                                type: string
+                            required:
+                              - containerPort
+                            type: object
+                          type: array
+                          x-kubernetes-list-map-keys:
+                            - containerPort
+                            - protocol
+                          x-kubernetes-list-type: map
+                        protocolVersion:
+                          type: string
+                        readinessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        resizePolicy:
+                          items:
+                            properties:
+                              resourceName:
+                                type: string
+                              restartPolicy:
+                                type: string
+                            required:
+                              - resourceName
+                              - restartPolicy
+                            type: object
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        resources:
+                          properties:
+                            claims:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                required:
+                                  - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                                - name
+                              x-kubernetes-list-type: map
+                            limits:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                            requests:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                          type: object
+                        restartPolicy:
+                          type: string
+                        runtimeVersion:
+                          type: string
+                        securityContext:
+                          properties:
+                            allowPrivilegeEscalation:
+                              type: boolean
+                            capabilities:
+                              properties:
+                                add:
+                                  items:
+                                    type: string
+                                  type: array
+                                drop:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            privileged:
+                              type: boolean
+                            procMount:
+                              type: string
+                            readOnlyRootFilesystem:
+                              type: boolean
+                            runAsGroup:
+                              format: int64
+                              type: integer
+                            runAsNonRoot:
+                              type: boolean
+                            runAsUser:
+                              format: int64
+                              type: integer
+                            seLinuxOptions:
+                              properties:
+                                level:
+                                  type: string
+                                role:
+                                  type: string
+                                type:
+                                  type: string
+                                user:
+                                  type: string
+                              type: object
+                            seccompProfile:
+                              properties:
+                                localhostProfile:
+                                  type: string
+                                type:
+                                  type: string
+                              required:
+                                - type
+                              type: object
+                            windowsOptions:
+                              properties:
+                                gmsaCredentialSpec:
+                                  type: string
+                                gmsaCredentialSpecName:
+                                  type: string
+                                hostProcess:
+                                  type: boolean
+                                runAsUserName:
+                                  type: string
+                              type: object
+                          type: object
+                        startupProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                                - port
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        stdin:
+                          type: boolean
+                        stdinOnce:
+                          type: boolean
+                        storage:
+                          properties:
+                            key:
+                              type: string
+                            parameters:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            path:
+                              type: string
+                            schemaPath:
+                              type: string
+                          type: object
+                        storageUri:
+                          type: string
+                        terminationMessagePath:
+                          type: string
+                        terminationMessagePolicy:
+                          type: string
+                        tty:
+                          type: boolean
+                        volumeDevices:
+                          items:
+                            properties:
+                              devicePath:
+                                type: string
+                              name:
+                                type: string
+                            required:
+                              - devicePath
+                              - name
+                            type: object
+                          type: array
+                        volumeMounts:
+                          items:
+                            properties:
+                              mountPath:
+                                type: string
+                              mountPropagation:
+                                type: string
+                              name:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              subPath:
+                                type: string
+                              subPathExpr:
+                                type: string
+                            required:
+                              - mountPath
+                              - name
+                            type: object
+                          type: array
+                        workingDir:
+                          type: string
+                      type: object
+                    pmml:
+                      properties:
+                        args:
+                          items:
+                            type: string
+                          type: array
+                        command:
+                          items:
+                            type: string
+                          type: array
+                        env:
+                          items:
+                            properties:
+                              name:
+                                type: string
+                              value:
+                                type: string
+                              valueFrom:
+                                properties:
+                                  configMapKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  fieldRef:
+                                    properties:
+                                      apiVersion:
+                                        type: string
+                                      fieldPath:
+                                        type: string
+                                    required:
+                                      - fieldPath
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  resourceFieldRef:
+                                    properties:
+                                      containerName:
+                                        type: string
+                                      divisor:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                      resource:
+                                        type: string
+                                    required:
+                                      - resource
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  secretKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                type: object
+                            required:
+                              - name
+                            type: object
+                          type: array
+                        envFrom:
+                          items:
+                            properties:
+                              configMapRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              prefix:
+                                type: string
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            type: object
+                          type: array
+                        image:
+                          type: string
+                        imagePullPolicy:
+                          type: string
+                        lifecycle:
+                          properties:
+                            postStart:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                            preStop:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                          type: object
+                        livenessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        name:
+                          type: string
+                        ports:
+                          items:
+                            properties:
+                              containerPort:
+                                format: int32
+                                type: integer
+                              hostIP:
+                                type: string
+                              hostPort:
+                                format: int32
+                                type: integer
+                              name:
+                                type: string
+                              protocol:
+                                default: TCP
+                                type: string
+                            required:
+                              - containerPort
+                            type: object
+                          type: array
+                          x-kubernetes-list-map-keys:
+                            - containerPort
+                            - protocol
+                          x-kubernetes-list-type: map
+                        protocolVersion:
+                          type: string
+                        readinessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        resizePolicy:
+                          items:
+                            properties:
+                              resourceName:
+                                type: string
+                              restartPolicy:
+                                type: string
+                            required:
+                              - resourceName
+                              - restartPolicy
+                            type: object
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        resources:
+                          properties:
+                            claims:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                required:
+                                  - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                                - name
+                              x-kubernetes-list-type: map
+                            limits:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                            requests:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                          type: object
+                        restartPolicy:
+                          type: string
+                        runtimeVersion:
+                          type: string
+                        securityContext:
+                          properties:
+                            allowPrivilegeEscalation:
+                              type: boolean
+                            capabilities:
+                              properties:
+                                add:
+                                  items:
+                                    type: string
+                                  type: array
+                                drop:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            privileged:
+                              type: boolean
+                            procMount:
+                              type: string
+                            readOnlyRootFilesystem:
+                              type: boolean
+                            runAsGroup:
+                              format: int64
+                              type: integer
+                            runAsNonRoot:
+                              type: boolean
+                            runAsUser:
+                              format: int64
+                              type: integer
+                            seLinuxOptions:
+                              properties:
+                                level:
+                                  type: string
+                                role:
+                                  type: string
+                                type:
+                                  type: string
+                                user:
+                                  type: string
+                              type: object
+                            seccompProfile:
+                              properties:
+                                localhostProfile:
+                                  type: string
+                                type:
+                                  type: string
+                              required:
+                                - type
+                              type: object
+                            windowsOptions:
+                              properties:
+                                gmsaCredentialSpec:
+                                  type: string
+                                gmsaCredentialSpecName:
+                                  type: string
+                                hostProcess:
+                                  type: boolean
+                                runAsUserName:
+                                  type: string
+                              type: object
+                          type: object
+                        startupProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                                - port
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        stdin:
+                          type: boolean
+                        stdinOnce:
+                          type: boolean
+                        storage:
+                          properties:
+                            key:
+                              type: string
+                            parameters:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            path:
+                              type: string
+                            schemaPath:
+                              type: string
+                          type: object
+                        storageUri:
+                          type: string
+                        terminationMessagePath:
+                          type: string
+                        terminationMessagePolicy:
+                          type: string
+                        tty:
+                          type: boolean
+                        volumeDevices:
+                          items:
+                            properties:
+                              devicePath:
+                                type: string
+                              name:
+                                type: string
+                            required:
+                              - devicePath
+                              - name
+                            type: object
+                          type: array
+                        volumeMounts:
+                          items:
+                            properties:
+                              mountPath:
+                                type: string
+                              mountPropagation:
+                                type: string
+                              name:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              subPath:
+                                type: string
+                              subPathExpr:
+                                type: string
+                            required:
+                              - mountPath
+                              - name
+                            type: object
+                          type: array
+                        workingDir:
+                          type: string
+                      type: object
+                    preemptionPolicy:
+                      type: string
+                    priority:
+                      format: int32
+                      type: integer
+                    priorityClassName:
+                      type: string
+                    pytorch:
+                      properties:
+                        args:
+                          items:
+                            type: string
+                          type: array
+                        command:
+                          items:
+                            type: string
+                          type: array
+                        env:
+                          items:
+                            properties:
+                              name:
+                                type: string
+                              value:
+                                type: string
+                              valueFrom:
+                                properties:
+                                  configMapKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  fieldRef:
+                                    properties:
+                                      apiVersion:
+                                        type: string
+                                      fieldPath:
+                                        type: string
+                                    required:
+                                      - fieldPath
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  resourceFieldRef:
+                                    properties:
+                                      containerName:
+                                        type: string
+                                      divisor:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                      resource:
+                                        type: string
+                                    required:
+                                      - resource
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  secretKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                type: object
+                            required:
+                              - name
+                            type: object
+                          type: array
+                        envFrom:
+                          items:
+                            properties:
+                              configMapRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              prefix:
+                                type: string
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            type: object
+                          type: array
+                        image:
+                          type: string
+                        imagePullPolicy:
+                          type: string
+                        lifecycle:
+                          properties:
+                            postStart:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                            preStop:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                          type: object
+                        livenessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        name:
+                          type: string
+                        ports:
+                          items:
+                            properties:
+                              containerPort:
+                                format: int32
+                                type: integer
+                              hostIP:
+                                type: string
+                              hostPort:
+                                format: int32
+                                type: integer
+                              name:
+                                type: string
+                              protocol:
+                                default: TCP
+                                type: string
+                            required:
+                              - containerPort
+                            type: object
+                          type: array
+                          x-kubernetes-list-map-keys:
+                            - containerPort
+                            - protocol
+                          x-kubernetes-list-type: map
+                        protocolVersion:
+                          type: string
+                        readinessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        resizePolicy:
+                          items:
+                            properties:
+                              resourceName:
+                                type: string
+                              restartPolicy:
+                                type: string
+                            required:
+                              - resourceName
+                              - restartPolicy
+                            type: object
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        resources:
+                          properties:
+                            claims:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                required:
+                                  - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                                - name
+                              x-kubernetes-list-type: map
+                            limits:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                            requests:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                          type: object
+                        restartPolicy:
+                          type: string
+                        runtimeVersion:
+                          type: string
+                        securityContext:
+                          properties:
+                            allowPrivilegeEscalation:
+                              type: boolean
+                            capabilities:
+                              properties:
+                                add:
+                                  items:
+                                    type: string
+                                  type: array
+                                drop:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            privileged:
+                              type: boolean
+                            procMount:
+                              type: string
+                            readOnlyRootFilesystem:
+                              type: boolean
+                            runAsGroup:
+                              format: int64
+                              type: integer
+                            runAsNonRoot:
+                              type: boolean
+                            runAsUser:
+                              format: int64
+                              type: integer
+                            seLinuxOptions:
+                              properties:
+                                level:
+                                  type: string
+                                role:
+                                  type: string
+                                type:
+                                  type: string
+                                user:
+                                  type: string
+                              type: object
+                            seccompProfile:
+                              properties:
+                                localhostProfile:
+                                  type: string
+                                type:
+                                  type: string
+                              required:
+                                - type
+                              type: object
+                            windowsOptions:
+                              properties:
+                                gmsaCredentialSpec:
+                                  type: string
+                                gmsaCredentialSpecName:
+                                  type: string
+                                hostProcess:
+                                  type: boolean
+                                runAsUserName:
+                                  type: string
+                              type: object
+                          type: object
+                        startupProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                                - port
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        stdin:
+                          type: boolean
+                        stdinOnce:
+                          type: boolean
+                        storage:
+                          properties:
+                            key:
+                              type: string
+                            parameters:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            path:
+                              type: string
+                            schemaPath:
+                              type: string
+                          type: object
+                        storageUri:
+                          type: string
+                        terminationMessagePath:
+                          type: string
+                        terminationMessagePolicy:
+                          type: string
+                        tty:
+                          type: boolean
+                        volumeDevices:
+                          items:
+                            properties:
+                              devicePath:
+                                type: string
+                              name:
+                                type: string
+                            required:
+                              - devicePath
+                              - name
+                            type: object
+                          type: array
+                        volumeMounts:
+                          items:
+                            properties:
+                              mountPath:
+                                type: string
+                              mountPropagation:
+                                type: string
+                              name:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              subPath:
+                                type: string
+                              subPathExpr:
+                                type: string
+                            required:
+                              - mountPath
+                              - name
+                            type: object
+                          type: array
+                        workingDir:
+                          type: string
+                      type: object
+                    readinessGates:
+                      items:
+                        properties:
+                          conditionType:
+                            type: string
+                        required:
+                          - conditionType
+                        type: object
+                      type: array
+                    resourceClaims:
+                      items:
+                        properties:
+                          name:
+                            type: string
+                          source:
+                            properties:
+                              resourceClaimName:
+                                type: string
+                              resourceClaimTemplateName:
+                                type: string
+                            type: object
+                        required:
+                          - name
+                        type: object
+                      type: array
+                      x-kubernetes-list-map-keys:
+                        - name
+                      x-kubernetes-list-type: map
+                    restartPolicy:
+                      type: string
+                    runtimeClassName:
+                      type: string
+                    scaleMetric:
+                      enum:
+                        - cpu
+                        - memory
+                        - concurrency
+                        - rps
+                      type: string
+                    scaleTarget:
+                      type: integer
+                    schedulerName:
+                      type: string
+                    schedulingGates:
+                      items:
+                        properties:
+                          name:
+                            type: string
+                        required:
+                          - name
+                        type: object
+                      type: array
+                      x-kubernetes-list-map-keys:
+                        - name
+                      x-kubernetes-list-type: map
+                    securityContext:
+                      properties:
+                        fsGroup:
+                          format: int64
+                          type: integer
+                        fsGroupChangePolicy:
+                          type: string
+                        runAsGroup:
+                          format: int64
+                          type: integer
+                        runAsNonRoot:
+                          type: boolean
+                        runAsUser:
+                          format: int64
+                          type: integer
+                        seLinuxOptions:
+                          properties:
+                            level:
+                              type: string
+                            role:
+                              type: string
+                            type:
+                              type: string
+                            user:
+                              type: string
+                          type: object
+                        seccompProfile:
+                          properties:
+                            localhostProfile:
+                              type: string
+                            type:
+                              type: string
+                          required:
+                            - type
+                          type: object
+                        supplementalGroups:
+                          items:
+                            format: int64
+                            type: integer
+                          type: array
+                        sysctls:
+                          items:
+                            properties:
+                              name:
+                                type: string
+                              value:
+                                type: string
+                            required:
+                              - name
+                              - value
+                            type: object
+                          type: array
+                        windowsOptions:
+                          properties:
+                            gmsaCredentialSpec:
+                              type: string
+                            gmsaCredentialSpecName:
+                              type: string
+                            hostProcess:
+                              type: boolean
+                            runAsUserName:
+                              type: string
+                          type: object
+                      type: object
+                    serviceAccount:
+                      type: string
+                    serviceAccountName:
+                      type: string
+                    setHostnameAsFQDN:
+                      type: boolean
+                    shareProcessNamespace:
+                      type: boolean
+                    sklearn:
+                      properties:
+                        args:
+                          items:
+                            type: string
+                          type: array
+                        command:
+                          items:
+                            type: string
+                          type: array
+                        env:
+                          items:
+                            properties:
+                              name:
+                                type: string
+                              value:
+                                type: string
+                              valueFrom:
+                                properties:
+                                  configMapKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  fieldRef:
+                                    properties:
+                                      apiVersion:
+                                        type: string
+                                      fieldPath:
+                                        type: string
+                                    required:
+                                      - fieldPath
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  resourceFieldRef:
+                                    properties:
+                                      containerName:
+                                        type: string
+                                      divisor:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                      resource:
+                                        type: string
+                                    required:
+                                      - resource
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  secretKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                type: object
+                            required:
+                              - name
+                            type: object
+                          type: array
+                        envFrom:
+                          items:
+                            properties:
+                              configMapRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              prefix:
+                                type: string
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            type: object
+                          type: array
+                        image:
+                          type: string
+                        imagePullPolicy:
+                          type: string
+                        lifecycle:
+                          properties:
+                            postStart:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                            preStop:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                          type: object
+                        livenessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        name:
+                          type: string
+                        ports:
+                          items:
+                            properties:
+                              containerPort:
+                                format: int32
+                                type: integer
+                              hostIP:
+                                type: string
+                              hostPort:
+                                format: int32
+                                type: integer
+                              name:
+                                type: string
+                              protocol:
+                                default: TCP
+                                type: string
+                            required:
+                              - containerPort
+                            type: object
+                          type: array
+                          x-kubernetes-list-map-keys:
+                            - containerPort
+                            - protocol
+                          x-kubernetes-list-type: map
+                        protocolVersion:
+                          type: string
+                        readinessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        resizePolicy:
+                          items:
+                            properties:
+                              resourceName:
+                                type: string
+                              restartPolicy:
+                                type: string
+                            required:
+                              - resourceName
+                              - restartPolicy
+                            type: object
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        resources:
+                          properties:
+                            claims:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                required:
+                                  - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                                - name
+                              x-kubernetes-list-type: map
+                            limits:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                            requests:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                          type: object
+                        restartPolicy:
+                          type: string
+                        runtimeVersion:
+                          type: string
+                        securityContext:
+                          properties:
+                            allowPrivilegeEscalation:
+                              type: boolean
+                            capabilities:
+                              properties:
+                                add:
+                                  items:
+                                    type: string
+                                  type: array
+                                drop:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            privileged:
+                              type: boolean
+                            procMount:
+                              type: string
+                            readOnlyRootFilesystem:
+                              type: boolean
+                            runAsGroup:
+                              format: int64
+                              type: integer
+                            runAsNonRoot:
+                              type: boolean
+                            runAsUser:
+                              format: int64
+                              type: integer
+                            seLinuxOptions:
+                              properties:
+                                level:
+                                  type: string
+                                role:
+                                  type: string
+                                type:
+                                  type: string
+                                user:
+                                  type: string
+                              type: object
+                            seccompProfile:
+                              properties:
+                                localhostProfile:
+                                  type: string
+                                type:
+                                  type: string
+                              required:
+                                - type
+                              type: object
+                            windowsOptions:
+                              properties:
+                                gmsaCredentialSpec:
+                                  type: string
+                                gmsaCredentialSpecName:
+                                  type: string
+                                hostProcess:
+                                  type: boolean
+                                runAsUserName:
+                                  type: string
+                              type: object
+                          type: object
+                        startupProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                                - port
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        stdin:
+                          type: boolean
+                        stdinOnce:
+                          type: boolean
+                        storage:
+                          properties:
+                            key:
+                              type: string
+                            parameters:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            path:
+                              type: string
+                            schemaPath:
+                              type: string
+                          type: object
+                        storageUri:
+                          type: string
+                        terminationMessagePath:
+                          type: string
+                        terminationMessagePolicy:
+                          type: string
+                        tty:
+                          type: boolean
+                        volumeDevices:
+                          items:
+                            properties:
+                              devicePath:
+                                type: string
+                              name:
+                                type: string
+                            required:
+                              - devicePath
+                              - name
+                            type: object
+                          type: array
+                        volumeMounts:
+                          items:
+                            properties:
+                              mountPath:
+                                type: string
+                              mountPropagation:
+                                type: string
+                              name:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              subPath:
+                                type: string
+                              subPathExpr:
+                                type: string
+                            required:
+                              - mountPath
+                              - name
+                            type: object
+                          type: array
+                        workingDir:
+                          type: string
+                      type: object
+                    subdomain:
+                      type: string
+                    tensorflow:
+                      properties:
+                        args:
+                          items:
+                            type: string
+                          type: array
+                        command:
+                          items:
+                            type: string
+                          type: array
+                        env:
+                          items:
+                            properties:
+                              name:
+                                type: string
+                              value:
+                                type: string
+                              valueFrom:
+                                properties:
+                                  configMapKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  fieldRef:
+                                    properties:
+                                      apiVersion:
+                                        type: string
+                                      fieldPath:
+                                        type: string
+                                    required:
+                                      - fieldPath
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  resourceFieldRef:
+                                    properties:
+                                      containerName:
+                                        type: string
+                                      divisor:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                      resource:
+                                        type: string
+                                    required:
+                                      - resource
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  secretKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                type: object
+                            required:
+                              - name
+                            type: object
+                          type: array
+                        envFrom:
+                          items:
+                            properties:
+                              configMapRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              prefix:
+                                type: string
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            type: object
+                          type: array
+                        image:
+                          type: string
+                        imagePullPolicy:
+                          type: string
+                        lifecycle:
+                          properties:
+                            postStart:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                            preStop:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                          type: object
+                        livenessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        name:
+                          type: string
+                        ports:
+                          items:
+                            properties:
+                              containerPort:
+                                format: int32
+                                type: integer
+                              hostIP:
+                                type: string
+                              hostPort:
+                                format: int32
+                                type: integer
+                              name:
+                                type: string
+                              protocol:
+                                default: TCP
+                                type: string
+                            required:
+                              - containerPort
+                            type: object
+                          type: array
+                          x-kubernetes-list-map-keys:
+                            - containerPort
+                            - protocol
+                          x-kubernetes-list-type: map
+                        protocolVersion:
+                          type: string
+                        readinessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        resizePolicy:
+                          items:
+                            properties:
+                              resourceName:
+                                type: string
+                              restartPolicy:
+                                type: string
+                            required:
+                              - resourceName
+                              - restartPolicy
+                            type: object
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        resources:
+                          properties:
+                            claims:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                required:
+                                  - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                                - name
+                              x-kubernetes-list-type: map
+                            limits:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                            requests:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                          type: object
+                        restartPolicy:
+                          type: string
+                        runtimeVersion:
+                          type: string
+                        securityContext:
+                          properties:
+                            allowPrivilegeEscalation:
+                              type: boolean
+                            capabilities:
+                              properties:
+                                add:
+                                  items:
+                                    type: string
+                                  type: array
+                                drop:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            privileged:
+                              type: boolean
+                            procMount:
+                              type: string
+                            readOnlyRootFilesystem:
+                              type: boolean
+                            runAsGroup:
+                              format: int64
+                              type: integer
+                            runAsNonRoot:
+                              type: boolean
+                            runAsUser:
+                              format: int64
+                              type: integer
+                            seLinuxOptions:
+                              properties:
+                                level:
+                                  type: string
+                                role:
+                                  type: string
+                                type:
+                                  type: string
+                                user:
+                                  type: string
+                              type: object
+                            seccompProfile:
+                              properties:
+                                localhostProfile:
+                                  type: string
+                                type:
+                                  type: string
+                              required:
+                                - type
+                              type: object
+                            windowsOptions:
+                              properties:
+                                gmsaCredentialSpec:
+                                  type: string
+                                gmsaCredentialSpecName:
+                                  type: string
+                                hostProcess:
+                                  type: boolean
+                                runAsUserName:
+                                  type: string
+                              type: object
+                          type: object
+                        startupProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                                - port
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        stdin:
+                          type: boolean
+                        stdinOnce:
+                          type: boolean
+                        storage:
+                          properties:
+                            key:
+                              type: string
+                            parameters:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            path:
+                              type: string
+                            schemaPath:
+                              type: string
+                          type: object
+                        storageUri:
+                          type: string
+                        terminationMessagePath:
+                          type: string
+                        terminationMessagePolicy:
+                          type: string
+                        tty:
+                          type: boolean
+                        volumeDevices:
+                          items:
+                            properties:
+                              devicePath:
+                                type: string
+                              name:
+                                type: string
+                            required:
+                              - devicePath
+                              - name
+                            type: object
+                          type: array
+                        volumeMounts:
+                          items:
+                            properties:
+                              mountPath:
+                                type: string
+                              mountPropagation:
+                                type: string
+                              name:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              subPath:
+                                type: string
+                              subPathExpr:
+                                type: string
+                            required:
+                              - mountPath
+                              - name
+                            type: object
+                          type: array
+                        workingDir:
+                          type: string
+                      type: object
+                    terminationGracePeriodSeconds:
+                      format: int64
+                      type: integer
+                    timeout:
+                      format: int64
+                      type: integer
+                    tolerations:
+                      items:
+                        properties:
+                          effect:
+                            type: string
+                          key:
+                            type: string
+                          operator:
+                            type: string
+                          tolerationSeconds:
+                            format: int64
+                            type: integer
+                          value:
+                            type: string
+                        type: object
+                      type: array
+                    topologySpreadConstraints:
+                      items:
+                        properties:
+                          labelSelector:
+                            properties:
+                              matchExpressions:
+                                items:
+                                  properties:
+                                    key:
+                                      type: string
+                                    operator:
+                                      type: string
+                                    values:
+                                      items:
+                                        type: string
+                                      type: array
+                                  required:
+                                    - key
+                                    - operator
+                                  type: object
+                                type: array
+                              matchLabels:
+                                additionalProperties:
+                                  type: string
+                                type: object
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          matchLabelKeys:
+                            items:
+                              type: string
+                            type: array
+                            x-kubernetes-list-type: atomic
+                          maxSkew:
+                            format: int32
+                            type: integer
+                          minDomains:
+                            format: int32
+                            type: integer
+                          nodeAffinityPolicy:
+                            type: string
+                          nodeTaintsPolicy:
+                            type: string
+                          topologyKey:
+                            type: string
+                          whenUnsatisfiable:
+                            type: string
+                        required:
+                          - maxSkew
+                          - topologyKey
+                          - whenUnsatisfiable
+                        type: object
+                      type: array
+                      x-kubernetes-list-map-keys:
+                        - topologyKey
+                        - whenUnsatisfiable
+                      x-kubernetes-list-type: map
+                    triton:
+                      properties:
+                        args:
+                          items:
+                            type: string
+                          type: array
+                        command:
+                          items:
+                            type: string
+                          type: array
+                        env:
+                          items:
+                            properties:
+                              name:
+                                type: string
+                              value:
+                                type: string
+                              valueFrom:
+                                properties:
+                                  configMapKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  fieldRef:
+                                    properties:
+                                      apiVersion:
+                                        type: string
+                                      fieldPath:
+                                        type: string
+                                    required:
+                                      - fieldPath
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  resourceFieldRef:
+                                    properties:
+                                      containerName:
+                                        type: string
+                                      divisor:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                      resource:
+                                        type: string
+                                    required:
+                                      - resource
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  secretKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                type: object
+                            required:
+                              - name
+                            type: object
+                          type: array
+                        envFrom:
+                          items:
+                            properties:
+                              configMapRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              prefix:
+                                type: string
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            type: object
+                          type: array
+                        image:
+                          type: string
+                        imagePullPolicy:
+                          type: string
+                        lifecycle:
+                          properties:
+                            postStart:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                            preStop:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                          type: object
+                        livenessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        name:
+                          type: string
+                        ports:
+                          items:
+                            properties:
+                              containerPort:
+                                format: int32
+                                type: integer
+                              hostIP:
+                                type: string
+                              hostPort:
+                                format: int32
+                                type: integer
+                              name:
+                                type: string
+                              protocol:
+                                default: TCP
+                                type: string
+                            required:
+                              - containerPort
+                            type: object
+                          type: array
+                          x-kubernetes-list-map-keys:
+                            - containerPort
+                            - protocol
+                          x-kubernetes-list-type: map
+                        protocolVersion:
+                          type: string
+                        readinessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        resizePolicy:
+                          items:
+                            properties:
+                              resourceName:
+                                type: string
+                              restartPolicy:
+                                type: string
+                            required:
+                              - resourceName
+                              - restartPolicy
+                            type: object
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        resources:
+                          properties:
+                            claims:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                required:
+                                  - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                                - name
+                              x-kubernetes-list-type: map
+                            limits:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                            requests:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                          type: object
+                        restartPolicy:
+                          type: string
+                        runtimeVersion:
+                          type: string
+                        securityContext:
+                          properties:
+                            allowPrivilegeEscalation:
+                              type: boolean
+                            capabilities:
+                              properties:
+                                add:
+                                  items:
+                                    type: string
+                                  type: array
+                                drop:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            privileged:
+                              type: boolean
+                            procMount:
+                              type: string
+                            readOnlyRootFilesystem:
+                              type: boolean
+                            runAsGroup:
+                              format: int64
+                              type: integer
+                            runAsNonRoot:
+                              type: boolean
+                            runAsUser:
+                              format: int64
+                              type: integer
+                            seLinuxOptions:
+                              properties:
+                                level:
+                                  type: string
+                                role:
+                                  type: string
+                                type:
+                                  type: string
+                                user:
+                                  type: string
+                              type: object
+                            seccompProfile:
+                              properties:
+                                localhostProfile:
+                                  type: string
+                                type:
+                                  type: string
+                              required:
+                                - type
+                              type: object
+                            windowsOptions:
+                              properties:
+                                gmsaCredentialSpec:
+                                  type: string
+                                gmsaCredentialSpecName:
+                                  type: string
+                                hostProcess:
+                                  type: boolean
+                                runAsUserName:
+                                  type: string
+                              type: object
+                          type: object
+                        startupProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                                - port
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        stdin:
+                          type: boolean
+                        stdinOnce:
+                          type: boolean
+                        storage:
+                          properties:
+                            key:
+                              type: string
+                            parameters:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            path:
+                              type: string
+                            schemaPath:
+                              type: string
+                          type: object
+                        storageUri:
+                          type: string
+                        terminationMessagePath:
+                          type: string
+                        terminationMessagePolicy:
+                          type: string
+                        tty:
+                          type: boolean
+                        volumeDevices:
+                          items:
+                            properties:
+                              devicePath:
+                                type: string
+                              name:
+                                type: string
+                            required:
+                              - devicePath
+                              - name
+                            type: object
+                          type: array
+                        volumeMounts:
+                          items:
+                            properties:
+                              mountPath:
+                                type: string
+                              mountPropagation:
+                                type: string
+                              name:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              subPath:
+                                type: string
+                              subPathExpr:
+                                type: string
+                            required:
+                              - mountPath
+                              - name
+                            type: object
+                          type: array
+                        workingDir:
+                          type: string
+                      type: object
+                    volumes:
+                      items:
+                        properties:
+                          awsElasticBlockStore:
+                            properties:
+                              fsType:
+                                type: string
+                              partition:
+                                format: int32
+                                type: integer
+                              readOnly:
+                                type: boolean
+                              volumeID:
+                                type: string
+                            required:
+                              - volumeID
+                            type: object
+                          azureDisk:
+                            properties:
+                              cachingMode:
+                                type: string
+                              diskName:
+                                type: string
+                              diskURI:
+                                type: string
+                              fsType:
+                                type: string
+                              kind:
+                                type: string
+                              readOnly:
+                                type: boolean
+                            required:
+                              - diskName
+                              - diskURI
+                            type: object
+                          azureFile:
+                            properties:
+                              readOnly:
+                                type: boolean
+                              secretName:
+                                type: string
+                              shareName:
+                                type: string
+                            required:
+                              - secretName
+                              - shareName
+                            type: object
+                          cephfs:
+                            properties:
+                              monitors:
+                                items:
+                                  type: string
+                                type: array
+                              path:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              secretFile:
+                                type: string
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              user:
+                                type: string
+                            required:
+                              - monitors
+                            type: object
+                          cinder:
+                            properties:
+                              fsType:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              volumeID:
+                                type: string
+                            required:
+                              - volumeID
+                            type: object
+                          configMap:
+                            properties:
+                              defaultMode:
+                                format: int32
+                                type: integer
+                              items:
+                                items:
+                                  properties:
+                                    key:
+                                      type: string
+                                    mode:
+                                      format: int32
+                                      type: integer
+                                    path:
+                                      type: string
+                                  required:
+                                    - key
+                                    - path
+                                  type: object
+                                type: array
+                              name:
+                                type: string
+                              optional:
+                                type: boolean
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          csi:
+                            properties:
+                              driver:
+                                type: string
+                              fsType:
+                                type: string
+                              nodePublishSecretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              readOnly:
+                                type: boolean
+                              volumeAttributes:
+                                additionalProperties:
+                                  type: string
+                                type: object
+                            required:
+                              - driver
+                            type: object
+                          downwardAPI:
+                            properties:
+                              defaultMode:
+                                format: int32
+                                type: integer
+                              items:
+                                items:
+                                  properties:
+                                    fieldRef:
+                                      properties:
+                                        apiVersion:
+                                          type: string
+                                        fieldPath:
+                                          type: string
+                                      required:
+                                        - fieldPath
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    mode:
+                                      format: int32
+                                      type: integer
+                                    path:
+                                      type: string
+                                    resourceFieldRef:
+                                      properties:
+                                        containerName:
+                                          type: string
+                                        divisor:
+                                          anyOf:
+                                            - type: integer
+                                            - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        resource:
+                                          type: string
+                                      required:
+                                        - resource
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                  required:
+                                    - path
+                                  type: object
+                                type: array
+                            type: object
+                          emptyDir:
+                            properties:
+                              medium:
+                                type: string
+                              sizeLimit:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                            type: object
+                          ephemeral:
+                            properties:
+                              volumeClaimTemplate:
+                                properties:
+                                  metadata:
+                                    type: object
+                                  spec:
+                                    properties:
+                                      accessModes:
+                                        items:
+                                          type: string
+                                        type: array
+                                      dataSource:
+                                        properties:
+                                          apiGroup:
+                                            type: string
+                                          kind:
+                                            type: string
+                                          name:
+                                            type: string
+                                        required:
+                                          - kind
+                                          - name
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      dataSourceRef:
+                                        properties:
+                                          apiGroup:
+                                            type: string
+                                          kind:
+                                            type: string
+                                          name:
+                                            type: string
+                                          namespace:
+                                            type: string
+                                        required:
+                                          - kind
+                                          - name
+                                        type: object
+                                      resources:
+                                        properties:
+                                          claims:
+                                            items:
+                                              properties:
+                                                name:
+                                                  type: string
+                                              required:
+                                                - name
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-map-keys:
+                                              - name
+                                            x-kubernetes-list-type: map
+                                          limits:
+                                            additionalProperties:
+                                              anyOf:
+                                                - type: integer
+                                                - type: string
+                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                              x-kubernetes-int-or-string: true
+                                            type: object
+                                          requests:
+                                            additionalProperties:
+                                              anyOf:
+                                                - type: integer
+                                                - type: string
+                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                              x-kubernetes-int-or-string: true
+                                            type: object
+                                        type: object
+                                      selector:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                operator:
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            type: object
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      storageClassName:
+                                        type: string
+                                      volumeMode:
+                                        type: string
+                                      volumeName:
+                                        type: string
+                                    type: object
+                                required:
+                                  - spec
+                                type: object
+                            type: object
+                          fc:
+                            properties:
+                              fsType:
+                                type: string
+                              lun:
+                                format: int32
+                                type: integer
+                              readOnly:
+                                type: boolean
+                              targetWWNs:
+                                items:
+                                  type: string
+                                type: array
+                              wwids:
+                                items:
+                                  type: string
+                                type: array
+                            type: object
+                          flexVolume:
+                            properties:
+                              driver:
+                                type: string
+                              fsType:
+                                type: string
+                              options:
+                                additionalProperties:
+                                  type: string
+                                type: object
+                              readOnly:
+                                type: boolean
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            required:
+                              - driver
+                            type: object
+                          flocker:
+                            properties:
+                              datasetName:
+                                type: string
+                              datasetUUID:
+                                type: string
+                            type: object
+                          gcePersistentDisk:
+                            properties:
+                              fsType:
+                                type: string
+                              partition:
+                                format: int32
+                                type: integer
+                              pdName:
+                                type: string
+                              readOnly:
+                                type: boolean
+                            required:
+                              - pdName
+                            type: object
+                          gitRepo:
+                            properties:
+                              directory:
+                                type: string
+                              repository:
+                                type: string
+                              revision:
+                                type: string
+                            required:
+                              - repository
+                            type: object
+                          glusterfs:
+                            properties:
+                              endpoints:
+                                type: string
+                              path:
+                                type: string
+                              readOnly:
+                                type: boolean
+                            required:
+                              - endpoints
+                              - path
+                            type: object
+                          hostPath:
+                            properties:
+                              path:
+                                type: string
+                              type:
+                                type: string
+                            required:
+                              - path
+                            type: object
+                          iscsi:
+                            properties:
+                              chapAuthDiscovery:
+                                type: boolean
+                              chapAuthSession:
+                                type: boolean
+                              fsType:
+                                type: string
+                              initiatorName:
+                                type: string
+                              iqn:
+                                type: string
+                              iscsiInterface:
+                                type: string
+                              lun:
+                                format: int32
+                                type: integer
+                              portals:
+                                items:
+                                  type: string
+                                type: array
+                              readOnly:
+                                type: boolean
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              targetPortal:
+                                type: string
+                            required:
+                              - iqn
+                              - lun
+                              - targetPortal
+                            type: object
+                          name:
+                            type: string
+                          nfs:
+                            properties:
+                              path:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              server:
+                                type: string
+                            required:
+                              - path
+                              - server
+                            type: object
+                          persistentVolumeClaim:
+                            properties:
+                              claimName:
+                                type: string
+                              readOnly:
+                                type: boolean
+                            required:
+                              - claimName
+                            type: object
+                          photonPersistentDisk:
+                            properties:
+                              fsType:
+                                type: string
+                              pdID:
+                                type: string
+                            required:
+                              - pdID
+                            type: object
+                          portworxVolume:
+                            properties:
+                              fsType:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              volumeID:
+                                type: string
+                            required:
+                              - volumeID
+                            type: object
+                          projected:
+                            properties:
+                              defaultMode:
+                                format: int32
+                                type: integer
+                              sources:
+                                items:
+                                  properties:
+                                    configMap:
+                                      properties:
+                                        items:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              mode:
+                                                format: int32
+                                                type: integer
+                                              path:
+                                                type: string
+                                            required:
+                                              - key
+                                              - path
+                                            type: object
+                                          type: array
+                                        name:
+                                          type: string
+                                        optional:
+                                          type: boolean
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    downwardAPI:
+                                      properties:
+                                        items:
+                                          items:
+                                            properties:
+                                              fieldRef:
+                                                properties:
+                                                  apiVersion:
+                                                    type: string
+                                                  fieldPath:
+                                                    type: string
+                                                required:
+                                                  - fieldPath
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              mode:
+                                                format: int32
+                                                type: integer
+                                              path:
+                                                type: string
+                                              resourceFieldRef:
+                                                properties:
+                                                  containerName:
+                                                    type: string
+                                                  divisor:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                    x-kubernetes-int-or-string: true
+                                                  resource:
+                                                    type: string
+                                                required:
+                                                  - resource
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                            required:
+                                              - path
+                                            type: object
+                                          type: array
+                                      type: object
+                                    secret:
+                                      properties:
+                                        items:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              mode:
+                                                format: int32
+                                                type: integer
+                                              path:
+                                                type: string
+                                            required:
+                                              - key
+                                              - path
+                                            type: object
+                                          type: array
+                                        name:
+                                          type: string
+                                        optional:
+                                          type: boolean
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    serviceAccountToken:
+                                      properties:
+                                        audience:
+                                          type: string
+                                        expirationSeconds:
+                                          format: int64
+                                          type: integer
+                                        path:
+                                          type: string
+                                      required:
+                                        - path
+                                      type: object
+                                  type: object
+                                type: array
+                            type: object
+                          quobyte:
+                            properties:
+                              group:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              registry:
+                                type: string
+                              tenant:
+                                type: string
+                              user:
+                                type: string
+                              volume:
+                                type: string
+                            required:
+                              - registry
+                              - volume
+                            type: object
+                          rbd:
+                            properties:
+                              fsType:
+                                type: string
+                              image:
+                                type: string
+                              keyring:
+                                type: string
+                              monitors:
+                                items:
+                                  type: string
+                                type: array
+                              pool:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              user:
+                                type: string
+                            required:
+                              - image
+                              - monitors
+                            type: object
+                          scaleIO:
+                            properties:
+                              fsType:
+                                type: string
+                              gateway:
+                                type: string
+                              protectionDomain:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              sslEnabled:
+                                type: boolean
+                              storageMode:
+                                type: string
+                              storagePool:
+                                type: string
+                              system:
+                                type: string
+                              volumeName:
+                                type: string
+                            required:
+                              - gateway
+                              - secretRef
+                              - system
+                            type: object
+                          secret:
+                            properties:
+                              defaultMode:
+                                format: int32
+                                type: integer
+                              items:
+                                items:
+                                  properties:
+                                    key:
+                                      type: string
+                                    mode:
+                                      format: int32
+                                      type: integer
+                                    path:
+                                      type: string
+                                  required:
+                                    - key
+                                    - path
+                                  type: object
+                                type: array
+                              optional:
+                                type: boolean
+                              secretName:
+                                type: string
+                            type: object
+                          storageos:
+                            properties:
+                              fsType:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              volumeName:
+                                type: string
+                              volumeNamespace:
+                                type: string
+                            type: object
+                          vsphereVolume:
+                            properties:
+                              fsType:
+                                type: string
+                              storagePolicyID:
+                                type: string
+                              storagePolicyName:
+                                type: string
+                              volumePath:
+                                type: string
+                            required:
+                              - volumePath
+                            type: object
+                        required:
+                          - name
+                        type: object
+                      type: array
+                    xgboost:
+                      properties:
+                        args:
+                          items:
+                            type: string
+                          type: array
+                        command:
+                          items:
+                            type: string
+                          type: array
+                        env:
+                          items:
+                            properties:
+                              name:
+                                type: string
+                              value:
+                                type: string
+                              valueFrom:
+                                properties:
+                                  configMapKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  fieldRef:
+                                    properties:
+                                      apiVersion:
+                                        type: string
+                                      fieldPath:
+                                        type: string
+                                    required:
+                                      - fieldPath
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  resourceFieldRef:
+                                    properties:
+                                      containerName:
+                                        type: string
+                                      divisor:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                      resource:
+                                        type: string
+                                    required:
+                                      - resource
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  secretKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                      - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                type: object
+                            required:
+                              - name
+                            type: object
+                          type: array
+                        envFrom:
+                          items:
+                            properties:
+                              configMapRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              prefix:
+                                type: string
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            type: object
+                          type: array
+                        image:
+                          type: string
+                        imagePullPolicy:
+                          type: string
+                        lifecycle:
+                          properties:
+                            postStart:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                            preStop:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                    - port
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                    - port
+                                  type: object
+                              type: object
+                          type: object
+                        livenessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        name:
+                          type: string
+                        ports:
+                          items:
+                            properties:
+                              containerPort:
+                                format: int32
+                                type: integer
+                              hostIP:
+                                type: string
+                              hostPort:
+                                format: int32
+                                type: integer
+                              name:
+                                type: string
+                              protocol:
+                                default: TCP
+                                type: string
+                            required:
+                              - containerPort
+                            type: object
+                          type: array
+                          x-kubernetes-list-map-keys:
+                            - containerPort
+                            - protocol
+                          x-kubernetes-list-type: map
+                        protocolVersion:
+                          type: string
+                        readinessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        resizePolicy:
+                          items:
+                            properties:
+                              resourceName:
+                                type: string
+                              restartPolicy:
+                                type: string
+                            required:
+                              - resourceName
+                              - restartPolicy
+                            type: object
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        resources:
+                          properties:
+                            claims:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                required:
+                                  - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                                - name
+                              x-kubernetes-list-type: map
+                            limits:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                            requests:
+                              additionalProperties:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                          type: object
+                        restartPolicy:
+                          type: string
+                        runtimeVersion:
+                          type: string
+                        securityContext:
+                          properties:
+                            allowPrivilegeEscalation:
+                              type: boolean
+                            capabilities:
+                              properties:
+                                add:
+                                  items:
+                                    type: string
+                                  type: array
+                                drop:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            privileged:
+                              type: boolean
+                            procMount:
+                              type: string
+                            readOnlyRootFilesystem:
+                              type: boolean
+                            runAsGroup:
+                              format: int64
+                              type: integer
+                            runAsNonRoot:
+                              type: boolean
+                            runAsUser:
+                              format: int64
+                              type: integer
+                            seLinuxOptions:
+                              properties:
+                                level:
+                                  type: string
+                                role:
+                                  type: string
+                                type:
+                                  type: string
+                                user:
+                                  type: string
+                              type: object
+                            seccompProfile:
+                              properties:
+                                localhostProfile:
+                                  type: string
+                                type:
+                                  type: string
+                              required:
+                                - type
+                              type: object
+                            windowsOptions:
+                              properties:
+                                gmsaCredentialSpec:
+                                  type: string
+                                gmsaCredentialSpecName:
+                                  type: string
+                                hostProcess:
+                                  type: boolean
+                                runAsUserName:
+                                  type: string
+                              type: object
+                          type: object
+                        startupProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                      - name
+                                      - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                                - port
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                                - port
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        stdin:
+                          type: boolean
+                        stdinOnce:
+                          type: boolean
+                        storage:
+                          properties:
+                            key:
+                              type: string
+                            parameters:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            path:
+                              type: string
+                            schemaPath:
+                              type: string
+                          type: object
+                        storageUri:
+                          type: string
+                        terminationMessagePath:
+                          type: string
+                        terminationMessagePolicy:
+                          type: string
+                        tty:
+                          type: boolean
+                        volumeDevices:
+                          items:
+                            properties:
+                              devicePath:
+                                type: string
+                              name:
+                                type: string
+                            required:
+                              - devicePath
+                              - name
+                            type: object
+                          type: array
+                        volumeMounts:
+                          items:
+                            properties:
+                              mountPath:
+                                type: string
+                              mountPropagation:
+                                type: string
+                              name:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              subPath:
+                                type: string
+                              subPathExpr:
+                                type: string
+                            required:
+                              - mountPath
+                              - name
+                            type: object
+                          type: array
+                        workingDir:
+                          type: string
+                      type: object
+                  type: object
+                transformer:
+                  properties:
+                    activeDeadlineSeconds:
+                      format: int64
+                      type: integer
+                    affinity:
+                      properties:
+                        nodeAffinity:
+                          properties:
+                            preferredDuringSchedulingIgnoredDuringExecution:
+                              items:
+                                properties:
+                                  preference:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchFields:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  weight:
+                                    format: int32
+                                    type: integer
+                                required:
+                                  - preference
+                                  - weight
+                                type: object
+                              type: array
+                            requiredDuringSchedulingIgnoredDuringExecution:
+                              properties:
+                                nodeSelectorTerms:
+                                  items:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchFields:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  type: array
+                              required:
+                                - nodeSelectorTerms
+                              type: object
+                              x-kubernetes-map-type: atomic
+                          type: object
+                        podAffinity:
+                          properties:
+                            preferredDuringSchedulingIgnoredDuringExecution:
+                              items:
+                                properties:
+                                  podAffinityTerm:
+                                    properties:
+                                      labelSelector:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                operator:
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            type: object
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      namespaceSelector:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                operator:
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            type: object
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      namespaces:
+                                        items:
+                                          type: string
+                                        type: array
+                                      topologyKey:
+                                        type: string
+                                    required:
+                                      - topologyKey
+                                    type: object
+                                  weight:
+                                    format: int32
+                                    type: integer
+                                required:
+                                  - podAffinityTerm
+                                  - weight
+                                type: object
+                              type: array
+                            requiredDuringSchedulingIgnoredDuringExecution:
+                              items:
+                                properties:
+                                  labelSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaceSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaces:
+                                    items:
+                                      type: string
+                                    type: array
+                                  topologyKey:
+                                    type: string
+                                required:
+                                  - topologyKey
+                                type: object
+                              type: array
+                          type: object
+                        podAntiAffinity:
+                          properties:
+                            preferredDuringSchedulingIgnoredDuringExecution:
+                              items:
+                                properties:
+                                  podAffinityTerm:
+                                    properties:
+                                      labelSelector:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                operator:
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            type: object
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      namespaceSelector:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                operator:
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            type: object
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      namespaces:
+                                        items:
+                                          type: string
+                                        type: array
+                                      topologyKey:
+                                        type: string
+                                    required:
+                                      - topologyKey
+                                    type: object
+                                  weight:
+                                    format: int32
+                                    type: integer
+                                required:
+                                  - podAffinityTerm
+                                  - weight
+                                type: object
+                              type: array
+                            requiredDuringSchedulingIgnoredDuringExecution:
+                              items:
+                                properties:
+                                  labelSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaceSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaces:
+                                    items:
+                                      type: string
+                                    type: array
+                                  topologyKey:
+                                    type: string
+                                required:
+                                  - topologyKey
+                                type: object
+                              type: array
+                          type: object
+                      type: object
+                    annotations:
+                      additionalProperties:
+                        type: string
+                      type: object
+                    automountServiceAccountToken:
+                      type: boolean
+                    batcher:
+                      properties:
+                        maxBatchSize:
+                          type: integer
+                        maxLatency:
+                          type: integer
+                        timeout:
+                          type: integer
+                      type: object
+                    canaryTrafficPercent:
+                      format: int64
+                      type: integer
+                    containerConcurrency:
+                      format: int64
+                      type: integer
+                    containers:
+                      items:
+                        properties:
+                          args:
+                            items:
+                              type: string
+                            type: array
+                          command:
+                            items:
+                              type: string
+                            type: array
+                          env:
+                            items:
+                              properties:
+                                name:
+                                  type: string
+                                value:
+                                  type: string
+                                valueFrom:
+                                  properties:
+                                    configMapKeyRef:
+                                      properties:
+                                        key:
+                                          type: string
+                                        name:
+                                          type: string
+                                        optional:
+                                          type: boolean
+                                      required:
+                                        - key
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    fieldRef:
+                                      properties:
+                                        apiVersion:
+                                          type: string
+                                        fieldPath:
+                                          type: string
+                                      required:
+                                        - fieldPath
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    resourceFieldRef:
+                                      properties:
+                                        containerName:
+                                          type: string
+                                        divisor:
+                                          anyOf:
+                                            - type: integer
+                                            - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        resource:
+                                          type: string
+                                      required:
+                                        - resource
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    secretKeyRef:
+                                      properties:
+                                        key:
+                                          type: string
+                                        name:
+                                          type: string
+                                        optional:
+                                          type: boolean
+                                      required:
+                                        - key
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                  type: object
+                              required:
+                                - name
+                              type: object
+                            type: array
+                          envFrom:
+                            items:
+                              properties:
+                                configMapRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                    optional:
+                                      type: boolean
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                prefix:
+                                  type: string
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                    optional:
+                                      type: boolean
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              type: object
+                            type: array
+                          image:
+                            type: string
+                          imagePullPolicy:
+                            type: string
+                          lifecycle:
+                            properties:
+                              postStart:
+                                properties:
+                                  exec:
+                                    properties:
+                                      command:
+                                        items:
+                                          type: string
+                                        type: array
+                                    type: object
+                                  httpGet:
+                                    properties:
+                                      host:
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              type: string
+                                            value:
+                                              type: string
+                                          required:
+                                            - name
+                                            - value
+                                          type: object
+                                        type: array
+                                      path:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        type: string
+                                    required:
+                                      - port
+                                    type: object
+                                  tcpSocket:
+                                    properties:
+                                      host:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                    required:
+                                      - port
+                                    type: object
+                                type: object
+                              preStop:
+                                properties:
+                                  exec:
+                                    properties:
+                                      command:
+                                        items:
+                                          type: string
+                                        type: array
+                                    type: object
+                                  httpGet:
+                                    properties:
+                                      host:
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              type: string
+                                            value:
+                                              type: string
+                                          required:
+                                            - name
+                                            - value
+                                          type: object
+                                        type: array
+                                      path:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        type: string
+                                    required:
+                                      - port
+                                    type: object
+                                  tcpSocket:
+                                    properties:
+                                      host:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                    required:
+                                      - port
+                                    type: object
+                                type: object
+                            type: object
+                          livenessProbe:
+                            properties:
+                              exec:
+                                properties:
+                                  command:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              failureThreshold:
+                                format: int32
+                                type: integer
+                              grpc:
+                                properties:
+                                  port:
+                                    format: int32
+                                    type: integer
+                                  service:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              httpGet:
+                                properties:
+                                  host:
+                                    type: string
+                                  httpHeaders:
+                                    items:
+                                      properties:
+                                        name:
+                                          type: string
+                                        value:
+                                          type: string
+                                      required:
+                                        - name
+                                        - value
+                                      type: object
+                                    type: array
+                                  path:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                  scheme:
+                                    type: string
+                                type: object
+                              initialDelaySeconds:
+                                format: int32
+                                type: integer
+                              periodSeconds:
+                                format: int32
+                                type: integer
+                              successThreshold:
+                                format: int32
+                                type: integer
+                              tcpSocket:
+                                properties:
+                                  host:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                  - port
+                                type: object
+                              terminationGracePeriodSeconds:
+                                format: int64
+                                type: integer
+                              timeoutSeconds:
+                                format: int32
+                                type: integer
+                            type: object
+                          name:
+                            type: string
+                          ports:
+                            items:
+                              properties:
+                                containerPort:
+                                  format: int32
+                                  type: integer
+                                hostIP:
+                                  type: string
+                                hostPort:
+                                  format: int32
+                                  type: integer
+                                name:
+                                  type: string
+                                protocol:
+                                  default: TCP
+                                  type: string
+                              required:
+                                - containerPort
+                              type: object
+                            type: array
+                            x-kubernetes-list-map-keys:
+                              - containerPort
+                              - protocol
+                            x-kubernetes-list-type: map
+                          readinessProbe:
+                            properties:
+                              exec:
+                                properties:
+                                  command:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              failureThreshold:
+                                format: int32
+                                type: integer
+                              grpc:
+                                properties:
+                                  port:
+                                    format: int32
+                                    type: integer
+                                  service:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              httpGet:
+                                properties:
+                                  host:
+                                    type: string
+                                  httpHeaders:
+                                    items:
+                                      properties:
+                                        name:
+                                          type: string
+                                        value:
+                                          type: string
+                                      required:
+                                        - name
+                                        - value
+                                      type: object
+                                    type: array
+                                  path:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                  scheme:
+                                    type: string
+                                type: object
+                              initialDelaySeconds:
+                                format: int32
+                                type: integer
+                              periodSeconds:
+                                format: int32
+                                type: integer
+                              successThreshold:
+                                format: int32
+                                type: integer
+                              tcpSocket:
+                                properties:
+                                  host:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                  - port
+                                type: object
+                              terminationGracePeriodSeconds:
+                                format: int64
+                                type: integer
+                              timeoutSeconds:
+                                format: int32
+                                type: integer
+                            type: object
+                          resizePolicy:
+                            items:
+                              properties:
+                                resourceName:
+                                  type: string
+                                restartPolicy:
+                                  type: string
+                              required:
+                                - resourceName
+                                - restartPolicy
+                              type: object
+                            type: array
+                            x-kubernetes-list-type: atomic
+                          resources:
+                            properties:
+                              claims:
+                                items:
+                                  properties:
+                                    name:
+                                      type: string
+                                  required:
+                                    - name
+                                  type: object
+                                type: array
+                                x-kubernetes-list-map-keys:
+                                  - name
+                                x-kubernetes-list-type: map
+                              limits:
+                                additionalProperties:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                type: object
+                              requests:
+                                additionalProperties:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                type: object
+                            type: object
+                          restartPolicy:
+                            type: string
+                          securityContext:
+                            properties:
+                              allowPrivilegeEscalation:
+                                type: boolean
+                              capabilities:
+                                properties:
+                                  add:
+                                    items:
+                                      type: string
+                                    type: array
+                                  drop:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              privileged:
+                                type: boolean
+                              procMount:
+                                type: string
+                              readOnlyRootFilesystem:
+                                type: boolean
+                              runAsGroup:
+                                format: int64
+                                type: integer
+                              runAsNonRoot:
+                                type: boolean
+                              runAsUser:
+                                format: int64
+                                type: integer
+                              seLinuxOptions:
+                                properties:
+                                  level:
+                                    type: string
+                                  role:
+                                    type: string
+                                  type:
+                                    type: string
+                                  user:
+                                    type: string
+                                type: object
+                              seccompProfile:
+                                properties:
+                                  localhostProfile:
+                                    type: string
+                                  type:
+                                    type: string
+                                required:
+                                  - type
+                                type: object
+                              windowsOptions:
+                                properties:
+                                  gmsaCredentialSpec:
+                                    type: string
+                                  gmsaCredentialSpecName:
+                                    type: string
+                                  hostProcess:
+                                    type: boolean
+                                  runAsUserName:
+                                    type: string
+                                type: object
+                            type: object
+                          startupProbe:
+                            properties:
+                              exec:
+                                properties:
+                                  command:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              failureThreshold:
+                                format: int32
+                                type: integer
+                              grpc:
+                                properties:
+                                  port:
+                                    format: int32
+                                    type: integer
+                                  service:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              httpGet:
+                                properties:
+                                  host:
+                                    type: string
+                                  httpHeaders:
+                                    items:
+                                      properties:
+                                        name:
+                                          type: string
+                                        value:
+                                          type: string
+                                      required:
+                                        - name
+                                        - value
+                                      type: object
+                                    type: array
+                                  path:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                  scheme:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              initialDelaySeconds:
+                                format: int32
+                                type: integer
+                              periodSeconds:
+                                format: int32
+                                type: integer
+                              successThreshold:
+                                format: int32
+                                type: integer
+                              tcpSocket:
+                                properties:
+                                  host:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                  - port
+                                type: object
+                              terminationGracePeriodSeconds:
+                                format: int64
+                                type: integer
+                              timeoutSeconds:
+                                format: int32
+                                type: integer
+                            type: object
+                          stdin:
+                            type: boolean
+                          stdinOnce:
+                            type: boolean
+                          terminationMessagePath:
+                            type: string
+                          terminationMessagePolicy:
+                            type: string
+                          tty:
+                            type: boolean
+                          volumeDevices:
+                            items:
+                              properties:
+                                devicePath:
+                                  type: string
+                                name:
+                                  type: string
+                              required:
+                                - devicePath
+                                - name
+                              type: object
+                            type: array
+                          volumeMounts:
+                            items:
+                              properties:
+                                mountPath:
+                                  type: string
+                                mountPropagation:
+                                  type: string
+                                name:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                subPath:
+                                  type: string
+                                subPathExpr:
+                                  type: string
+                              required:
+                                - mountPath
+                                - name
+                              type: object
+                            type: array
+                          workingDir:
+                            type: string
+                        required:
+                          - name
+                        type: object
+                      type: array
+                    deploymentStrategy:
+                      properties:
+                        rollingUpdate:
+                          properties:
+                            maxSurge:
+                              anyOf:
+                                - type: integer
+                                - type: string
+                              x-kubernetes-int-or-string: true
+                            maxUnavailable:
+                              anyOf:
+                                - type: integer
+                                - type: string
+                              x-kubernetes-int-or-string: true
+                          type: object
+                        type:
+                          type: string
+                      type: object
+                    dnsConfig:
+                      properties:
+                        nameservers:
+                          items:
+                            type: string
+                          type: array
+                        options:
+                          items:
+                            properties:
+                              name:
+                                type: string
+                              value:
+                                type: string
+                            type: object
+                          type: array
+                        searches:
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    dnsPolicy:
+                      type: string
+                    enableServiceLinks:
+                      type: boolean
+                    hostAliases:
+                      items:
+                        properties:
+                          hostnames:
+                            items:
+                              type: string
+                            type: array
+                          ip:
+                            type: string
+                        type: object
+                      type: array
+                    hostIPC:
+                      type: boolean
+                    hostNetwork:
+                      type: boolean
+                    hostPID:
+                      type: boolean
+                    hostUsers:
+                      type: boolean
+                    hostname:
+                      type: string
+                    imagePullSecrets:
+                      items:
+                        properties:
+                          name:
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      type: array
+                    initContainers:
+                      items:
+                        properties:
+                          args:
+                            items:
+                              type: string
+                            type: array
+                          command:
+                            items:
+                              type: string
+                            type: array
+                          env:
+                            items:
+                              properties:
+                                name:
+                                  type: string
+                                value:
+                                  type: string
+                                valueFrom:
+                                  properties:
+                                    configMapKeyRef:
+                                      properties:
+                                        key:
+                                          type: string
+                                        name:
+                                          type: string
+                                        optional:
+                                          type: boolean
+                                      required:
+                                        - key
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    fieldRef:
+                                      properties:
+                                        apiVersion:
+                                          type: string
+                                        fieldPath:
+                                          type: string
+                                      required:
+                                        - fieldPath
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    resourceFieldRef:
+                                      properties:
+                                        containerName:
+                                          type: string
+                                        divisor:
+                                          anyOf:
+                                            - type: integer
+                                            - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        resource:
+                                          type: string
+                                      required:
+                                        - resource
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    secretKeyRef:
+                                      properties:
+                                        key:
+                                          type: string
+                                        name:
+                                          type: string
+                                        optional:
+                                          type: boolean
+                                      required:
+                                        - key
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                  type: object
+                              required:
+                                - name
+                              type: object
+                            type: array
+                          envFrom:
+                            items:
+                              properties:
+                                configMapRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                    optional:
+                                      type: boolean
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                prefix:
+                                  type: string
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                    optional:
+                                      type: boolean
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              type: object
+                            type: array
+                          image:
+                            type: string
+                          imagePullPolicy:
+                            type: string
+                          lifecycle:
+                            properties:
+                              postStart:
+                                properties:
+                                  exec:
+                                    properties:
+                                      command:
+                                        items:
+                                          type: string
+                                        type: array
+                                    type: object
+                                  httpGet:
+                                    properties:
+                                      host:
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              type: string
+                                            value:
+                                              type: string
+                                          required:
+                                            - name
+                                            - value
+                                          type: object
+                                        type: array
+                                      path:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        type: string
+                                    required:
+                                      - port
+                                    type: object
+                                  tcpSocket:
+                                    properties:
+                                      host:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                    required:
+                                      - port
+                                    type: object
+                                type: object
+                              preStop:
+                                properties:
+                                  exec:
+                                    properties:
+                                      command:
+                                        items:
+                                          type: string
+                                        type: array
+                                    type: object
+                                  httpGet:
+                                    properties:
+                                      host:
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              type: string
+                                            value:
+                                              type: string
+                                          required:
+                                            - name
+                                            - value
+                                          type: object
+                                        type: array
+                                      path:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                      scheme:
+                                        type: string
+                                    required:
+                                      - port
+                                    type: object
+                                  tcpSocket:
+                                    properties:
+                                      host:
+                                        type: string
+                                      port:
+                                        anyOf:
+                                          - type: integer
+                                          - type: string
+                                        x-kubernetes-int-or-string: true
+                                    required:
+                                      - port
+                                    type: object
+                                type: object
+                            type: object
+                          livenessProbe:
+                            properties:
+                              exec:
+                                properties:
+                                  command:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              failureThreshold:
+                                format: int32
+                                type: integer
+                              grpc:
+                                properties:
+                                  port:
+                                    format: int32
+                                    type: integer
+                                  service:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              httpGet:
+                                properties:
+                                  host:
+                                    type: string
+                                  httpHeaders:
+                                    items:
+                                      properties:
+                                        name:
+                                          type: string
+                                        value:
+                                          type: string
+                                      required:
+                                        - name
+                                        - value
+                                      type: object
+                                    type: array
+                                  path:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                  scheme:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              initialDelaySeconds:
+                                format: int32
+                                type: integer
+                              periodSeconds:
+                                format: int32
+                                type: integer
+                              successThreshold:
+                                format: int32
+                                type: integer
+                              tcpSocket:
+                                properties:
+                                  host:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                  - port
+                                type: object
+                              terminationGracePeriodSeconds:
+                                format: int64
+                                type: integer
+                              timeoutSeconds:
+                                format: int32
+                                type: integer
+                            type: object
+                          name:
+                            type: string
+                          ports:
+                            items:
+                              properties:
+                                containerPort:
+                                  format: int32
+                                  type: integer
+                                hostIP:
+                                  type: string
+                                hostPort:
+                                  format: int32
+                                  type: integer
+                                name:
+                                  type: string
+                                protocol:
+                                  default: TCP
+                                  type: string
+                              required:
+                                - containerPort
+                              type: object
+                            type: array
+                            x-kubernetes-list-map-keys:
+                              - containerPort
+                              - protocol
+                            x-kubernetes-list-type: map
+                          readinessProbe:
+                            properties:
+                              exec:
+                                properties:
+                                  command:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              failureThreshold:
+                                format: int32
+                                type: integer
+                              grpc:
+                                properties:
+                                  port:
+                                    format: int32
+                                    type: integer
+                                  service:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              httpGet:
+                                properties:
+                                  host:
+                                    type: string
+                                  httpHeaders:
+                                    items:
+                                      properties:
+                                        name:
+                                          type: string
+                                        value:
+                                          type: string
+                                      required:
+                                        - name
+                                        - value
+                                      type: object
+                                    type: array
+                                  path:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                  scheme:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              initialDelaySeconds:
+                                format: int32
+                                type: integer
+                              periodSeconds:
+                                format: int32
+                                type: integer
+                              successThreshold:
+                                format: int32
+                                type: integer
+                              tcpSocket:
+                                properties:
+                                  host:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                  - port
+                                type: object
+                              terminationGracePeriodSeconds:
+                                format: int64
+                                type: integer
+                              timeoutSeconds:
+                                format: int32
+                                type: integer
+                            type: object
+                          resizePolicy:
+                            items:
+                              properties:
+                                resourceName:
+                                  type: string
+                                restartPolicy:
+                                  type: string
+                              required:
+                                - resourceName
+                                - restartPolicy
+                              type: object
+                            type: array
+                            x-kubernetes-list-type: atomic
+                          resources:
+                            properties:
+                              claims:
+                                items:
+                                  properties:
+                                    name:
+                                      type: string
+                                  required:
+                                    - name
+                                  type: object
+                                type: array
+                                x-kubernetes-list-map-keys:
+                                  - name
+                                x-kubernetes-list-type: map
+                              limits:
+                                additionalProperties:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                type: object
+                              requests:
+                                additionalProperties:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                type: object
+                            type: object
+                          restartPolicy:
+                            type: string
+                          securityContext:
+                            properties:
+                              allowPrivilegeEscalation:
+                                type: boolean
+                              capabilities:
+                                properties:
+                                  add:
+                                    items:
+                                      type: string
+                                    type: array
+                                  drop:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              privileged:
+                                type: boolean
+                              procMount:
+                                type: string
+                              readOnlyRootFilesystem:
+                                type: boolean
+                              runAsGroup:
+                                format: int64
+                                type: integer
+                              runAsNonRoot:
+                                type: boolean
+                              runAsUser:
+                                format: int64
+                                type: integer
+                              seLinuxOptions:
+                                properties:
+                                  level:
+                                    type: string
+                                  role:
+                                    type: string
+                                  type:
+                                    type: string
+                                  user:
+                                    type: string
+                                type: object
+                              seccompProfile:
+                                properties:
+                                  localhostProfile:
+                                    type: string
+                                  type:
+                                    type: string
+                                required:
+                                  - type
+                                type: object
+                              windowsOptions:
+                                properties:
+                                  gmsaCredentialSpec:
+                                    type: string
+                                  gmsaCredentialSpecName:
+                                    type: string
+                                  hostProcess:
+                                    type: boolean
+                                  runAsUserName:
+                                    type: string
+                                type: object
+                            type: object
+                          startupProbe:
+                            properties:
+                              exec:
+                                properties:
+                                  command:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              failureThreshold:
+                                format: int32
+                                type: integer
+                              grpc:
+                                properties:
+                                  port:
+                                    format: int32
+                                    type: integer
+                                  service:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              httpGet:
+                                properties:
+                                  host:
+                                    type: string
+                                  httpHeaders:
+                                    items:
+                                      properties:
+                                        name:
+                                          type: string
+                                        value:
+                                          type: string
+                                      required:
+                                        - name
+                                        - value
+                                      type: object
+                                    type: array
+                                  path:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                  scheme:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              initialDelaySeconds:
+                                format: int32
+                                type: integer
+                              periodSeconds:
+                                format: int32
+                                type: integer
+                              successThreshold:
+                                format: int32
+                                type: integer
+                              tcpSocket:
+                                properties:
+                                  host:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                  - port
+                                type: object
+                              terminationGracePeriodSeconds:
+                                format: int64
+                                type: integer
+                              timeoutSeconds:
+                                format: int32
+                                type: integer
+                            type: object
+                          stdin:
+                            type: boolean
+                          stdinOnce:
+                            type: boolean
+                          terminationMessagePath:
+                            type: string
+                          terminationMessagePolicy:
+                            type: string
+                          tty:
+                            type: boolean
+                          volumeDevices:
+                            items:
+                              properties:
+                                devicePath:
+                                  type: string
+                                name:
+                                  type: string
+                              required:
+                                - devicePath
+                                - name
+                              type: object
+                            type: array
+                          volumeMounts:
+                            items:
+                              properties:
+                                mountPath:
+                                  type: string
+                                mountPropagation:
+                                  type: string
+                                name:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                subPath:
+                                  type: string
+                                subPathExpr:
+                                  type: string
+                              required:
+                                - mountPath
+                                - name
+                              type: object
+                            type: array
+                          workingDir:
+                            type: string
+                        required:
+                          - name
+                        type: object
+                      type: array
+                    labels:
+                      additionalProperties:
+                        type: string
+                      type: object
+                    logger:
+                      properties:
+                        mode:
+                          enum:
+                            - all
+                            - request
+                            - response
+                          type: string
+                        url:
+                          type: string
+                      type: object
+                    maxReplicas:
+                      type: integer
+                    minReplicas:
+                      type: integer
+                    nodeName:
+                      type: string
+                    nodeSelector:
+                      additionalProperties:
+                        type: string
+                      type: object
+                      x-kubernetes-map-type: atomic
+                    os:
+                      properties:
+                        name:
+                          type: string
+                      type: object
+                    overhead:
+                      additionalProperties:
+                        anyOf:
+                          - type: integer
+                          - type: string
+                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                        x-kubernetes-int-or-string: true
+                      type: object
+                    preemptionPolicy:
+                      type: string
+                    priority:
+                      format: int32
+                      type: integer
+                    priorityClassName:
+                      type: string
+                    readinessGates:
+                      items:
+                        properties:
+                          conditionType:
+                            type: string
+                        required:
+                          - conditionType
+                        type: object
+                      type: array
+                    resourceClaims:
+                      items:
+                        properties:
+                          name:
+                            type: string
+                          source:
+                            properties:
+                              resourceClaimName:
+                                type: string
+                              resourceClaimTemplateName:
+                                type: string
+                            type: object
+                        required:
+                          - name
+                        type: object
+                      type: array
+                      x-kubernetes-list-map-keys:
+                        - name
+                      x-kubernetes-list-type: map
+                    restartPolicy:
+                      type: string
+                    runtimeClassName:
+                      type: string
+                    scaleMetric:
+                      enum:
+                        - cpu
+                        - memory
+                        - concurrency
+                        - rps
+                      type: string
+                    scaleTarget:
+                      type: integer
+                    schedulerName:
+                      type: string
+                    schedulingGates:
+                      items:
+                        properties:
+                          name:
+                            type: string
+                        required:
+                          - name
+                        type: object
+                      type: array
+                      x-kubernetes-list-map-keys:
+                        - name
+                      x-kubernetes-list-type: map
+                    securityContext:
+                      properties:
+                        fsGroup:
+                          format: int64
+                          type: integer
+                        fsGroupChangePolicy:
+                          type: string
+                        runAsGroup:
+                          format: int64
+                          type: integer
+                        runAsNonRoot:
+                          type: boolean
+                        runAsUser:
+                          format: int64
+                          type: integer
+                        seLinuxOptions:
+                          properties:
+                            level:
+                              type: string
+                            role:
+                              type: string
+                            type:
+                              type: string
+                            user:
+                              type: string
+                          type: object
+                        seccompProfile:
+                          properties:
+                            localhostProfile:
+                              type: string
+                            type:
+                              type: string
+                          required:
+                            - type
+                          type: object
+                        supplementalGroups:
+                          items:
+                            format: int64
+                            type: integer
+                          type: array
+                        sysctls:
+                          items:
+                            properties:
+                              name:
+                                type: string
+                              value:
+                                type: string
+                            required:
+                              - name
+                              - value
+                            type: object
+                          type: array
+                        windowsOptions:
+                          properties:
+                            gmsaCredentialSpec:
+                              type: string
+                            gmsaCredentialSpecName:
+                              type: string
+                            hostProcess:
+                              type: boolean
+                            runAsUserName:
+                              type: string
+                          type: object
+                      type: object
+                    serviceAccount:
+                      type: string
+                    serviceAccountName:
+                      type: string
+                    setHostnameAsFQDN:
+                      type: boolean
+                    shareProcessNamespace:
+                      type: boolean
+                    subdomain:
+                      type: string
+                    terminationGracePeriodSeconds:
+                      format: int64
+                      type: integer
+                    timeout:
+                      format: int64
+                      type: integer
+                    tolerations:
+                      items:
+                        properties:
+                          effect:
+                            type: string
+                          key:
+                            type: string
+                          operator:
+                            type: string
+                          tolerationSeconds:
+                            format: int64
+                            type: integer
+                          value:
+                            type: string
+                        type: object
+                      type: array
+                    topologySpreadConstraints:
+                      items:
+                        properties:
+                          labelSelector:
+                            properties:
+                              matchExpressions:
+                                items:
+                                  properties:
+                                    key:
+                                      type: string
+                                    operator:
+                                      type: string
+                                    values:
+                                      items:
+                                        type: string
+                                      type: array
+                                  required:
+                                    - key
+                                    - operator
+                                  type: object
+                                type: array
+                              matchLabels:
+                                additionalProperties:
+                                  type: string
+                                type: object
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          matchLabelKeys:
+                            items:
+                              type: string
+                            type: array
+                            x-kubernetes-list-type: atomic
+                          maxSkew:
+                            format: int32
+                            type: integer
+                          minDomains:
+                            format: int32
+                            type: integer
+                          nodeAffinityPolicy:
+                            type: string
+                          nodeTaintsPolicy:
+                            type: string
+                          topologyKey:
+                            type: string
+                          whenUnsatisfiable:
+                            type: string
+                        required:
+                          - maxSkew
+                          - topologyKey
+                          - whenUnsatisfiable
+                        type: object
+                      type: array
+                      x-kubernetes-list-map-keys:
+                        - topologyKey
+                        - whenUnsatisfiable
+                      x-kubernetes-list-type: map
+                    volumes:
+                      items:
+                        properties:
+                          awsElasticBlockStore:
+                            properties:
+                              fsType:
+                                type: string
+                              partition:
+                                format: int32
+                                type: integer
+                              readOnly:
+                                type: boolean
+                              volumeID:
+                                type: string
+                            required:
+                              - volumeID
+                            type: object
+                          azureDisk:
+                            properties:
+                              cachingMode:
+                                type: string
+                              diskName:
+                                type: string
+                              diskURI:
+                                type: string
+                              fsType:
+                                type: string
+                              kind:
+                                type: string
+                              readOnly:
+                                type: boolean
+                            required:
+                              - diskName
+                              - diskURI
+                            type: object
+                          azureFile:
+                            properties:
+                              readOnly:
+                                type: boolean
+                              secretName:
+                                type: string
+                              shareName:
+                                type: string
+                            required:
+                              - secretName
+                              - shareName
+                            type: object
+                          cephfs:
+                            properties:
+                              monitors:
+                                items:
+                                  type: string
+                                type: array
+                              path:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              secretFile:
+                                type: string
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              user:
+                                type: string
+                            required:
+                              - monitors
+                            type: object
+                          cinder:
+                            properties:
+                              fsType:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              volumeID:
+                                type: string
+                            required:
+                              - volumeID
+                            type: object
+                          configMap:
+                            properties:
+                              defaultMode:
+                                format: int32
+                                type: integer
+                              items:
+                                items:
+                                  properties:
+                                    key:
+                                      type: string
+                                    mode:
+                                      format: int32
+                                      type: integer
+                                    path:
+                                      type: string
+                                  required:
+                                    - key
+                                    - path
+                                  type: object
+                                type: array
+                              name:
+                                type: string
+                              optional:
+                                type: boolean
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          csi:
+                            properties:
+                              driver:
+                                type: string
+                              fsType:
+                                type: string
+                              nodePublishSecretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              readOnly:
+                                type: boolean
+                              volumeAttributes:
+                                additionalProperties:
+                                  type: string
+                                type: object
+                            required:
+                              - driver
+                            type: object
+                          downwardAPI:
+                            properties:
+                              defaultMode:
+                                format: int32
+                                type: integer
+                              items:
+                                items:
+                                  properties:
+                                    fieldRef:
+                                      properties:
+                                        apiVersion:
+                                          type: string
+                                        fieldPath:
+                                          type: string
+                                      required:
+                                        - fieldPath
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    mode:
+                                      format: int32
+                                      type: integer
+                                    path:
+                                      type: string
+                                    resourceFieldRef:
+                                      properties:
+                                        containerName:
+                                          type: string
+                                        divisor:
+                                          anyOf:
+                                            - type: integer
+                                            - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        resource:
+                                          type: string
+                                      required:
+                                        - resource
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                  required:
+                                    - path
+                                  type: object
+                                type: array
+                            type: object
+                          emptyDir:
+                            properties:
+                              medium:
+                                type: string
+                              sizeLimit:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                            type: object
+                          ephemeral:
+                            properties:
+                              volumeClaimTemplate:
+                                properties:
+                                  metadata:
+                                    type: object
+                                  spec:
+                                    properties:
+                                      accessModes:
+                                        items:
+                                          type: string
+                                        type: array
+                                      dataSource:
+                                        properties:
+                                          apiGroup:
+                                            type: string
+                                          kind:
+                                            type: string
+                                          name:
+                                            type: string
+                                        required:
+                                          - kind
+                                          - name
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      dataSourceRef:
+                                        properties:
+                                          apiGroup:
+                                            type: string
+                                          kind:
+                                            type: string
+                                          name:
+                                            type: string
+                                          namespace:
+                                            type: string
+                                        required:
+                                          - kind
+                                          - name
+                                        type: object
+                                      resources:
+                                        properties:
+                                          claims:
+                                            items:
+                                              properties:
+                                                name:
+                                                  type: string
+                                              required:
+                                                - name
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-map-keys:
+                                              - name
+                                            x-kubernetes-list-type: map
+                                          limits:
+                                            additionalProperties:
+                                              anyOf:
+                                                - type: integer
+                                                - type: string
+                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                              x-kubernetes-int-or-string: true
+                                            type: object
+                                          requests:
+                                            additionalProperties:
+                                              anyOf:
+                                                - type: integer
+                                                - type: string
+                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                              x-kubernetes-int-or-string: true
+                                            type: object
+                                        type: object
+                                      selector:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                operator:
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            type: object
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      storageClassName:
+                                        type: string
+                                      volumeMode:
+                                        type: string
+                                      volumeName:
+                                        type: string
+                                    type: object
+                                required:
+                                  - spec
+                                type: object
+                            type: object
+                          fc:
+                            properties:
+                              fsType:
+                                type: string
+                              lun:
+                                format: int32
+                                type: integer
+                              readOnly:
+                                type: boolean
+                              targetWWNs:
+                                items:
+                                  type: string
+                                type: array
+                              wwids:
+                                items:
+                                  type: string
+                                type: array
+                            type: object
+                          flexVolume:
+                            properties:
+                              driver:
+                                type: string
+                              fsType:
+                                type: string
+                              options:
+                                additionalProperties:
+                                  type: string
+                                type: object
+                              readOnly:
+                                type: boolean
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            required:
+                              - driver
+                            type: object
+                          flocker:
+                            properties:
+                              datasetName:
+                                type: string
+                              datasetUUID:
+                                type: string
+                            type: object
+                          gcePersistentDisk:
+                            properties:
+                              fsType:
+                                type: string
+                              partition:
+                                format: int32
+                                type: integer
+                              pdName:
+                                type: string
+                              readOnly:
+                                type: boolean
+                            required:
+                              - pdName
+                            type: object
+                          gitRepo:
+                            properties:
+                              directory:
+                                type: string
+                              repository:
+                                type: string
+                              revision:
+                                type: string
+                            required:
+                              - repository
+                            type: object
+                          glusterfs:
+                            properties:
+                              endpoints:
+                                type: string
+                              path:
+                                type: string
+                              readOnly:
+                                type: boolean
+                            required:
+                              - endpoints
+                              - path
+                            type: object
+                          hostPath:
+                            properties:
+                              path:
+                                type: string
+                              type:
+                                type: string
+                            required:
+                              - path
+                            type: object
+                          iscsi:
+                            properties:
+                              chapAuthDiscovery:
+                                type: boolean
+                              chapAuthSession:
+                                type: boolean
+                              fsType:
+                                type: string
+                              initiatorName:
+                                type: string
+                              iqn:
+                                type: string
+                              iscsiInterface:
+                                type: string
+                              lun:
+                                format: int32
+                                type: integer
+                              portals:
+                                items:
+                                  type: string
+                                type: array
+                              readOnly:
+                                type: boolean
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              targetPortal:
+                                type: string
+                            required:
+                              - iqn
+                              - lun
+                              - targetPortal
+                            type: object
+                          name:
+                            type: string
+                          nfs:
+                            properties:
+                              path:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              server:
+                                type: string
+                            required:
+                              - path
+                              - server
+                            type: object
+                          persistentVolumeClaim:
+                            properties:
+                              claimName:
+                                type: string
+                              readOnly:
+                                type: boolean
+                            required:
+                              - claimName
+                            type: object
+                          photonPersistentDisk:
+                            properties:
+                              fsType:
+                                type: string
+                              pdID:
+                                type: string
+                            required:
+                              - pdID
+                            type: object
+                          portworxVolume:
+                            properties:
+                              fsType:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              volumeID:
+                                type: string
+                            required:
+                              - volumeID
+                            type: object
+                          projected:
+                            properties:
+                              defaultMode:
+                                format: int32
+                                type: integer
+                              sources:
+                                items:
+                                  properties:
+                                    configMap:
+                                      properties:
+                                        items:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              mode:
+                                                format: int32
+                                                type: integer
+                                              path:
+                                                type: string
+                                            required:
+                                              - key
+                                              - path
+                                            type: object
+                                          type: array
+                                        name:
+                                          type: string
+                                        optional:
+                                          type: boolean
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    downwardAPI:
+                                      properties:
+                                        items:
+                                          items:
+                                            properties:
+                                              fieldRef:
+                                                properties:
+                                                  apiVersion:
+                                                    type: string
+                                                  fieldPath:
+                                                    type: string
+                                                required:
+                                                  - fieldPath
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              mode:
+                                                format: int32
+                                                type: integer
+                                              path:
+                                                type: string
+                                              resourceFieldRef:
+                                                properties:
+                                                  containerName:
+                                                    type: string
+                                                  divisor:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                    x-kubernetes-int-or-string: true
+                                                  resource:
+                                                    type: string
+                                                required:
+                                                  - resource
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                            required:
+                                              - path
+                                            type: object
+                                          type: array
+                                      type: object
+                                    secret:
+                                      properties:
+                                        items:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              mode:
+                                                format: int32
+                                                type: integer
+                                              path:
+                                                type: string
+                                            required:
+                                              - key
+                                              - path
+                                            type: object
+                                          type: array
+                                        name:
+                                          type: string
+                                        optional:
+                                          type: boolean
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    serviceAccountToken:
+                                      properties:
+                                        audience:
+                                          type: string
+                                        expirationSeconds:
+                                          format: int64
+                                          type: integer
+                                        path:
+                                          type: string
+                                      required:
+                                        - path
+                                      type: object
+                                  type: object
+                                type: array
+                            type: object
+                          quobyte:
+                            properties:
+                              group:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              registry:
+                                type: string
+                              tenant:
+                                type: string
+                              user:
+                                type: string
+                              volume:
+                                type: string
+                            required:
+                              - registry
+                              - volume
+                            type: object
+                          rbd:
+                            properties:
+                              fsType:
+                                type: string
+                              image:
+                                type: string
+                              keyring:
+                                type: string
+                              monitors:
+                                items:
+                                  type: string
+                                type: array
+                              pool:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              user:
+                                type: string
+                            required:
+                              - image
+                              - monitors
+                            type: object
+                          scaleIO:
+                            properties:
+                              fsType:
+                                type: string
+                              gateway:
+                                type: string
+                              protectionDomain:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              sslEnabled:
+                                type: boolean
+                              storageMode:
+                                type: string
+                              storagePool:
+                                type: string
+                              system:
+                                type: string
+                              volumeName:
+                                type: string
+                            required:
+                              - gateway
+                              - secretRef
+                              - system
+                            type: object
+                          secret:
+                            properties:
+                              defaultMode:
+                                format: int32
+                                type: integer
+                              items:
+                                items:
+                                  properties:
+                                    key:
+                                      type: string
+                                    mode:
+                                      format: int32
+                                      type: integer
+                                    path:
+                                      type: string
+                                  required:
+                                    - key
+                                    - path
+                                  type: object
+                                type: array
+                              optional:
+                                type: boolean
+                              secretName:
+                                type: string
+                            type: object
+                          storageos:
+                            properties:
+                              fsType:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              volumeName:
+                                type: string
+                              volumeNamespace:
+                                type: string
+                            type: object
+                          vsphereVolume:
+                            properties:
+                              fsType:
+                                type: string
+                              storagePolicyID:
+                                type: string
+                              storagePolicyName:
+                                type: string
+                              volumePath:
+                                type: string
+                            required:
+                              - volumePath
+                            type: object
+                        required:
+                          - name
+                        type: object
+                      type: array
+                  type: object
+              required:
+                - predictor
+              type: object
+            status:
+              properties:
+                address:
+                  properties:
+                    CACerts:
+                      type: string
+                    audience:
+                      type: string
+                    name:
+                      type: string
+                    url:
+                      type: string
+                  type: object
+                annotations:
+                  additionalProperties:
+                    type: string
+                  type: object
+                components:
+                  additionalProperties:
+                    properties:
+                      address:
+                        properties:
+                          CACerts:
+                            type: string
+                          audience:
+                            type: string
+                          name:
+                            type: string
+                          url:
+                            type: string
+                        type: object
+                      grpcUrl:
+                        type: string
+                      latestCreatedRevision:
+                        type: string
+                      latestReadyRevision:
+                        type: string
+                      latestRolledoutRevision:
+                        type: string
+                      previousRolledoutRevision:
+                        type: string
+                      restUrl:
+                        type: string
+                      traffic:
+                        items:
+                          properties:
+                            configurationName:
+                              type: string
+                            latestRevision:
+                              type: boolean
+                            percent:
+                              format: int64
+                              type: integer
+                            revisionName:
+                              type: string
+                            tag:
+                              type: string
+                            url:
+                              type: string
+                          type: object
+                        type: array
+                      url:
+                        type: string
+                    type: object
+                  type: object
+                conditions:
+                  items:
+                    properties:
+                      lastTransitionTime:
+                        type: string
+                      message:
+                        type: string
+                      reason:
+                        type: string
+                      severity:
+                        type: string
+                      status:
+                        type: string
+                      type:
+                        type: string
+                    required:
+                      - status
+                      - type
+                    type: object
+                  type: array
+                modelStatus:
+                  properties:
+                    copies:
+                      properties:
+                        failedCopies:
+                          default: 0
+                          type: integer
+                        totalCopies:
+                          type: integer
+                      required:
+                        - failedCopies
+                      type: object
+                    lastFailureInfo:
+                      properties:
+                        exitCode:
+                          format: int32
+                          type: integer
+                        location:
+                          type: string
+                        message:
+                          type: string
+                        modelRevisionName:
+                          type: string
+                        reason:
+                          enum:
+                            - ModelLoadFailed
+                            - RuntimeUnhealthy
+                            - RuntimeDisabled
+                            - NoSupportingRuntime
+                            - RuntimeNotRecognized
+                            - InvalidPredictorSpec
+                          type: string
+                        time:
+                          format: date-time
+                          type: string
+                      type: object
+                    states:
+                      properties:
+                        activeModelState:
+                          default: Pending
+                          enum:
+                            - ""
+                            - Pending
+                            - Standby
+                            - Loading
+                            - Loaded
+                            - FailedToLoad
+                          type: string
+                        targetModelState:
+                          default: ""
+                          enum:
+                            - ""
+                            - Pending
+                            - Standby
+                            - Loading
+                            - Loaded
+                            - FailedToLoad
+                          type: string
+                      required:
+                        - activeModelState
+                      type: object
+                    transitionStatus:
+                      default: UpToDate
+                      enum:
+                        - ""
+                        - UpToDate
+                        - InProgress
+                        - BlockedByFailedLoad
+                        - InvalidSpec
+                      type: string
+                  required:
+                    - transitionStatus
+                  type: object
+                observedGeneration:
+                  format: int64
+                  type: integer
+                url:
+                  type: string
+              type: object
+              x-kubernetes-preserve-unknown-fields: true
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.12.0
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+  name: servingruntimes.serving.kserve.io
+spec:
+  group: serving.kserve.io
+  names:
+    kind: ServingRuntime
+    listKind: ServingRuntimeList
+    plural: servingruntimes
+    singular: servingruntime
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .spec.disabled
+          name: Disabled
+          type: boolean
+        - jsonPath: .spec.supportedModelFormats[*].name
+          name: ModelType
+          type: string
+        - jsonPath: .spec.containers[*].name
+          name: Containers
+          type: string
+        - jsonPath: .metadata.creationTimestamp
+          name: Age
+          type: date
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          properties:
+            apiVersion:
+              type: string
+            kind:
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                affinity:
+                  properties:
+                    nodeAffinity:
+                      properties:
+                        preferredDuringSchedulingIgnoredDuringExecution:
+                          items:
+                            properties:
+                              preference:
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                  matchFields:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              weight:
+                                format: int32
+                                type: integer
+                            required:
+                              - preference
+                              - weight
+                            type: object
+                          type: array
+                        requiredDuringSchedulingIgnoredDuringExecution:
+                          properties:
+                            nodeSelectorTerms:
+                              items:
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                  matchFields:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              type: array
+                          required:
+                            - nodeSelectorTerms
+                          type: object
+                          x-kubernetes-map-type: atomic
+                      type: object
+                    podAffinity:
+                      properties:
+                        preferredDuringSchedulingIgnoredDuringExecution:
+                          items:
+                            properties:
+                              podAffinityTerm:
+                                properties:
+                                  labelSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaceSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaces:
+                                    items:
+                                      type: string
+                                    type: array
+                                  topologyKey:
+                                    type: string
+                                required:
+                                  - topologyKey
+                                type: object
+                              weight:
+                                format: int32
+                                type: integer
+                            required:
+                              - podAffinityTerm
+                              - weight
+                            type: object
+                          type: array
+                        requiredDuringSchedulingIgnoredDuringExecution:
+                          items:
+                            properties:
+                              labelSelector:
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      type: string
+                                    type: object
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              namespaceSelector:
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      type: string
+                                    type: object
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              namespaces:
+                                items:
+                                  type: string
+                                type: array
+                              topologyKey:
+                                type: string
+                            required:
+                              - topologyKey
+                            type: object
+                          type: array
+                      type: object
+                    podAntiAffinity:
+                      properties:
+                        preferredDuringSchedulingIgnoredDuringExecution:
+                          items:
+                            properties:
+                              podAffinityTerm:
+                                properties:
+                                  labelSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaceSelector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  namespaces:
+                                    items:
+                                      type: string
+                                    type: array
+                                  topologyKey:
+                                    type: string
+                                required:
+                                  - topologyKey
+                                type: object
+                              weight:
+                                format: int32
+                                type: integer
+                            required:
+                              - podAffinityTerm
+                              - weight
+                            type: object
+                          type: array
+                        requiredDuringSchedulingIgnoredDuringExecution:
+                          items:
+                            properties:
+                              labelSelector:
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      type: string
+                                    type: object
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              namespaceSelector:
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        operator:
+                                          type: string
+                                        values:
+                                          items:
+                                            type: string
+                                          type: array
+                                      required:
+                                        - key
+                                        - operator
+                                      type: object
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      type: string
+                                    type: object
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              namespaces:
+                                items:
+                                  type: string
+                                type: array
+                              topologyKey:
+                                type: string
+                            required:
+                              - topologyKey
+                            type: object
+                          type: array
+                      type: object
+                  type: object
+                annotations:
+                  additionalProperties:
+                    type: string
+                  type: object
+                builtInAdapter:
+                  properties:
+                    env:
+                      items:
+                        properties:
+                          name:
+                            type: string
+                          value:
+                            type: string
+                          valueFrom:
+                            properties:
+                              configMapKeyRef:
+                                properties:
+                                  key:
+                                    type: string
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                required:
+                                  - key
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              fieldRef:
+                                properties:
+                                  apiVersion:
+                                    type: string
+                                  fieldPath:
+                                    type: string
+                                required:
+                                  - fieldPath
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              resourceFieldRef:
+                                properties:
+                                  containerName:
+                                    type: string
+                                  divisor:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  resource:
+                                    type: string
+                                required:
+                                  - resource
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              secretKeyRef:
+                                properties:
+                                  key:
+                                    type: string
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                required:
+                                  - key
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            type: object
+                        required:
+                          - name
+                        type: object
+                      type: array
+                    memBufferBytes:
+                      type: integer
+                    modelLoadingTimeoutMillis:
+                      type: integer
+                    runtimeManagementPort:
+                      type: integer
+                    serverType:
+                      type: string
+                  type: object
+                containers:
+                  items:
+                    properties:
+                      args:
+                        items:
+                          type: string
+                        type: array
+                      command:
+                        items:
+                          type: string
+                        type: array
+                      env:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                            value:
+                              type: string
+                            valueFrom:
+                              properties:
+                                configMapKeyRef:
+                                  properties:
+                                    key:
+                                      type: string
+                                    name:
+                                      type: string
+                                    optional:
+                                      type: boolean
+                                  required:
+                                    - key
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                fieldRef:
+                                  properties:
+                                    apiVersion:
+                                      type: string
+                                    fieldPath:
+                                      type: string
+                                  required:
+                                    - fieldPath
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                resourceFieldRef:
+                                  properties:
+                                    containerName:
+                                      type: string
+                                    divisor:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                      x-kubernetes-int-or-string: true
+                                    resource:
+                                      type: string
+                                  required:
+                                    - resource
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                secretKeyRef:
+                                  properties:
+                                    key:
+                                      type: string
+                                    name:
+                                      type: string
+                                    optional:
+                                      type: boolean
+                                  required:
+                                    - key
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              type: object
+                          required:
+                            - name
+                          type: object
+                        type: array
+                      envFrom:
+                        items:
+                          properties:
+                            configMapRef:
+                              properties:
+                                name:
+                                  type: string
+                                optional:
+                                  type: boolean
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            prefix:
+                              type: string
+                            secretRef:
+                              properties:
+                                name:
+                                  type: string
+                                optional:
+                                  type: boolean
+                              type: object
+                              x-kubernetes-map-type: atomic
+                          type: object
+                        type: array
+                      image:
+                        type: string
+                      imagePullPolicy:
+                        type: string
+                      lifecycle:
+                        properties:
+                          postStart:
+                            properties:
+                              exec:
+                                properties:
+                                  command:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              httpGet:
+                                properties:
+                                  host:
+                                    type: string
+                                  httpHeaders:
+                                    items:
+                                      properties:
+                                        name:
+                                          type: string
+                                        value:
+                                          type: string
+                                      required:
+                                        - name
+                                        - value
+                                      type: object
+                                    type: array
+                                  path:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                  scheme:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              tcpSocket:
+                                properties:
+                                  host:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                  - port
+                                type: object
+                            type: object
+                          preStop:
+                            properties:
+                              exec:
+                                properties:
+                                  command:
+                                    items:
+                                      type: string
+                                    type: array
+                                type: object
+                              httpGet:
+                                properties:
+                                  host:
+                                    type: string
+                                  httpHeaders:
+                                    items:
+                                      properties:
+                                        name:
+                                          type: string
+                                        value:
+                                          type: string
+                                      required:
+                                        - name
+                                        - value
+                                      type: object
+                                    type: array
+                                  path:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                  scheme:
+                                    type: string
+                                required:
+                                  - port
+                                type: object
+                              tcpSocket:
+                                properties:
+                                  host:
+                                    type: string
+                                  port:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                  - port
+                                type: object
+                            type: object
+                        type: object
+                      livenessProbe:
+                        properties:
+                          exec:
+                            properties:
+                              command:
+                                items:
+                                  type: string
+                                type: array
+                            type: object
+                          failureThreshold:
+                            format: int32
+                            type: integer
+                          grpc:
+                            properties:
+                              port:
+                                format: int32
+                                type: integer
+                              service:
+                                type: string
+                            required:
+                              - port
+                            type: object
+                          httpGet:
+                            properties:
+                              host:
+                                type: string
+                              httpHeaders:
+                                items:
+                                  properties:
+                                    name:
+                                      type: string
+                                    value:
+                                      type: string
+                                  required:
+                                    - name
+                                    - value
+                                  type: object
+                                type: array
+                              path:
+                                type: string
+                              port:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                x-kubernetes-int-or-string: true
+                              scheme:
+                                type: string
+                            required:
+                              - port
+                            type: object
+                          initialDelaySeconds:
+                            format: int32
+                            type: integer
+                          periodSeconds:
+                            format: int32
+                            type: integer
+                          successThreshold:
+                            format: int32
+                            type: integer
+                          tcpSocket:
+                            properties:
+                              host:
+                                type: string
+                              port:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                x-kubernetes-int-or-string: true
+                            required:
+                              - port
+                            type: object
+                          terminationGracePeriodSeconds:
+                            format: int64
+                            type: integer
+                          timeoutSeconds:
+                            format: int32
+                            type: integer
+                        type: object
+                      name:
+                        type: string
+                      ports:
+                        items:
+                          properties:
+                            containerPort:
+                              format: int32
+                              type: integer
+                            hostIP:
+                              type: string
+                            hostPort:
+                              format: int32
+                              type: integer
+                            name:
+                              type: string
+                            protocol:
+                              default: TCP
+                              type: string
+                          required:
+                            - containerPort
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                          - containerPort
+                          - protocol
+                        x-kubernetes-list-type: map
+                      readinessProbe:
+                        properties:
+                          exec:
+                            properties:
+                              command:
+                                items:
+                                  type: string
+                                type: array
+                            type: object
+                          failureThreshold:
+                            format: int32
+                            type: integer
+                          grpc:
+                            properties:
+                              port:
+                                format: int32
+                                type: integer
+                              service:
+                                type: string
+                            required:
+                              - port
+                            type: object
+                          httpGet:
+                            properties:
+                              host:
+                                type: string
+                              httpHeaders:
+                                items:
+                                  properties:
+                                    name:
+                                      type: string
+                                    value:
+                                      type: string
+                                  required:
+                                    - name
+                                    - value
+                                  type: object
+                                type: array
+                              path:
+                                type: string
+                              port:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                x-kubernetes-int-or-string: true
+                              scheme:
+                                type: string
+                            required:
+                              - port
+                            type: object
+                          initialDelaySeconds:
+                            format: int32
+                            type: integer
+                          periodSeconds:
+                            format: int32
+                            type: integer
+                          successThreshold:
+                            format: int32
+                            type: integer
+                          tcpSocket:
+                            properties:
+                              host:
+                                type: string
+                              port:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                x-kubernetes-int-or-string: true
+                            required:
+                              - port
+                            type: object
+                          terminationGracePeriodSeconds:
+                            format: int64
+                            type: integer
+                          timeoutSeconds:
+                            format: int32
+                            type: integer
+                        type: object
+                      resizePolicy:
+                        items:
+                          properties:
+                            resourceName:
+                              type: string
+                            restartPolicy:
+                              type: string
+                          required:
+                            - resourceName
+                            - restartPolicy
+                          type: object
+                        type: array
+                        x-kubernetes-list-type: atomic
+                      resources:
+                        properties:
+                          claims:
+                            items:
+                              properties:
+                                name:
+                                  type: string
+                              required:
+                                - name
+                              type: object
+                            type: array
+                            x-kubernetes-list-map-keys:
+                              - name
+                            x-kubernetes-list-type: map
+                          limits:
+                            additionalProperties:
+                              anyOf:
+                                - type: integer
+                                - type: string
+                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                              x-kubernetes-int-or-string: true
+                            type: object
+                          requests:
+                            additionalProperties:
+                              anyOf:
+                                - type: integer
+                                - type: string
+                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                              x-kubernetes-int-or-string: true
+                            type: object
+                        type: object
+                      restartPolicy:
+                        type: string
+                      securityContext:
+                        properties:
+                          allowPrivilegeEscalation:
+                            type: boolean
+                          capabilities:
+                            properties:
+                              add:
+                                items:
+                                  type: string
+                                type: array
+                              drop:
+                                items:
+                                  type: string
+                                type: array
+                            type: object
+                          privileged:
+                            type: boolean
+                          procMount:
+                            type: string
+                          readOnlyRootFilesystem:
+                            type: boolean
+                          runAsGroup:
+                            format: int64
+                            type: integer
+                          runAsNonRoot:
+                            type: boolean
+                          runAsUser:
+                            format: int64
+                            type: integer
+                          seLinuxOptions:
+                            properties:
+                              level:
+                                type: string
+                              role:
+                                type: string
+                              type:
+                                type: string
+                              user:
+                                type: string
+                            type: object
+                          seccompProfile:
+                            properties:
+                              localhostProfile:
+                                type: string
+                              type:
+                                type: string
+                            required:
+                              - type
+                            type: object
+                          windowsOptions:
+                            properties:
+                              gmsaCredentialSpec:
+                                type: string
+                              gmsaCredentialSpecName:
+                                type: string
+                              hostProcess:
+                                type: boolean
+                              runAsUserName:
+                                type: string
+                            type: object
+                        type: object
+                      startupProbe:
+                        properties:
+                          exec:
+                            properties:
+                              command:
+                                items:
+                                  type: string
+                                type: array
+                            type: object
+                          failureThreshold:
+                            format: int32
+                            type: integer
+                          grpc:
+                            properties:
+                              port:
+                                format: int32
+                                type: integer
+                              service:
+                                type: string
+                            required:
+                              - port
+                            type: object
+                          httpGet:
+                            properties:
+                              host:
+                                type: string
+                              httpHeaders:
+                                items:
+                                  properties:
+                                    name:
+                                      type: string
+                                    value:
+                                      type: string
+                                  required:
+                                    - name
+                                    - value
+                                  type: object
+                                type: array
+                              path:
+                                type: string
+                              port:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                x-kubernetes-int-or-string: true
+                              scheme:
+                                type: string
+                            required:
+                              - port
+                            type: object
+                          initialDelaySeconds:
+                            format: int32
+                            type: integer
+                          periodSeconds:
+                            format: int32
+                            type: integer
+                          successThreshold:
+                            format: int32
+                            type: integer
+                          tcpSocket:
+                            properties:
+                              host:
+                                type: string
+                              port:
+                                anyOf:
+                                  - type: integer
+                                  - type: string
+                                x-kubernetes-int-or-string: true
+                            required:
+                              - port
+                            type: object
+                          terminationGracePeriodSeconds:
+                            format: int64
+                            type: integer
+                          timeoutSeconds:
+                            format: int32
+                            type: integer
+                        type: object
+                      stdin:
+                        type: boolean
+                      stdinOnce:
+                        type: boolean
+                      terminationMessagePath:
+                        type: string
+                      terminationMessagePolicy:
+                        type: string
+                      tty:
+                        type: boolean
+                      volumeDevices:
+                        items:
+                          properties:
+                            devicePath:
+                              type: string
+                            name:
+                              type: string
+                          required:
+                            - devicePath
+                            - name
+                          type: object
+                        type: array
+                      volumeMounts:
+                        items:
+                          properties:
+                            mountPath:
+                              type: string
+                            mountPropagation:
+                              type: string
+                            name:
+                              type: string
+                            readOnly:
+                              type: boolean
+                            subPath:
+                              type: string
+                            subPathExpr:
+                              type: string
+                          required:
+                            - mountPath
+                            - name
+                          type: object
+                        type: array
+                      workingDir:
+                        type: string
+                    required:
+                      - name
+                    type: object
+                  type: array
+                disabled:
+                  type: boolean
+                grpcDataEndpoint:
+                  type: string
+                grpcEndpoint:
+                  type: string
+                httpDataEndpoint:
+                  type: string
+                imagePullSecrets:
+                  items:
+                    properties:
+                      name:
+                        type: string
+                    type: object
+                    x-kubernetes-map-type: atomic
+                  type: array
+                labels:
+                  additionalProperties:
+                    type: string
+                  type: object
+                multiModel:
+                  type: boolean
+                nodeSelector:
+                  additionalProperties:
+                    type: string
+                  type: object
+                protocolVersions:
+                  items:
+                    type: string
+                  type: array
+                replicas:
+                  type: integer
+                storageHelper:
+                  properties:
+                    disabled:
+                      type: boolean
+                  type: object
+                supportedModelFormats:
+                  items:
+                    properties:
+                      autoSelect:
+                        type: boolean
+                      name:
+                        type: string
+                      priority:
+                        format: int32
+                        minimum: 1
+                        type: integer
+                      version:
+                        type: string
+                    required:
+                      - name
+                    type: object
+                  type: array
+                tolerations:
+                  items:
+                    properties:
+                      effect:
+                        type: string
+                      key:
+                        type: string
+                      operator:
+                        type: string
+                      tolerationSeconds:
+                        format: int64
+                        type: integer
+                      value:
+                        type: string
+                    type: object
+                  type: array
+                volumes:
+                  items:
+                    properties:
+                      awsElasticBlockStore:
+                        properties:
+                          fsType:
+                            type: string
+                          partition:
+                            format: int32
+                            type: integer
+                          readOnly:
+                            type: boolean
+                          volumeID:
+                            type: string
+                        required:
+                          - volumeID
+                        type: object
+                      azureDisk:
+                        properties:
+                          cachingMode:
+                            type: string
+                          diskName:
+                            type: string
+                          diskURI:
+                            type: string
+                          fsType:
+                            type: string
+                          kind:
+                            type: string
+                          readOnly:
+                            type: boolean
+                        required:
+                          - diskName
+                          - diskURI
+                        type: object
+                      azureFile:
+                        properties:
+                          readOnly:
+                            type: boolean
+                          secretName:
+                            type: string
+                          shareName:
+                            type: string
+                        required:
+                          - secretName
+                          - shareName
+                        type: object
+                      cephfs:
+                        properties:
+                          monitors:
+                            items:
+                              type: string
+                            type: array
+                          path:
+                            type: string
+                          readOnly:
+                            type: boolean
+                          secretFile:
+                            type: string
+                          secretRef:
+                            properties:
+                              name:
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          user:
+                            type: string
+                        required:
+                          - monitors
+                        type: object
+                      cinder:
+                        properties:
+                          fsType:
+                            type: string
+                          readOnly:
+                            type: boolean
+                          secretRef:
+                            properties:
+                              name:
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          volumeID:
+                            type: string
+                        required:
+                          - volumeID
+                        type: object
+                      configMap:
+                        properties:
+                          defaultMode:
+                            format: int32
+                            type: integer
+                          items:
+                            items:
+                              properties:
+                                key:
+                                  type: string
+                                mode:
+                                  format: int32
+                                  type: integer
+                                path:
+                                  type: string
+                              required:
+                                - key
+                                - path
+                              type: object
+                            type: array
+                          name:
+                            type: string
+                          optional:
+                            type: boolean
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      csi:
+                        properties:
+                          driver:
+                            type: string
+                          fsType:
+                            type: string
+                          nodePublishSecretRef:
+                            properties:
+                              name:
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          readOnly:
+                            type: boolean
+                          volumeAttributes:
+                            additionalProperties:
+                              type: string
+                            type: object
+                        required:
+                          - driver
+                        type: object
+                      downwardAPI:
+                        properties:
+                          defaultMode:
+                            format: int32
+                            type: integer
+                          items:
+                            items:
+                              properties:
+                                fieldRef:
+                                  properties:
+                                    apiVersion:
+                                      type: string
+                                    fieldPath:
+                                      type: string
+                                  required:
+                                    - fieldPath
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                mode:
+                                  format: int32
+                                  type: integer
+                                path:
+                                  type: string
+                                resourceFieldRef:
+                                  properties:
+                                    containerName:
+                                      type: string
+                                    divisor:
+                                      anyOf:
+                                        - type: integer
+                                        - type: string
+                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                      x-kubernetes-int-or-string: true
+                                    resource:
+                                      type: string
+                                  required:
+                                    - resource
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              required:
+                                - path
+                              type: object
+                            type: array
+                        type: object
+                      emptyDir:
+                        properties:
+                          medium:
+                            type: string
+                          sizeLimit:
+                            anyOf:
+                              - type: integer
+                              - type: string
+                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                            x-kubernetes-int-or-string: true
+                        type: object
+                      ephemeral:
+                        properties:
+                          volumeClaimTemplate:
+                            properties:
+                              metadata:
+                                type: object
+                              spec:
+                                properties:
+                                  accessModes:
+                                    items:
+                                      type: string
+                                    type: array
+                                  dataSource:
+                                    properties:
+                                      apiGroup:
+                                        type: string
+                                      kind:
+                                        type: string
+                                      name:
+                                        type: string
+                                    required:
+                                      - kind
+                                      - name
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  dataSourceRef:
+                                    properties:
+                                      apiGroup:
+                                        type: string
+                                      kind:
+                                        type: string
+                                      name:
+                                        type: string
+                                      namespace:
+                                        type: string
+                                    required:
+                                      - kind
+                                      - name
+                                    type: object
+                                  resources:
+                                    properties:
+                                      claims:
+                                        items:
+                                          properties:
+                                            name:
+                                              type: string
+                                          required:
+                                            - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - name
+                                        x-kubernetes-list-type: map
+                                      limits:
+                                        additionalProperties:
+                                          anyOf:
+                                            - type: integer
+                                            - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        type: object
+                                      requests:
+                                        additionalProperties:
+                                          anyOf:
+                                            - type: integer
+                                            - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        type: object
+                                    type: object
+                                  selector:
+                                    properties:
+                                      matchExpressions:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            operator:
+                                              type: string
+                                            values:
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                            - key
+                                            - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  storageClassName:
+                                    type: string
+                                  volumeMode:
+                                    type: string
+                                  volumeName:
+                                    type: string
+                                type: object
+                            required:
+                              - spec
+                            type: object
+                        type: object
+                      fc:
+                        properties:
+                          fsType:
+                            type: string
+                          lun:
+                            format: int32
+                            type: integer
+                          readOnly:
+                            type: boolean
+                          targetWWNs:
+                            items:
+                              type: string
+                            type: array
+                          wwids:
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      flexVolume:
+                        properties:
+                          driver:
+                            type: string
+                          fsType:
+                            type: string
+                          options:
+                            additionalProperties:
+                              type: string
+                            type: object
+                          readOnly:
+                            type: boolean
+                          secretRef:
+                            properties:
+                              name:
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                        required:
+                          - driver
+                        type: object
+                      flocker:
+                        properties:
+                          datasetName:
+                            type: string
+                          datasetUUID:
+                            type: string
+                        type: object
+                      gcePersistentDisk:
+                        properties:
+                          fsType:
+                            type: string
+                          partition:
+                            format: int32
+                            type: integer
+                          pdName:
+                            type: string
+                          readOnly:
+                            type: boolean
+                        required:
+                          - pdName
+                        type: object
+                      gitRepo:
+                        properties:
+                          directory:
+                            type: string
+                          repository:
+                            type: string
+                          revision:
+                            type: string
+                        required:
+                          - repository
+                        type: object
+                      glusterfs:
+                        properties:
+                          endpoints:
+                            type: string
+                          path:
+                            type: string
+                          readOnly:
+                            type: boolean
+                        required:
+                          - endpoints
+                          - path
+                        type: object
+                      hostPath:
+                        properties:
+                          path:
+                            type: string
+                          type:
+                            type: string
+                        required:
+                          - path
+                        type: object
+                      iscsi:
+                        properties:
+                          chapAuthDiscovery:
+                            type: boolean
+                          chapAuthSession:
+                            type: boolean
+                          fsType:
+                            type: string
+                          initiatorName:
+                            type: string
+                          iqn:
+                            type: string
+                          iscsiInterface:
+                            type: string
+                          lun:
+                            format: int32
+                            type: integer
+                          portals:
+                            items:
+                              type: string
+                            type: array
+                          readOnly:
+                            type: boolean
+                          secretRef:
+                            properties:
+                              name:
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          targetPortal:
+                            type: string
+                        required:
+                          - iqn
+                          - lun
+                          - targetPortal
+                        type: object
+                      name:
+                        type: string
+                      nfs:
+                        properties:
+                          path:
+                            type: string
+                          readOnly:
+                            type: boolean
+                          server:
+                            type: string
+                        required:
+                          - path
+                          - server
+                        type: object
+                      persistentVolumeClaim:
+                        properties:
+                          claimName:
+                            type: string
+                          readOnly:
+                            type: boolean
+                        required:
+                          - claimName
+                        type: object
+                      photonPersistentDisk:
+                        properties:
+                          fsType:
+                            type: string
+                          pdID:
+                            type: string
+                        required:
+                          - pdID
+                        type: object
+                      portworxVolume:
+                        properties:
+                          fsType:
+                            type: string
+                          readOnly:
+                            type: boolean
+                          volumeID:
+                            type: string
+                        required:
+                          - volumeID
+                        type: object
+                      projected:
+                        properties:
+                          defaultMode:
+                            format: int32
+                            type: integer
+                          sources:
+                            items:
+                              properties:
+                                configMap:
+                                  properties:
+                                    items:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          mode:
+                                            format: int32
+                                            type: integer
+                                          path:
+                                            type: string
+                                        required:
+                                          - key
+                                          - path
+                                        type: object
+                                      type: array
+                                    name:
+                                      type: string
+                                    optional:
+                                      type: boolean
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                downwardAPI:
+                                  properties:
+                                    items:
+                                      items:
+                                        properties:
+                                          fieldRef:
+                                            properties:
+                                              apiVersion:
+                                                type: string
+                                              fieldPath:
+                                                type: string
+                                            required:
+                                              - fieldPath
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          mode:
+                                            format: int32
+                                            type: integer
+                                          path:
+                                            type: string
+                                          resourceFieldRef:
+                                            properties:
+                                              containerName:
+                                                type: string
+                                              divisor:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              resource:
+                                                type: string
+                                            required:
+                                              - resource
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                        required:
+                                          - path
+                                        type: object
+                                      type: array
+                                  type: object
+                                secret:
+                                  properties:
+                                    items:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          mode:
+                                            format: int32
+                                            type: integer
+                                          path:
+                                            type: string
+                                        required:
+                                          - key
+                                          - path
+                                        type: object
+                                      type: array
+                                    name:
+                                      type: string
+                                    optional:
+                                      type: boolean
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                serviceAccountToken:
+                                  properties:
+                                    audience:
+                                      type: string
+                                    expirationSeconds:
+                                      format: int64
+                                      type: integer
+                                    path:
+                                      type: string
+                                  required:
+                                    - path
+                                  type: object
+                              type: object
+                            type: array
+                        type: object
+                      quobyte:
+                        properties:
+                          group:
+                            type: string
+                          readOnly:
+                            type: boolean
+                          registry:
+                            type: string
+                          tenant:
+                            type: string
+                          user:
+                            type: string
+                          volume:
+                            type: string
+                        required:
+                          - registry
+                          - volume
+                        type: object
+                      rbd:
+                        properties:
+                          fsType:
+                            type: string
+                          image:
+                            type: string
+                          keyring:
+                            type: string
+                          monitors:
+                            items:
+                              type: string
+                            type: array
+                          pool:
+                            type: string
+                          readOnly:
+                            type: boolean
+                          secretRef:
+                            properties:
+                              name:
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          user:
+                            type: string
+                        required:
+                          - image
+                          - monitors
+                        type: object
+                      scaleIO:
+                        properties:
+                          fsType:
+                            type: string
+                          gateway:
+                            type: string
+                          protectionDomain:
+                            type: string
+                          readOnly:
+                            type: boolean
+                          secretRef:
+                            properties:
+                              name:
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          sslEnabled:
+                            type: boolean
+                          storageMode:
+                            type: string
+                          storagePool:
+                            type: string
+                          system:
+                            type: string
+                          volumeName:
+                            type: string
+                        required:
+                          - gateway
+                          - secretRef
+                          - system
+                        type: object
+                      secret:
+                        properties:
+                          defaultMode:
+                            format: int32
+                            type: integer
+                          items:
+                            items:
+                              properties:
+                                key:
+                                  type: string
+                                mode:
+                                  format: int32
+                                  type: integer
+                                path:
+                                  type: string
+                              required:
+                                - key
+                                - path
+                              type: object
+                            type: array
+                          optional:
+                            type: boolean
+                          secretName:
+                            type: string
+                        type: object
+                      storageos:
+                        properties:
+                          fsType:
+                            type: string
+                          readOnly:
+                            type: boolean
+                          secretRef:
+                            properties:
+                              name:
+                                type: string
+                            type: object
+                            x-kubernetes-map-type: atomic
+                          volumeName:
+                            type: string
+                          volumeNamespace:
+                            type: string
+                        type: object
+                      vsphereVolume:
+                        properties:
+                          fsType:
+                            type: string
+                          storagePolicyID:
+                            type: string
+                          storagePolicyName:
+                            type: string
+                          volumePath:
+                            type: string
+                        required:
+                          - volumePath
+                        type: object
+                    required:
+                      - name
+                    type: object
+                  type: array
+              required:
+                - containers
+              type: object
+            status:
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.12.0
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+  name: trainedmodels.serving.kserve.io
+spec:
+  group: serving.kserve.io
+  names:
+    kind: TrainedModel
+    listKind: TrainedModelList
+    plural: trainedmodels
+    shortNames:
+      - tm
+    singular: trainedmodel
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.url
+          name: URL
+          type: string
+        - jsonPath: .status.conditions[?(@.type=='Ready')].status
+          name: Ready
+          type: string
+        - jsonPath: .metadata.creationTimestamp
+          name: Age
+          type: date
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          properties:
+            apiVersion:
+              type: string
+            kind:
+              type: string
+            metadata:
+              type: object
+            spec:
+              properties:
+                inferenceService:
+                  type: string
+                model:
+                  properties:
+                    framework:
+                      type: string
+                    memory:
+                      anyOf:
+                        - type: integer
+                        - type: string
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
+                    storageUri:
+                      type: string
+                  required:
+                    - framework
+                    - memory
+                    - storageUri
+                  type: object
+              required:
+                - inferenceService
+                - model
+              type: object
+            status:
+              properties:
+                address:
+                  properties:
+                    CACerts:
+                      type: string
+                    audience:
+                      type: string
+                    name:
+                      type: string
+                    url:
+                      type: string
+                  type: object
+                annotations:
+                  additionalProperties:
+                    type: string
+                  type: object
+                conditions:
+                  items:
+                    properties:
+                      lastTransitionTime:
+                        type: string
+                      message:
+                        type: string
+                      reason:
+                        type: string
+                      severity:
+                        type: string
+                      status:
+                        type: string
+                      type:
+                        type: string
+                    required:
+                      - status
+                      - type
+                    type: object
+                  type: array
+                observedGeneration:
+                  format: int64
+                  type: integer
+                url:
+                  type: string
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: kserve
+    app.kubernetes.io/instance: kserve-controller-manager
+    app.kubernetes.io/managed-by: kserve-controller-manager
+    app.kubernetes.io/name: kserve
+  name: kserve-controller-manager
+  namespace: kubeflow
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+  name: kserve-leader-election-role
+  namespace: kubeflow
+rules:
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - create
+      - get
+      - list
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps/status
+    verbs:
+      - get
+      - update
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+  name: kserve-manager-role
+rules:
+  - apiGroups:
+      - admissionregistration.k8s.io
+    resources:
+      - mutatingwebhookconfigurations
+      - validatingwebhookconfigurations
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - apps
+    resources:
+      - deployments
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - autoscaling
+    resources:
+      - horizontalpodautoscalers
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - create
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - create
+      - delete
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - serviceaccounts
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - networking.istio.io
+    resources:
+      - virtualservices
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - networking.istio.io
+    resources:
+      - virtualservices/finalizers
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - networking.istio.io
+    resources:
+      - virtualservices/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - serving.knative.dev
+    resources:
+      - services
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - serving.knative.dev
+    resources:
+      - services/finalizers
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - serving.knative.dev
+    resources:
+      - services/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - serving.kserve.io
+    resources:
+      - clusterservingruntimes
+      - clusterservingruntimes/finalizers
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - serving.kserve.io
+    resources:
+      - clusterservingruntimes/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - serving.kserve.io
+    resources:
+      - clusterstoragecontainers
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - serving.kserve.io
+    resources:
+      - inferencegraphs
+      - inferencegraphs/finalizers
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - serving.kserve.io
+    resources:
+      - inferencegraphs/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - serving.kserve.io
+    resources:
+      - inferenceservices
+      - inferenceservices/finalizers
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - serving.kserve.io
+    resources:
+      - inferenceservices/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - serving.kserve.io
+    resources:
+      - servingruntimes
+      - servingruntimes/finalizers
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - serving.kserve.io
+    resources:
+      - servingruntimes/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - serving.kserve.io
+    resources:
+      - trainedmodels
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - serving.kserve.io
+    resources:
+      - trainedmodels/status
+    verbs:
+      - get
+      - patch
+      - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+  name: kserve-proxy-role
+rules:
+  - apiGroups:
+      - authentication.k8s.io
+    resources:
+      - tokenreviews
+    verbs:
+      - create
+  - apiGroups:
+      - authorization.k8s.io
+    resources:
+      - subjectaccessreviews
+    verbs:
+      - create
+---
+aggregationRule:
+  clusterRoleSelectors:
+    - matchLabels:
+        rbac.authorization.kubeflow.org/aggregate-to-kubeflow-kserve-admin: "true"
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+    rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true"
+  name: kubeflow-kserve-admin
+rules: []
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+    rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true"
+    rbac.authorization.kubeflow.org/aggregate-to-kubeflow-kserve-admin: "true"
+  name: kubeflow-kserve-edit
+rules:
+  - apiGroups:
+      - serving.kserve.io
+    resources:
+      - inferenceservices
+      - servingruntimes
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - delete
+      - deletecollection
+      - patch
+      - update
+  - apiGroups:
+      - serving.knative.dev
+    resources:
+      - services
+      - services/status
+      - routes
+      - routes/status
+      - configurations
+      - configurations/status
+      - revisions
+      - revisions/status
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - delete
+      - deletecollection
+      - patch
+      - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+    rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true"
+  name: kubeflow-kserve-view
+rules:
+  - apiGroups:
+      - serving.kserve.io
+    resources:
+      - inferenceservices
+      - servingruntimes
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - serving.knative.dev
+    resources:
+      - services
+      - services/status
+      - routes
+      - routes/status
+      - configurations
+      - configurations/status
+      - revisions
+      - revisions/status
+    verbs:
+      - get
+      - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+  name: kserve-leader-election-rolebinding
+  namespace: kubeflow
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: kserve-leader-election-role
+subjects:
+  - kind: ServiceAccount
+    name: kserve-controller-manager
+    namespace: kubeflow
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+  name: kserve-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kserve-manager-role
+subjects:
+  - kind: ServiceAccount
+    name: kserve-controller-manager
+    namespace: kubeflow
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+  name: kserve-proxy-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kserve-proxy-role
+subjects:
+  - kind: ServiceAccount
+    name: kserve-controller-manager
+    namespace: kubeflow
+---
+apiVersion: v1
+data:
+  _example: "################################\n#                              #\n#    EXAMPLE CONFIGURATION     #\n#                              #\n################################\n\n# This block is not actually functional configuration,\n# but serves to illustrate the available configuration\n# options and document them in a way that is accessible\n# to users that `kubectl edit` this config map.\n#\n# These sample configuration options may be copied out of\n# this example block and unindented to be in the data block\n# to actually change the configuration.\n\n# ====================================== EXPLAINERS CONFIGURATION ======================================\n# Example\nexplainers: |-\n  {\n      \"art\": {\n          \"image\" : \"kserve/art-explainer\",\n          \"defaultImageVersion\": \"latest\"\n      }\n  }\n# Art Explainer runtime configuration\n explainers: |-\n   {\n       # Art explainer runtime configuration\n       \"art\": {\n           # image contains the default Art explainer serving runtime image uri.\n           \"image\" : \"kserve/art-explainer\",\n   \n           # defautltImageVersion contains the Art explainer serving runtime default image version.\n           \"defaultImageVersion\": \"latest\"\n       }\n   }\n \n # ====================================== STORAGE INITIALIZER CONFIGURATION ======================================\n # Example\n storageInitializer: |-\n   {\n       \"image\" : \"kserve/storage-initializer:v0.13.0\",\n       \"memoryRequest\": \"100Mi\",\n       \"memoryLimit\": \"1Gi\",\n       \"cpuRequest\": \"100m\",\n       \"cpuLimit\": \"1\",\n       \"caBundleConfigMapName\": \"\",\n       \"caBundleVolumeMountPath\": \"/etc/ssl/custom-certs\",\n       \"enableDirectPvcVolumeMount\": false,\n       \"enableModelcar\": false,\n       \"cpuModelcar\": \"10m\",\n       \"memoryModelcar\": \"15Mi\"\n   }\n storageInitializer: |-\n   {\n       # image contains the default storage initializer image uri.\n       \"image\" : \"kserve/storage-initializer:v0.13.0\",\n       \n       # memoryRequest is the requests.memory to set for the storage initializer init container.\n       \"memoryRequest\": \"100Mi\",\n   \n        # memoryLimit is the limits.memory to set for the storage initializer init container.\n       \"memoryLimit\": \"1Gi\",\n       \n       # cpuRequest is the requests.cpu to set for the storage initializer init container.\n       \"cpuRequest\": \"100m\",\n       \n       # cpuLimit is the limits.cpu to set for the storage initializer init container.\n       \"cpuLimit\": \"1\",\n   \n       # caBundleConfigMapName is the ConfigMap will be copied to a user namespace for the storage initializer init container.\n       \"caBundleConfigMapName\": \"\",\n\n       # caBundleVolumeMountPath is the mount point for the configmap set by caBundleConfigMapName for the storage initializer init container.\n       \"caBundleVolumeMountPath\": \"/etc/ssl/custom-certs\",\n\n       # enableDirectPvcVolumeMount controls whether users can mount pvc volumes directly.\n       # if pvc volume is provided in storageuri then the pvc volume is directly mounted to /mnt/models in the user container.\n       # rather than symlink it to a shared volume. For more info see https://github.com/kserve/kserve/issues/2737\n       \"enableDirectPvcVolumeMount\": true,\n\n       # enableModelcar enabled allows you to directly access an OCI container image by\n       # using a source URL with an \"oci://\" schema.\n       \"enableModelcar\": false,\n\n       # cpuModelcar is the cpu request and limit that is used for the passive modelcar container. It can be\n       # set very low, but should be allowed by any Kubernetes LimitRange that might apply.\n       \"cpuModelcar\": \"10m\",\n\n       # cpuModelcar is the memory request and limit that is used for the passive modelcar container. It can be\n       # set very low, but should be allowed by any Kubernetes LimitRange that might apply.\n       \"memoryModelcar\": \"15Mi\",\n\n       # uidModelcar is the UID under with which the modelcar process and the main container is running.\n       # Some Kubernetes clusters might require this to be root (0). If not set the user id is left untouched (default)\n       \"uidModelcar\": 10\n   }\n \n # ====================================== CREDENTIALS ======================================\n # Example\n credentials: |-\n   {\n      \"storageSpecSecretName\": \"storage-config\",\n      \"storageSecretNameAnnotation\": \"serving.kserve.io/storageSecretName\",\n      \"gcs\": {\n          \"gcsCredentialFileName\": \"gcloud-application-credentials.json\"\n      },\n      \"s3\": {\n          \"s3AccessKeyIDName\": \"AWS_ACCESS_KEY_ID\",\n          \"s3SecretAccessKeyName\": \"AWS_SECRET_ACCESS_KEY\",\n          \"s3Endpoint\": \"\",\n          \"s3UseHttps\": \"\",\n          \"s3Region\": \"\",\n          \"s3VerifySSL\": \"\",\n          \"s3UseVirtualBucket\": \"\",\n          \"s3UseAccelerate\": \"\",\n          \"s3UseAnonymousCredential\": \"\",\n          \"s3CABundle\": \"\"\n      }\n   }\n # This is a global configuration used for downloading models from the cloud storage.\n # You can override this configuration by specifying the annotations on service account or static secret.\n # https://kserve.github.io/website/master/modelserving/storage/s3/s3/\n # For a quick reference about AWS ENV variables:\n # AWS Cli: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html\n # Boto: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html#using-environment-variables\n #\n # The `s3AccessKeyIDName` and `s3SecretAccessKeyName` fields are only used from this configmap when static credentials (IAM User Access Key Secret)\n # are used as the authentication method for AWS S3.\n # The rest of the fields are used in both authentication methods (IAM Role for Service Account & IAM User Access Key Secret) if a non-empty value is provided.\n credentials: |-\n   {\n      # storageSpecSecretName contains the secret name which has the credentials for downloading the model.\n      # This option is used when specifying the storage spec on isvc yaml.\n      \"storageSpecSecretName\": \"storage-config\",\n\n      # The annotation can be specified on isvc yaml to allow overriding with the secret name reference from the annotation value.\n      # When using storageUri the order of the precedence is: secret name reference annotation > secret name references from service account\n      # When using storageSpec the order of the precedence is: secret name reference annotation > storageSpecSecretName in configmap\n\n      # Configuration for google cloud storage\n      \"gcs\": {\n          # gcsCredentialFileName specifies the filename of the gcs credential\n          \"gcsCredentialFileName\": \"gcloud-application-credentials.json\"\n      },\n      \n      # Configuration for aws s3 storage. This add the corresponding environmental variables to the storage initializer init container.\n      # For more info on s3 storage see https://kserve.github.io/website/master/modelserving/storage/s3/s3/\n      \"s3\": {\n          # s3AccessKeyIDName specifies the s3 access key id name\n          \"s3AccessKeyIDName\": \"AWS_ACCESS_KEY_ID\",\n   \n          # s3SecretAccessKeyName specifies the s3 secret access key name\n          \"s3SecretAccessKeyName\": \"AWS_SECRET_ACCESS_KEY\",\n          \n          # s3Endpoint specifies the s3 endpoint\n          \"s3Endpoint\": \"\",\n          \n          # s3UseHttps controls whether to use secure https or unsecure http to download models.\n          # Allowed values are 0 and 1.\n          \"s3UseHttps\": \"\",\n   \n          # s3Region specifies the region of the bucket.\n          \"s3Region\": \"\",\n          \n          # s3VerifySSL controls whether to verify the tls/ssl certificate.\n          \"s3VerifySSL\": \"\",\n          \n          # s3UseVirtualBucket configures whether it is a virtual bucket or not.\n          \"s3UseVirtualBucket\": \"\",\n\n          # s3UseAccelerate configures whether to use transfer acceleration.\n          \"s3UseAccelerate\": \"\",\n           \n          # s3UseAnonymousCredential configures whether to use anonymous credentials to download the model or not.\n          \"s3UseAnonymousCredential\": \"\",\n          \n          # s3CABundle specifies the path to a certificate bundle to use for HTTPS certificate validation.\n          \"s3CABundle\": \"\"\n      }\n   }\n \n # ====================================== INGRESS CONFIGURATION ======================================\n # Example\n ingress: |-\n   {\n       \"ingressGateway\" : \"knative-serving/knative-ingress-gateway\",\n       \"ingressService\" : \"istio-ingressgateway.istio-system.svc.cluster.local\",\n       \"localGateway\" : \"knative-serving/knative-local-gateway\",\n       \"localGatewayService\" : \"knative-local-gateway.istio-system.svc.cluster.local\",\n       \"ingressDomain\"  : \"example.com\",\n       \"additionalIngressDomains\": [\"additional-example.com\", \"additional-example-1.com\"],\n       \"ingressClassName\" : \"istio\",\n       \"domainTemplate\": \"{{ .Name }}-{{ .Namespace }}.{{ .IngressDomain }}\",\n       \"urlScheme\": \"http\",\n       \"disableIstioVirtualHost\": false,\n       \"disableIngressCreation\": false\n   }\n ingress: |-\n   {\n       # ingressGateway specifies the ingress gateway to serve external traffic.\n       # The gateway should be specified in format <gateway namespace>/<gateway name>\n       # NOTE: This configuration only applicable for serverless deployment with Istio configured as network layer.\n       \"ingressGateway\" : \"knative-serving/knative-ingress-gateway\",\n \n       # ingressService specifies the hostname of the ingress service.\n       # NOTE: This configuration only applicable for serverless deployment with Istio configured as network layer.\n       \"ingressService\" : \"istio-ingressgateway.istio-system.svc.cluster.local\",\n \n       # localGateway specifies the gateway which handles the network traffic within the cluster.\n       # NOTE: This configuration only applicable for serverless deployment with Istio configured as network layer.\n       \"localGateway\" : \"knative-serving/knative-local-gateway\",\n \n       # localGatewayService specifies the hostname of the local gateway service.\n       # NOTE: This configuration only applicable for serverless deployment with Istio configured as network layer.\n       \"localGatewayService\" : \"knative-local-gateway.istio-system.svc.cluster.local\",\n \n       # ingressDomain specifies the domain name which is used for creating the url.\n       # If ingressDomain is empty then example.com is used as default domain.\n       # NOTE: This configuration only applicable for raw deployment.\n       \"ingressDomain\"  : \"example.com\",\n\n       # additionalIngressDomains specifies the additional domain names which are used for creating the url.\n       \"additionalIngressDomains\": [\"additional-example.com\", \"additional-example-1.com\"]\n\n       # ingressClassName specifies the ingress controller to use for ingress traffic.\n       # This is optional and if omitted the default ingress in the cluster is used.\n       # https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class\n       # NOTE: This configuration only applicable for raw deployment.\n       \"ingressClassName\" : \"istio\",\n \n       # domainTemplate specifies the template for generating domain/url for each inference service by combining variable from:\n       # Name of the inference service  ( {{ .Name}} )\n       # Namespace of the inference service ( {{ .Namespace }} )\n       # Annotation of the inference service ( {{ .Annotations.key }} )\n       # Label of the inference service ( {{ .Labels.key }} )\n       # IngressDomain ( {{ .IngressDomain }} )\n       # If domain template is empty the default template {{ .Name }}-{{ .Namespace }}.{{ .IngressDomain }} is used.\n       # NOTE: This configuration only applicable for raw deployment.\n       \"domainTemplate\": \"{{ .Name }}-{{ .Namespace }}.{{ .IngressDomain }}\",\n \n       # urlScheme specifies the url scheme to use for inference service and inference graph.\n       # If urlScheme is empty then by default http is used.\n       \"urlScheme\": \"http\",\n \n       # disableIstioVirtualHost controls whether to use istio as network layer.\n       # By default istio is used as the network layer. When DisableIstioVirtualHost is true, KServe does not\n       # create the top level virtual service thus Istio is no longer required for serverless mode.\n       # By setting this field to true, user can use other networking layers supported by knative.\n       # For more info https://github.com/kserve/kserve/pull/2380, https://kserve.github.io/website/master/admin/serverless/kourier_networking/.\n       # NOTE: This configuration is only applicable to serverless deployment.\n       \"disableIstioVirtualHost\": false,\n\n       # disableIngressCreation controls whether to disable ingress creation for raw deployment mode.\n       \"disableIngressCreation\": false,\n \n       # pathTemplate specifies the template for generating path based url for each inference service.\n       # The following variables can be used in the template for generating url.\n       # Name of the inference service  ( {{ .Name}} )\n       # Namespace of the inference service ( {{ .Namespace }} )\n       # For more info https://github.com/kserve/kserve/issues/2257.\n       # NOTE: This configuration only applicable to serverless deployment.\n       \"pathTemplate\": \"/serving/{{ .Namespace }}/{{ .Name }}\"\n   }\n \n # ====================================== LOGGER CONFIGURATION ======================================\n # Example\n logger: |-\n   {\n       \"image\" : \"kserve/agent:v0.13.0\",\n       \"memoryRequest\": \"100Mi\",\n       \"memoryLimit\": \"1Gi\",\n       \"cpuRequest\": \"100m\",\n       \"cpuLimit\": \"1\",\n       \"defaultUrl\": \"http://default-broker\"\n   }\n logger: |-\n   {\n       # image contains the default logger image uri.\n       \"image\" : \"kserve/agent:v0.13.0\",\n   \n       # memoryRequest is the requests.memory to set for the logger container.\n       \"memoryRequest\": \"100Mi\",\n       \n       # memoryLimit is the limits.memory to set for the logger container.\n       \"memoryLimit\": \"1Gi\",\n       \n       # cpuRequest is the requests.cpu to set for the logger container.\n       \"cpuRequest\": \"100m\",\n       \n       # cpuLimit is the limits.cpu to set for the logger container.\n       \"cpuLimit\": \"1\",\n       \n       # defaultUrl specifies the default logger url. If logger is not specified in the resource this url is used.\n       \"defaultUrl\": \"http://default-broker\"\n   }\n \n # ====================================== BATCHER CONFIGURATION ======================================\n # Example\n batcher: |-\n   {\n       \"image\" : \"kserve/agent:v0.13.0\",\n       \"memoryRequest\": \"1Gi\",\n       \"memoryLimit\": \"1Gi\",\n       \"cpuRequest\": \"1\",\n       \"cpuLimit\": \"1\",\n       \"maxBatchSize\": \"32\",\n       \"maxLatency\": \"5000\"\n   }\n batcher: |-\n   {\n       # image contains the default batcher image uri.\n       \"image\" : \"kserve/agent:v0.13.0\",\n       \n       # memoryRequest is the requests.memory to set for the batcher container.\n       \"memoryRequest\": \"1Gi\",\n   \n       # memoryLimit is the limits.memory to set for the batcher container.\n       \"memoryLimit\": \"1Gi\",\n       \n       # cpuRequest is the requests.cpu to set for the batcher container.\n       \"cpuRequest\": \"1\",\n       \n       # cpuLimit is the limits.cpu to set for the batcher container.\n       \"cpuLimit\": \"1\"\n\n       # maxBatchSize is the default maximum batch size for batcher.\n       \"maxBatchSize\": \"32\",\n\n       # maxLatency is the default maximum latency in milliseconds for batcher to wait and collect the batch.\n       \"maxLatency\": \"5000\"\n   }\n \n # ====================================== AGENT CONFIGURATION ======================================\n # Example\n agent: |-\n   {\n       \"image\" : \"kserve/agent:v0.13.0\",\n       \"memoryRequest\": \"100Mi\",\n       \"memoryLimit\": \"1Gi\",\n       \"cpuRequest\": \"100m\",\n       \"cpuLimit\": \"1\"\n   }\n agent: |-\n   {\n       # image contains the default agent image uri.\n       \"image\" : \"kserve/agent:v0.13.0\",\n   \n       # memoryRequest is the requests.memory to set for the agent container.\n       \"memoryRequest\": \"100Mi\",\n   \n       # memoryLimit is the limits.memory to set for the agent container.\n       \"memoryLimit\": \"1Gi\",\n       \n       # cpuRequest is the requests.cpu to set for the agent container.\n       \"cpuRequest\": \"100m\",\n       \n       # cpuLimit is the limits.cpu to set for the agent container.\n       \"cpuLimit\": \"1\"\n   }\n \n # ====================================== ROUTER CONFIGURATION ======================================\n # Example\n router: |-\n   {\n       \"image\" : \"kserve/router:v0.13.0\",\n       \"memoryRequest\": \"100Mi\",\n       \"memoryLimit\": \"1Gi\",\n       \"cpuRequest\": \"100m\",\n       \"cpuLimit\": \"1\",\n       \"headers\": {\n         \"propagate\": []\n       }\n   }\n # router is the implementation of inference graph.\n router: |-\n   {\n       # image contains the default router image uri.\n       \"image\" : \"kserve/router:v0.13.0\",\n       \n       # memoryRequest is the requests.memory to set for the router container.\n       \"memoryRequest\": \"100Mi\",\n       \n       # memoryLimit is the limits.memory to set for the router container.\n       \"memoryLimit\": \"1Gi\",\n       \n       # cpuRequest is the requests.cpu to set for the router container.\n       \"cpuRequest\": \"100m\",\n       \n       # cpuLimit is the limits.cpu to set for the router container.\n       \"cpuLimit\": \"1\",\n       \n       # Propagate the specified headers to all the steps specified in an InferenceGraph. \n       # You can either specify the exact header names or use [Golang supported regex patterns]\n       # (https://pkg.go.dev/regexp/syntax@go1.21.3#hdr-Syntax) to propagate multiple headers.\n       \"headers\": {\n         \"propagate\": [\n            \"Authorization\",\n            \"Test-Header-*\",\n            \"*Trace-Id*\"\n         ]\n       }\n   }\n \n # ====================================== DEPLOYMENT CONFIGURATION ======================================\n # Example\n deploy: |-\n   {\n     \"defaultDeploymentMode\": \"Serverless\"\n   }\n deploy: |-\n   {\n     # defaultDeploymentMode specifies the default deployment mode of the kserve. The supported values are\n     # Serverless, RawDeployment and ModelMesh. Users can override the deployment mode at service level\n     # by adding the annotation serving.kserve.io/deploymentMode.For more info on deployment mode visit\n     # Serverless https://kserve.github.io/website/master/admin/serverless/serverless/\n     # RawDeployment https://kserve.github.io/website/master/admin/kubernetes_deployment/\n     # ModelMesh https://kserve.github.io/website/master/admin/modelmesh/\n     \"defaultDeploymentMode\": \"Serverless\"\n   }\n \n # ====================================== METRICS CONFIGURATION ======================================\n # Example\n metricsAggregator: |-\n   {\n     \"enableMetricAggregation\": \"false\",\n     \"enablePrometheusScraping\" : \"false\"\n   }\n # For more info see https://github.com/kserve/kserve/blob/master/qpext/README.md\n metricsAggregator: |-\n   {\n     # enableMetricAggregation configures metric aggregation annotation. This adds the annotation serving.kserve.io/enable-metric-aggregation to every\n     # service with the specified boolean value. If true enables metric aggregation in queue-proxy by setting env vars in the queue proxy container\n     # to configure scraping ports.\n     \"enableMetricAggregation\": \"false\",\n     \n     # enablePrometheusScraping configures metric aggregation annotation. This adds the annotation serving.kserve.io/enable-metric-aggregation to every\n     # service with the specified boolean value. If true, prometheus annotations are added to the pod. If serving.kserve.io/enable-metric-aggregation is false,\n     # the prometheus port is set with the default prometheus scraping port 9090, otherwise the prometheus port annotation is set with the metric aggregation port.\n     \"enablePrometheusScraping\" : \"false\"\n   }"
+  agent: |-
+    {
+        "image" : "kserve/agent:v0.13.0",
+        "memoryRequest": "100Mi",
+        "memoryLimit": "1Gi",
+        "cpuRequest": "100m",
+        "cpuLimit": "1"
+    }
+  batcher: |-
+    {
+        "image" : "kserve/agent:v0.13.0",
+        "memoryRequest": "1Gi",
+        "memoryLimit": "1Gi",
+        "cpuRequest": "1",
+        "cpuLimit": "1",
+        "maxBatchSize": "32",
+        "maxLatency": "5000"
+    }
+  credentials: |-
+    {
+       "storageSpecSecretName": "storage-config",
+       "storageSecretNameAnnotation": "serving.kserve.io/storageSecretName",
+       "gcs": {
+           "gcsCredentialFileName": "gcloud-application-credentials.json"
+       },
+       "s3": {
+           "s3AccessKeyIDName": "AWS_ACCESS_KEY_ID",
+           "s3SecretAccessKeyName": "AWS_SECRET_ACCESS_KEY",
+           "s3Endpoint": "",
+           "s3UseHttps": "",
+           "s3Region": "",
+           "s3VerifySSL": "",
+           "s3UseVirtualBucket": "",
+           "s3UseAccelerate": "",
+           "s3UseAnonymousCredential": "",
+           "s3CABundle": ""
+       }
+    }
+  deploy: |-
+    {
+      "defaultDeploymentMode": "Serverless"
+    }
+  explainers: |-
+    {
+        "art": {
+            "image" : "kserve/art-explainer",
+            "defaultImageVersion": "latest"
+        }
+    }
+  ingress: |-
+    {
+      "ingressGateway": "kubeflow/kubeflow-gateway",
+      "ingressService": "istio-ingressgateway.istio-system.svc.cluster.local",
+      "localGateway": "knative-serving/knative-local-gateway",
+      "localGatewayService": "knative-local-gateway.istio-system.svc.cluster.local",
+      "ingressDomain": "example.com",
+      "ingressClassName": "istio",
+      "domainTemplate": "{{ .Name }}-{{ .Namespace }}.{{ .IngressDomain }}",
+      "urlScheme": "http",
+      "disableIstioVirtualHost": false,
+      "disableIngressCreation": false
+    }
+  logger: |-
+    {
+        "image" : "kserve/agent:v0.13.0",
+        "memoryRequest": "100Mi",
+        "memoryLimit": "1Gi",
+        "cpuRequest": "100m",
+        "cpuLimit": "1",
+        "defaultUrl": "http://default-broker"
+    }
+  metricsAggregator: |-
+    {
+      "enableMetricAggregation": "false",
+      "enablePrometheusScraping" : "false"
+    }
+  router: |-
+    {
+        "image" : "kserve/router:v0.13.0",
+        "memoryRequest": "100Mi",
+        "memoryLimit": "1Gi",
+        "cpuRequest": "100m",
+        "cpuLimit": "1"
+    }
+  storageInitializer: |-
+    {
+        "image" : "kserve/storage-initializer:v0.13.0",
+        "memoryRequest": "100Mi",
+        "memoryLimit": "1Gi",
+        "cpuRequest": "100m",
+        "cpuLimit": "1",
+        "caBundleConfigMapName": "",
+        "caBundleVolumeMountPath": "/etc/ssl/custom-certs",
+        "enableDirectPvcVolumeMount": true,
+        "enableModelcar": false,
+        "cpuModelcar": "10m",
+        "memoryModelcar": "15Mi"
+    }
+kind: ConfigMap
+metadata:
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+  name: inferenceservice-config
+  namespace: kubeflow
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+  name: kserve-webhook-server-secret
+  namespace: kubeflow
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    prometheus.io/port: "8443"
+    prometheus.io/scheme: https
+    prometheus.io/scrape: "true"
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+    control-plane: kserve-controller-manager
+    controller-tools.k8s.io: "1.0"
+  name: kserve-controller-manager-metrics-service
+  namespace: kubeflow
+spec:
+  ports:
+    - name: https
+      port: 8443
+      targetPort: https
+  selector:
+    app: kserve
+    app.kubernetes.io/name: kserve
+    control-plane: kserve-controller-manager
+    controller-tools.k8s.io: "1.0"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+    control-plane: kserve-controller-manager
+    controller-tools.k8s.io: "1.0"
+  name: kserve-controller-manager-service
+  namespace: kubeflow
+spec:
+  ports:
+    - port: 8443
+      protocol: TCP
+      targetPort: https
+  selector:
+    app: kserve
+    app.kubernetes.io/name: kserve
+    control-plane: kserve-controller-manager
+    controller-tools.k8s.io: "1.0"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+  name: kserve-webhook-server-service
+  namespace: kubeflow
+spec:
+  ports:
+    - port: 443
+      targetPort: webhook-server
+  selector:
+    app: kserve
+    app.kubernetes.io/name: kserve
+    control-plane: kserve-controller-manager
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+    control-plane: kserve-controller-manager
+    controller-tools.k8s.io: "1.0"
+  name: kserve-controller-manager
+  namespace: kubeflow
+spec:
+  selector:
+    matchLabels:
+      app: kserve
+      app.kubernetes.io/name: kserve
+      control-plane: kserve-controller-manager
+      controller-tools.k8s.io: "1.0"
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: manager
+        sidecar.istio.io/inject: "false"
+      labels:
+        app: kserve
+        app.kubernetes.io/name: kserve
+        control-plane: kserve-controller-manager
+        controller-tools.k8s.io: "1.0"
+    spec:
+      containers:
+        - args:
+            - --metrics-addr=127.0.0.1:8080
+            - --leader-elect
+          command:
+            - /manager
+          env:
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: SECRET_NAME
+              value: kserve-webhook-server-cert
+          image: kserve/kserve-controller:v0.13.0
+          imagePullPolicy: Always
+          livenessProbe:
+            failureThreshold: 5
+            httpGet:
+              path: /healthz
+              port: 8081
+            initialDelaySeconds: 10
+            timeoutSeconds: 5
+          name: manager
+          ports:
+            - containerPort: 9443
+              name: webhook-server
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 10
+            httpGet:
+              path: /readyz
+              port: 8081
+            initialDelaySeconds: 10
+            periodSeconds: 5
+            timeoutSeconds: 5
+          resources:
+            limits:
+              cpu: 100m
+              memory: 300Mi
+            requests:
+              cpu: 100m
+              memory: 200Mi
+          securityContext:
+            allowPrivilegeEscalation: false
+          volumeMounts:
+            - mountPath: /tmp/k8s-webhook-server/serving-certs
+              name: cert
+              readOnly: true
+        - args:
+            - --secure-listen-address=0.0.0.0:8443
+            - --upstream=http://127.0.0.1:8080/
+            - --logtostderr=true
+            - --v=10
+          image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
+          name: kube-rbac-proxy
+          ports:
+            - containerPort: 8443
+              name: https
+              protocol: TCP
+      securityContext:
+        runAsNonRoot: true
+      serviceAccountName: kserve-controller-manager
+      terminationGracePeriodSeconds: 10
+      volumes:
+        - name: cert
+          secret:
+            defaultMode: 420
+            secretName: kserve-webhook-server-cert
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+  name: serving-cert
+  namespace: kubeflow
+spec:
+  commonName: kserve-webhook-server-service.kubeflow.svc
+  dnsNames:
+    - kserve-webhook-server-service.kubeflow.svc
+  issuerRef:
+    kind: Issuer
+    name: selfsigned-issuer
+  secretName: kserve-webhook-server-cert
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+  name: selfsigned-issuer
+  namespace: kubeflow
+spec:
+  selfSigned: {}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: kubeflow/serving-cert
+  creationTimestamp: null
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+  name: inferenceservice.serving.kserve.io
+webhooks:
+  - admissionReviewVersions:
+      - v1beta1
+    clientConfig:
+      caBundle: Cg==
+      service:
+        name: kserve-webhook-server-service
+        namespace: kubeflow
+        path: /mutate-serving-kserve-io-v1beta1-inferenceservice
+    failurePolicy: Fail
+    name: inferenceservice.kserve-webhook-server.defaulter
+    rules:
+      - apiGroups:
+          - serving.kserve.io
+        apiVersions:
+          - v1beta1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - inferenceservices
+    sideEffects: None
+  - admissionReviewVersions:
+      - v1beta1
+    clientConfig:
+      caBundle: Cg==
+      service:
+        name: kserve-webhook-server-service
+        namespace: kubeflow
+        path: /mutate-pods
+    failurePolicy: Fail
+    name: inferenceservice.kserve-webhook-server.pod-mutator
+    namespaceSelector:
+      matchExpressions:
+        - key: control-plane
+          operator: DoesNotExist
+    objectSelector:
+      matchExpressions:
+        - key: serving.kserve.io/inferenceservice
+          operator: Exists
+    reinvocationPolicy: IfNeeded
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+        resources:
+          - pods
+    sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: kubeflow/serving-cert
+  creationTimestamp: null
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+  name: clusterservingruntime.serving.kserve.io
+webhooks:
+  - admissionReviewVersions:
+      - v1beta1
+    clientConfig:
+      caBundle: Cg==
+      service:
+        name: kserve-webhook-server-service
+        namespace: kubeflow
+        path: /validate-serving-kserve-io-v1alpha1-clusterservingruntime
+    failurePolicy: Fail
+    name: clusterservingruntime.kserve-webhook-server.validator
+    rules:
+      - apiGroups:
+          - serving.kserve.io
+        apiVersions:
+          - v1alpha1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - clusterservingruntimes
+    sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: kubeflow/serving-cert
+  creationTimestamp: null
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+  name: inferencegraph.serving.kserve.io
+webhooks:
+  - admissionReviewVersions:
+      - v1beta1
+    clientConfig:
+      caBundle: Cg==
+      service:
+        name: kserve-webhook-server-service
+        namespace: kubeflow
+        path: /validate-serving-kserve-io-v1alpha1-inferencegraph
+    failurePolicy: Fail
+    name: inferencegraph.kserve-webhook-server.validator
+    rules:
+      - apiGroups:
+          - serving.kserve.io
+        apiVersions:
+          - v1alpha1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - inferencegraphs
+    sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: kubeflow/serving-cert
+  creationTimestamp: null
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+  name: inferenceservice.serving.kserve.io
+webhooks:
+  - admissionReviewVersions:
+      - v1beta1
+    clientConfig:
+      caBundle: Cg==
+      service:
+        name: kserve-webhook-server-service
+        namespace: kubeflow
+        path: /validate-serving-kserve-io-v1beta1-inferenceservice
+    failurePolicy: Fail
+    name: inferenceservice.kserve-webhook-server.validator
+    rules:
+      - apiGroups:
+          - serving.kserve.io
+        apiVersions:
+          - v1beta1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - inferenceservices
+    sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: kubeflow/serving-cert
+  creationTimestamp: null
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+  name: servingruntime.serving.kserve.io
+webhooks:
+  - admissionReviewVersions:
+      - v1beta1
+    clientConfig:
+      caBundle: Cg==
+      service:
+        name: kserve-webhook-server-service
+        namespace: kubeflow
+        path: /validate-serving-kserve-io-v1alpha1-servingruntime
+    failurePolicy: Fail
+    name: servingruntime.kserve-webhook-server.validator
+    rules:
+      - apiGroups:
+          - serving.kserve.io
+        apiVersions:
+          - v1alpha1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - servingruntimes
+    sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: kubeflow/serving-cert
+  creationTimestamp: null
+  labels:
+    app: kserve
+    app.kubernetes.io/name: kserve
+  name: trainedmodel.serving.kserve.io
+webhooks:
+  - admissionReviewVersions:
+      - v1beta1
+    clientConfig:
+      caBundle: Cg==
+      service:
+        name: kserve-webhook-server-service
+        namespace: kubeflow
+        path: /validate-serving-kserve-io-v1alpha1-trainedmodel
+    failurePolicy: Fail
+    name: trainedmodel.kserve-webhook-server.validator
+    rules:
+      - apiGroups:
+          - serving.kserve.io
+        apiVersions:
+          - v1alpha1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - trainedmodels
+    sideEffects: None
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kserve/values_lint.yaml b/packs/kubeflow-1.9.1/charts/kserve/values_lint.yaml
new file mode 100644
index 00000000..e69de29b
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow-0.5.1.tgz b/packs/kubeflow-1.9.1/charts/kubeflow-0.5.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..0ad49be3736b8422ca3cdd2138ab476c329e99a2
GIT binary patch
literal 81408
zcmV)zK#{*6iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0POvHbK5o+KaB6+dKDNoohJRQWJ$iIp2_bS$8lP3<IC4}+V9Tp
zJ{gLHB-9kCl8|gS&3k`_caQ`~TzFF=?94V6aXIJU;NWsTICxl3;mouj_s$lYgNM)B
z()>r&X*3#*jt&m||BgnZ?0-l5<D-9!4@ZZ``{RSr(cwQv<NeY2@E>4QIVF^|cCqIC
zW2D?xmbooS+6w&!9T(Zw3D`_}+G-X5IUfEr9QO?9>JD0A|EE*%3pAHN_jCo!YzO=r
zs!wmJAq#8Bf{uIA8vsjN!jt4H0BgrQ0Sk;*?#bTX9O1=!I@Imu-h*Q=HOqed>0mEX
z#lcdu&<wiR?FH3DAA0zC1y6vsTA4`KJc@doh}hBaa5(O@EzRvq@%YDZxiU2j-Mvp&
z*Z1dlL;Qp*YNKTQ@9$5JGvoi@=xBd8{+meSA@~_$fESP)SK#CA2QYmG&f2n&HTOQd
z5a{-Dsab}5();{*0MHB!f78r0bce{AJJ5B9(9)(RG{BcHehx>o<`BGC*e(VqZ*sZ4
z-(4>+07>rQO2dorSI=C0{_HjMB3l-lULN=JX8<j)y_3DY&!2;){CdHcFP}dLl_f0%
zS$o-knlAL(&~4v<xuAb#8}P<<a6cy5h0X@)aOfGJpg#DtvK<VruHT)1y1Bl+fAiv{
zH<Wa2f;q%sFz`&5yV7(BJVI`v2{jiEui{_7d;tR+{NdV`N93FS=b^iT`p~P@{m<xs
zLn|cWOCN--yIxJm(#^F2K|dO}!`a$2y~g@r2)=xIm7(q8CPSH5uPa3#!f@%6=3))6
z-Jxa}USB}}xA2cIeV+h*Vf(#zvbXmlB;({oEGvfCKiHb_Rx>qAhfa~`0RWzbIsq3L
zEVXBVwFd|^FoTa^iL5n-u0J(-Dos`iE^Yv}!4v{*qaoAN)L~Ftkp6A2fv#ELQN#Me
zFCFj+>=`)}eh}_vccX*BBTwi3kaXVN`R#8PXO#Z)YvXB_qdhPfL}nlKKY#9j{v3|N
zm&h{U6Nq}+B*YjEK`?sd53->@(t`2S|3c~igp(7G)=anh%rZyfnYnf`bS`c<hT_fj
zyH8iAm**LIt!#r=-A&NfR;!^`+OZ(^%#FS06?{XLWg^Fa=8GZA#h$$0WSjHE#2i^m
zh&4mQnqPM)%YeJH>#O_Ii>vcnnzdQk1|N$rA|X+2Pbhcj__V~9DE>JxM{x)De?u<9
zQ9q9-$HUQZG#sD29=#rUBW>+M@NBOga$@QC0Ej5(qS&KiFteRU%`ph_y*5r>q=iBn
z_O_?htx2@?p8;2<{k()$Mf<_B_21!moLT=JO^(OA^<NW--2Z8-mAkhY_a2aCoPc++
z7W5*sbkYOi&W>Yp=>cGBQ)s#;{w(V+8FNK~9A1IHf#pp)76u1iVb36)gzGjm1D1{B
z89-ZO+toD_S#xs534jBAJLCG~MY+Qt&+N5@b4x)0Txdca+fG2_(wqA~5LC11j*5Mt
z(0>%v91W<jW<rEfwT}odVmep0acWsM_RXXluXKQx{CE;CSG>~L{<pR?Q!T$vilvzJ
zl9}R4hOfBxsBfrzprtm4H*3?pgSrDT!AbUu5<B5C;8fSWj=f?lWj<r9o<TkO+CljF
z%(gIm!gQLFF1kx+rxTmZqe*pxWZ(>gqqcA{KrBI-v@qy#nZ%4I>6(4fpLlD$bU%5c
z!*&t2oo8<omHUjfIrtkGaHg$I91(sRpAmU$nQSXw2jAEx(w|eqFsN@8e@xTouQk&A
zMgsGe7pV_~e7yxps+H`jGF@)v*x1%>^90<V-4NeQw1F0M-5bZA!Za0L>p#OxR{-EG
zn@+%9_E(>r48ac63{+$7uDy12=$0x=oRgs@xq<9$6z@WFkYpo&RT{v#_O#gySqKxF
z5&cqaJJ>d%leMzMkCLsmJ&{W$+WKz+%@uT#e+=<TX%Sew{+k>f9UNxXf5(%_(Qf_M
zMEd-B@5kQx(@L`p|IEWPy1<_K|MrjhhrJ*7!u`1cXUNL$fCtHEa+>hxx7e6yOL)D3
zj)M#c{s!1tTRJ$}_y38Ock9^<J%Rq9pE;lF`Q)8BP{R;taSPr;^BMfP)=V@*(C`+n
zKH<aO?=Yy_&yT$pJSJQ)g}UbLM_qdfeYZrgQxDjkA!r&d&>RR%v_u#h-u4wQkPBW;
zpM6ohySnr8B5UrieqIfG7c<}l8`hwb_|PJ7j`+VJ3?7kbf+_Si!v@e?p!vjy)UqX;
zETtpq634C4$5^0Y7Up*zftzkz&kLXUlQ;Z5n$Q@FA*dvK^bydR`caU$m4hri1O4ya
z!S~(*HC0#8D8GKu|C!P{qC34Y5;~l`uJpS!)Q=#Szs4@=RzF+Pr&(S|F$e#S7FvJ%
zn;T7sp#T5tgZ`(!_#m>EOWO*!0YxPG`QnY4N9qEa%b~m2^QmVnvqR2?LEE$pLB076
z2BF`S^<^)Av=;mPlC?BZ<Ztlj+Qu*=gM2MZ&C=%37)--;YNSVZ!4k4ah7k|k!pt%~
zpi)$@vnF=c?4!n$+$kEBi3`g>o_%yZkw+d{fLst9`#=LA3+TbYD_Gh_p`A*OiY~pJ
zVX;KRF?1}=dG>S_f_@*ognz~sBwZHtqr$J^(&BU{CyD{(_t)>PPyCa}h?1G@02?o$
z<C!W0c}qUcbOm^fn~>u&DNf^)(mZl6*Cs}5mnPS~*JK~`XPW84K6sf|9aax{D_Zzx
zSOF&~nYvuvUP0s5HsM=j8OWOdiY$XdV|a>BWbA`}>aVuwE+;sov|19g+Uzduwdv_E
zhI7Z8bo>pA4jnuQ%#>3&sXzx`2H7sc8jx*8M`LU)jWo2lJe~Y_{GHj$m2G+3BLCQa
z*z27wG;1C>jgbpxYfJY%%Kk#gfiuq%0&fB}O`ykxy{Xk*Pm>?4pteHO8f49^LSMum
zuEJGJ=*t2lGEZ<~LVO*wYRIr3&jcZ%-f|Glkj^z3gcOsLD{Hb0vohz)?8KBMM`)5_
zG)AAN;{3scLnSEHmog$ED-e<wS&mP5bXuk4SJXINm}HRxd3rX;A0&in0@{4;z<B`J
zaMmU)CzU91yEb7U*teQXjvxQG8wYxe$&)vr?@Tp)sIBqBcF<peX^88yo%vo=Cmdj#
zsK&8P7>&RoeZ_kM{@efF{cpeD1F2@cKcnJ35ZcimNLiu*Mfby{8=uv1H+re%i0BT;
zE-?%o?S&wT-w|G1xn#rmiD{@9#%!D-&6nu#dp9_ZO_%b2qRd{zI>sa5RZoeZyNzB4
zLtZltGd26uu<Bw(wTptH_$i*c18eZkUTVn7^SbwAFL9=O3t!EjgQJ7s01e}BA57C<
zKV!Rh5jfidA^B_Sjo%iSArpFgUCZC_dV9ju0Z7mY3bw_)x6kq6fxiquu3xJQF>vjo
z3dr-4Uhm#3JBQc>nq#jm185dlIrh|qOMi`ote_qPx%%4m_Tvlaz#au>>SYW554r9d
zx_gKFhp*GeR>Z+ZKnoR-P;wlW*%`!@=c~%Mmo;x?+DdVR5{er(eVSw{(_==~F?j|>
z&pn78t7zseeJy0tbEa06$r(C@*tBamJ_X8@D{Ld>?H!P3NeR6rE$2!nt3d9qSt9E;
z^h~$jJ&``r*e2*?2$syjFHTx1ibzEysy%IoL=!q$5+!m7NR(1aO`=$H<`AFVeEf)!
z87}i~prb<zYjfCXAs3U*kb6lX{;uGxsEXdXgiG6b-qsE(puVt=ipq(06Hi?d#@@#^
z<h!6u?u^q12hNd;ooCVk6ID5kKPJ`0zg=&j^XMQ9$+}{A$H^OzE);)>b7Rd{03w(7
zOMdIN_q}`az1t^9B^&aq5!3YyaHKL(X6mI%lz^lVj3>WRq?)Z(aF0O&Bnci~g?a8y
zImYYV=}-?mS^2@5ZY@>DB6ql<`z>9%AO53HDL5$dtqDly#zB^jR+`DRA#*j>PAsLp
zmZ!jbuC|wK##lQlp?z7<yx@*Ab+8iX)A^HUx)u_efn1Di;tZEDELM)aK?Zc9nsVia
z(AwA$9e@3T@#_2uL(BC@B+KTuxxO1St5&JzI1iH}oE-?UZG2}sF)%Cx)5{x_v-|-t
zZG=&>F@{-`Gns}$<WN2fIjX!mG9=||$Ydz-ThpYeFQBpZC&FIn5<}Jox){wp!+>VN
zCSBJoZ|m)%<;r{x+}kF4fZ=toXcR1;16)Xi&Z2-ssrgCd7;hN@mc?IWWt;Z=`EKPv
z%{a3y7dslVFs*{<oIqb_cxbPnr6K>Yz+Gq#+|!SajMqm~ZLmN6>Gj~?r-R8rI~pAh
z4v(fky?*`rCvAVc&!v_HBvJG-`pBW1w5)9XjB^+3Xq=6$rv)`pGD*(`X^qK>>WaiC
zmYvWs@-l>#%3dI?s|-YvCa#jYXt|^XmKrWudEFDZ#}aWdvNEJa<}MJ{eHwR3lT~p|
zluXi+N{m--;}pSA%XUqae5@@~l(j%Qrv&<yCYpjevN`0{2Rch+`J(;V(R6qN9pppa
zZOfo3R8jU)72_?;Qo6$OMQT`BkfoS{t#K8T?x&S84cGLv_2GGVdP(nqkg}V1Z_AwD
znJkkyi)I-;0AAWos<u=?Z$<nvPZ9}>5L_pFJO_@5ydq{OrKuZ(->Ac0X19fTj;L#`
zb8CYf+gf@nigOD)2)baUIocB9XiXnrIaa1O7kaBVpNXD-KiRR@^92ZR!|<(ep|$bv
zY7#<#)}~-f5b_f=!rmUefEISV<?;;8>An8KO;wQ<7|{S(*DxscD}26%v-IBZMf}O%
zgD?v{z~>B^{#Gql$QP`ilelXWONVq&kgWK>`$gY7_A<c!lg&rB0g@WCg}w9upUICN
zPiePB(o95F%m)EjWQ8fH5&vC;|4(28#uB;S?(cUvUD)=6;Dvw^{Qr1=f0D-kPbP=^
zyZ9fCr1X~YH0o#&_B61ke?XlBj+Il9spi7;5k_=O5N91c26-ufWu6u?`1k@)P>}Pb
zKUhuVV%E7%0TaXEkZ0I?B}Hq|p<gllD_>5A5i7++bmOX+N=a6+>7GG{m=OAmb0QJC
zK_8p$K!=XEX_g|(D|_L(>);%!8k$^a&RjINpfT`K1&#u3)lucuCP_#*AoH|{ks#If
zQbQJjZll|dKp-r&CoZ7B5+52>P#q$g%LX_f^Aso`4@nQR8^bf?7F~oZ+X&Ze?!YT+
zN$QH%%(;PZc`MLBvI^-n@*9GW<&A6*d{k(}7Z{)Vv4$k6ePZK<Cv&D(Wk*@mYh7nG
z(JU2CJ=N(tr-^#2aGKR$A9Y-0Ln~pnKBa7q{$fpwu-B&q*7|mBLhzv!Yt7wFg);>k
zu`Sd=bkPnuFVJxJSk0`km4wPk@z#a|E}mZ@XHetCi}yHluwv)89<sX(7RJ1k%uK25
z7Go&BnyQ2Y0#z=;f?upv9!L;*Ddj=tTIl84+y~c2gvJ5SjU4hCapAq-%q^e#w;Hso
zITDwag)VN@&(%tE@b!!^!};4rUY3D9OF}9SR*pSGCKOVe7-kVf`~fb+7+G^M4N8IL
z3MCol%npzEer>P;2(lHQZv<K7Ml}PYR!%utrbZr$yNpC_YL)>`gAl05MEF^#+e(1#
zh2mhAEfWh-uvj=`M!9Y-ftmC3N0#j<e|(^CZkEfc>$DU&z}13+D6FwVvY>fZi#R3o
zm$9+3jd#d(*8cMWZ`Z~g;$n7a1w?I~2zD@k6k7rzEEEm9aG9W3C5xrSEF~;50w5?L
ztWscGp|lE0mx+s6v{+v3Vsb-=22d+@M5PLpaY^PbW-OIc(ruH+j+OKtk-xmZ;>=||
zlw_1N?HOcOvDJ<<mm1_SXNfhAa)}PW;L4%DGz-!C*q+Z#L7!{x5-5{U$`wbs*)!85
z_Z%6Q>(ET-M>+_^e`}lMe3%RH<C78qq4@UbF~8~HFvTnp1WB?K6uwLOb&J@lou#yk
zS&caw4z6tF66Kfhp(p&l>d<OOhYm(FKb8>S2o}WR>UV?}XGtI+Ue#CA74WL4lCro)
z*{WVO2AcYc5*Pl<+qO8GX=v_ZYHN;BDgMhxe&z9ByZ7H3Ntr7{nU3a$f8{iU4gbn!
z<#XES8mJ!qRltK7`YTsa!{{%DtTNM936-1x?QA7Z&dttGpPV8%{IHv98`fFCf(9FI
zhw%V#Z7~pQ!Dp(+gQ=Nvgz#OSE!&e6R#DYx%U-c9S?A>pF;8r>+<>muS<PZp)+jda
ztY-IAB^)&3tgeHHI-S)b^zy7k%6-+j78~|eS8U@t;;R<ms<0bne8;)A#eK(~qB7jA
z>;;kkS+d)zaTixgc45EBI*4g=a)pP3bO8`~*<v6v$uBQz@O5{GrOMpfonfhIk9Nlx
zZ`z67D*J8vt@FePpX5?j_yQqsC|k15x~;j16_yy6*E)ZA*=?^iKfRJm{<gf<g@j1*
z(u&u*hzdzQn)F&T8y6jaQcmk!>rAILE2re4l~3VC<{0MM-&Lx3dfEIGxJ4-e*Ze|~
z+QW8SS50_P(<=SK@=(`KKiwZKy&$R29bLe#q&r$>5!1H2YL_ZbT>f7JK9R;s^f}Oy
z_unT6#|K&e?_@IC`G1>8{uKWXJ^?apD6iKyqZe$SuK}O<+`O3@t9SA;NiJ~lh7#g%
z!DMRB9j>z;1W9anuDlhz4^ooDk48&mD}NY-(dXso>lq3fK3%6O2;&qw%c9hJHPc{j
zwHj`6UdBkK6f`RJ5MZhzl>9q*7|>r6_7g-@=~^+Hkxr?f?NwDYT5|`wE``d%#xtG6
zC1{`R@<;4S*XOMMt6+8Bw(YJWan1ihUr=1-d`p3n`G0h9yq}r>4-WQ^ck_P}>GS7!
zBr<#1pSrab`Yn2R*A36@Ld8J#-ex?7SR3~qkY${J(|jGhCB&McVeO<B1=H(){tTix
z^ZoEwe;y+~MGqtOd+rMAURlk5PBO?6hoV3I@ZtLRJ{Sfc!}^@H3B%X?2jKIU9*E!c
z3w~T`SYHG#&nU{@XX3^GU=kuiMjw$82ELNvFEIY)cK{{$&(Y*)l*4}>?#6#3DR_+5
z>))~+0DacZsRm;c5So_(v83SJ5#$=Eeos)qgBb8LSCRjNAAhARq*-Y=n^1lN5xeNr
zoEr#NMGSvnFFGy1A^2DoE&TDna<nWb%b^4RTtn9f{y_^P-T$IS*K)E{AjpO0?9PuZ
zIQ+w&s!<XkGS?0qc(o3~kcE}e7e^N=3xp?1_uA5u{(#27MuzTpG;gHE9OY{lI$j^w
z(cfO(1CL-y+F*b?rLDl2guy55HyK7nERTs;u*czf@`dYUJXiN0kN6h;xke5YV(yPe
zJaB??Jj~IK03>5~l^F7hLtSxA8>|3V%(=V#Bq!Hy!)G~+shx3}lV?=wJcqTp&-)))
zIpu9;uBkATK8I)uF3>UQC7P5Qw;4OHt+D;D#|QTva&>zHo#!SQDWXG;yOb%qv<*0%
zJDRmNwW8aP#9>)^g`gkT$QfvlgUIj<ZmwbYs6AIlYNlRUg2NyDx_%DoDu2|i=yf*s
z%WO>UP^$SW;(VOD&|U88m7J1AUp#%iaqOq(%>E@c-95O2m6u0wwi~FBL)!d&z_9q)
z1CEi+Vl{QkNQu_m1KSj`h&-|ldmZu7K|v!6j8`Xnd+H(>s#HO6<okTW!7wy!T{HLW
z6||7Cw;Atwq*o*BhUY3K0lly9%)LvA>-_IQ!)WTmHXYkEp;PVqAN!+&od5rDbg(=B
zYa*o~e!qGh?E{d5j^;)J<TQkh1@N;DlB|5Y<y-^R9|IQfAa)FxtEl1o-wau0aAGA?
zR>CS}smISRQJD9(A(!NN?@Hz>D}14XzZ>NAUGAX?J{}}VGNEQb=iG$8*Nr2<KC9b!
z-t8z>>V81W0EWc$xmN2O9LdU=B^yamKg_PC0#8(MoK^;ASiqe?rHTJ332u`3oeETn
z_@8{>rikCQkfSI#dB4<FBprJ{_Tou!hUVZb%H+?p0J&hHIfiZ<(1@QXo+G?iPyN@4
z<0YG4$==kor+XtfnQBLHrjMuk`1N#bjE&>T^rzA2;OOwD*V<?_8%?x{zQ4D6nC}tv
zg?@YQCl|ZHe};4WyAR{hPqnnY#>kA&0zoB#5ca~L5`No92b{gdGzyW=!|%3u*^*m=
zL^-NDH|83*6`vjp*ox9e5_0Q54$NbI&aF1=1gno_7buN~onX&gm2l8V*oiuLs59(@
z2)#TTpmJwQeg)91GbLz0?LjG)>Ut_rG0nzGZV);V&!P+BDpWj~KpDBV8+c@a-ln8k
zXz7s!ZXODIOg4l@uJum6u~0;vWG{E>jfI-|+mbgH8j-@5ys=P&EZU4!ktaqtRt05S
zz#prEwkPgvtO{;og(b!nt0M1c>2|CNetIPbPFt}m3JH<qrIlC}MO4Td_6B2BFdG*g
ze^OYnT<hxB(Sj;@ZlSRnuV6ZE?a_uBrq&7{ZD4n|NH+;T+K``fs(ZAd8kQ6uZJ;iN
z>Wh+5z^`PKj5?N2f^Rmkn5y>822NF}_00y}0RkO-;kxSplTM34E$%OHp*agLMj*dx
zNskXUU9V5>pzc6i9eLPv2Oit5Bv~8HM23cuH4mTUsE)LxYDwCbYg`XyQN^;(JLpu{
zgI;ZPXH&tEQuetQvE|BR`1(o~jFWbR#n`){?Nro-tl02;GRu=Kd)S=Q`X&h5`%zM8
z@M#4dw1gIZ7tBr>m{U4@NFVf#I9pPbj}v--<+uqhezuKK+ok%F0RGdMMr#$p08nN4
z&*RY~7ys#CvcrEik!TZ8+|h#Y&qP7W(4WS1u#6V1{DwWLzb^16jRP6%XHriq(9f)(
zsK`$ijaBg34(_v9>S9=hq%JAcXRZgN)LaGgS;BxEK`kIY8M>?j_$=Z_QpQ!lJ(Jox
zgZ505)B&((nxN*eo~n?*;=Zi~5y+!XoPfY&LBNd%By4dVaKM~Zkeszz0s~TvS{3v+
z2nDQ?gZhDhT-0(bgn40r#KiDbp#bx8l(OC51_qEvSVcM~j{r<sZVUjJX;RJ@v<m+#
z=b)&w)WCm9+a1LIQHhi5;0_}HYT|CIaDTPRV5?An6-uIg%pXCEq|cgM_=_U`lGeKq
z_$#MXR9pgZKjK_{8_<3n<jM`0cCmhRI^;NM5$Q)ILei8sj`Pd6Eja8HP<~0<&4c`M
zZL80{Ekpb&oJT7M_)&UVpob*keZ&k?HM&oYA7yM`dc{*Ww2#KD60%QXk#uftkYig*
zXoap(FtZ(CXjq$SE(GCC_Q>Mw{n&f|?~8we`vr0Vv^HR)IRLpp)A3p}&1ZlY5Eu^H
zKu2s%<uzhVhe6RHv^E*HX#d^YPgkdx=W^%kNdpVp#kA^wJ-xqp`|0xEcmL<Zr+05Z
z{c?SGuiDhgc6ge)xxQ6yD(bE)Z3#J=e0O?(`u6lrS(s~=*;gO$&To|ksJZT=?Y|C3
zYvShg?(X;N+jn#i2dUTR7IqMH!Af(qCB#vvNSdav!*HyR2rt0O^j3i0g4y580NVk0
z;n?f>0tArA;&Ad@YVNL}&Szng+~W47V1x}pu}w{i!YAZnWX%&eC}+XYAjqAsQpRr6
zGRqi^1|;USs4TD805vVIjOA-UUS5mJ^2%A!#>Xbzj5jetiI$b+7*7jL%P%t@H6S;y
zMfGt?&U1~A)%+ye#CQ!`&B{&<|0jU|6n*wHP9^XE9F9ig4E}SpKi<XvY$VanQ^Zi8
zC0I|96>VLxPBk!RD-g~C;HErWvkM?ib!es(AX6NMsRF)KhFrD)w5$wXsR*j90!pcM
z0XzxYhf8j@1|XU3v05OJbhW54Dq=0zM+wAZTR2A<Y+!qsMp<g>$1gS%z3}S-D@s5V
zzYSnw;}HoPLm>)d4_ieXwh(2ogYZI02XP0XgcWeIRj|Rz_}waqpd{Dr!vR~1``2yk
zUmFqrwgTu^3B0deP@gQ6uSEc#By6vFu$~Y^PXU-$3dc*6CGtpXem-g$HYYi^R1T5j
z2a?G~yQ>-m$4{{`;H?RmTSeeDjw!!w2h=XLngsm6Yb5CcF7y8$@8|r#$GiAH%_Q1n
zy+(pA;590Z__IbLev37#%@>@aRmL5>M(ucnW0_E$!a1sxSZc>L%#f_uf&3cDIfxVS
zis`9}o0vtbAPFrvi?hn8;xDFhAS%ZyyvA$Poya>OEgcBC6H>B0v33~USc^xwP-QqB
z%WK5%Q1(n@9X{n`Jd4g7EqRtn1EfT8gZ^bTn(Oy67t>d?PULkkdxrX}@-Y)46Emsb
zhNrnuJXD2}cQUV0bAINiEx}>js<*j-W@=BUIhxm~i@xSGRf4_OL637~{A`uqxni!j
z%KNOud;30Uj|fROw7*Oibw97s7I>fwh~$=xfb)5cw!{BiM5mzQx9f$@5Fki<i@xY|
z>!OCXagQ|7DDSvY@Jp{z3z1@yMir*LmYv*6Q&{D$Zn7JB#4qXa_H2CBK5tRdl|A3#
z5~6PBcZx41|2Ow?qrBfPT#RhuO|xtN<bzxP<T{dgY%O98W$0kp15W=Rpa0j=Fxo(}
zRS{2cvHy28KAwy+{@?x4@y`F-NDAh~pnn0;!5~zE;%F^-y~s_8@qlFJrJoFiB>Cpj
zn#+<C{uI_CI$^U0Z2{X9JDf60yd*LfFrie=H_*cBVu`BhvRtw>G6ZuKYOrS=!G$$<
zR28`rtFJDkn#_Kj`0T&8a)6h%0ZsRJI6Ymhs<i*dhsQ@b`#(C`+5aX|W?$rYGzfYc
z{0^t!bhY9K1Lf7E02btD9xVObgGV?WXsZ>cUpn7T4QQbvW(sga<>HjvbLPn@HQMO~
zF|z_bs7AiH=zgZmFcxrFw7ba{Q`zT~)usye@>GtK``B~F&1#vGt!Q*}xN!5$H|@+V
z5R$AC`|*`7wUsEKrHGdP2Ej+@41!Qol9Uyq*wXYV;knp+$QlMoNF1jKI1yd>+A>E+
zoiJ76r%Cxb#J%3W5u!Vei-`3zNRPB?oZqdG-W9M$_2#c?Fd36VY3**!byG}=G(YXQ
za|-E@=A}^=54(AVzUa0aRDfdnKCIL+L^sbw-opM&vPm1XdO$~YvDNnOpZEMH{D<#x
z6Tbvja{p^I9v^1ke;*y}&VL$7)N$qb{meMKN%9Sxzyr%ORD&w3Kc>l&DtMzSrPvMc
zW=WBh;bSi~WC8zH#8v4jT#BdYFaL&u`o#^Adn{Bs&JBds$q=~1LZ#w21RvF@px$4}
zp1G{2(6Jzfu5|YW#VhK-q(Y%PNerT@=}m$rm5vRnsHSTPlGwMD;!eInD`+B1p^v@4
z;#w-|>Qz*qT2H4)tER&f%2Wq(OjtGDo)E_9^-{v3OJwlg{<R+A#Vrif#aKjbH4>#!
z%N|kQ)csv~it>Tvo?z~pARzLU))%>k=~M29@}u$MIk)PohdeVp_41+cG~Ed0>2aY(
zc%-$B5S|_)<<~tkYXKR($}9$IXOp`4knf`OvY{dBtJ1IZ0;3_~1$8X56p=Mu`L#$R
z1B$f-QnLxU3AkBasx)u8*|}L(N|dqf!;D=LPF&}IK1k;l&XJ3q=gQCjj*ku}x%0o{
z@$USuiIiFMdL0d-p5_LArS*f2`SSA(oG>Hbh9zBh^#_P7+QkkM)3r1lABrZT%)N;s
z`bt1-8J*w=Rg!5e>tg1^uCU$Cbk{Rg2!8%oVThuTYrfD#c^>MFzrm7NX&?^zfGx*z
zr5kMc;G3?m64sz2xC~x?ibfUJ{oTww+->hQC$Td2wJl5tn+h2&T0w#^Ns!^7N&E-B
zWiIm=E;yWLIp}q|W$tj))M64wuEJ}h3{DCli$&`OA>3kyr!v%Sz4Jz0cYDO;%X_Vd
zhpT$8=CXK`yq}vPoi`@Pg%9*hy*pocu`At-16^DbT$a_4jCv-etA)$5TB(JJxwFz$
zWzDLwG=mz!bxK{0336^rZ>FWgb!Fz&me7DqDr9=HZ46+2%v2V2tOLw69dfKQEH@o*
ztR=?V3^pdYx?tH>k+@@&Ikd|W$OOohS(Ey++4k^XNG@Gx&aDk{Y-<Uv@Sq&bYzG(`
z)~1>pEmipyCd_Y4hiex)LuhR>XWsqGf8YI|51&5Xo!@@CI=wuXIYmzzS!u5OXgdbG
zp_|jYyWg*G->J2;uwBe<<Cp8ZdqqBMr=b3u>s!V8jj6X&Ww-F|Eu$|o8gg!72SFFC
zG)G%P?1c83rZeI820S9X04q~NffD*A64(yF3&&p17oKr)ATEw?QL1CXO;sK<o#YnX
zGcr|s2#O9Jl49`5+b&!4fMc&ixQcnL^`wpo=)<I0Sy4u4&GL#`RFqjf<eQaO#?sU*
zE3Y+G-HJ?C!+Mprn04!v?WoF$Fu~1ADrfs^mQ~PRPFnT&|GDrV7Q~OX^WdLvAn_Yu
zW%1wk4|4av4#qqDM<Xe{@3{&(8bm$KjR47N2pa<u<{YfTtbFUTZ2i^aK-e5`2K&j$
zPRiMoC4)0ETVzuh#YIWy#t~%OYZysDSBsoasO>@4;lyYEZ49Tj{SfS_gZHilCV?{i
zpJ(hd@!t-{yZgV5q>LemI+}dgoO=$SX-UCE5M>`E**PZzT0=F=2*vz}0R*X)HH;H1
zkXy!$%Ry~rY&ZSZBzI5nzS2dlu%YN(#a&tz^_&sB_yxfi!;4y9qmNydj~Ka!FF83=
zk-OT1nA9q(e;hNJ0|c%pGij^zvCM=t{>!yY$|`+4Goh^V2Q<06z2a*}g6dX!3y!*u
z;Xtm_=Z0!yq!rl|l}WYnhd7IkV`ZE)@<3;uywrJdK$LFY#XiT*pE~I@y#0@9sNn_6
zLea`k2OYVy&?V88Dy7V$pi~+fcp#MBu7Vk9>ETczUP^mW7NJO`qEnBHmQkqC^PPHh
zv>`sX<T27lrLiTCl-4MdHt~dXf`nm(jBN=&xR6Rmm*I6n1WQSe>*6Hcfzj>zlVUV0
z46L?pQ<f5=z*8%CE6XTRnGhPhX<0~s%ovq(gwv={e{eOamgjn25fK$l@2x$?TH{n*
z;UlfZY9QKm!q08c=dbE+<W|d`!u?$4lB>QOr6s&eUM!Ves<rKiZz&1lKmJ&+o-uU9
z9sw-Ie@sT>QTF}UgVAJ%|7#?%rtg0R9WDF@AWK!)IFK-(*b{)PX6i(Nuo&XS2bRfJ
z<jg%y%h!4APU~6WllOEb-`3%K4FaquctT-o6%gFWt7A1X(blbe4tlC%tc{!c%`(`+
z?fpg>?Cy>J7R1oqTmCY_5S(UL+M@-Xj~DXKtCr4U{h(^K<)UfNZI?yl3w`ZkdwCXp
z1t)JxWf)eNDHyLuXZcFKZ{G4T7E3-$#G&cJe0D`C`UIzh$Q7NMRdM66S2|yUAk0D@
zgh7}b5)lPqrmK9IT}?ltx{#P_BnQT%(O45AbB&}xnKTM(LT0WJ&$~hFEurF(d79Jq
zPR*%wh#p9$E2$)QA6E#zD5HS=p-Tq{BM8&A)^eQALpWczDjcfQy0+qT_3HSn<aC|7
zT<~j(=lg`^iWz)q*;sA`qc)*dd(FvT=*p~h#QIlxKd`W)=q|xA!ub<EUE{?SFOs~h
z3i+c;>Xomo8I(TF6oT1jdY~?(J(Yj8q1z_jp3$9E^3yQtzAlcM!QOLI&pU!-5Mi0Q
zbSpq%d^D@6!PdaMILTI%M*CndHa)8S+$!XYNsJm-?Et^%G^laX6qtmy9#+PaWZ2<C
z{|d^deSEVhlWpS{c1bM>;(t~feS_d5bj}0<!Ia>Cj`xqU@m~)2cky4ENvt*L&2MMm
zH@~OVLc!1!hK&V^b1TGzp|w~iEU1`6*(fozT9=xo&2!xFc~yAi6NR)0+Yt?AL95uy
zc01Md8^?aizTQ_o;a;JEGu8CL%4@F*23iZzQ_5|A?k=al8ZB(t#aAea%J~s?_i@We
z)agg7xTWYf<wH*~3=SW!mGn(jfpMt)4zYuD_ttNMZ;&+ENg;Uy$EUA~K4LLk%_u6A
zW)=PAPZQnir^;rpEPs`B3tecr?vSAuo9-EOa1t<?@o22PfI%Od?m&kQ=8ZgCSglvl
zh3l@NQxml=G-ocFThJIFzn!Y6u8Cf+>MBTFuCa!ZHUAw>7q<OS6SYw*RZzUqOk^}b
zbJ7ksx`e)&6LQoQ?MG^J+m&yED&1GL>C)q1RoERSz-z<qzBagR#ueBUXX%Y~qa%>E
zr>|rjJ_dHve=H(dp78B+BN>x*sF_EJTUpfY##ebat8j{{;?(6^x~C;3Oc5Qv3`T`w
z0JWm=)@VevQbMYnGg^<iCc~|Wa(EfR?c38c;9K$<lq5Y<w5}=?a;l$-JE=B&oQo)r
zdN4m4ogIzpS3+tPO4QLfe+_fKb&>yCk<Zq}0&GA^-9XP!DN_g&$U3-@!G{(tC$<AE
zD#Jnb6a4ndijR*fB<60LXk5uil#Br?7?hIg3fUIevJmlAD3>sVSqSONfnY8pstP7s
zMl+X?RLQ!g6=ZV}C6)9Wbe72SrS!9->F@?R$TsevZd(RtPZrlu+P6i;MS8oi9yR-@
zc)OWKZhLo}3#h4j`QL$9p$#nMYq{=Rs58?2tZ?<2>X)zM0(3o`S8^GewUKM$nn<x&
zlrM`kvlG;zgV7A>o(YY1LaHY8cZ3&b(7~baKqRC>MS2)Mug<7ZPiUh=Z72=B&^F+{
zV<{3V=lu`Cm*0a_^8Wkr{?UHs{>ON7u#5lNNMhL=@tYnTFa3(bth_33r<$%5l}Es@
z%S~9F_em52%Su2NIs#ANmVC#N0p)$9=4Gur{;E{4(l%nOvIwOMUEN#Reh5~DSe4xg
zvsx7st%g#qh>2|oms%;S+Yk~}f#Ht0AQd*5@=uX<-yx>_=$NQeXKNfdl{stLk1eC(
zg=yL2qTpR=$CD!bBADW-f9VN-p2V;S*qs0|li>N!#x~bW=vMju&-i$MbewztXMeOi
z|7jwz2J3G@M=QMllU5b>=}?$Y_Whr9Gj$%!uox0PreVld<k%)nOGgfID!vv$>sjIR
zqI4x4KRxQc0P8+~qO_()aNu&fXq4>WJ&CaCDwt^FfUWYLX#WI_Nl$f*wR^hO1cR-f
zyfwh!Hk`^eCWdV|vEvtpm^3PQx`;6W_rn->?h5K^%iYFfanU&vj8s#|gK&r%4vC0{
z3QAY`F#F9mtA1}M+V#l3wnHVc(&u&v3S}PKp%Pf>YdZviLT~M4w_l3qQfWrp!=X~?
z5IsuFn80qmwZo9K;#)iET5AEH@(|9~tqOosTGv(#HLZ@%O5mkMRo4Fs4P){b<6L<`
z*QHlz7>kD@10j8;CKTK%(*tz{)1mUOsMIZntYUO$mHadumZ~m}nh8C{O+D`jk^uwc
z_E1{@4dA0$O%1jN4ZumZnl#!+3b5%>?dMie1WaPoxM~MsK&L^Clcug0v6jNh7mG6N
zsJ}v!mrwg3Hen{)cB5}?;=+H}-Y#I`hm9aN@4T0RO78!RCdY>v{Kx+BXm|gokwi5P
zjQ;jFXZaJZ;Anti4Oyo>wCjG64PZ1KofGXweZ`4u{IAdon#h9gP}lSYj2zq*jsK(l
z!|eM{`-eOHS2HQS8@!1+8k~6@4Z@BNc7DOm@!Z-V$F`Qx3ejL-W;*~cAb{2exGSiG
zmF8&v+YP~~QPIYcp;^XsxOV;f!J7=EtN-rp+4a@?i=RJzygR?;b4suqS!u5OXgfw>
zLpP^)cfViXzEf>%VY|4np<k}=?v**Ro#IAru5Xna@&A6OVJ!l|6}EVGdiKltr+05Z
zU7cQ@t2S*oXj7sX?`|)Cqo_t+ea|iIAn0cG6+9xm04vkm=fWop{N-)WS8~T*&lezg
zo}$n_#G%)L_m^jlo#Zaxfp8C~AxLjUh=Oqu_~cFD);xKSqqK<EN{{c<nsZn-Ehmai
zs7Y2)OUm+!Elbm~%9ym8<m9!Yu2Yd=Y+Rqx7P&56vK@69(d~NE0xOzbYLZ^ANp*D#
zzqBq*CL#5zBc)Y!^|Y-^?db!WL5$kc%{&S9DrTxZWeF0ir=}&BTe#IEv7nv2q}twS
zbu>xs{{^D}mE8Y2Iyf3-_WzT~(eC}{MpE(qpZC^RRzcXey_V)6$~^G%%54a%zvsnf
zLF@_VY&{J>AWRq3kZEcuH1ffDi|e>?kfo!QX38*26y`-i@JO8($&szg$stv_#V)1W
z4nGQ-O{!eeD(`QyG*9@&&D<J7_Ki(8MUt;-(kQEpCjOT*vvoYO-kTI6pb#dMoftUa
zb-5u~Ev$~ghoq5i97e~q(^b&l2yCu;4(f!-2~f+iAS%DAoo%n-E80o(HQX@fHz8c>
zhE80`-X4MZ|9>9%!+nMVnI+j0H@-99^K*X+-RCEv$6d0~cgU4&b*7nauGtdDqi~eO
zEX}FA>cy)k=?CYMD!4Kcgvpsn#!YYz?$n-_tB}u<o|g^Pm~FhR>*fV?$c^{5ub0=$
zPz%?|Yh|dr*T)-RySvxLD`&n<oNSI3;gFB{?HvDI56TgL;T?}+xzv2ggO^xQd2z*p
z%$=@u`wj><xpGUFw(fis(ILl4D|b8!h>+u=$vYjawgrcs)J^?t+k!XrOV1OEt~nRU
zK<I{k?x0ulnmXs{h%8US*VA+MS@2qVgS;tRNoSBy?Mpj+eAfE5jz}L@5LKcIA(Td@
z_{uLD3Htw+5Nn2pwR3A@KUWn0_26)vegEfRG}+z%X(X{G+{>_|f#1^-K!CKS@Bsp%
zG6U!p5_N{9TdWfyz~W67DUhzOHN*f-fK22-5zV3qf^=PC{&p(SN}40(e`m2kA%$ze
z2{~9ZeNmUAl`3jQU2n|o$53wG4G7&HiueK31bm(TK)R5XM&q~TALJ7tua>HL(bBYZ
z(3?gfP|X@`iFb{MZ(bEqcekafY2WR}q({vTb;k|Y1cR-*<r-jc8{Bk_iD4Vub~Op3
z8*aP|O$zS3+%7`Kua_ogOZ<C$L`w@&(BYRkC)*asA1B#rtE~1NfoyuzIBVH4$RtLM
zt9BfPbQ)yGucGHLO$;Lfl7gSGjD33eqk#FV>-+N)aJF_FXkqgiqz_SnVMEvY0Y}_v
z)-&+EbiEG{|KNhDkF|7>i=l;m`Ggr~YfJZ)2WXDHwv6aR3WR5Te%{-+r)M$}WV<i9
zM9Jt5ieO*9d>JYncxfOVgMJju&xfSGDwVuP>8p^`SA3mCFh@Q73p%X0o6;W8Dm$xp
zfBo+IBp3zAwtzhY;o&XN!p!c%UYkZh&B`O)wg8&>Y6FlP4j^OLyMgw~gkXv03k)7L
z3j=IN6yXI#4zM3BX&otc1y`&mV&~hD^Y<%o4NCg|es)&6*EP`L2nJRX|LfrJFzf$2
znjB7c{=X(t>HPWg?adhox|%B-nAlLy>rq{yzY1HdH4a!|%e4drE9SM12w{aSF3qLE
z9WCtg!{s|>u&|b5c=2g#-4QiJ#!Q!@d-0FFRwcLvaliO1Nvl%qa6~XZtJtm%b~jd-
zxP@<3k_B^4O;XLan3HhZOFe2*U;meb088+HhlfYm_umgk<HOzhzlkKY{+CAq68a(t
z1)Mu8ec<{<D_E2^feNJZstOGxDs3Gfn3HEINRUarEK-oDP!2Ab=RsY$lz@X&j>OS}
z<ZzY35RzS0H;^#j2~`Y_7Gt>-jgZPYYdFeF{k$~`1m)vHe0G$<gc7uT-M~<a(ADkk
zw+RvD5~bMTZUtabf~pQ9Mzd5_V8FHvJ6b9MG3BWaMoJLY9V{uGs0vJ1_fVzHu-XZH
zX(Oy|6VkLnfov1zv^KGH3w=rwRs{q#y%kjfqNY!Hw+W5PLAjz}C4s5r0q(Y;Q+a5w
zU`5v*oGOE;3V7@YVwFx&1^l&(U8NABHrgwKu@ZE(9}S01R0aKC5zv$-Fd-Bnoump}
zu+@PitK^XfE-B4z-H~Is1@bk7k&*QO{_Y^m<@@~yNBozgNiP1&`1p9||7{|bPCr3U
zE4Y3`RS|UiKKi9(J-%U^O?Z2A?5TQs!wOsX@}^{1>fxnQE$iJ4E0go=rs-BwASI7(
zjtg;bZaDa)9Jx`C)a}Gg%Uf0JJK(&{Dt@ILwdAy|o~LG=wdM2+O=B`X+K_~=+drF;
zvzqn%HvO`tBIMK5YTU6QF&%crk`yYMr7d&87IMz5C)IggLwdU7b<Go`Xpp++ZLOEZ
zPIy^sWpSIls|^TZo4l%(i=$iK)QG4mJgM<EP{oNF60~Iw)Do)YWhv=5jSfDy&1YIh
zx8l;PJHAp1L5jR}#7CN^Mv<>}eWMv7qz7_EF42%2L3d~k0e{kjD0Z>zGa(`yT_rXZ
z9t_FO5DG7cG{!F18zPPRe?<L%W;7Bx;=V+w*#9?~98I$KKMxL%cK*Lc64T6ni2ndD
zwG|4lV7{WofVsN9Ki><&O8xr&226&d;RLwr)yj6T3s$y^9q9gP4#E8bxxj+ZZ~?Z#
z6oQ3j874G_y#>ZA_hfHxj__hV_2!*e`}Sh(+nbv9bkDDTZ>s4J&@%R1N8i&{D4=dn
zHxab(r)BVjP3F(x-2U#v!EvwWKojX;qdCYM%C30hOU*(v=wfe(xY%Bzzu?|fb77o&
zkMwEA<P8kCGVSN3H=jOhOY^%A`$xUr^4a~<48__aDaZT0-n+MFLGNBZ-~FEt;lF>e
zT@2p50ZD|Ge|sO3=rl>O8{5Tm2NsmQxxTyq`Sv_hK~X#*FtZ(Cg!k$*+V@?cQPA4>
zdHvvIaU8sb<`}wdK;xwM9T1S~(Y~(zG=6<J(tes9Otk&O<Jtbf_;@@XY5Sw`*f6HE
zgZ;@*BQ6yTbnd8hF3Xu!o-jycM^Hl|ZHs)4rR2jEw271vGl0{!$mu{zPNgBHvIBZ+
z<#Q;fM`Z!AQaVHnj<qfFc`YZO@F)HdUWB~fy`={7+7gK!?n_Bbx2;R<=>wWUj7ns6
zc71hu`hP!Myg$FcpvXz4b;Cg$*39wg-R;G1=eP9eY6TN;=r?z<?QH8LJd)7<fbBbv
z>!AzvwL|U9>$m?pKfAxXzrH;Wd-d-8?Bng$YW=}@tR|}IT7L+lCh>{u?Z>lU&+oU{
zP#laVY9eDz(s^NR^$b1wNli?eu0z-T6+ZLH>h$dF{O<18^M7xxz{VqGtK~p^DkiqO
z^RwIY`|TIrNMiaXg~wVM<|Ve(%fgYwx|tM{1Lwh22M$5qp8tGteO12nV8wN%oCd5N
zTFBR)@7e{-kgsZ6^4en?avTVBD#mN+2E7%DZ9`1g!Yz9%QtNUI*TM~aJ37|kn5{zF
z`F5mNe7I1TG%2lCBVEeYzZJPMk05H2Xu7>>WJw%kv?9aYK}t=s3)-Q{Okhz&IiV2@
zf?wJ3Nb{XlcurH=Yh-EB?#s7af$kTarL-$s>cLK9@=aQ=SjH_bw+haH8k1{9D>3#t
zO}k>Hof$PI+qm(H1x!2FY2EHJPMVrDz$6J3i@e2cM!}&}W5TUy2f{cwYFDPY6RgIh
z8noQrTM_d3Kfc%>|KNE4VSF&o;Q#jb#|Jz7UlU0f|0fX$B+(hJARr1(@LB_Y(Aba;
z_K{T9UZ9Vx+}J@rSkwv!_+V9Z;~+~%E6tSQohU33VW7AtBw{5b6$%D0$@Pc)K#&Vu
zLZh5NXbE94!~&KOJy2V)lALT+Mr@lwN+^T2GESNfPEt894Fx6PqPu*Q$OI!vn*K@y
zk>q77Zw0@x03<x3E7wZJz#|C}T?{&sp-#cvY)i0_GLE@)qJkhJ2^}2>FhV6p!O(Ol
zut=?}wHr{RPS&;}kVyRk*opumRg0k`fkOy_RDy=2wqa5MLsCbjTM;azoMJioi3SNF
zPDi&UKnMrT3d^Jp1O}lKqrg+!0YRvgDDcx#Adox(QiD`A07ybci@`r~M5vrP))MrC
zA|_GRRDyjF7QVJX9~H3372rdd+1g(`DC7KVc<Er5Xi3oj>-~;g3@sg=&i%QK!wX#I
z|D7D?<G<|h@BF__B-RXjlXNujds@Qrn^P9PHz0^&npaHJADnBpPOoqQkFvhuT$QbP
zh#8V(`iV;@7xfmGRM(!*n5&1xomshR#r(&t-clVtQoiH@UbsEVc^f3;SI+lRUEXDu
z<kd%hi=Jlo;IEjghP}@9^3{w7T7(C|`CY^tog?Gx^hq<Nt!i1nE&sHD7<qM8%~zcx
zsDmDBI*rPvYD>J=oZJg&jJhW~M^pR$>>`qsjZ}Ah+s(1rs-L?tHn+j&-LNpW!T(*W
zNV?$*&y%I#5vOe<W&GkfqPE04&P}(9L<K$N`E%rL@t5;cuDnQV-*;X}k}`iS`_YT&
zQRb~3pE{Eag`utJU(b=0^Rn0APiHl%dH~IKt#dKKmW3Qw1Uahnez8}*74GQ1^qqIP
z(j@Btb?g~3p|@agY|{*0<|=yzq}cyE+MgU9W&FQK<KvzGw~@r02ZD|UNl(*W{tylp
zU1pY8>ctZ(_wwTE;+h^Fw~A&9L(c|n2N6?0(L$zHK><fB*MN>7ek+3xwU|=%1lttr
z_qt<6$Y^1=gY`%#cqfFsrJ;MIM{_5Hz6F7N+MYGPo}|3~Q-1$#d_=+j9q%9R)_+YT
zf%TsR05GR5oCv_6+(3^Ds;{SN1pyZDDUAZm)!7~lkRePq4zPrFVIW{heJvsZxq3+g
zTa>F;5DUoaGUah3hXyQQN1dc#0dc9V=$7SscksR2S61`B`)uj`yyjLM4TqvpwZRry
z3|C;Q+5|4L`>|@inuadc%vnR=MG-D)iK3II;41|#G9|5SbH6d@qJSXlj<A!brHimd
zI+5yTYFmJdocuQweJ4*&2SAHOG^rb?4#5^1WVBu2Vsngc1$41#acl*6v0kBc1iqN3
ztJR1;)GhN?Ko_|QZzR4C<@9@NV2k{ut1r?z09-7jNu9&Cp^HTXsdLv7c#%m*8*zd1
z)U+2Kh)GKY$I5jC3o4MEB)<xwgD7)IT@i$;=ev@4LM#c?9ae}}9J}a3?Il6~zZ<NW
zpz*uyJow+#{r`stqy3!!e>~aw|C>mxne;B|Xb|<Zg#SOUEqwm}xZGn{PSpLMZ@5nP
ze-WFq?*Dw9t-1eM!eqMt%V-yM|CiO*p8KD#m&Dz3`Fh3N|I98^9!FB{{~~s{qXAJY
zl8|Ga(pPmk)|uk3zzVeJST8UHRrA%bW4&(9nsKZPaUnYGi}=^`gnXU;b+*8j?d-SZ
zUl$Q1x8ka~+4CfI(9O;u(jV?>`nM&1_96jr`PnIYqwa3cQ`Nq^y^tn#d(|Cxdy|Z|
z>TYk4(QR<IH!hBCaJSbily11&DRe2g+o}6Z8LxYutS#}n^AoNlR6*xE<>+}^obLjp
ztM514cfJ?Xq|RZ>&i6us)VXWN`Oc<8WsEEO;PXT^5j=?5s`9b5V)&o}aY!;IA3%sQ
zN2o^-s-D4J455-F=>O$;?j@H>{J-OaaW?+XcrqF7{J%{kmN6H1_Oe~OaUM}Ou2<#l
zRMU&@b<!-#Y;BtH0iwXECO2VqdXv?C$AMMX^aXqeSEl`3a(DcNt9d_wlQ$fqWp&Q*
z73lj-4ver(74Nja)s5()*!i?OS+Mgc;?d2ui=lIybFx+|kSggEcEa+o&Fzepa0+$A
z1;oF?>9z-^ypKx!A7%V!+#N5%orGs5kY&IpFa)FIYh3PKKHE6S7PC%%pCsQMI7cpa
zp1sdegHg-F_~Xm?Q?}V8PgK2SR2*#+t_vZ!1_=%c?vUW_76=~P-Q5WcZovr<T!Tw+
z2r{@k1b26LW~MjqxA*yR)|$V)W_r!j)m3%ZebtNxWaSP?ARepdl3;0b<kdPGLZ=?K
zjqPGtIj$bMr~B|3$HUlxqFMeEqu)jwea<)e7P{dpJv?=t;@RT#iBT@)v)*slt$Bn|
z`k{QuMmECf4%u!$Oa1(oAI=!EjywmQ)L%Q8&*n^~rlb(ol)Ar|o%ks~qO&iP8GNLR
z^gmc&#XCL<mR~zMw|#CJa8XUqEbuQ0jYco9hzJSx%O|%A{&ONWt*qk9$*ydwy_*@&
z%;XJglM#a7;4EW-y;zHq0&XCo<!pc_Nt^n5M;h;H9nYhjw@a`iTbKIpY$n84vL(&k
zVlA<%m8)z;eA(w`1NkRM8zN8G$Hh2pub_FavNM`a7+wV2&qn||?%oXs6o#z5h{hHL
z-)$(Ii6iVbo^t!r2BB+HPv~vDDpCXGvv|1$`t!tKnX|RkxV_%?^6WyTTSw38;CnVR
zP8!yL2+o`;w~zf#p{&*Yrp;~N^l-zmiWq)cYv}ESkvk~7d072_Ld?b8NgY!;(fg%5
z&ecIJO7_0$0>2F1g|(Ydeqx1x+h?wIT0a?`9$_s4XXC3l?8V7ttGL#=+{b8}CEFDv
zp(y>BCWD`(zeblIE~;)V-;;P;<#<Y^T=t)q8b3IhmS{u9-0q%tq!BkWjXkD6!|1+-
zh8i4Vp_S-r>h^DIjEwMnaJ4n|CUxc?vG+pA-g#F5H+A*!;WJUTadR8yLlQaz0dDdK
zU8~q8<Ui_C6@3#${)<ZCD5w;=NEbzn33*_06zu6gLyKx}uPar5s5T`J(E668@+}wf
zdF!Y|{ybY+_$y&H`bSOv^5j?9-$DaU{!@2vJ8@v+zrm6$ei@I)nyYTuv^W;v;oWcp
za3{Vs)W*MjqP6Wgct*d*b|1v?fTv^qcZ6DWMSX&!cx*e){)>QQR(Po3+nmBsd5N%<
zi3@uq<qrK_)YG-A!N)2<Ek~GSX*DhI_XZzbs8Jdz3%ypD$#Q{u%xATV?Lremoqt(e
zI~+R&e^Ys*lT*P;qPm84GpQFV*X36z)#tpCcq9Uc_M<rTr*5M^FFH?R2RPD@tCwZN
z@jfp<45`{AHgl|9P5v9!u2}y|LcD^sVQ_Zp6hdEP`q90&Ms{lUn7Rv<TyOiFnZ6}a
z78FH2>2USNHGu{EWV=BxS0bHLm?|8qA+g(PGidb72^=fyhsTtGf}dsg^;tvX69-3_
zgE-PI0z96kt}xsm0qV9uu&Mkaa8TW7-7$EAz~TpZWPtz=A(7Q5AVZF&5JI{%twtfH
zrs~}hC`Ih_;m4rjS6;mug@lQ`cD;nk8tDaN!$8Dyah~yQHi<emReF*zYufQd_u^@t
zP0!Nb$k}-ctp5n^TK_R5X=>bQuGwig)FkB&tl8f=&;4wRP4*3vR~S2zX#yGr)~!El
z)}?M_AjByL3JH`Shf^~i6*05P=7kEfX$|tU>>kFrweHO@sfC%v(G;Uk@FNM^YL+S}
z{e333U((SM3|ZM~u#>}B*=nzlCNgl@{%x)1yle5`?OH9Alu_k!aD~IlENfC?cueNz
zN9Lz*Ug7ZYcXQKhx^O_}Bu)hBldXQ^-euwR2mbFVYXLN@XKNpdX7cA-8&{dlhZKTk
z!&bu6pYp1IMEtwb9rlnSS@76U+<hlr!p?ZE<`6XroGfyhODyOW@;BK?$TFbW+dvjV
zzC!@00R)gyvkbrzB%u+`zJjhBf!jo)Fvz6YQ(r~K{2S#>)A7$-gJK}@F6WkDxq~hR
zr+p*aNp%$a_Q1FoG-E--!NW&Xv0W$@7oqij;r(eav8z6YJ^k~_-0Jq4dd_?>p<VA7
zg7C!nQPf1US_t0XNCI)dt+PBLy=e?5I{@)pVC7Gs<>KG!<lnH?Bim(K!=A70x(tOs
zJ857azx#RQ5i6KO;mB4(y9^fXX5ms}UrXsm^w=%u#Wtf4gdYeu5o0#gr8I>~?^83v
zET{Ub!2xlgIDXW@)8#wlQ#64O_JY=Pfk-pl7?@5&s`y6EDy-b**(t&$nWiF7ER}fa
z1EmyxB73yCF{!Gk!`+q=<AD>c&8^Z+->zZK*|#qUTzQsolCG|1-*T7@SrEaYd{^Y|
zscR|4y<N%PGV!<iiNilgNkgmqE9JllA>AL^6pF`sgp6^*S!+lz)c7nICIndn#iN(D
z!jvwrW-*A0JmYK;Ln75DTZ8xDf>p+pdx>zG#1k964B)LIoi*nR)&8LFThhj6F_?3`
zQJNw*hyR4g+^Z2XBYYemF<`Bvn@q>o?@7_Fs^pK>HvMj?xnI@<^b?cJhC@Cl&eny-
zVj{9gW$FCK7?a>^BNi<qjl8ap9&*Cmq-KN(_18}uCV%9FsjLa8BtFWLkxSIhxw1_Q
zaq~M_!|&b7Cbnjl_ht4syR*2PMhX0BA^zD`Jgne<)LL*!`&E;0cy+om20e!~Lqbxt
zGzfGk`}BJv5U<#X+lIsT25^1?I2!a<(wB9Keuz&YYo7v{iud%%mB58JsP4bWHiI|q
zKQnDl_`&bl<PddbQU)K#v+)y2#rm4&NXoC#SXF}t;gqX(f@ms%Xe`oA!8xnBLw|6#
z?Q^V|sPKYpd79tmxMxVpLIUnEW*er@<B#GuY|#WM(Y?ea=h{qWe+97kpmJ2(n{G6p
zZ0+YjgWR4)-@R8?%Z81{(*}<<BFT%|ngiCpkF3kdhPq>t<#PNEFs?1-BSAwfnWOJq
zI#)3&Ri@U7o0C#bQ<l$y8`wVm{A;1xVk(<hxi%(8n%kUw@Rm_>C|l8sk?<kk=<?fQ
z^6-IpOCGTl0&5m8<JuUwkM-eQouXcSfJ9O>37cRV1{1;T)H^Tpg|`eGQx;jdw3%2g
zRt1-cwiIYgOJeVG*>$a$y=6sGDg=}&TqJq^C6key`y)3yDNhE1yDQaZX9XATZ?h#L
zlGs#^Phw;)uSW6->kRFX4DP(WXoVN|xR{P)h1oXFZ<ZS<z4d5j8r)hkU2SH~#;D{M
z?Z!A#sXii(Xt9SSA}(XFe317IOFn!5B_bZ4mbg`q8bgcW`mJ4q3u2Bjze*dqm&8w7
z+KzW|0w3|Sf{5LNLr7?wbW!<Lm3}Oj7jy^W(bAOOVg4sRBVPai#b+miSMeDn-QVil
z@aGL<2wj+<Swaa#R7mA7WG4+pISad^`O69Jnjg$DJZi<b+u00ccA={A)}@Iu=^7}X
z)&4A$VN+=_!OQ>3g0Pi2Nd5DqHGxoGIsM;h&@V25v{#~W*x0hfkc}<aG#0QRXIg_A
z32NK);zKN{NWsTVDEOowDdu&FQi9;nh&za&mQhJas6Au`FQOvzXewfhW?@uQld*Jx
zD`NM>U?b<^uVv7@TU1KP^zo3>E`_xjOCte!R&M3UlKoDwRpx1v^HsgHXPe*029JFA
zhXU)~0vmWbBaT|MUX4-yB(aL?Xn8Vv#j+<8PwcAr!#QnNFDV^*^Cnz7d_>ZUxK%fV
zt>w}%q@HiMFR!N9#&>Pvmx&UUQ|B^Io9R7%ZOBvh!F|}b3?AR!3$@&Ky8l#NE&g<2
zqxCT`L#d*53Fp}7_pF`eg;qec0rm|+wr$#crEkZiQ9grx)bBpkf5(m{g45-r8@f57
zTeIAT`d8sF<_d`?sTg0>&vxz_*u#8pXjAW$8n1AlLe<8Nt%ZE4oZ=U{45(}IGxuvI
zhN7?AQLx1LAs-#$R&YbJ;f_+QN8WD@NR`$|@i=rC(uiqF3rv0fQ~9g-i?=<xwWin?
z+V9-R!wmWpT5#iep9T@l)9`c&IbK{@n$HfbXk8!?UA^okOaq{pIPCvvwU3vV-VuN`
zRV|^{XBBKV{fNi1Vy&~+Vju;JHH_@&P2WFs7FCHvId~a?5Uh8HArlCk-o6TVO>R(Q
zH2GiRf*hzhI7>y36)ongh_|6hZVd`8k;g<f#8)cB)GI+2rN7qB#26Vqt)*1OE|Z(5
z{1{wu9-)6S_xU2#(=6S5R9f@bt%Hqhn=xmxF+ixq_5H$pH|YWA_HKe&c<fJ8DeKS~
z>b>TU^fbBe2cqkIGV>7My|SOI_s>pGFW|wQkg=!9-Aikb7i?B)1f%j#q4?Y^q(n@I
zfRPUktsd)?gZ&^#r74UA%WzQ<W#Dl_bIu*#_HSj~RmqRCpXQB>9IVOxOr`sXW3Hbj
zQ4`1K?>O4Lm}L57sFmNMDNtAF?%GME!0o2UXf&cML^AL+{Ih$THF1EI^>V`E+{W_}
zB@S7dg|;desvFIvtgw8SfvKduVarxTsd#-dfBEg4f4`1D7}+(2lbax<l4w59{^M}Q
z1z+4)Ju8pD<3t_E6`_=w{t%*1@K88s;@fmZ*AuF?@-xeK1q~P;m2^pyr|h!IywLnU
z`R16WtyS-n@X4N&-nKW-$1sPeHJuI?UEvRt@2CU5DCvAg%}TLCJ-iL#XRqC++7T3-
zB>(0Cfy>S`9L}FzR`q@NF{!=5t<+E~tkTBm+B^GSi#?^i>Xg*S<uJ^otb>mVcsKrr
zno6xu1Kt8cP4MT^Yb=I(yJ$9%_c%1eYAL*e%qH@C_jC@lTGY4M<25Xc299@w7V=*o
zFa#d4j<Nc(s*}2@v)JrkO!6e@y)>D20LE*;feVkg`>QkRoLAD9%Z-=+&fCM|>wz;q
zcs0X4C9euTzD=6&94^_J!f0>!@X0Y}2o9d%=>d9!7Toy|VrFAWNi#UaiJ6`U`hRlW
zV(Jq{07LcBTPbcRTmt&)ovno+5lOGep1W?~h{8%eAuQXB0Jp<dDbOeu!=Je!n6565
zv;*5hF(N#KXA0G`Di8eK6WGO}YAe9o)an)|ZyjolIxZ~h^?L2lR~tR|OSoaI@#H0H
zvpZiS-KJSe%@{|qm}7Gx7p52E;Vu5yjD%vXU<tY9!L!D2&0;b=6Nqf|EYZ3fIGis$
zx;|3)D3s@ZMDho=+<RCsQ^jSx*h^>cj>)Y5Vi`QZi(u=6Cr&pIkSD?)Q6KP*I#D`t
z+NyH%5y{8#OF|jp3x?OdHtpf>kd@gl-vsA*Yz$*rM&b2X4W5WaUcM3NlA!xTUVa%N
zLK<f|{?YpiE*C&GwC9?oUlH@=`29K}BzrrABjRK0Fg|P}UzaCVAx;TJ%Z*^mN1i?c
zn_|9ke`}$fQpQ+Sa^S}$)Fbg?yhPNlZ|ykc0+06Z#97w~j5f!>bhZ+n78QZVvcQJ)
znlGZi@k4@{eZ0xtjJQ~%ggq$dA=ABm4BvnI{Q|b|Tto1*-LYGS?H~B^GX;|XoP+O{
zU-q#ID<24*6I+dd6*EywZgvs7=lzx>w8p|fQmT9o3j4~s_H*ucxgp&+@3eH((9^g{
zLWd#*<Dtr_hw(<#1KK<jKDn%B(x0Y8djh_i-sP)@3GxXnue}achMCc;d5w5(%zktT
z3kZq(VSn-#N9Ud=nXzxV<spz|=Pkrk@Q{6_C&R~#G?5ou;QurHB18Dk->P7fqrk}+
zi@dpbkT<1ulg2fA-sqA@<@N3g(poeSUt>O0cfNQLaNJ@kW$GWZ-8**}fL*}jU2Kjt
z<fcub(S3dAiwep&3Z>JaQr2d0>8VAh_34r5P9CJ+eJjDNeR>`pa|>q-8umvw@H;!?
z$U@7yoJ{t%MG4KXnZIHeM<^jZw04u@>M;+Cr|S9c;-bAdm}KsHv`{)ik8E&DTvvOg
zTo3$@$;X_D@Z}WfJ~Ym%1tKEa9)a<qv8m|4B6ZL!q+w3aX||e0d^*4K*Z?!ZMdo+k
zD067AI?k+JA-p$femc1B>TU+$;WXItV%R9A`^4$qh#vF~0GtMTuTHv4vBRyFnF6Ce
z9Ab5J*jukhh*FcmZoaipjk7d$SXeX}jMv$doqk8aB1bp9XzNI$s#4Z?+D;z)jb8iR
z!5+4wd2LB$9zmCp>n*+WfWS|$izB)`5n|O(VfgaXaX`GV7+q(aTw_`PPkH3Z*!v)5
zBHeY-HTQKfhHjyNcae#mk8*Q59{KO^y`{WW7w-a;wj+vI?EyW#jLK-q)Pg;X4QEwS
zM)4h!Ml02-vM9C<%hb))EOLTwO9l)@G$Fng<NZ6!i?B0O-t^y5YOpj0vxKEW0thBd
ze}yQ?=<^90&iN-iq-1cJLgF0d#B%6wp`u9i78KoUSPH#M&=r%3>+dbZZntuBfOI%h
ztK-2;rQ@OIcA??kdjm?X*VNRGqmo7=O+at{IIbcm?;({?oB@Ml-J!WNQ{<Z+b5YH3
z7(Mw8;u&cgXu><%{c8GD2d90qhc6)hWQ{dO5br?xqnsIwq^HslU1;25@2ieQa|`a;
zZysC+C}q_Qi7pV2g^lfc0`&e*3zuT6;F%UziWIiK*+d#tm$N(x+*#_Y2b)lbbP>&7
z*QnidET$qO&1Ty5=4!>oI;`<1cR`oF#%I0lQJnr4MwN4|MfJJ8ac!YNg9FxxbCGY4
z^kopRPPzl)>Hjw=KK3~q?QZxCTo+FDmt(|+-8xP8A1ks2ed<<m59X3qy;wmEXk43W
z;p7m-zM(`CnVnl9Q_|`XN;;lUZE}t%kq#U<yZ&qiKpY}u7Xu(X#_Mb~$6qqGmwtJO
z)9ITRDC`q?A?yfYmonQG>_)zf2wRN9A7*}S!ZC6XSw-C!RZ2g#OeU%uqoCO<SChog
z{Y1T%B(LPk{w4_#W_eeo9sDCvi|H$ADkx)n)TB#C-j$c9QmV+9?i8$x8DQ=o#T3kO
zZz8^%lb!RpsR>|vVP-G75K^2ziKg-&l=fgn7fa>v!)=#FzF8p~5UZ)m#0xzGP0>sI
z=$X0O5TA!#D9Z=}%G6~hFO*p8=f47?<rA`Bk$@BDQ>(!PsE_Te_km6jWN|8_IES8Y
zE|gd*WB8GI(9Y@8q&Z+*_c~ZegBk-szP+OR9O0W%8V~{!=i1al6+Y>|+Ydf>?-Rh6
zetSLG!AsK97}X>pDtPbvt;>a77mVXkt}2zVU5x;_k#~YC6?Cf&N8>px7;q7++-%O2
zIt7<pcH*K@pr%#<af3Vd5O87P8VsDMkqy=20oEE`in_7MU?GdE5u|r5Y%A#xxN;_s
z9u}n24!sm`q=$;V*xlcH;l1bnbY21kh7M$bcOz3Aw*c{a6Gq32i3~ypPA^kT#o?n@
zgq@c2i<U3oBs5Y5$ovOgq&`|90xAUxK#!0<&{NP=B*XV;q&*W)GY-?Ur^RP?8c~4Z
z(=d_r7>dKd3@1D#%967}gbZRBxUg?32!PZqkYXSiN$2Lgk_lFR&k_Cl`d}R%=~OBS
zlDw>Kk*uH~`TQ^SA-?EdH6(k!^-I(OUAL=6bIpqY?!xnA<b{-ckocE*P(<O*Da`2s
zW~43;f#i0c-Z+Wl5avzvqSMTsP_>qqsfI^Z&?vdTd~N@$fir0m5KFQKH?{^l8E~8{
z@8Nvs@fni5EDKGy{LAroayy~<9p13jI}U!8EQmxg3ZEB#6G3{(AJzh=cJtzls-mq0
zlU_I}wOci^aSliO4|CalA#Z5juVDWg)srQ%<1-S+?bj-0`uupovA?X4!ATz~02d;D
z2nmQ+e6++i^^bRd*XFnA9`QG%UOFIbQks@x(`|+>=orH`QaT_x%)4%)Dgt$c6VqGy
zL$)JV^PQSNvPAqIZ`X9vD=oA!j_Rafb7+8iz~bj)bF4#k+U1O)p3O&=4kJg%3c1h6
zeLk8Hsdtp*rNj%VPh{K7*I74@is@UD>d%M8U`q??S5yYHT+Rjo1!<aeiQOhd>?mPD
ze(8I!4|`-CP$YZrIuWYU#tK)O@TL-{j%pn^I?R*GO{Sc2J$T=OLS8nN^Om^p0#hZi
zZ=XgkGQeI6ZS1mvF`dH|RlQ~9*54t@4k#hQDK-aq`Gv?V?m>lD-P4Z1f)wr|@QKGJ
zro))5Cz+f(uyrZw!QZ^$=a;4c@hT}kf+*c#Exbrw1**(QUX6QA@#?bzYwEgj!cH8q
z6(weA<Z_$bY*iWVpGFq%!mKqcBvCpTVhL}9nfX-GJ?F_#BkO&97b&sMsznE|Mc=J>
zC`8)9jQ%%Ejt#swK>s-o6!x;f{9L(~$AMUyvYU-Lp&B1I1>7ZPb`*QLvV?}xnnRuF
z>Y?`IJ^D<BHiUzrl{uA;w6y&DaF3iP7qSKM{khZRHmqM^wbUorr8_~@n3i!J7_lt_
zer~nZ)Z5M)xG&F_X<g_<7T_?_x0I5vaM}(AU!_Z@4dvLpFobtupQqNVS$jk2^C;g|
zj!BK<^rX;vr6jo_bo=lz5WE#wn$={!@kw}O^XrOlX!SI9$9guDEM|C4@vmZ}+pjJt
zyhz#KJRu%;$i@1Ue6{Z@8oHJk6Y;3f@{D3SkW4w@IH`Ow>GuI-e<T=a;N%m6;VqK+
zWNhkep_dXk=2=!BWe0me(uVAJ&w*~l%rR9w0W)`w;Wc2fALKxXItJ{jlUWRbQ=9^l
z`5(itZ3nb=jUC4DzK~(xc<S6@t#c6k%&hcD@;X1ahw&!0oPt_*N#$fh89RVa!`t9j
z<V)KNWh@Q+i!vy!+@5YTia`C`w}w4QA=6D6`FtrV2Bbr&vh?gE$_pDTgs#0P#}<`e
zf>vF2TLz!CIEU)tb<GLW%e=j~7}UMFdN7ljuwrHBNAX}v)}Q=vq>Zi=vScEoHv58b
zq4Ah^Xua^~nw73mrhtdFi7Y4PxPhX>_@{fdG|AxXH5`%us$ob!C;iVCp#BBu9rkX9
z+0oE`%0HsN*0Dg*3L<2a;kn{l_rL)KURN{xR{F`9)#>kUL+Z@u#bxJUt5n@{`PA^g
zS-wERA;c2%t<6QkF?-75C~^lLNrC@s4ucah*=)Q^bJ|SexbC<Jv<s0%!B}~Q4+(1u
zf?F}(TO>6X%S)y}xCpV#xHr>p1MoM-YSTI{g6ZLrO)f85!?z0Wh2B1(qlD)WQ$8dA
zm9)oB?p?~aco|Y6{J`soMnZwzanY4-Qxp48ye}r!E_yh4d0*xnvTxvII0vAzte_dS
zB4nIMociu6nOwA8I<Rta=Ziv@?M}gYdtOECy(Yf6@i<xHPKhQ@A+6a|p51uaS+>Jp
zTUu=!ge(q%8p~<M;){`$w(8@(9v0GsamwWR_;p*2pL84|<_F>!o=*s4v<?y})<d~z
zz2T?^+MDO(aSCf;2}4tI$wM1R#!kf!366TA#UTICS)#yA*p_9dW1hw0g!A!BKsc!7
zsAk!={~7<GmmcqH`kwz9<dad^c@jSu;Xqlu`R(-i0vlJ?EiuH_hRETAw%B+dx<C9~
zgd)O6Br2#`0+jvf=5JPc%7(sNDy@T_uWwQ|z#IecP{h|if}zkt1IUI9t{*@zbffMW
zydoIYaP%IBmy=PsHvTJ02?ojKa0!=3Tak4W+QMg1WV`f=Qi$W^od*rYi*hI^F%mXt
z0^GnhhS^|#obp|;1#&=|4Ps<~7r1VD2&S@SLVuA>w>);1ZK&F6)A;%J3`BlKDI<&g
zq617$n>W-0UyHDofOF!2xKaTTG)_DPWXHU{jS&i*le10bmB5}W58E?P_0<LC7q-T4
zO4=cpsu0r(l_nTz?0>GFcx=x{uuM|dBjE#p#CNUW@Gm9*)wMjcF0$PdMnr9Qo)ZX0
zhG*Ui{|lVoo~Jc0lr&$6bi9rq2?Fj{u>0HV_FMsc%fx*_Hnw%aKDYSJ2NE4@DTQ3*
z-vm#zT^n#KfU5&DbJN<jeOhpz89>krN?8I5g<yW)|MUV}$>nu`#1+_@O)%`yDC{3M
zK2R}xFtrv9&~8aryv|9h^rrLyBaIC20A{U-?+|w1Z>Nt&Q_BgC!GY89UI)#D7a~yC
zfah~as`H=c2aK7#DsIEatsYR2?(V;0p^==j$NhT<v>({3c<gC$*~Abg_~z&42Ze3-
zKCP7)ZR8pT{1pU4&$dq?v+N6A4|6=%YI^+l80k~O^{l6h#i-d^y^4DK8*B>Aetxi<
z{x#^?5w!pAU&#YyHHh6jsxc0|a*NdkeAi(k`u-}DMO0K@AL{#XbozV@?Vn65;mtaA
zt;(4F8qflJdftJS#5YqGd2^k$b_`HDiQ;?i{6Dm{7jKEx!II_rAX^Q?I1X1VpP1zS
z!-oW2b1B^VVal-cyTiNCQhsQFGo)LJ)LMMumGEP8oc@G3P?2l0fA@H)WEZUVL1dal
z`hAZa=Z3htUuVc)2jX+oMao2TapWbWCsvD(>Kv;O7iH-5IhusQw7UhNx6<=luuzkB
zz}~b{Q8O8Nm6Y!&J7Z?-txTeXUgG-ldj6?ec9a!RLj?Ou2V1eOTLE~J-rfT#gCH|U
z&!-)5lq2+M8%(gEYXWKR2|tbp2ByC+Y=h;q>rc1AXaD=C;!Q$cuMeY!Da-?HV9=jT
zfK>j?4XEwPNWi~q{lion0}Q=!6n_WYP?guFVYgii%yeCFq-=xZ>t9|AV)MHH4tLWP
zXbmAiP@}K;arHygyEM26K|zg2HhDV37o(k*SFVmK53HUS;q(-QSB8EMmJBx<-zGHa
zL(Z$I()<YEPqj2%Pda}GX~v@rkwVO{MZ|@lMjH<F8C=;~d~w*RteL}o)m4rKPoM;J
z6fdtoH<21<b`P602R*=)IprT=AnGehh4=YiBf=}}29COBbd4bj?C_)WpyXbA$l&yq
zw-;<huKW&$tp$;tFMYH{@)^IPR5zhClD!0TQ6;)N|AvbZ3L+0vDw9SK{Op&DyI6Zx
zd(Hj&WnghEL%V%3PYQ-cVCNK?I}CfZbvGw!m_SOBbh?8dr#&eWxUHl^o>`|jmn&=c
zVBH+J<}K-LXwCTjF%712Lp`1@+LsZOphLvXt4*hkX`*oyJ7ik8h!ha(_S@6DH*kH0
zA<i+NOII1AQ;*vhIHIZkp%E#9+YG|=V+LL-NLdt|sosB89n8G3{`}R80p;DC4UFU_
zNe4X{h^0eCg+{hT>2`*<CSbgYi}xFW%4K}co#SkS{*L-Qo1E$vSm#HMx24YJA2_88
z`rWG)aeh{}8z;oOxz3FJlUS)S^&C;@MbyQhl~4DcQ6wDa{H;Ehb89{aK!`&p&x2s`
z{;8WCxSOMCotu5q2`OdHXTP?7gV~Lke)Tc<QgMXU4&O3Gzd7|HLXoQlR54D>kx(SJ
zF<{=`ospRb1AN~{qpFw!57=>a2ci+kf-f72rYk@ecVs8z<f^;l>SrJz6?u~6-(8*+
z@;=`~z{>x~OLkV%uv)WtE1t#M^(9~|g1Is-4#$|mceYdD&31+LZmi$=XhMO&o6?1+
z<a+L!mbme*^~43okhbUWD$%z!Z<OCPHP9}jqbEE#%{E68(|f6o7=5C<xc0R~tI=w$
z=!@~|ia2`dJ^Img6i>vO-!X8tAb-q!SMK^<XUR|;o!Bq)Du<WX{HD)o7>DwgR{?QM
z3_3qCVZEz1GxIB<{5IvXfd3||*phqW#eoAQS0;dy<QW+Ce<%kftFHeks_rGAc(fbh
z?WNS&fNBFyu#GfeQa(Ih3*-mJq|CR$qF{NMMgwE3VY|2cCRQv4!P?doA_<$ezWKZP
zdjSvQgD+qwrHjdcr<b*-h?|!iFo<8&|KZ_o{J*fawqdoPrFCHS0NU8d$;k%$PH)j>
zsU;ZzQO0jZAb@Q0DGaa%)%|!?Im#WNulVc7VlB`aF=7AJqz8$%CyaL_8z3hmzkmR-
zMVbSE<EB-!zeFeWR3R2$6sBdC>shu=V-Aq7gjTm8l=i`t;|BSGN%Q}(NJ$beMwi+K
zIMj91Q|J6lXb{@}6>nMu+hC<w+Pd~!h#8lvvlz^U<|3j+=}lMJ_<w!rbjO8a5RX`2
zN_>G;YbbB%L8r6)3w};qk{{}(C~$Iz6w<9V9e;q-)4!&jjbU*|RZ#m#0KZuww(E{z
zh&m)lt=`Pj1$q{}2L?Uh`@pkXJD$ElZeyWkpyQ^aGOD_&O;>q+>yFRu5=OB-knl~j
zekkd;;j1rF25S{qxmy_kwWzc31rQ$>?|K1_iSxP;{Vzm<R@XaSi;NyKjAQ5XA;jxK
zE%_OTlr#(-m1m_im||!4rp-UKQv$@-2`O6!K$qy>d!}l++%|PU$Ay1DLfb*F&^u~+
z4-SncSS}f5$shoGwE!LfPBbYUz=R!Qk&&-5I7JC`(Xm8t@p}wImizUZ6=!Fa90v9l
zDD4f8-F@S=*MSx=(Mc~tU0`{T8-16H_ka@4*7<);OSlzy0L_<u>FeEZP6#51?0x{=
zqBnfD?5@NgPvM)pLvWvHSl291po8(UTVSP0{O#!(@ukg$?1*yuhQ0E7vc|;e>~=hQ
z5qsdi*rqKfSlnQi5JxdLg#OX0c)v^Wq|NK!@AYq5zsTyH$}g0tzp4Me0dY*c!G2c@
z$IuJJVqtOK0Ok$gHegn6Ir<3@boTHE1-!X@)7pSa@i<xB3MaU1AMPGV7}t@*4)?vM
z%kGMO<LfpQmDP#h)2To5IUx>4hmPyvWYlYhx<fohE_3r<j4g7CcItBZ$e&OV<)Q->
z9;dJ``Qw!0Y=C=^L;7S_KZ(q<Xpn_o$cF(Wl+$|NHbs*Q!Mq~@cZ1z==U3#?DL0Zg
zd=RLA<iPE*vC@AN@BYaqV9V|P>Kyi5cd!w;_5mT>P5lXmqf7eoB$W43W5i*YEqm;S
zH~+KiMt!t=5V0Z2VjAJQ2)xpt7!o!}g!3v;)OQJ{sMSR)U8<@}vh}K{Tw}6JJN`0r
z0-h@J0m9#7QENTLyFP6oPJjjmk!4$Na$nWMS-J8ZNV9!9E(KFou|^3sI)QQ!G$mS+
zx~{nK3pEmXpeV%^YpaTQb=!o#so5y?P?mo7uce8?eWC@d3~B|=i!)^FY&d1w9*ldE
zn)%1ExvA@QEJHX&aOuAPmi_8Wgb|((J$9fm|F`FT<700AILox;J?C@3i?_=dXj8h`
z{P#&cAV<V<Y4qI>oLj#lara!!o2HolzH*C#&=-L{^Wi_wIbCSqLo5z}ol0mf*%{^8
z<;H(S*2Ud5?<ZvMnDa3ZOEeD)c;S5F@CPaMGan^hZ+64et9bP?Ee<hc74_p|Idqac
z<w?l?`tu2R<p=&P8LT0{IGXDIAG@E}7m(qcq_~z1W?TWtDJ*wD<S{ZYZBO8+z8t`x
zn~2U9M<@Cf-kv4?%DX4o!h~oUbv}xTyTWfWj(nKOz!%_{{?Pp-BAdASJ-1?j`Wxe;
zEmtD-!zot|s)t`IMk+?Tdkd*Q(R%e===bJnvuKP_Y$UwNH3)&_dHWB1TI*KVe<vTF
z-c`^LB+zQd^*LQ2e(~4>eu*p{oId4Qmjeh+v2qJ0vv;@8Y;3=Bu~#ULZfR@*grgrH
z#YZo5pB{`JWM2xip-xoXPC#$|GWo3XCpa{@sU`APS2-ViZnN>NTO4qx8YvcF(t;R3
zs=@<{mtA^%wScz0y!O89u5!s9@e!XzZn(GA^gJxIWp5c`k0ax==5qtVA>3oen*guH
zL$JNe?<UUp_|Bxeks8C4pgGeksm%LdnZy|(;KC3}o*cd5rpp*mqPA0m#%CBdeZ=6>
z3ng;$8e~HbHy6ND-yGbap@4{B$0wE6in{&#l#?8f;3p8K+(4))>+@(JL}uVOUy+nB
zt2)>tTIN5OYg3H=vX%Kq=~&u@{w|Bpr-&Xp;}D>ybw5)jMI*2mZbV;_*V;@MT&V4b
zdiACn`Vv=tZq4kC`z%J39z2B!T_{{A{D4lpQq2G%%Pm*r=7n17{On=y_}=)K?)L4!
zg*`q9yQ0u7Lm}jFi)Vltm4b&TVRk>WW0mF$g-iX;u5iy$PZOouhHL(HWTDF!5OR=h
zPjtBaWeity;FYyZMwZZLg`})MRMM`viodA%O{CR!@x!{AvD6PzzE7x8hL?=GXyWkw
zX(9NVpgk^TC%MpPq<q1?9w5-xDGa!K`1%BRx%qnLl+A){UxZyM=;S%yex(*^DEQuX
z6%`w!Z#o|ZAzjgD-}>FrbX{n11SOfPjYwk##^`1>x{&rl7BFACT3N2!(@bn6z4GYh
z)rv@7!kFbu6;WT*&X4lMvi(my>UqXDZ^yrK@xIUs>!=uFQPBm?orsIk;4s=HOy@j(
z`J3_?(fltHUy7pFccQ?T8J<m4zF$RVY?@v%>Az#9`>&dqzZM-&IH1R=Ht}4Y0$F9n
zvY!IY*Wa)$y}okEULTZKM4Q*cYkmzm5cTPrH0H>Yf^1^FpNSoxe`RQk2Z;QVz2swm
zH$lx23N_}>^;O_~#LajyP9z$<L{S+3cuo&WAEE_rLws>S$ccK9l)-td{w^7tNV>n2
zRI3xeg-3tDkC7_O|ImX|>j-%nQO72fM2}FXy!jEoQl^m*%+fddCv;#AZ@A7KHR)X^
zVm74q;B^%dIwQ_`<spH!v`!70&zxrdDgzD8K@4jQd2yMk>IrhM0+d@iHK>vw`-=ZK
z6yJg*+@@gWE<%|0=fB#j#|W7{d5XY#x&C_m+6pUs!Dp(w71uB|kmz_x)7iFrPRV&4
zO0MRVc$AV=0QI2D{Vaw~MieYq>6%zjj<X(Qd4dA^jqkN^!|z^5zwZXNV5SnaupJ$F
zlD!Y)O&tQE&jq>dnnqYz|EJuN$jl1~HOeD;(+dQ|D!3AyNNU1=etxH0SMwYtkbVcU
zK45x%c|EvY<$68FhpX+K0L?+J_D?(?c7s<j7wIr2FQ}Ncy0qC{Z<7QI%X#R|1-#wv
zig@AXTAocYJvIrR4Q!cRR)AYer9+g`F<AV4{ekGqPOkwZO(rQCO4x<<R^g-}y}*cS
zbQ{HI9m|9d=@*ZqoVOQ(WSZN<XR^1*I%(dSZkod3epbEU->-%Ao>2gnS`;)lhJNYs
zwXgo#f|!(1le`DplXgROF`CP?{#@~|s#nN}_(jOR$C2?drNgY&K{d0{WXwW&Vu@v<
zqL1g!r*?j{iG$;{<*GLkbeF>t^?&z9Hdf?)96e=$?mMP5|M%7hg&PxnoWKk6NC;oZ
zr9d7AAS^Jk4rH8Co=yNH@*e8|3WlkS-wdbroUUaw=CaaSeq<qZ&n{*ey<6pB{ov)&
z&fSO_q}uCMaON<iM-0@Jz>H{Qcrhg=0uV9q+4-rBWhLL&?T7H0F_G>`A4Ogn(}X+L
zcF#z#Q5;s>4O_nAtE_U?zh3@L&qdH0;51yE56HcDm^9pSr}l#Z*jkfwkPvwNrRN@h
zPRsB2w1UplMwjD{k%@!u>+O%HUc0gT)(VmNJ6K;!`E!aKxiP>TXl!S+4VS+1j1>M~
z2t4utS5F+f+qe4NvFyM_m*0x~Ezh|nA<@0Bt;FkEnR}RSwE>2HBzzqe{L7V|$BIi{
z+$*zD9|h*&<-Z5zEb1FQwfh)3htnR~%m1fRIVk=(SIq4eu}5Xl4!QFf9*%Wfxb2B(
zZ^JS6?icZ4D)-d1qT2v9|8Go>)N6}B#Srhdrtj&mx6wd_VAlb`XJj*I91`)l*$6P~
zW@+){x?%EO-~BlR-2?lF{~a(eG&ISJNiQclCdFC+EzL^A4zEg3;~(t5ve`bAh?=Zz
zVP>=u%%O6(&gql&PsK9CoX5p1xf|(SaGO_?;~Hcw%(Bp`njSHKaOWu!c<A_igBIOD
z@bj0>2NPTI)>cHOef**HxebSdpx^Mx*+}2}N&c+t`uo4O0SL+Gq?|L$uQm#MPoFM!
zo!k9@#>ArUfYt&`^nM-M>aaRYC@gwV)8*l5=eZxvW%&ImD~mOLC%t7}UcV`s-|yb>
zw>56+Bc`;i+(?|2C-9($nSd{^iv6YTluxSMG#XooWG&Z`D-cP*H-t_e$D;XgGk3NZ
zq=dbU9a1VlN0>!e%fh8Ts-rSGpE`d3&^ftukKI2&|L>b=<JECiNDFZ<O(g7NyW)-h
zSBh*J-cjFkb-&2LyZdh){jIzE6^q}BpBRV*8uaZ;C$U=y;CsZR(hIcnuU)lv6cHQ`
z$E)p`kB?{AI!AdQ<=>z<%#&HnAa(L}bflnLOhxdih06|qPTOX~dEjUMwm`we+~isy
zdD0^@*ZBtjAI9at%0CXA1j~cixedWqA>mGus<mhLt0rGN$8j249eZ8hu^=Ir0%cP`
z`u2wA-fODcLPv{x!TTiVUNb^NgdlHE_HZDocvGB8Juc<?W#Q0l7uBb3)J3&bUvooJ
zhu&ou**51`vxOr|N|G0kLGFkB)VSowCIokO6@loI{P>xd4>vL+q#qgM9al9T8RB-Y
zD6FO(Di63@grH{(uYlu!+j8e6U*oZUr)Nn~;o+)47ZtGaT$pj+`E09@8&ZcrWv>A+
z)(wKEqeOnnn#vMq4n=2bA7(**>fpjxZl6JBbarN+?3VR~4<zN@PW1wqA@*E|hNNkl
z-yLg*2xld~)H1q7?J>2^p9@2I<fWEzrXiK7js^yaqO=n(Z^nLQf6HAhlQbadd@m|z
zrC3L?uAz^hpi<1-#Uh5+dQ`;wWaN2l3QVT%U2wrDYxlRopB0}UYy9Lz1ED~x`AV9=
zn-;q!=YK>WfDZxuW`XU}P=-7aH0`oZ!fh}}{Ss<62-*qd-4Vt8@^X`VpQQO}8dcBR
zm?;#+-}b;j;vMyqXK4{S@F?hRJXpZRsBYbMF1gyYY+OWIvubT$w05qiJLe@@_1)u<
zfN!kiull3sR>r7{FJA4onol13BlDlz4{MitMW*iUsgp1_TPBGq#V8H5%pZRm4XyUN
z3m~Lx%E5xDa$eVP8@}Lo%Q5=%+%KwGmhq`iG)ffgZV8bE@sw2wHqVg_xh*!nl=QF+
z#D<9h+tL^<z8&!K?m?1s$T^KR*G=X7t&G$&jdg9@pN_v2_ls-k9eh6EONqa4+0uLW
z7h9|62eqiMM3D#-gU8@BO?muzR*$<mK=_N4K(r))LOj}iG96NU7gu;eRb>W<Uc+7&
z0?q;<t^Y27B?aFxsOU*7xo0i3#CAq_>pa&W6DGLwk}Rw!HHwtvQ`h~YymZ+!pTFbZ
zd-SGq@r4bix*YCxCtjbT1{|QI+l2K`zf|?kiX3ufA85G`WU38)qV$um;P_6m>-R88
zf-D-K@kwr(H@s2+de<_dV;goT)0t}XhhRo2WUcE&(=oy3&oZETC1rPQJ^kia3c{oH
z`VYfTD@KJMBxdC^XnV*D?eU8k<Ps@qdPaMYTiNpYu5~EBW#-c8@jWH#$)qq|C&TK<
z=&rwGhcJw<a*SQr<rOvJ>TAG$To!GQEnd>B8B*G3q;3IC0RUB17btuj35GYi>kmom
zC>m^dy@PA{5X@qX;%=phSR3>D3&vopf~K6EqAr1D=aPDOW;A_aOt|*jN+>XEOgac~
zS$jiPAduO-5Oq%yjqF+nt3fhrk{G^?F{N?UBjVigPZgtA{rzdpR$7DLoZJ9@m^-w(
zibD2~o>5=4>L4Yj+W8AY_AxW(yzp-cS0I={4eI@ZEH`=zc9`^Mm?^&!ZO%9VOny9^
zh~6i4*56PzHD`H()+Kku;J85cUC+~XyqJvZC>ZM)w;ch9^L!zBi8@3@OO~zV;a7iH
z2lI!_L&NQ9rX0w^ul#W^RmsAz86u~=Ni2hSzDfrV)Uv-HAiuyF5ydX8@Z_R#l{dCi
zPoY1RX6$8q+~7X<O4QsEZOXU;GoI}LXY~HLS75Jdq#UO82eq(<AAB357!Z+8uUyS-
z;Jpj@N5dPS)`I&1z*F*l0kIz?Lcw-}&~=l=3;rR$B<GElic<3J`|ZQ^(OuArhmo|d
z1)%yR<3=>}_I|@~25$m5HQicJRLrsLU%)E*-fY+Is&IW;;E$?xL~qz0SmDm2Wrlq~
zv45B5QT0nxr#<JS3~?J-Ve}GUldCHub*w_t+!X!&ns)u^etrTviq@)tWn-Nwt|?cF
z*>XiqBZc>6hrh(R^cylx>qiQ|zOGW@yndRgz->6tJe^>T9swutm)FU<2uMP61D;SF
zEtZN}s1J53ZU$#*N+$)Ba9v2h+v%_geeFSi!hk-2sBe9nidk~w6fHIvIU>Ukd6drA
z`ebbmi>0Loq*m$0xfiK_w!f%t+caWeK2ePa%c)hYD}9&~Sbn-!7R|`yn|!$D+P5e?
zdX%9d;C>;AU5g+MI!C<TIV{1DmUwi<%&9(k5~SXGZsdmw@hEY-EjW#pfM%};(2eve
zdTou2=&K2(B+qE#K3_S|61-=jl#>#OD%4=9I`ow8U@&@dQ~YrUV#58J<D#GWhHZTT
zKc@}G7pbX(Q~?nUUy1>oh+5)-y0nI-%z*WdHPy*|!b=-nm;e$iNY6FlPx^I=(Biqc
zS46KAhJ`v?N&Z_Vr+d?PBrH`&1D1!)7M7CrhpC#2^<@^fl)%%en7zUiVZfhd`t}*X
zjQasZ6q9TSdq}*e2Tss1*cD^g_*{>Xmr^<2RJITIBtTh~RP3l!Jo>|)KTdKuRjd43
z>dgQ3k}mrx3z2<pswj2XeY-+2=MF8gBsD87v8fMe6I*rq0W9{7-%%oQ`aw1nd?j9#
zrBk6~kuR)?q`xlPq|fQk0iLJ$RhAY!T@E+SGR*HuytXe7!Hr5GdV2tEiw~^1Tbmv5
zlUIO%qcO`T2L9!2e%GyGs^pxvIeios1GbSVhI)fsb0}I2-><gnWZ|E0hHRT`v9PY{
z-FS>T$<sS?Rh~^JJPl043-F1E0*?`64VU*LOnC@ipUYA~mp79&(Y-^w4ho(5U&1Js
zt*9*#oi?I%7AJ(83)C*}t5jCvZ^TOd9OY;}R~f?Y&z8Itx~?nmD@dmNER7_NivVVI
z#+f=@w=dqmp-wzIU{}Zc6W~4x279?o({i$c`toBU{*A@s>J$M>)CBPBcTQMIlIHVt
z`%Q`To`feSj$)0FFElbWWpQRMSUBE$AZS!74VUZmgc#k%)+Z%LJ`w3+n@wWEo7MMq
zbYQkayoLA~hAbTqTuy&byL)>0-(QWsC@<v3O;XxKjb&ULWjUxes1tfo=|0c|{@Vfe
zpRo}hUV!^#fnm>plZL~W<0!bVWjQ-UMyuTO4iG)zw)g3V3i~6+WAkF}(t*0~-EdS4
zcv}KA5#g)pdMfz1ty|seB7a>LLBVB^68@<wGx*9RP_Jzq&?^0WXXGcJIRwhz^`wUR
zIA(qUecN%QgDCt1(J!&P>T2EQ{=Fd_5*=!q>UxW+PSj|7ZeI75ql@5L8HGFZTKVOU
z@<m=@*Ql=BZx|62nYlA;?!#3gJP2ggtc9cV9dIrWt10n{qN)gdYl@8KGU^zNeZM%k
z`I0}g{FsYvy!Z3ZJS%S37YOe@M6_rFXwALld)#oKYegZx{La-iD~qhHQ?k~NYCX#l
z|L#-X0@~#3)-`~<Ik>6^G@JDUFx?b^Js7IdL(<?%$RKI1U;Y#$Pt8YfKG_C7aZAS%
zNTVYt{hP;U#o+!{P0W<$Jh8{F^@Yc^qMw+V(0G1c$yV;~F=<$-wER<WQELI(K~8~!
zonSD7D6-H3fz8WWFPB^WQC&}koi_7{7PFm}-a^&Hd}Zp%H$q;s{b1Xp1Y77qMO7K5
z#lO*G$r|6E_A6DoO51F5qYooS6*jk#U)=p6l%n%bqMsMdZXlHPgRha1d=YSH5tZ~}
z#JpG==IrsTDV^0!b(l`IY~P@Ecg8gL37aaZm>sQeHd@c701J0i`V@-m3?<*L50B@n
zyt_3zoV3Z>Q?ehr+rGYSt_R#gvC17!rN_%0?uE2TKhLKEtXK%zAAwb_j4LBX?pJW1
z!t&Z9SdR;M8f%U@0Son}q5x~XFQP$&Pw8QY8(qX56~@rD=%$+jEySsXRN1av_6A&Z
zaHWfnspYGwTF<f`n{>(3tQpbo_F#vu5#t2yM@wxh2<H5R`0gi)<9i+cZn&~8==ju2
zSUzMuyCHOaBTPc8?472O-M|DdM>WOoax{w9c;4Q68KdQW;x&!(=2M~-B3WE0sbwJ;
z>qq>7r0g8Jjx&mVqirmnvE4zhWw&<Uto{9;YkQczwx&;p(w<7g^-m4&u2*()reOe-
zyvZMGhA-fwton^=VV0`a=v=+VLfu~ldGa6f4||Pd7A$Fz(yDJot|0b1XD6p1gJWx*
z)m1!NIu{~r%4)i<ZF-lVmQkcqI>~J4>&N<ogYNk?4#0tal>-in=iXy3_aG2+`y%>~
zEU*OF$-1qHGc0^-`TO7<AAgwO-SgB`eGQJnbN&axwith+G*ww01w>|c#sDvjy}v3{
zhCdT7n5OLb3#Ky)Q*>h%o=|H31y(=(v8oEJUJGC6ciE38Gg=+(FWZ5d26dD)UV&Lv
z4l*n%`+(L*<(Q;(*ouNL8DxXW@&vC%r@}?6u~9@=zv+voyvn?#+`O*XybQ;DQ%jEB
zSAcAPTG94O)1u)YWSB+fIQX%2)U>c#&EZ+#Hgf}C=VtL6xk5@_c}MV~hixxF)t4L%
z(|~2Y#e0X8DEBYqj=KvD!do^S0}Ly!UjT~=zOf?T+eL&WtS;C^3=JtkEdh5V(2v&~
z{hz+{_kCSe%=6CpxPUOEnTfvJ`9>qECVk_+<c-Bu#RBf;Okr=YNkVKf?_a`rY%B5H
z@-*=bC23!4l0K>$!@`rBSNh8}%JF9Fv@$VCtJj;gzNJ#lU!+eyLE@qMx0Fw6RX}@;
zWPYKj43)&v(70iTj5yQeyW3R_jNO!Hdxp>W7=?WAIz_y2`za7iScwf!Ip3Jtr4oj9
z5&Ag2*J<RgwoNM@|5x}s)>3$^{B-7`Q+dJWQHI!w(A~ku;75CIhE8h3m8?~2qhRwP
zp9?v#LX!8#+Q#07|1dVeFSha5p5L8Ogjc!IGT{i%d^DRb#$QMBV|ak6zcq?i?MnLn
zdvbycdwt)}4o$8ewNXP!$UZ4i<`~7_>jjQk|5R-JU_os+g)cv$q}Opi@ny9OT&TJd
z-Og-$?#EUm5@I45b=m!%9-GAEQ!cLVc2v!a3**8UiQ(RAYq0p{`8kGO9)jH%>GLhl
z5LdQ-Z2z2W9Vw9%2^1wITnYYr&E1M4xFMhgQX|>8Yjb?&es{z*Hj@^vDyShg%26&&
zcm`jX@nMFJW|VN#35(Fp?j%j&>H75IjZ4k17K8R5J+7ZNT8O>G1rUQ6wWcQtALe$7
z(lP{M0KvFtE1Uku-0RjG(MX%y7tlk}>pvCmBudde#77|K`RR-771!;*pcmdZt)1-O
ziLAhYdw~D_(ebTXIQ?vHp}?__JtOu9pMtHCIs_HNT@H&;JfqZSk(^R&5La^_bxTIh
zqRpSqn$5B+-vt|CXpMejrY_v*o#@9H-aFCXujx-y+HHr~boIZe?OUD-<2L^d*J!t!
z@r_Z5A6$c>E)2FxNQ{kkt=7v;I+K_T2lob(p3V=)4j*MbE>oKvZqrDg*I3-#W=1!*
zGcPT{bS_DIR>7K%bXUz0-|gDcA}edhJG|R{-C(+nV>jbzk-Xk)M9NZ01Jldhn8(u?
zP1X?07_dO6nBMPywlTGW!{p+LqER6|m~Y>rysl+jG9XhL>_J~M*5@<Za};Lq_q^?{
zla08JiI6tXI|`Qmh((bpa4t2ICr-IRu*3J|$MJ+G!6Z~9G<^NF`ff$8PbKst`*F$y
zuDBguRa{l-y>2{?z3z}L?6qIn7viU38&KU3PhQN;UajTVuc@B=3X}P9BIu>=>3r;@
ziFn0|r@F=JuYokYL$KeT%dWs2$9CK$!EAn6i}HKBvPq(lvS`@-jnA4QG~c@5OsPUu
zXQFxNSX=s#{M(s@Hj!XXKn-P4Q+`-&*|sf61Jh6a`0C7k^{;Q0WM6(GihBL;QSC1Y
z3w%Skyd>|1j0Q|?c{*eIXh3ss-ZVD<eGV@l&7I|QTX8&VZ*5FaBi&u9zPB2$Ko++x
z@PDfR5^5n}Jn*rx&5g?tdn1#!#)_ZI$!VH8lLY+-rQ^435Bsof*%U`^Nz)1v_fG_#
zlR_R<ny~WDy2h{5m6y-O1An<rt)&}87t09+{|{Af*%en8Y;EK2u7ThX+}+(>f_rd>
z;1CitNN{%=cemi~?(Xivd%xW0oDc8w2X>Dhd#ydHYF={|F@{~dkB3(FYS+JYjVM6J
z@off+4P}<mdzt1sFkAZ)IGlI_Q0|1mb4Ihf?;`Q2%x=uOd%D%MyfC>&0~4TMXWoLv
z)4)TzN7M`O*p@-BGX~%VlifAA0%Q)EfE1(j@Bb>{#Uwx|G+@0`^NM?W?=|+r7TINx
z4G#FIyPmI%nN_N*x(u?60)z$l-fu7W78;S3Thz1dd=JsI_kC|}ZreT~)J34#>NrxU
zxAwFPjcu{8D1Ry_YxG;HJY`M$ZmIPe?XQxkz4!6UB6kgD;2g8X-+-KKAb2id_5<0H
zJD&3SyC(H+kh!D`6%f#jcYKFLygCzSNXX{S9HiJ8BzI26(>FLw;4(4IrqDaoAY-P%
zvxuzQ7ErJht5ueY;NGDvTqX0_FlvB2gb6B*dDNac&L*uIKX%A*pKPHw@MGogg&rGE
zmX`s$;@Ot%DxES1`4Dl%SYY%}0`JJ?+gw)#duf29A2-?%n9;7)3O=B*bHS)LlluOy
zTn6z++v;CK90=TnUO1aes*<GD@R-$sZNEnTkIjggDos?=#cI)aCrVXjS7!$EGwiwF
z3fLxEa^0g_Ko_{{I`6h|buc@H<3dLBo6oituu#-z1_v=Y3B05I%@vUBHt#m|`G&T-
z&g>}EP2!TnCf4D+V-;U0HeqH=^UnVk>SczrurJHk!62b?q9VQ3F@GZE?D`~97#M1d
z^V2U4MB#m>0@QII9)qI=2SxE`3<uox)JFT2=3aSk+LJXu-T<fQbrp3F59wOr@m8gf
z%WN&q_HSYyTtkIhCsD5P6fG@fCAsw==<XmsU5Z{qjw+9*Dh`&{??;WyZ5~U6IzBFH
zi&NvPC7<05-#r>R8Nm5mjL}7-Ek)e=^k7t!=;F$)w$M;b%c+s+INa5)JT@7SdZ%$|
zV{`pfh6*={?O%q~8Y_|)?X)y>x^??0d8hulpE=b!yK)p$JO&D{sQg>@z*q#&R`F5N
z;th~;^EtuhsNNVD;y)9S<p6)7u80NNQtrdgL{>w(+jcDW>t?TvZWj+4?oQ9GPyLLs
z1Uv$a9zHr&28D4fReGaKyEvvPt8A;MCxk3R!yNy&TkzaN@!lP&=!5MunbJBFeo#du
zU^-q6Y-@J`UMx0-&&I4O%_hv#Q6FakYxLg0`m_q8!*#QoJ+L{XR3xeB)nSj(I%ly?
z6Z1iZS=fK{2SvclFIhp%k9820p*jkB+4>4SR|CAtpFDN{#iOiQt6B4rY|fnS{`ER=
zy^mTJVNNL!;qT?qb^1b{qV+fVC;dCMgWIrkpyMaPJlw{zno^(Q(c9B#!leTzO<vv3
zyxwOm+3)S~^lk~pV=CWT#^G<PPxoF{a>clMGZe=J%7XR;{<KJ_(MxK%cJ30_mp!zx
z?43=Neb_5JZF`84N;r3YNjWMP0j3N{&vtOeHV9mdl3)Z}QCF4&v|uG+I9>mjkX0&H
zeM2|QS0@Fu7cJN6v6}nG#+vqfoXQ0yuURSjAq(8hGAo56{71j)r-kB+S=+a*-R)+<
zkCwubdn&Mh{Cw%-ffp9<M~5<9jVccp&-2Y2b}2)=XAZOeVtBSfaFbbz%%d3xD=uz!
zy^GAX{A}&g5!XIN{i6m){9!Yd)dF|I3Q|bFy$!|}a?xF=Rws+?oYoaY(j6V%wzk)|
zC@SxPz19Z+@9O=dC*F7ieED9yRy6<NmF=W`3oRBnZRV;>2Hv)Zh6I2VEW67$<FV5z
zU_-%Y^|_0>STvwnIk>f+DrY-&coFue>mSdDRN1sXZELZr)Txi$xoyFr7?6Dk3^7r$
zWyj)aU6v%uKr<@JYv42B{tmo98v_R=3S0r;B?o>r=AhSX{@Nz{yI({zTQ0UUKs2jB
zSd|FcK7o8YK2HHJcy$3z_W)o^oiPB+XE(uH3STP#H}00<mE2uO2J08}KyMENR`?eQ
zHh3iU{ZO0Vf2D8yf39n`0Rxo+sP&qG4`Vx69C?H-HxflihUR^o<y~q1s<#1~ZHC?+
zZ{^RWA#+X%l6+qn^o6@3;rV6^5bqJF7>*JYWMgP4Ts}*<<0bJdXo~uyi!OQQFMSjI
zg{jRc$p_IP{>`)d?ESryS)6AAO6764Z-?`GATJ!PlQsM0D~XNq#eLlI{&jg49zy;>
zX8|sGL2R81U47>#L{7UeuC$QqzPZ!i)2-+*t9as%S|(59;gQR~!Zk7>+@Y05Dwo^V
z@G&GBk@Has)>F=-EIsr|CKhFv%KJI-JEFclN+wb}9=D$y(|BTc-C;Nv0bAb&fqb~j
zn?M#D<Tt=k)GsF3m@b^f$r_s4$u6Uh!NvH<%Y)Hwoe_Fv*atdlG8xy#uO_!PirCQZ
zt(VPXb98HA`bA=<<WyC<+=KMx)e_QYr~wZAI{JNXo%Q!s<2)&HrA2b1dk+K9C6{po
zIAdoBfv+e#S>KEY%LRIUU<tlV-?xjUa_s}<8L&L7jCeOy7b1~ILqO)^ZCA>D?|#>N
zKa7b<XKy#lJXqtRg3Hn7`Q-l4rK~1=ernSu$Vg|CuGY`+vBzK!`B7|#$Ds|=7B+UQ
z;Mq&ZIr|9tpYgp-dqWfW(W#-9xV3NNEYOT_;vpw7-T&>evye;%c;$fwE_L3!k|Swl
z%y0(#@?_QBb70a$1L6=^kjYf>{u>#WgkRnFrK2JH*sx5NKU*oUQ_bzJZM0TJF4`tg
z{Y4e8{XQISM9CNa3pnUetDA{WG0}}G>sw`-e_nkOLFL|rtU&@MS|4(jdpm{z|3Wf&
zpjb@g(%0hJF}@|o_4_}{N{?$}v?8w74h6J9E|XHUQImr=7P}XK@N5d$QhE7&ZOne{
zJJR((BZ~b2+aI`07m&{@(6`xhL{B1UjdHA*rWlA5SumruZ4z(AKY1<!2j#i|bCwgC
zZs3QnhChkX{t}B8^!Vya;a>0p6#yy7-^u^JGk@Zh!hae#^&p+~7*ur+Ok@EHtuxgh
z{nShCeV5sm(ZiL@15fEY^aYg-*3OC})k!$;>&cd)Eow;!KH%U@#BmVV`~B}I@RIsn
z_sKXhfT6W{3EGzkiW%f{6_<IEOsmKK_hUhEjiFr|l+Lb*%_;y_-1+|TTFrNXtC9Y8
z_3^bY!S4*gQiTBITd+!fubua4I6zzprGEmXMFC1KPQVrI$D;w)r63`Jj;o~~{`hXx
zXWM~HpY|_ra@1#k1G0!`dx2Nf?+8x-g4m~=94Ot{VY2Q9Fy=hGt$>klU&*z%W91wn
z@zA3E)IFbVr!cM!>O0v$T1&)Ub?Lv@ll{-wa!Xv>#N&YKVl}X)@Pc_CIMVGi+0EjM
z`Bc%W!jEGRb^2aXlkc8$@-~G6(0Xkel3%umLg+>V6Ys$9e`j5f2?306EQC+{1Mtv3
zo?lI<FO28KYpN3I#9_qXsHOhpLh$bZ{}tu=cb}$}&I4EX0HfL1UjQHU<3GUYPaxug
z?`t4PJ-hrpCxR{-n^4WC-~uS$3!EGXv`&1uG5!}H0P|MO>iqEXt324YJVz7L{c~V7
zy2YyB-UyPJ$eKT$zfXEY3|M8I94S9fdsuwQty?=9;B^=T4(Cso0?(=6F<wNhw`2JL
zZOs^Nw`ak+!w<E#`CDdNwqBtXe)H`!|B`K0qbJv633DTv(M01;px8p6p5%>$v10F&
zDI+%@WB@GK&0HAFadreeCM0hM(i<do-*Qk-yWR@yKd4-CMrll;hJ5>8W+W}+lsxK4
z{W?0dkWcQF=1oCky4`vbsuvS-%s!Pj+yoj}AEC;kuWF_q^IG`o@UXn-(R#M`B{Bv-
zu<74QPbD#Ey1p*%$7S7bJr>T``M_VQ{MATPUtrE8>nN)4@MhDzy<zPS4zykn)pfu4
zSpQn{-a){f{|Q6ZE=Cm}3A$Wu<Z)yW=7c{(fHn78rYCzA)2G3oW7P!d9-Uj|91^DR
z`QCg#mk!v#cTR=B&F;j5^P<4A@%huwlmEh=O4AipAsm<8vT}?-`oA-t)7U~e6Y~sB
zM|ib3SjQ*rpO<|}*So_iv2kjoU!tfW^qB%Bou3&otH|7|2>l+ed2zpxMIKivYYnL8
zR4I35{#WW$Br#9)7ZhcOk!a2Y=7|)$(42nZiCVXuG!78?EBwCqw1uBogY^xqJ<D&)
zD9nqjx@wKV`Fc!jjED9pr>aVYrK{up3H)^4hcx?rhjT*mmitq?*t}8L9Qyz2LeK62
z0snR$ai1GUl>)xC^PrY9IPg8>wXj$_O{sJl<aCN`h?NGDMV^^3Zo<#tDBd6V1OMLc
z`%V@XQWCt1X@P$SyZ5)}duyaxyB1U()%fu%`lsqM=#OID>1-;&LOQ()lF5^&8-D6T
z&x~L%FOtc<f9KH#cBRCv*5}K2yEcjb$Kh*t#`px!<6*dGtH4O~8R;Q=LVw=0n7t<s
zFpw$&{HYB9j*Qf0Udfh4AF+0<cG=OSR)sN2R_AY#z0#w1sh$+_0_P;$^Oup>{j8F?
zS-p!qaa)x^d9txaHp5vkU9>mu@$J|q2%k|8IkRbub}VE$c(9x2SaAsjJF!QU!289<
z0qIlw+a|)uF0}cFLuHiv2dWmgP6UOgW>BE!j<ysXJ6!gNcWF$wXU}0K_yLcv2A&d`
zC`TL&uORT*HFx+r>yrZ21ia|g3IBoiTk@>zOvv}YPwnI*AXbvE^O;D)B8`GxN*TL=
z62`NuY-cEu?k}J}{bP>%4-C8)T89E%3{5_pw&c|oTEzW%EjZ1pLr^Bk4R5&Ocacsh
zqx4yuZxY|r=2glH%hUba#7vP<*DpVnToEuC8?E918vf~3?dTS;V2&RduRv?h|A-Y<
zPrz_@7hTS-cvI<{$9ZfBf}<SSwKC_((i%Ds`<myr=YKj2b<&5<axdvqj~``oxPH4n
z*}AEnknEXW--GrN3-~?A&o$uBbrlE1F<osA<sRc@LgQX?lWf=<EO7gMWyP>Zk?_Zi
zTrGlcd<<eDDwsX#4~sRzk?=?Bf4}r4b@jLE+{|!hq4xN2N$&CBRIy+w?VELmBDUDR
zso1!^hXs2Ff<II^w;CWjZ%>Eq*=BMNb@@Vg-w<Zr!AOJ4h1-*sn10)!a?!(~DoFsZ
zOY`%1Qhg<MyAHidJpW$c&eKIM+=mRf{v1eiH5Is_;=}v|2$FW)*_v!Vwg+=BkL!2j
zWqdDXSW78x@xl?An@0rhsywuosyZ?JV8P~5b07deLpv6Dl_k9~77HY$)IJNsIw9Ux
zhkb4JFt!Vdx|CMSl&cv}`K9GJelI;H&$?;Q_D0e$p)p=t`2`ploVlFIS*ih?=fIRS
zmyaKx%L`Xvi2cu&!D2JUZ7V9$l=$dXhv6@hVXsMCNMAl{Hvv}9hP}^Dc4bYRpSCvP
z)Z&Cl^3YvixNZKi>Y2+qw?4m_Quw@HdKVTwZG}JjKJDy1oFrxYkF_P$j)EyWT7e7#
zX%V0+#a#%?)g)qlxEig0rc)Lsau?;lag{rzpjSE)&Q>yUMA*j#+&nfC6lQGwb}rph
zDO-QfDmzyyi(VQrQg86INt?z$5;!50=c#_StM4f|A+7%e9KXGg&27KGd`#=t!ETfQ
z?pH_H#RA^);B7r~^Cg)BCEN6{3%#ier1ILO*Jb<{R+j>sV;VO?dEYxOs9)|s>(t`%
z_fCgwGblbpBb7orh4r<y?vIsA5ygF&SX=BcmhaSgC;^cO<LNrpYD5LT!Ed}T^b(Yh
z%DIfvAJq`D-=C@9idvRC!Tg<-!$L8=@PswT3wBf)paU1Q$O%Vw%^zrs8O%o^_l%2L
zHSjeS!L#^|-12I1$x?`9tJkMo{D^y{fc`NJ6f8%i+;noItkw;E>cA$1luKces|Jqi
zoTdf6=A(3nPqe`lH1Q=3&MZ`HaT>}bxq$ktYW3Pp=`~0$PAG9~5B+L5dU(CJ!|C(u
zpzu0>*ai1uyMXbO#xDc?=z3)R^`yxKO8487)0e$hof4DubtINA9Tw(?h6eM;)n0ns
zd`vC36jLV>tvc*EN}6l`z~C#x^R_B%yNAKEP1nHBHg@k_p%UMcfUxV<2eQIgpf;x=
z1}M%rbaH{~#G$UkZl3sC+m_E#28qj6sBJaQt(1aWCG}~YHD<?c>v5eniGL^XFP@>o
zuIje|@i@{7AVUNoz54__#<%SOk<{eJBaaZmAh_?+0+1=%=a|XgITw_>$gZgiqi?$U
z6t9uqjxxE90tv5f0!2;;cY#NUw=+p7o1s^$-zdK(N10N>Kcvs*>eztHIKqVG$NyTI
zjPkl8?Tlup+w`@mMx#_rli!@!YM>an8*v^2mKX<h`fBY;M}^5?qyP>d8DC)=JlacD
z#!JqJb>t0Bhr<@7?nJ@2$TnV-JyQkCDE4goz4cY~f1DW(XA7@BuRDhtH5Nk`9LuXO
zvM`37?H=Ynmv&^QXg#Mz50^1b=}ixpfB$7T&bPmIpOV>#&Q5^I&P)Y=&&8CBrmO*Q
zpRMlRL~LsU-aiB}uUBK2An|2vK9%>)EJgyD;oObqBWoiP!wuA#nT%wu9}ZG5MkGlp
zk=0|W+t2TAkB5Sv1~aS;Msmk}5uR?@u!s-W-~5=jP~~RcI<l`G{5zEXCQTjPZiJ#G
zP2sa(F+U&c#k{-5u$;Ce)t7(MhpZH(7wRPbln10Y-gzp2W55%?Q!D=*ESZ{&835?`
z@JK!e=R|LkI0pntQxL?|@xa6JiL!3Lae@CGLQwwZmATD6&EbL99D+Yy<NZC$17E<H
zv0ogv&Y^lAhGXuRx`}$H6Z7|%*nQ)L)GqI2p5NCF1}}moqa?5Wuj1Yw1V!+GzSbsw
z>0_4))%w%7bhsIecerZu3W29U($S&QiO(Ne2RyB#`w<BK<2KTDMkm~4Kzk#OUKn$l
zx&G!HMg4aN881a@iH?19*sYPXP#5nx2q|A5rrN<r0Ke6cp(^>8JI3DyXJBL*6|fe<
zAGw|4O4w;4R9v@jh!P}mC;n+#oO!uVW&LM?6IYgfeufUS*$K@^qUtGXw6Sq7Z_6Wu
za+IlxL&GzG;4k0z36-6#vNn=KSTeK>{PrT0o>+0Bx*wdOj;nk&71jzww{(ShV{+!K
zS$vV4_s_1V{y4KW2Ze04lX{a}ll9c7zBsejxP`UueGs#%8{1RKoNsEf=8Uw_QXY;6
zP!E2sgWqvxQ@_aW9V?^txrZ6lhwDxal8_%3sIGk#a{#&JHubpI_l76iq$NMt6U_MF
z%r1X9hXiT-plfbb{_?NeX}qrF*<RLM1j#1zLDpQi%|S$eRxl=5Nn3AOv6x&frgSe-
zlCSu~jXWJH9RI6xw4bI8)pn}JW74XDEkaJIO~F2=>w3T;-B?^nK^~{`q>Jx+Y`CM#
z<?`@!t0k+a`eu#$H~|O7j8Y__OtPc1y@sUwDKED~@+F4j4K_iHn{;@HeHMEk8^&U5
zG~2=OBA;n!bWNMtK8b0Ts-tTpNtUTq?^2V^8c6`QReJbwXb34ZA3t}EC1n|Q2r<q|
zo2l!ZpqS=Ss3qa>VnknXLz~UmsUFA@Thb##^nkF56wXNijti09W378RXbWxcIwP&g
zve(IK<ZunGzT)l{PMC#Wt(DV#k|ZjdXXIbtSXG%?x+cBDF&rqBvPz$(Z&J=1ntgzq
zJ}`qHgqP5T8bUlgk2<ONO5&0wV0A%zkX#WmK`$U?P@IanLO@Po*5;5gFAh>xT&uyH
zL$y~YCUU~I%_Ik5mpKxkxzSC}vN6%k^d|C#pUzXE1Z2bnQ@g3!D!7gkBS>ui#)dYf
zi_TaUmLV`Db#uhHgvbl;J9J{*=nwUX2X@;g2w^wb8T+h;r<J0HZ<Rt!i=R+8Z1mUj
zZ{ZS{deM0Hk$<ON6Q^Ql6R*3DW3O016N^$NXrLYN|LlYRZB8TC?|?*xkpb!JLTY{~
zT5Mv=Kdt|BwW;FsAzECjY6wMD#&~XWVXL|NHz;e}k4#=}(_1M;#pkselz#W2CR9(O
z&F&*r1zY_NpAnC!uj|52u47Pe1zK=@{M-bz>fcJFl;|@CnDX5wmFivL&ysD-twzBV
zaP^|X5iv@{ms*z?@{GuBn=nwAS%l;`Z4RyyyCJ{mn=uwq2T{X9`mv-T;UI8P&^oPD
zWB3vs1b#cyhc;O{7n+h{V;EqwWf5ogSQBVinGZoA_Kf#<9(-c=7^MsS$7(Ck@HXKd
zifWaU$P+}(2+!Z`Y99wV7JSN{<vLUowH04P6`R(kL~w{@oJ*^?k&mT<a0sF-nuKei
zY_l{;P=IksrAD+{i~D@vtQQ%cr;o=*1&P1z>^@j>lBx4jcz_3+Y&H1o_Xys4wAAiy
zY?3MpVmDK0YGh4n+=-E*Uc#jCodN0Am0vjPdlpYn<*aZwlLYySlVV_uqV!_SkXkvz
zvcn}mDWLvJ#p5Xa>AJ$JpFHG_5{Vj+fp$br_FGpydmr^!y|00kUNuw?Y{AcA|62H_
z<YB)Y1DlhPn4vzBx*QCJ(1gI^B>GE{Vnx@>ey&cG5(7<(hJPTrF!+F%#<|QiJzjd<
zL_L9To}6TpqXyQJT}EAWCh@e%e0k72VHjER&q5;uWimZqwk|g}i7I2V7%OZ)TMK3F
zcu%4jcBvBK7r7J;#<_?SXAKH$w&jR^ZnVZ4d-$g;4LZo{Fx98k8m0*Ad5}8aa+77P
zEvjOcb7=Hw<&O>np4Ndv>1{mfTnl^T!XKw-u!s#FiV>d|*u<I~F|o083r}<n80^AU
z74!Ly;-gWqak?B`hd$%Ex;tXe!O&QRmi~rybo++4$YizJ6k!j6hqm#9bUatq49Xho
z7;g+J1e&-hQ8Ysh3NAv-UXNN7!{P+SoEertn8%~9sk9EC4jS?>rY}!wof}2fl!ODS
znmAP#WuK74hRr!l7FUL(4-PpvV;usb2Mz9UH&He;EL6_Y%V<^dwr=JQdHI*l%CFP@
z9?1Y>1FSgwglvge{us7L;^h&S<MWVKVvw@ZSmJMxqi)bej2?H-EUGjK)NgC^$;hp4
znBUII2dI5eMK;c3p4&W4!4Hg4YczH4ju>NnEU9QdaT@jt%ynYN4q3!8d$Iz3O~EcG
zy@cV(ma9#ir>vIp60G9~s8AHhx$s&r%)w=9C2iCS&b$epArn1|4L#H5FuZ@<1~?(6
z$oKFxR~Ff<lG!=K#ZbRN*A^M@uGi8#w^5!+x+{v_WbjiaGHB5`?f*bFG;I9|?jFVJ
z|NYeu47X@gAaf06#Ckd{#ux=LO_+?zD<+DoppPcd8lGknhmk=nS^Fs=2o0`Ml4qRc
zdk;GS4b}t6wvJ*rjKG+c=B@x&s-(nFZA+1&eu%7JO1Hh4Bl`+R3@ThAEIac9^#Rs3
zVnQfMUUI3uavv2|3P}-!=$t}Gq&XZn>3j-ZNsnrf6sgUb+7Eh*VNz)VUE$0i8`O_b
zzS)XKIvmSWkc~q9Vr?xdC@8v>6N=t^)V8rzT`k#MBVV&k62S@!5fRUe3Y7$UT#40}
zFKOJ=xduxq7m~IP9pxFyC0CNwlf-^RyU!U`b&R!CB5xzqQno!(Z7jb|D7Blm-xWn>
zw~;d1p#pl7K%I|66wc;dRn;sPH<xBskaD@Hg?*7}dwqqe1SIioghDrx`2ZnDmYx46
zIm%D2+%UI(y1=6sSffToM@$=}G<9nHE<R`>-q&ubbxoSw;8wkMwSyVp^^?y+0~JzQ
z6Vrqla-mE<3%A%v8h6SM#oB1pCnZLdBzMNB<?G-cQUwM(M|O$}8>^AekOgpl<SQr@
zD&q(pDhMTVQ0Bxo0N;E~A%TV-2eLj&TTk9HlmrYbA_U19w@cxG7%GLpBs<gZq7!ih
zHP2d8B2b+^J<T;DjmaG(3Y!)}t$j%}>^pp8T`D^hL8{tqFlDs4DuucXU(*XJ-JgV$
z4zVWKYZGSn+X#u$4c6OIo4U|HPAj}Tw@R#icG3ZRXfu2qCW-9zF9)cWy6iICSsKvk
z<4VwVtfu$X&alpiAqb{b^JrG_MG+H>8FCY&MOGG>vO<L@<R;GfzrBv335tR&Ost>=
zzZ~>r4hoIdGBN@89UZV-)-eq!-L5IKKOCSqy%ft|=B$t~?jFUM<O9rNINe!`XFIG@
zWz8{bpqFO`P3VF#ZDbRMxa~*6=Ao90_$|vcM;Q@|Y3f@j$PW|c;eVMkD97z#qQE3|
z@ePyLl2%EMCkG(S<$|ay1MLM;`L)l4;=YKV-+6;|yEV0wN)<^tAgFR9Oo>>-dqGkt
zh=|i+p_i(TAvk8IvNhcFwMEnEl4$b;wM^4kx`@>dt02lwN?TTx5H6Y_6mGX%Cr09P
z@tS=5gfS~O8&5NMdsBu^(b?nPWHXVW+QRC-Jk5U;N5AE{EPIVn2u=Bv^Ju7JB)^5M
z&i-vuf?CD*fe~<}vq&djSpJ-9%G$`(w|y94!PeKUnYM+O3X4_H^AcResaWF*xynS4
zDOyyRf~X*xvfiC`9|aLfm?_H<qQUUM>48A76?$P}*{l0g_Br?WN@&0I+8>CYgsl9s
z;STyuID{xjk>#ck&L+a{gJ{qPre7lwQu%&5Gbb^-CH@p>qI@UHbjJP}ZEF8Dxd9zT
zKW2?>56&I!(4+y<A~jUbqS_U)B*sQg${I7Gd)>A0>rN;Z%6N_6+ULv++he%QD8#&3
zk|UIQn%FEJC&q1!b}QnQHcgvkWjfdna@~}cq%8<}X9~hNR}4>-vOmX}su>C#xC(@B
zit^n!RQ(pSItY};GDn%_RqO{QGnj^rsb@5n;SjvR`-e%xfjQ(zhm5Jm&&W9EC<Sks
zrlf1hTw^(MQe%;~X?X(4BrAst_3nqN^mgmqzob*&`q^(P4C@da6E7SwtRR`PxW5v$
zUFe$Rh-NQ)MiSR4h6E`&>dmJul-ql$xyaDQNZ70}OL(z{Kss!Gd@xY@_~;P}LPQCv
zH>^;ZzQA^ZN{sw<?-juQGcJ~3sUbXEI{v>U<W=)R);PrWWHs@ho!aevLwKXs+qqQQ
ziil%O<qC!q4?~JFW<h)WA-AR-7QHp2)3v|o-v+r8lAEO>9J1+}%SqDN6?_a4IU?>A
z`9QZ^#300R<<dlzD*a??c+b$D(nKFK*+Fim=@As^peB;zG`ta1BG&y}no(klF}2Pj
zY`7-AnbL@&9eZ~BIPB6*2mP3AL|8lRUibts$u!^`g3*`AY8Q-KB|7hp;F3556MCH9
z;O`(`cxcrR(f3=utb+?~AO^<XQBN^Fi2Ki`c$i*tU0(PJ9c7lh-|l!r(OC?^v+Nj~
zV(G0tGTax{Oo!g5xDy)l7;)7Qz0eEUxj$dgG^UkVQ~!3`CGxBLnu#+;ga&oS@$7J0
z(T<X`s3q&gxPKPlPN9@ba6xN}B-D&~BgGyZs1u>*rs@+2B@r>-mA#vBHz6@Okzc}8
zrmsPsf;VV#7!EEwAs`o8&JSI&sJ=UlmJ*adje)Z@IT`)IE!$~}y_PI^ieZz>4j(FQ
z;`rr?8I=4M-5OE4kC32xBG(*2uf%GF$#7xq=(Zx#Zwl(yJ2wd_!~7k=RG(_1+C)Mt
zsdTN{rxsvLpeh#@J3)}N9!5F@BZUz1Re|Vge#c-F;v&9WBbUONK{hy3tuD<RdqGW|
zUSp26P+`pq<}a6ngz%84ErEG(r7c#`1t0f<;-AklGU`+8eTkq9a|~uw2rDAIq-?Cd
zMBD6DP>~{{z1)Bu!EbhEwut3f(Vlq=b!-hYy0Er9!8epp7#Qj1Q4PD5%uxnYuD))P
z5PsWy1=KglR+G0Md?_FtEe?icsY2w~6@!>m1gj=?_cTflZU{AELDs#DzR{mMrambu
zl#BUvM+$KgkJ89{9|sN6&C=U{jOcK5jw^+&x|WE~_(YM-k<lrXEya=2k?>iwDw7~t
zAY_x|&75M%Y_8RkrxLquJvnQNjgTDs=TGObcLS?09FFf85D2pngiVh6p{D5zQ^^6}
z^l7Z1O$1^}`_8s-q0nzDU2IP$gHmH0eZO}*Y|N%QqAFJD6PdR0)hK5967{qRk?R%=
z1`)J<z!1&*S_n=W@ZO21{~*rnyIURYk}pvd^96`3`ESCD)`)67%tc!VTa~w~C*1!L
zcFplNUWWhja5bt_ycjZu9XeQGp{Y0uWF$vq>(=HfF-MCtJ>{-PI6PBJ2tu7g<yNhS
z;x1Mw89^Y$KuavN2!bD<iH4l13^qOXD`d-G%aiuVX9Ly$3H4Z;QzWOFQHoCGCsWPm
zh+c)ZJwdzW{Laeip;2Hkle5B4Drzid<rl;?Hxpi@f4$@>yobr*5g>!Gz=V#Tnq|%W
zitQt9=nZqG*vC(*THzKgHniMUz{f9>T}hk{naJawk6Bd@S*s<(|7oGr>eQm!9fVm%
zeA>I1HKkizcRuxV?J5ZE2$rqsQt(h#)G`q*uE*VxkEVX<LJ&D)y$0TOT#}b7IpT*U
zbQgA(uWkX2d+Z=nG=zuJ1`%7C{^xs|y*8mAll4L3qHty>p)}M%rdi+SXPEYTuqTLu
zP?2x@;4;5Wd#o?6K%m>NP{-wTP^6xW_d!RUNbV_ay119|Ng94v#UeDJ3qR8gsWJ(*
zI^kB|EhX%hjJXV2=O>z236&RqRU~DfP4zBTi=6tRRA~hK+O*5m*dW2MJqCq&u(MjE
z9R_uy=l{$mk3~gTSm~b0g0$?WKx@c4?hnyVc0{L}*VaxOIaJH~jzSKBu82Y>0YR}n
zTIbQ%M-*l!@1CzWjnxNvO4t@*F_s1C%)sRir!`ApfB`oR1H0NCip5Mq-c*nQElurs
zG8hESwe3+c@|WHHR*(C-V|8^kw$gjCpVhSo?*ffi7cGBVB440Mg4CLD$`!(jgdsFf
zm-bT_H+vR3gkMR4TW%*4pAtJ0G?H2t8e?u$(aYc>?*boES|OQ>Xu87&?-D_Z#X)GX
znwv@QUM3%EmK}(R-s<4o24Yz^u9PEJH{m;U3#KjFJt5@eA1BuDko^*MxZ4!D2sa3G
z^g*A3rx=eNk+3XnGmqyfyI;G%V&zppE|5;ZF~V>r$WrZ${B&F-+2CIieV&C}L?mMK
zkeDg&_&6*M1PQJL0Vt|@wMzpuj;{9G!JGmPVT@XHFyS#*DEiivA)9K%Fl)Iv5#~Rd
z*x-_9x#wroI-s11Wb<Gfx<#4en97J{e-PYv6gx-I_dt*A5<xGr3ZmXZ{s~cQOpc;a
zO$!;V<0@+z{v(1=6QAgu_WA9oJ1pquX|<RKynmC@1_alW9(Tx}shC88g{E7xGhr7-
zK73J!`ug7Pwmp+^3+r?kjwXXAl<Co*-rWjtpJZ3{AX3y>w?`>s`c>el%uEnuZwc}c
zSC?RZm8&s+9)}!>uTv1+QH@iWn^Wv&t>6oCA%{DSG$|vd<qL7sFD5z)syCrXy$-hi
zalIX^)B}b{qO2x?)=U89ZY<Ws>p@GxHxQ88{50S2D<<+1wxgtjA0){_v)4F<L!*Hl
zPRmQny+>(*)ft{kMeK#`bcB9$n}G2C6?UabbClFkwzQ`2gM&>VYO4B@RS9dxN0WkO
zV+x(|Pu{Mlp+_6SAGz|#Kz(*r5p?&5^Fw$apUJ|UVM13`MWp+4#o!tAWgn6$PlqwC
zEjUpje@>u=OAu8OL7}05NUaG!jQI|NVghoKO)sBg*>635)X5|$5lXV0xyb^53ln9x
znC-6Krr@rQ+HTg!h?xk-=Ft&r=g{m(UYHsZkwcW8!}dp2t+0k~A=_E~+dICGiXsY4
z_1lS@Xo@x}^iL>~5ae&CSypK!HJ=JcY(w63lPCAJ<UT{AGg9kv6EsjY^sFE9KXwl;
z1VMf%sVFEkfDegm82q~C*YL70jvFpn6zJ!88lD1q(^$6R)CWb>m9#~E^pGce&>FjC
zm2R>8(1NV4;TE^Sa4WIllj1e*xr0|YkU?0X^hsH!!TY<A31)Wa5Fv>76&Lir8&KtO
z@~@hEWkT7UlaM&w2ozX7J4oZS=yvMnK|yxw^GX<^Wj#|<b*wAMXsPyf_=T%Mf1(g^
zAE=7<F_dE1_q+QW#4^_SA6g&_5`v+>5190mR|nnLBa(u~6@ovPkm<WJ7(n@`{`y2S
z43QE-yp4lAs5+YrtIg(d7vm}s<CZHztwi7+LE@~o@x9m<eWHenLk&f%FY;?^I#IW?
z;z|RaE?QHaOgN1`gjSqRHdPX*A*v{+jNt+4MA1x-s81dZ&5VOLEO!ExNJ<<kECH*}
zp`ta`PlsrQh^FqCKY=~2uZ&;5Vh)X}UwE=a8T3>Q{3*G_TCz1twvr7hi!FM#M@1j&
z3Lp-vzu1x-f|r#vI)|URp6KChUpNm5oH%;}z7f3`N>aGg^YV!g1^7`;>k%l=DQ?CK
zduE|cFC1;noHWa2S{zekqBYhdoZMOw!gbHHNp~rSOw0TfSO*h+R{9d@{d%+ivc;mT
z_A%$i&j}C`5fFo4-Ps{K-@m@Tc+gM7o*CKMISGTF-^G6sa-l8gRzR;71_BUR{&of+
z-_uAwa&+m=p||R+Dxnqb-QP<~?jo-|e|qA9|9*P`Aym@EC$R7MMHC%68?XJIZ^41s
zao%6=nkarMH+DTk^&3ysBQC$t?G}mT?x%^)M+cHmBPK9TXfzSBQm(Y4s94lG$-0-v
znF`_k+=137ziX%Z=anXdhEVN8<m<&uF{99HE>mM@ti|D7O)ZfMII%x1lZZyE6WEv?
zDHrftDVGWe=40E`5)1~NCSptn%@Yk%Z(K98X+RB#1%$GZw>k6#1@kY;R*8WtY@c+-
zm?N~zv~CQWqO>y3>Ygj`%Z)00Y8m<&+GBOTmCNU*@zs_Io(+`YmouA5l{hZji#m`J
zFOn{>HExdJzGi2(awzQd(ijND@OASanCQCBUDqf(5M1iv5u0qVcL#6~48zuw#v!lK
zSt7#>#YwQ5p_VwN5iKYw3gxeXsJkekLD)!JdYR~{jw_*q?g@PKi=_1H@=XpHQXzVu
z;OhT~4U|BC>_@YC;g93`oRn{x`%Uk9oQi0HuzsPj81vf!gq>t_X=Z&7`BY|4qr`Wl
zXd1rAZZ0l(Rqj7-_%s$0^cg$wi-^s4+`Zi^vn7tuLW*NQn|QV5J&-1f@Hm%xG!1<v
zd0K_Kq00n9@3{#f1kiRw6{89zk1|n8Vp_RWmlUmI4C#G>Jmx})Fwu?&6-!u)-O1Z=
zznZxS1d5t)g3O2DW_8C&ARI~u-ECDx1xAB7=YPU4TR`~Z`Pr>7(xP+bXw&`nn1eX1
z*|!LW<|5DR)Ie!M{KU+|!2nsedR@cA;Ujo{Q!~_eMS>n!m|C`_aY_VmWwkv1k!`T4
z3BXv!JrXe)`<4y#q0Ht0H7WB#;Bs{xFwu~(AMK8iTQb<aX%8dE`>!#m2S2GcG1V-~
z0DRxfOV~BhXQYE3G`1V)HMBG8T+Y<W$X8x}K-Hvtdle-|Ao5!((IXO~Qyi?s&jR55
zj|I__8dwOL`hUrmwyXtxKVzm!6ot%iIfCzwZQfOT<Za^|^sZH(Qv}iq>&+oHlkEY<
z8#~%!bv!?Eu>D0>h(3>EUdlpnJl}-{Vf|&?R2lacHi_bIRY(i(KS^jIIE(UImd~C>
z!lLc@rJS34bZ#NCRF-M0H2!{jpnOoGCeq+#jh*&wMw1^i$g~8_c!O$aWoe++QR?sm
zk+zkIOy+D2PdG;)B-k58`Xz^DU5g(kbNsTut5sQW8Dig{PMv%tqDibPfRmqYnP>fl
zRL=Qfj9;X@P?^bxOr^l5Z_xRucS2g`Sk+=PPyICsOKYlpEq&Co=g4N4R32w^s-IU=
zrk$*8ZynuI_O|u+!3M?FZE5&rS(0Y;Cu0M@*8c(k&H+u=R_M{iNqS?+eH$zzs$K3U
zZECGQkHz&9w<rO~8|}O{6St=ykjX`gSMiXO3QNl2rE>irVI`?s<(7fc6W|v(b1+Re
z{)VWKjzjqF4#YBoH|*=-b9-`oKQ=NH3wV0^G-Ar__l)dP#dN_@R3`JV;E|#^GxuLH
zh<te9Kg_I5b|&Iq16Oe}nXx!%+o{bA5Lqzwq%<>BPGvVJD*v6YJ^wgTDP3P+OYw%3
zUp%boH0&MQ8JNl3zjW_buarZ@@-+N208hy&@Hd1D`*oK=r@j$Si)_Bt%)xUxmtT(r
z$z#>yYq`<^7|gJ@`9G@vysi5BI<3<GS+gRX-xGM{>pvn5D&+EDojj_(UGe*M%)7kh
zScy@!8YzJ6av<Ah0c*nO8xiXk5x|C}^!3R&>&-pcO3V+>(yT=Fx`5xJZR3k7=~o$w
z_Sl4KRwQ(CbdT+9Vr6OOFGFk88HUO^C*CyzgzmAsoM&aPSAy^V@zrCKSgH_4!p;fq
zBUaD`gwh264_^(J=@}2q^k00x&rtlbpOgNZb3ccG=HeibthD`&<$99o8rJ9LJC=<2
z%H#%#=dbXjfUd|T$KooHq}Epl__QhZQp@bt5mgIX{2XCRvD6%HpU+q-l4%0xvdOmI
zV|Navy}oQQ31Kp&1MwAW{uT8kXjjMo>F!%E%*sEyOyY=)`oS*XblHC;@I?0QxWi+k
z#tK-5k@{MD+{PU1Id?oua8?c<v~|5tF$2{HZLM<nL0cPkey*dsF6-|w9I0!~tI9h!
zrHGlfyfhwLP~LIONPBs1`OeOCRRR@rCAo_xRfM56@(@|g)MC5nPgw1w{a!m>tAV^&
zB3Xo~P<;A{+G7^@kibJY)0A^R^JoOpEv6$F<N=619eDui58n?Sao!M6dCTxasaajl
zk^QiXCwTq`V8gv=u}_aRUOoyvYTX>TpDUllg)#<KnW;BI@QbuA`C1x@pZ)||c?{f=
z1pGE?O&%YNGvodf@VOrVg9RFC?T^G%*m;qPJYZF$<3W#bBRZc~<L`G^jU-|Y!&!E(
z{*2szew@?25yh7;-{{qyC;&r$(eiT<>GWHb|1iu|h1HvvYD<c)qzb3c`);5yj`&*v
zC!Qv&)<IC}BdO(zB)1dA((<zHFC~A6340WM{cw$DeJ|_6LkoE+q&F7>Mg9B_ECt$$
z3(MF}?dLASQ*N_lvtri&+1_nQAG#Udc!t;C$V{#N!)K;kz*qHV_1uj&20^~GxkBz7
zE?2_)Erw!$bHxmV0yPc`M@a^3AfH6uZ?V^h>mpv5givK#1KmD~bCyHND*dyL?yKu0
z*T_v;G3^)0&*q6D5yb=ks9K8%<4BtWlGd9r)0zuf3UfEnvhuJz@ljxTbOj1<W@N){
z@Y(A^b(c-Ei|ZB5-|I%yh`X%voT4X@*1Jn67Z$9Er~<}_K2@r)Y}vXGidW*#u`}s9
zTy_SN23+~|mPJJ{0Fv_l?;m`Sp(Aj#)c80BK_Wlw-6`VFJIxR<7IQMf(G~M?NhoLj
zF5_|UWk-wst#n)y_t(#!4zHBnfjxdzLwX(;?XpuslAnwwZJL~Tc$X}szds4PSF7u6
zyYozOQWAi%;m4KZ>nS5RSKO>n$#<N+VaWOVSnTS3`}IrYn(IU_P76>rZn>#bpF`Mv
zac!*Tzrbsf1T1CN1E^yr|3S|})ZnAtXCcu*WGH(!rtiMED3m*7d0jc8yJsI)(Q6B)
z!vKufGoP*xjQIdpMzhJcU2}%r4hQG9EZ1cnkAEq@8y`R9d%-tzeSa0|b>l#u&ClHY
zpp-qHGCmSl=#T6Cyg=HQr2^uupo~f^4djLg&g)-CG#u3_Pc+1ycpLq5!(DNo-jsZv
zjMjheK9vhcB=}J@)iTwdWgk^(UbNk{%H=(Hvat}OotvrLjlSVuIeR9UI*`?XqCf1e
zln(LzJmT$$6vksRVoovk_6e))&$nYQc0a%JFV-q=`y2R*BnmStdCFQUZ2d=AHsXcB
zW-V<-bV47NyNg18eg5LQm^*uxaei;KDC4{QNcz9zCFI7}37166ge|EFwuouTi+$~i
zYn^vBVS1e%n4drBhM{=;zKB2W$bWa)FP166Iz!2eko~dDlA~r|Q+x)WRSst?WdF6E
z8ke$V&FI-)knhd5_-mHNylcp}l3+;Tt`*WtZAWo^Vd<SdOelrIJ-8D~zeeC<7FJnY
zs&Rkt0Yc`l&^ZLlPU9HyQhU(bCsZzd`I8@6wsY-xa5gmgSQxcGCHyShCT*)#Xl;@a
zyxwTg*K}nj`}o}l`xuoujHyP5M`#wpyqvCIRQ1Z?$`sp*1>jrw`5qzMh@%ucLH?P+
zm(q(?GjL_HB_s)242RsOzOA@%bG8*pL$_v*BQh$VpmQ5*RfrLDJs@5+Zy;7r>bFWD
z*0gn~_WZJ69{V5qr51jc>UghYyjFR(!6@KU*c|a9tL#La&uJ81f{j^a(L0^fttjMn
zRTD#R#htDrpULEvR<D7tsf3+?7nzL)z~U_S7w4QEZGZ^5YajoTlXyVxFRnUZTl@eE
z8Cg!=XMLqZ+AgM9>NM~o2l~AHjmVX@=Sog6Yv1ktQW6c#wy7=DYL5Q;TA7OH8CuG~
zn-3@L4OxQ1n=R{Upx&3~PWtW_DaklKS8!F3m=*{{j>SF1rC`1_ziprFRbZTnC)7(m
zsm^K7Vp$!?&%jSPiBe@`2%s2ScaTDJ3K>QX={h`3#IN-pv^lhzgWcd-if=Xhs_inF
zlFWj?DJJs|G-6(4cnquuX32KBM-kSzzQYfByic(f_`el*78(IgWdQDyu{_Aw6hYEO
zQ!@3*-8&n4+cdjR5atT|!jl}B<?FO(8ZLY2YM}?_IV=9Nf}9=%N<60+Y`H+NPDoRX
zLRGK6c-PZMbw$!)s+zS=%%{5~lrh0QXkN~^2&ojF)V=xIoejyY?fu7oGW=Vi;F)H4
zD~8Ld2P(jCIh}<^kst79mCrxh+#R^laziaR7rI*qL|9vvyn%AFGjT0k;m8z*B{+4J
zM(M-l{P`h7qnWdO8QJzeV4yE(;mL{nCg=Kp*r!;aofJ-x2e!r{b=EFO*dY>_z0oiX
zM<MALhHXFs(mpKD4m$zBR={k1FL2d+Q_uqDw0?mDd4@GhP3AYzt9i^$E@xHnOsu9_
zm5-NA&^+BDPPFcJ@+!aiEzF6>s?)7E@Krw|c-T<>YSHI67d|OQT~g5B4m5qL)`b3Y
zlS8ERn)7(nbxtcJ@CF#60Nz}zPA^WmsNBSi_5$*{Wpn?8m5;*^UloXV1OH-+3B6Oi
zkw+!4xT;RGBj}!dY(>Zfx<mkLk&~;g4};AEkzu$6$#6?1{Rd1)FFU76ML%i=v!SoY
z59;!XRtCvY<TLt-s%7?M2)h=9z5bE?38tI-ducJd?2~onpT<Xl-+?b_b0{4|$>FJu
zQqJ^TCTJ_wXfmU(4*9Y=5i)M5vBL7*dzU5+Z>#DClrFEa5|9Pb6GQ{2@A&$1;6+pZ
z?V^s2(x&<Qa!@n$&#*XaI}mJb{x;+W4zzl>`AErF><K*HO!);o=UkBj<rB+H;Ochg
zF8GHlL60GT;>nAWzX$Ken9u12P)hiB*X1i0iv`%>7mHTJuw3ucN}P`^%zyh=kWHA^
ztD|_z#+*z>tme0Pu^wI}2I3YGGV@oq<x|@&DhEy61RgYPu~+s7mV1L^#a^FcU*)!N
z!6`F2fjIld1ZTeRsnx6jLg8ClCM{QTQk-cQmJDJ4k$!}6<=13;R&T~3sqZfzCr#-F
zkW&se5DIy+uok;ipu9)^^4c&qPYSpV1n_46(3R?2ATogkYkWY&fv6we_$`&yO>p&~
z-=l&1J)BZJ`KaSek4SMCkol=Yys}lN`}hd9y26)yYO4CMukrQSU78|PES>rS8~w@+
z4=ho8A7Nm`r^T}5KAVYUlWl`331Aq3ysJDj`pt2l*WGfei3peUjb<oYzn7Q({1KVr
z+U%^nLD7cn{VNV1j$#yNM-$l%RtqL)?O@s(53a5Nq+xs@7Hc{8OS_|DU_^Bcot)~c
zUV;w7Mw=L~k|ZX=BM%RP7gw^rGnKk<Siuh|twX)9R$upDYHY(wnAIlYME2x_7>h!c
znN?z|Rqn`gm^bl6h-S=*>&0!hqvqE1TcH$Di+uWa4hkn8fGlD-@K?NU+jo&8px)=b
zE9YL~449%u2EOBU8`fWZcyi--{x(DTeA$LqQFsXaJ6bIWbT<9Aqo5YY->TcQ;a;Tx
z<5RZ~0!y5_U0^2``X#_|zgoSQkHg*-$<KGutvGXO`ON<u**~>qhSNQv6{V;*@c)ts
zR_J7BTprASEgo|x!&~mtI_KFZ_RsAgL^!3Pq&=h<v_XhS!63Yxa><*!v&50fh**Bx
z-$YCt_!i&q70hzGk<#h{f&QO`YHWRv&QCP=)wol-&gLryD&$sF-`dQBEV)n?f=UWT
zwRNp<h;{D$uZ(DQoI*>r-Z1VDG*-Fy`ze6e79ra6+icpQ46l?y7#4egIF~Ml)1wLc
zKZe$o@F@EG15xR*agP#RVS-S$6&*1m)dxdcQ|nhBPH!w!0Z3aonu<5Z`R`Tgd!Vf?
z9+w^+PA=VPeqK^WdvHG(EdBq}vwooZitAo%u#`JKKG(~cVX~4ka#hE$+ly-UyD<?$
zZV`~3qqDJ1-pOC9O_sNG2F8zXS_A}A0qV@D31C(jyk<1ZzXv#`cUi7J7Sa95V(eMr
z(O!Z}oaOmrhsL#@k%gt9-Qsz<!d{d_%-i(^`bgr&zxwmvod0O>32xWE2<@MN%K`7S
z)NW^i&Rt+Pkx~J0b@*FQw&4Amxowa&&ZV2pz^BiC5*ioxXK_a2s|3Ij+uPko@Ko!7
z9yCB`{Xf1WlpDYo0?d{F-YmtGk+ytBlKQah0`~I!wwyjgak-W+rMSw2SFD%WB2nA&
z=d=~S?WFDVF?Y<DrA@-IX5kdS27hh4tC{SpP@Qy;kdvB0qL$0&&!GRveQ3gL`4~?x
z>NR60k)fSpQLDd-gEN6|M^OdGrDPVdQmVtgzT<ur5T}-|N@y=1@kB$r<ioxqBn?%Q
z%V9>VkY|-bpi?U#RzUZ?zM&Uvjc4-$AP&8Me4{^j*)IPhr;HU52^PMr4`fzQVQ%w_
zZF3TS!8fhHCfdq(AvGj<Ks=LQv~YhKZ+!g)YAXZidZ0Pt%ex%iL_9eW=v#Vkb>PeE
z-OWJ?`p}gMATV{hwMS3Xj{YqjX<r&$R?<rhOU9hMKPv-fT7tjr6D&QF6x=g;9=Zoi
zBa$PTDywH0h15s-Mck3}v2?D>Iec^Q^&R_Ijf6<isl$imFmZEmM3>6PDB64rUDUAE
z^odne#L!RpPve_SP(Xa(!3&JHw}*=#R2O!zp9`^MFH87t3~ZzmwH}SvCnWX6NR$mh
zO~hZ91E{XF*o_*`lLF!ZOxj@{!&|wZRZ-o2&2GxqnuF$Oc=rWwrpd|`BypA)cAjua
z^$cn?d-#z4TN-uuv*F)maMstB4m%W7m>Z;80h6Qe7fUQdPFqIVMurQYDBa;Jg~j1@
zQvftPfBz5byiZRtcN2c#<G-hur=`8}xqnXR^*8(1+z10oSX;#uGw&Hvg#J(8-%egO
zelW-e>D^P~04KM8VyFz5CE(J12@h}GXQ~fdkR*i?OZ=1cd_<;qLizG5LtTM1p?4gP
z{oZN_IZ|CW>Q>~me+!lo$@2+jexnWz1)^D(pKKXn2Q!A`4J?A>M@C}UO`xD>eK&Nl
zJ`E)w=6=Fscb|>G-h8AjrxVJSVaY?CjjN7#dd}M$x9s63T#n9<gqR2?)OfkncG(~8
z<Tw&8={}CfWtJSxj;V`dkLwY>*gwVa!W-nii$u^)_)dfN?tY-UrjIKe=fh1Y_D|i;
zAf|>tuoo_rKv;$f*Spn3rIeduGjzD@fp#e{n|qom-BnG;epF+-<iO;Tp`k_T>#^e9
za0-Z{l$QvO`1>71{}e&Z6NE9VZM^G9c;^u)|C>PC(hKHLthWK!%pP7pI%H2vK+7u_
zLNVC+W1y|s`8#IQUB6uCW3+~f6!%PP_Wx1!7JgB-(YH6!jYxM%BcOmZ0|Fu;Dc#cD
z9YaV<gOt)8BHauvjdXW+$G|Z6JJ0W&^Ev1J3#RV5uC>2w@4a3jiaW>bW1&dyYo+L)
z$IEgo$?oqT0`+SV&%Uu&El1G?%B7VZK=bLF#DlQ0YSOgwsVjS10fp2iJ1Gm}7bIOH
z^P*n*u!bow-OgWW@v3??a{FVl4#^Vew`x?`rS(x^6!i-~uGaebabp~~SKWRF7%CnA
zXl;lT{!$MqjG9V9AJ9Z8rHv|`Q^V;A;omF4_L6T1jvaeb$ED90{L<jLc6>tfI^Rae
zMj%-pfz2p2sozI@OXZlUeC3^ItN7XJi;>%U8qe%UR5UZ1|A&z|NLjqB1`%hn<kf1I
z_pwDk{I?hS?rx-Qdb_D4O;ORMWbsoDVsij%e0qXe8SnwDysgAF<Q;pIMv(*c5l=J6
zdEFu+4t4i=+}+v!3l<gaSPJK#8YE$LfeE~{X;|>FJlzRX{otZ0m`9b=+Se8Sq3z=G
zr%bA=KXViQ7t~T{VO-9ecjgnFzj(a6$pbKARF=lT4pHf;<2ePwWh+ZjGlgy#sk8|A
zH7_85UMf-Q)w49S{vZ4zUH)R*P`0veY_THtTfd5>e=K0i{8hx|#inf%<~%5>fM0Qi
zemIj@??P)oT4IW^EN&aZKQi%cI_Yr9E=cP;@JE0QNakCqMy!ckLJX&nFl<=TCLcK>
zwU}k3ZdWCZahFWEi~mzbH!Kh`q%o+=dp!F;aI1-KFTAZ#@jcbXcQa$^yt<0xx_IL?
za4X#1e@!w;`3jWToTY^HI{|E4YYFrEO8yL0K@6tvf`h#*gLz8D<fQfBzo_5;2exve
z=PgTq)BRtt_4{Yf|H4{2CvLBzSo23|JYOp|wC_S2zif7p{~hWrnE5I{cPi1Siyz@t
z-%4|0_!AY}?abC5`MeDiNIX#^;9u};dp1&q+R5kpn@I}T{vDmiyx)h#HcWofui`kV
zTr0zl@--VshEkCzYdb|Ew(W4db<(c2cPy~=`La8*0#Qe_ojY)gepoZtTT?@$UXSXd
ziB@1JPdX+s#+hHLe0pcJUioO2VOBy~sTQTcbO#~IPlo68b^gy56}*;=N9mg6hY3_F
zw<pLWH0QbS>=C@RzGD_NJJ7krB#|ZG68YT3jPlGuaj>g*|FnLf-}+X>v*aeIyknU}
zshm`DpVjNpP@jjvqX$?yFZYOi20(~y59DLdke?g>n`NB{Ujgp`Ah{m~R>G^Ver`Z)
zT+^oe$MF<Db_$gIyoV!XDGlO>?H^L93b}B%5*IH|0UhZELLaRgUa39n_zr7yzARW~
z_<T%NmPI!)Gfv2JEm<sHqWl0Rd%ZY=*AVAxLIS6%Y=I{yBQ~N1PPzRAo+=kAKRbw#
zZLDEg?*~h{tr(G7S70(wrUtI7{Ui+nrg=c!v0PcD>r>OJsL)K7?$H?GA+lVjMr<XA
zbT-oR{frNAHt;Kzm?z3|E|T<ANDOqmojLbUIj3jwHdSJZuj6a7tkk$4GB9Bhn_ZOo
z`wC<5wBz>9+GqbwyXDD)HjR&O9_ZSp?PX@m*7TT{>|X%C<X%)<<RGTa(sXAIF2Qs*
zZ{eKp6EI%Se}&8cGxB@+hh}A>f6P#|tS8Q~cUu7ThKY<@W<Rwnu=(vbI@q(|)qgWM
zeC`(`-Q^;^X$KJC$;55JIKc&HrJCUA_&#y1Lw_e$44y(ekWKY_2JM&x*%%z()lo1L
z0wkL-_RzmN+$8(wUxt_?YveFX1=1+-V63DJ&ySFf!sL;r!^w)}*R%zUt@=m(M4NVX
z0mP2vj6B(>J#xC=KQdA?Iqk6MMz{B=AeNuHjsh3hCzbSA`3$bfrr*z;60`E%eVNt+
zZ#g2*kR*|?r1nuMDBFx>qtywE-c5BLKPBwui6)K^eKGL&ddHscASO^_WTM9bWFN=&
z6{|t4Y<6J;S#<#B@iU@8iaCWO;kgf?Pw<_2)g@)cUS+k2?cRXvxL3FQ07E|WxdT98
zXPro1i&`ITzWa^IHU3{PI%3${hTM|pKZG{|me_e>8vMx0IJCwYhZGKLVZR@%yR-}r
zvOKxwLhW#k-0<u<>)&>vezQ2-Si3_nE<A1~Lcb$d_PrQlej*$}G*(uKzpja&|CHdE
zA$9w@4PSW1-~Yd*UROZfeaWiB_IM{7to^Q}>&Lw=MYi=_!koCUSD6FzWR!!Cyz3OO
zT9QV|$PfkAK&3+3ZT8#uziY#E&X!k`ezhg*#g!D+^M#GLJaE^0B)Wxf2lOcZweGg=
zVQPMvQCL0h@+*e`>v<oP+rK67pva(fCk6Ow?ka**cnIFN>V`S}iqY}_>e6bBp-xqs
zW`xg#A*MJEPH)wIP$v07Q~#j+z&(c0AI0k@&4b%k@i&3`<+RjiD<0<iM*?&I@#tHk
z!bX|_l~)aH_Bk57G=}lMxjZ95U^TL2O2WEJBbQyp>QYsD&J@1+1vH6&ggHj>I0S6>
zdCjk>bH#4=`hmPid#(V|LP;p<A{+iD5n?@gD@IZg!A7xB+CE<><JB3+*mBvTpQJ@>
zU-b=Mp@Z1;wPr#sK6^lq%(%)b{9RQzNii45<GSL@+FN$XMHokHty0S8L|U@-A~iv}
z-I6h&GaPrR>r2$E&<D$bi|?UEkf(_>eCmCBk<5TYm1>Dckh(B!!D_WJIwX)fR>Gxl
zN*k_8)#4}rJNiha?#N!C+FwZORz%})6lU9~`lZh=tgN1akkt2>Q2fc*S7sv0TTLRp
z*glEn>t^~_<_|l>MaTN@n5R8Sl@`U8M~ci_vy0T<?H+`^(vZh&I`X~f1f2PP8QxY)
z;9Dl!0G7`Ca!|Zb?fy%~6`bFr>nynCpQKY*Of6UMz*K7zD?ilkDFZd<21NW;^T#(G
zfZp6s0WgBNJZcq~qq}%|EJpI7x3>UI+!?mOcfcjWg8yR*q3o-(LoB@O=o$kO5#@<E
zi0A8zbVC)LX7r$*{GwvNneD^*j^Rztjo$n{YKT{D)RILWy{0FwSMWMo=C7)#mKl^v
zgqIsR?912`dOjBP^RqPN=sZM%RHjKH4~o70S7as?)x3xPRGj`53zCkk(yBPhSU(EO
zqhD%Sz2jNejE440^-13*3jcU|ws`*A#c<iXIV$yzZBAlOQzx^LI^w^hKMJH*V{|EN
zto?-d)`Fc+KS;Y{inS$-eT4{lZc02bTpX9z8V;ENhE%xkWcBsb`5=TsyYQ0fR@^19
z=r7Ozd0?xawL^06@egDs7m#P*7!GiP>?wMV?7<49kB}s1dHB(5Tzcke5?X~%|J2{^
zs+;fC>)YK064q%KGQR5@k#KWh%jWlvDY6DWzN%3CGhTOqBg2v|kn1kkXk_=<_r1k2
znKAD{<NX8Dr}7Yf77?BVTUN}ZlzIK`0+Brdt>yJY15hQFyhTy8%g_8#$FA18>d<wm
zQ(LhE6%2ukh>l|s=zQ0CL*~A=-S5kFL5KaQinh>oJCPq{x8^TMX6XkTyYSN}S+?Az
zNht70ak3+p@x49X`3psvj6<u_+h))j@-X#%EbYEQjYnMR5{u5OW|PN#DX)Llz#H9~
zI+o~WCE%f{xKE&Nj&d{gCRnc<3oyO`cuitK!3Lg)<t7~|4)<WUWB~!B@JK|ec&X2n
z$DHJ67|-gI`B>GBcP(y<`dC0l-R<eJ+REQof^If>oQno!%E^4u`=3LoG{blUe&^Au
zsR@}0>wZO0D!Dy{fS#R6dzTDqzMH{6a|x3y`EHfL4B;$S)rw+6dDpC=H<JP30*NcC
zutPs~i6>{;wGQE6g2oEV6u>QvwHVhPWv<$$O{yI5Dk13uw_7)HLLu?Bicp{;op$d1
z2CQM#k-k0jPxOHGW!aK{t-XZSgi`}X6#o9cx#9+k``@V3y0O(@F|&r%Ie9!nd-Jof
zL=#tNT&}2;j_8f=xc<9AupZ{ky2ca?!V`K03GmT^g3n8KVu59xGqWr8RY76{$8MPT
zP!88Ig#4&Lf9eFVO6!KvRn=W9Aogr5egHV*ZprukT~2V?bm-US(&M&Fawdai?^}L*
zZ_;#(b1tgVUN?jGWxc+8bk(TQ9N)GcH$y_GWc867)!EYhJCU)`5|#<*yTe%oDe*?C
zjlDIOy@*VzxU_Lc33a3x6?H!DRe-i<Zts)@SYyVA=+3X0Tma(=kEeK+8IretSKGmb
zC%~#BYdUbAzg&I?bfj=S0eT%x@PHF~dRpbC)lu=nI28Q8UR4RDgs|-*eT?q*k0NUP
z@{@T-ZX=^>0&wZkj?ZtLK{*POs>At(S<`Xv3gt^7GL)P#+^Jfh-hX)wuHk+&%*d7W
z%9yZ)D@3higuaFdNx6H~TErXr>4MVs;V`XETRiWuQq->Nf@zA)gfk>|7yBahxEBpg
zHCdQ&f>ccqF$7liQpZHIU!}OSST&bOEW+)U!aDs09s|V?lI?_@k}6XY-i0%GH3uKQ
z4T2Y7grA@_Ncf`g>N8vws`hb0Z)g|lUMi7qHK~<IZrPI2V=8d+II%#GjznH#+A0O0
zM=MhB+PktdC<t2&Cpg+hv2@(0BZV^dczh<2&gguh!YQk_C_q8%g8Pxmm6VJ3g{2%r
ztnN$8pQ`I8ui^?VgC{dRq|nVP-)gkUB87lXCo8iwIj(X@C&QcN^%%yC2I3D|tcYxN
z1c2-$kLTqk5Ve&)%i3}9x^a8pWkfo@sx#YVV0so4443>Zn{+KF%R|;ZM+otYXjPNu
zu|}eL$v%TXaro~=!TNc7Zj#1#dw5vYS#iTP;hD9(ZTUl{%+_^oKAssIwUw6ZZAmyV
zBR|8ZZHzDDcdFP2;Fe3Iq+5umAO~>mlL{d2(GqxC_Jsh5J}AOpw-o8^>w?@Do|JRo
zzQ=<a^oM;lH;n?A^hff|5e{eNyky-*(<>?dzL${EB4<QO_59?=M4gGu?YVs)7nFDJ
zS$VvJv`<4?)p<}^Ha4qpWrFEjymf*NF8{4fTOCSGCiabd{~lMFTX}I{eWn<l7{}uH
zoFb6#Q!)Iya<!*ga2WZmMZ|0&2G~hz-F44$&qeNFF6ZC1W9C+sg3Oz{d+p7$;`*i^
zt78sMZ&2T$Y4yb&XHZQQU=ps5eB=G}{vudIwR&D0>_D%kR1|b&MiIH-b(G)J%Jp39
zYmn`wMV39$j~0iIWxy03c_mnDigy-qADXqfY65fi5+qka-=65LkOGcuZ=413(6IKQ
z15xBnk_1Pew8&W)GMfklr#E}edGW!}36Ppd%?BsERQA2I-q>GQiSV3=<OulK1>}+1
zK=MMk?Rfno5~a7`b?gT`>wRp3lcT7@0zx!fr}fSNeH^uBih%T0TnPe4#!l6GwBKkf
z(ve*y5ylwjP9KdeEzj|)t>`eGkJBBMYUN+w82<@>y4-laXtEc;wcw1AMSh0&y7Lni
z7iWl<S-xKz*zfj!N4?5C_oMzwY4$4k>1j#jcfV479A(r3-hIJwM(FxW^E|FWw0UIe
zJ|)Z@0%B&QLX+|Gf2@l6icvWRz81Jrs_*^c*NDXK)4h~GKVMW-pu`xX_HfVaY)q`Y
zV`={#3YrIyOE!3<qXLCqlmz|0NDk{o!_04O*~(v|k%j40%y+SqGbKJFnS>sqqu`<p
zo7>B14rw&-XNmb>sbqe=V{EEe5M&%93E|LxK7G=eBrcXjP}YmZDB|Nsqe()wKh&5^
zb#&;VqaxWQ<+W0?<kX(H%H8fos*)71NB^~SP-g(EZ13{B{`q{xb)G~{0ptBZRlpQu
z&-|X#Mg4|%(^7{{*3aOL?e~(!E=#hkzSmgQHS9l|p`?nh_$^+23AVSnmC&>6N1wQY
z*}LeEW$pNwp?y=<Mx7+l+NHJjYRnLju;3lw>93=r!9nDAg|6^Dj^3j-zw)cod+E_{
z$1lcz6CII;vR&<6)f<6qdU-qWB2fo>6%f+hh)iTA6`BPAu5@6(-OopB6*wt4Sp!(5
z(Fg6kKE~oTc-tm0bvnv_3ZQxe4;6k({<c5Kd~wUii}#-KYplf#O7D=nQ0A(H65XR9
zMJO_MC9vX+R0ao569D5j%}vO8(T)Kiwxfa>{8meCG--mAHG?vZ{S{&6t-m_|q8`>?
zW-754(fvEp!5e{>@x{?;>@L?@&OYo?(B;3)5ev?bsL2-T1b;VwBT2U`L}HoX)iQlm
z=_kS8L=v9Fm7VhX)%}%ogWIbGb3a66FwEhl<i~|m{+F5pwe=tSg(5{R#m#uArP-T-
z{hrWIi@@^gwIs~A$-_qt3O+6Jr+b2gnK;kb2GLpM<-S)Xx6Dg_*U-?DOp%m_J2J0=
zHu|STT@t=O5c;VJ_;z7D!888feXBkQud{j?sk7+ZT)Hf_Jg64a$#@Lnp_R#mlZ^w5
z9i<mJ_Zq`Dzy!4>ola59k3jFSeZ3u|1Jr6leTGoZLdNjbZI)fIQW42jOD`%NQ7Kb=
z%)_SU<kcqY2X3j>b&OA}>84l};=CQLWZ^a{-ypYogYuueIzrwNwv5ISBuw6R3Vo97
z+xaeuEp&se!kw`T=?Fajw7juzAZ5aS1)Okw1N_#6t8WncMd@mt@-bNWstxPK^{lEM
zu@2YlGe!thXHjqEsq}ea)1<Tb40LXH_vjYk3`H&PRUP>EhEBgo#wm<_0K>Uo2(Nlq
z((Hp#7o<MWCQM>`eI~D6tNt4g*ruTl3V~9(@^d>&{N~_k7PI?}D<=f$6Km%A8UIVV
ztryxf6zbE5_PC>}>=H3Ic&8tI1o(XKD!W^cp@&=Dx6hW{00AkmN5E963roM}MO7EH
z{xRvUqsqQpiY%h%7!*M$GzL`D)B@SRyee)XY3f(db*F1Q%pfx{vGX2-@~3za(`n0t
z`jqKE8BnFxFb6&bQWA{)Tg7;O?=`b@*}%AC(!aB)Lqbx4S^<xKoX~rKd9uitn{A{1
zX?;$25U5@*zXDE+b`}B9OT)~IV305M2Jc^sGCbO(q60kDukC)1f`SD+7J8%N-}icP
z;3cotK`M*NaH}>n<wPKjY~K`iKf(dG<0;C8#VaG?=(pyjTThnP$)_;dkm2}ug=P@k
z@w$f7laE47MB@R{<NBuY>2JIRPfY)e;%w0`)|yB#rHo!}N+ffzlicx@<xl;2MWnAm
z`sJ%Svz^Bqt1x5_+xp2MgaF<%n4}*2`jLXgnq|-blwd#L(+>&bP!VG)zPjM^SD%SG
zNhnjJKB?-1rXe#K)-$6&ZO-A>7Vw6bZ*>iIVH}+w{N@~V%bcz(%NKrz>1!P+?byE&
zz_1_DT1pnt2z&o?_DAYRW!JHBh2v^tHZJ8cK564uYz1E5$q&>040d9abk6iHg}aG=
zo#FSBcL^e;7pnZZiA<;asH(%kM6M_$qbS*^@Ig8T1x<_}>;sDv>vgstmxCV~`q1xA
zUn;muUvZrL-HO@SJp4qR)Xv%@?Z*uD-4F6Mv`BL}1?lE?sh<K>^zeC$``Tzkf7D{m
zGdM@cWIeu&nTlJd&$FJ@|4%t=!9o<8Gls)&2*=n4CdN6RfWTp`D?m~?w?+@TDK2$=
zB4k1Pfx|kboR~v@7*I0mV!whccbuSagL%d|ppdlM+voH5%3WdR&-ctbF*bK?m!H=5
zYG04b&6@eX*(=Drr1bEUn~g+wJRi4z59-f?5*wJta=c?i8m|46Y|pAxoSA<dd82%y
zM6@+N109k7B9MMp{WJ|f>3x9PT9)|N0)PvDM(et_8;OJ9t!r&JpK91*X@^6H!z@SH
z%R_@R`(oy&AKHrIj%C`m)z$VTfCF(4ZfS98u+2Vjt@RH$uXRJ@51kdA48n1uDS|*T
zP~tEOPyc8=c7>%^?`}|Y9Omt`%h`iF9dw*r74pYPia#95u`GTo$Cgm(lDjTKFM)5}
z;#_kMxT{g!cM*x}VW6w6WU>D$Q5og7cw>bXTB@}rYsblO5XCmyGAMYwkj?VmKH6iW
zCCIg9!a~EV7b#%Ry@GCZY{qTBisD$9QR`ripeA)E4e*z#YYn_kVgx3Z$?~oN-KJp#
z?MRY?gEyHV8c4hq(X|0xOoOze!17j6CEgI@y~aa;zJvJB2`_YX*WMs0f+I}{45yf^
zcfZ;?Uh|1~?*CCsamr^i$&2JuMU@w3Pq&($JW&Mu-oD*{k-mA4^5<!-=x%t#WeEE7
z`Tx|>RSD-~Lf{^6nz2l#zk4gzHJZZj_g<MZiwG=<PSyzV>%pj__zJ2*sFxBa4^!y|
zqiQ(96gRJp<G2!R?jXtsFt5c<d+mKlKnn6c<Xi}2M>*akVh}AO1^$-d*|3=7+Y3j$
zQ1<)LXoVs6jEHTzo(0cu7M#$Ww>T!5uyZ4H7|`}hD;018?LH*}%zH>H(DxTi`^ZWw
zH^U<s>6f{B!kv!V*dqWn(m%w5=ix*69XK*F_<{(dVn^Enqyhk@-R{j_kXlD(IflD-
z()7_|V?m50L~Vh|ojBlXfK*Zm#5h)vTmiqgK=&H8mEehg_hWhMLwL@mNwsG|L|Es~
zq(XgTjZ0RM8w3GF)V8O0Ufp?BJzR4xjgCz;iQz+dlP{$iubB*TMS4Bz)n4z(BVl2$
zaPQlGIeW6u4xbNwC$`_=7CG_GF}omYuiY<O*~v1wd-mYW_uVlh2Y;ZBr{J>W9&zB+
z-S@U_?wIY&y6KEyzBLohdt0n$&HIcdy%S?G;ahEuZ5RxogDKMUN}mqeBJ{_HO~e+H
z(8hGKW*I*a9oO+xfv?(*RC#De96V+&&Y+!$fibOEfmQ(z1>@;s69+g8`tO$DLV4UO
z`F=x>X-$$#rm0e=!TuAR;WUvj4|uI%L#Yt*BL`fu2_I22Get2hf|eP>RaNgeCp41v
zE|`^nG`+_`@su+5kX@l}8&oH&((21XY(q{qCurvD${<eXg2<7DM6Q;jvWEPjbh8!=
zc`1kC`5N=MCc>3D@*v|`gy;)P`;@}vHP{m)XyzfulNXrY)ol_1&Wnge0J#;UA{`)Z
zlFH;>?(&xpYKr$VZT{)B%7?zP`VX~vj6NfJUvKj4Z~Ge)>1mQN&%aeR5K6}sddHBf
zy|#Tu-jy&NMpig^T90Z>1{SH2rgi|`5~_CK+_M}8@?&4GfbmRFnShqN2u=tS8c$RA
zh!UQ6bbZjw-}LYP&--}-Mqa{=+w}hvD8xws#wF4x-RFqw7lV*s>crfUcDQu3H{yM#
z+=AB}&?W$~Dr~?F#60ro6~5MazZ8Wc+5Dqc3@M5Id=-s;bi9$$Dt(LK6!oR!S^NfC
zLbc{{^NVjXKFXjV-VzHT<UZB0Lo8>$N8UCHf7%s9P7&u4a>RCf^*}+};?B|b#^a_X
zZx+521|ZN%W!_#zz~^8%uZU_#biDaRw*XQT-cEKuI~MRglk9BLtfe)c`Zz~;PE5CW
zr$z1iLKl9(GnM6G*FA(#Z#0iPsNk^}n-$<5A>D_Jk|Bfu5Hqsz>=Xucl&GJ;yim!I
zn04UyE-yvPIZfVvZ857x`<EY0&avAlbhN+sVKTQI7CU&R8+ge$%C<xw+pqn+J&^0f
z4)7Twl?(%poZbk@^ZSDCUcFNvYP^Pa(b*VG_kb<rvCfGY;Tu-aGDIfh(H{g5uWWM#
znYG0@2e(xn!M%8j(qW)MH0Px$&<dV&FwKt6j)8>)v_;VqI#D$k+i;ZbKObGZfr$Sz
zCAtgYhk^-f0fV1S6aVSJuS4L{Ay#@HGH0g^<BaNj2%}8B2Q;juR?sv(7yYqZwb)wG
z1;;e{O)k4F_bb(;mqj`M+@zIyR1SQ;lQI&1G|~(C0E*4u9sK7X;3}AjpUK#PK7q+1
zvB5~jHuL#*R@4U%zTc)?uxfo<$wl@5RLZLl@?ODXnqp2@PML0O;*6gi)foi@e-&?J
zWQyqn*_R+nMStIEXp!3$C9K-(*T<4cWFGcV+!vo-7zM?#gz7)wid2m+R<!%O_xMM0
z+cP@!+MU5&uUZesF0DL2s=uoiTekLHsubGP=o<<ql+`!Vw~uDOi_A7V^C7ZghTPuB
zS;Xij#TYqThL@h1&yRBfctwYzUyoqQoxz>8o!wedtigz{DiCoaxKD~B{FOWP+7Ym{
z{KVtVEKqP5Hbn_#ArX|}!kWP)NqQ;8ouU%Vp7_Re<vx(BU8W1!&G-c;oy7mbCb`wP
z=^oExviVTfDWxb6S8O(P70f{$zwRz<$CoDL2dGZO6uR`K;U;tbNSY)d;hCCZiBPoe
z<7ADlEG_MNW~r2=#Y`A0{W4Kk7Lr{Yc|E~L!c%sx&v+JgqCfH;BIKO;Un&Mx5JjHW
zqcUf=Vi|}l6&EZMncTN|G@LtAWRc+5P}#fP+{+Ez1dIQ<CoK|XHU8m|irhRu23j9>
zmgP&q?X>!9ueqcJx2i!Z8UjYNUII@iwT6pe#D`u0zxxEow41nRJyvkZT#fm3IasUl
zZ(sD)7fs23#_0LquV}FTkRZ=FnwL=Qq-EgzrTF6*T+)0d_`iu%uXWT(Py$<H;08(H
zpGFX5@@TF2?8f!={R$ibNJ~^UU|3q1!;wKP-AXh_k{2aoN~^h%Y_-n{(mOKz0;plg
z|M8@=wdWz1O*G(XBqftz5Az^F{qo16Q_k9YDEwJ<=d-`w;^144E=}K<>G0B6_}TU~
z0o8H%xz2Ao$5W3tQ6F>J!9r(_CvK>DQ{%`!I}jAi915sr3NduORSahs7>DYn0;W97
z1uzxdhsgR%<I5peoLdwekD)y?&VX4gk_EN{ti;y1-PVq;lt8iNNH=(1wvM`6m+$_Y
z-o$mxgMj_ud9Yq#M%N~U;i%*9)$1F9hr6-cCerbw#nf@JV-O-g-dNrUIGwY22|%V>
z+Dl=eJN02501c(H@31xnvl^+aBf^~~5$;ndrJtcZ{FkmMb?UoAPc1I974?t2lvmys
z$wTBesd*8MmCKw;x+peT=<7t=2Cx`)FNaIf3P$T}l~Ok1<y#-2hj-)?#i4CO*0AGJ
zP-pgP{BNu2?$hVbV3G9CXBgUbPjG(Z;>M_SbK{=AL)yGY#|W?9NiL3jd)7%4&xYr$
ztjV+t-rX??0#<_OtWEH3N$;eg)`fo4F;wkzI2X4X#5ogG?$Mf`DCM4kvdg7Qh?`ue
z?=0R7p?E&_bS6t=xts2-4*l;E-n5J_>AiohIP4qa6QzB=<5>et-@!@FJGzHI3Lw@V
z#xzxtWys^6Jwn!Se>0V)C%sjYYX=>Jlt6Ipz4()}OmQXj?akYh?Od=pIqNveHTf!U
zJcJIKk$&8WrSrF&^6YQueeZhhEN{v=mL8jN@_{h{Yx^pl1fHd*k*Ra$<wwoD8Oi!Z
zN3U^izWc?e%L7M|=C-|U0rGv_?n^tNV~)7!n3=bx5{e0R$*X2PzPZb`4a#C~GgRMG
zshneFGx5+JRJ2h<Gj85e+PacA+{-sZpTLy>nsT>s_^VrMWaSrzo2<0?k(l(6M>+*;
zusyaLjVdFQ5|i)dVf0Zi?0HvBf=nedzQ;OS>@D19ekM^=74WLhUVQPnlym02<9lt)
za{Jq+eGOTSbmUpP!X7I!-i7OsxX7=xCzW#h*>Xy{O!mC{x_^C&IjFwe-a0;sP}5Pj
zSkNd2)h>v~qkdlbVe=JK9g`+@>zz1YNb~nPg#Gi!%*Pd!;y>S|ULpuo&9gUEbL=J?
z`D;IWwT18`&bWCoH(HVLB~^SH9S63En8Lj(kokeT#1oxG^Z>>;^2@_)Y35n@I`$GU
zu2(e-xbawc-9sq9s-%l?EKT{L;A#e-wZ-j@WvH4-%Ys6nv349390gQmH4ln&Ke6A$
zGmcpHW{ny2&QOk&VuU9jI`g*$q)Xg5DY$YD)xq5g{qIxxf%rPdm%!;syCD=&x|$mR
zaxX7*KNMOCyKcSoS?dR7au`_-_S4F;a&-N|n6i3YQh1SqbW6*!EsGvW&;C6lEdO~M
z`N@t}>02aa9sL|#L-iWBf)PUH?zUAI4grp$rGQ~}0|z4eGUZ$jo<??Iy!QSACE_MR
zuyyL|1C+*=q#jJn91ojFyjs<sngFC=_nuF+!$3`1(lHFO9|R=)6f*b*{_$qJjo7bc
z4zeN9^zzd*Aac6#c<$bs3U5lQ<pYfEhW3q*|8@-4>E0>4Wfn<0zhj<{e)~&M=KpdJ
z$i?wP6C=i(Q1htt{cwqc&ZeT|<qVo_rLni?%k!@{@a^^%e~BMs!Nu>`vYa%Jmb(>c
zp%67pzT8Yds!!s8SI9naCQAZz<hcHO%9;53LDqp}{qQ!P#L6n_w6M!URMNn$Cs{jv
z=?dO|Oh)P%@sRbTzsz8buGap-&pOZlvquSkq^)qfu2&DLIANG@oHWZAjQ@|RMk&g~
z?w=9E&1K#Smp#%wk5%3|H<^_HWucRc&v9B*@_9+RaQ*SWuM*w<z9<?*6n27<fV=11
z?=1jv9}I%u-e}9L$&)82c2rvDT1Wd4V7o3ZczU_AJ2c4C1bk0e9;ajY!lrN67)9=C
zQQP~aagZUc;T>`$@{Fsced{UkzRj=sR}_6lWg?^FuOFVZ;l}6RZ>?M^e(uZ}GwWgB
zZPYyQJPq7fDOaZWbo4JJUq9sfdZtN>qO?^~FR(5Ye4ri{SXd^DxP19ro3)ItlUNwo
zy+!%l05p7fh(E2v{_iMXhn{1u1Swn~nm@Yjt(5b6h{>HT-2MJ4l)k<Rk}mOc4G{SS
zKIg5`u(;sNBTfZ;V3HcUfGjVd(KcIkhPd}SMWM#oR0qEi5^RB;-xI<)Cdl8r*yu|5
zriM5X@OhThcm_@ANdeU{!+;%#IR^%cq_Y0`N$6*RPTa5Ug<ZqA+jA+?VGOkFTDWMH
zGfd^F_CIlMj?gxFAWt@DP~Ebfr;+X77cbBD*$K3~Z5GzK`Rs1j9=$l`ygo)V2ts>O
z+}+@6;rv*)X`jq2CO?miX{S4{SgNMyq84c)tnA^-2?Ojipv9mI;dF6NghGucM6EPo
z^F|8rXRx4z$r|PGHA+l@FOu;erg??9d1kJ(+H1q+FbjuC&)=p-{|w^h(wF5%N34Vc
zzcNH$c7A0zn3Tl*lFKJkKfT=Kv<{!~F0{np7q8Y_C|H+<Sh~$$b7yb6EM8}zb2N2O
zhd_wu#d8>)z3;_&L@~TJuWi5)Zrj)QLwQ{iW;a03K7?8|x9lE7)(tZz`!#}4_&gRo
zck6oUT-H_Qy#ES7wiejYxb~!?(l~FL;ckX6N)Q1n&rbK1!$3ohy8H9_Gro|Km&lH|
zGq;*XQi#q`fb-;S4h9ON#dA~JuZ_p*3-G<BLL>0w1sZV+ZfBNkwx993fL4MXIZEO`
zDWiJ&;|70gsYSfZ{@~F3eVH(ZdJp*&K%^T-R@MW{?z@SmY@sUt0sr&)7UMU-ZLMk?
z?8mOV0};Uc{Zn^i5ydkLS;XMF@k&ssW(9TfMmL%A(TxDsG~G4eCo5Zj`QoiA-|=1L
zAKyOgI<}b*yp`C5kv6!+Yg1$jmTbCd8L8pNa|8DfDBU;@C$RpU;xG^XhVPC2TT4}+
zQ8Ga|?Yu*fA;|O}I;Z{1vuJc;ghdgojH7yt=In}%IKjDoB(>p}sgfD~ZqKv+9K&!i
z-kEia{aWME+p>ZP+;ggO#tadtS+%5XSm2O#_)eZjdtl@|I4EgvEZO6Cp5>dZwngA=
z7fOatm<G^W2#E`xCcI^<^6oQ34_xsl>B46C$%{;(CsGU-_{zz3-}R}Dbn;snKh2mG
zXKkZZR8Au(n=kf3wM`rC(<fU&A=5lr#K6%58r5bS(L(W@cZ4Z8)l|@(*{Xx{J6#pj
znj7t@pOs%Qr<rJ$p2Julq5B$<1dhWWz^a|b^H<oa@lyA*QYyR%c<I031VCn<A*&)F
zf<qu}p9IleJ&b<`gh&K!>J49^C>2xh;tUQw+2i*L801I&=HSYi&)XKfT@Sjdw(H1T
z4sj+CJM=g=v_FldxQ~p4`eLUI(KXSSUgzM12!!(s`;Fi-7YR!wDJ%An_)u;7*<RD#
zMwtYZ7-g=<u6b6jWfD@Y&e3N1Jab-OCd~hR*UpTfMYwg^;dU0dv)=a#%RB@yqv@PQ
zY`X@*+_{~l1he1=CiE5_08@uNAYBwoiJYahrYA)pq0uJ&nf5J9krp~Lmf9nh_<7Yw
z7vw{$GQpi~U-6$e;0}t>J~X(ww|MhWytuNfd~;;Y=n%F*7|Q)}I@`M>dif9Xup4;b
zoeys|uACQz-H%CRN{%{%3rbw>X@rVdyQgz3u6x>i-mvr*Oplc-uo+l7(TY+yC9i)w
zz*RO^F}dn4*4jex-Ri!;MaHn9sj8_;@1Sj>cSstrd@z1Kbaofa!X3!L*j~J71WaEJ
zIj(flcB{SKwE?8HTBmm$13|Q_pE11V<wwK4PG5hhX%BmUh1%$dF%9<sFXaS~uNz-#
z5mcks#TUrmT(F|k>n-<V<SP=LQH&C3tNy^szlrJ5^5Q3cpVlXP(--;ko0^BdwuT5x
z6yN3Dz^}Vx_(`BxdmH82z0*|_$PUSply&>hjS#8a_NSIcD=Rak_c{V|2XiNDr3<KT
z_c#BHuT3{zR(}TSRGp=H<MM7BE#^6naM>9HL&llI3AiEcIEm-~Rz(yDxVm>mJ`{lJ
zmp#&pP}+>-sGA9P18HUjBV4;BgzIZq^LH8mlA#xAd%&y&&K~&KQ)G1*-V|Sp@?>mD
z_s5KH>|}zfBDJ5a;`TjwuhD-XehaQslV!J?d>fD|16A2mwe?lY7S8@;xbmXtDPV#5
zGd$-P1|sib2_c2Ncy@EZnbj)4M@<`W4<eDmkca3|Z4fp!rDYIhD|>T-|5Ypd56|mc
z`5(WeHzv&2-n<J6Gm2Ui8o(m_pgQk|ukNzy(Rejs#N+5NCoa8_lWBf3Zu^N_I-5wA
zI<xK@rUq%WIX6F9JKu)wW`Mk|ZFJ-710EDLoD*TV3(=8CH&yAthc_d?wL@ZC?WMRP
zbi%ImHlL8C6#HiapMwfsWY43ADoy^F>u(W~rkvAdA`r#Ltnc#Uo(r{vVD{NO1q;8Y
z#kC__+HA-Xo(#oA%Gnw(dCp5aQdZ!GI`xX~ub@xufLV6{zreYwi~lY_GpN%h7ny{*
zy<gC$HQXMye`s%ib%+`*E`PCH*n^RrvG|{2AbP;r53h21LTn)#>f4|mD6njm3fvnF
zs|^8MQau<yE<l+&BlYlW?gvSEec&`k625+Cv7fI8__6z><&X?HLJemUD|wZ!RN&Hr
zZ5&!rdO%O3V#mBh%f(tKLWz2jjsl)@j+*xf?u6CWEP&UZ{et};C~<sa1N5tb?$m^O
zg=|dab>UlNO^T^mYH3E5+*4(0xWt2Fk2sJmb=WJeqsoLu<ZIC7F=dfjGA&M~fpA4m
z|0{FIc;2<sQPIk5^@fsv_f|uAo$lgCFXa2+RlUvM=LqY&)kv}^9ncr;)fbe={f~c_
zr^mQ9V@!)DgTtvRzhAB6J$a#5a_?Q;J*=PJ`KZEknh-5<uywg1X5gA`2U{BHMAcn{
zPp1-Ap}q|;rA3h8b)EZA)ck#<&N_#+qdyaEZ#p6e3HnsX8B+xBehJ*cR|WYDu>mpP
z0z{Z~;Z4h{S_^RPO~^?}3M+6O77!lgL~)v-<ZO&Z=h^P?Y#kgbTYr_bg?6p^OOym<
zX5*cmy-7OB@wLMT6phGYIdos;kTDatqg*XPHpXZJV+J;+Exe2?A>0q4Rg`-%bWnX5
zIT;1<cEa?3wG+w?mj&jGt?95dG#mU%?j9>yjzqfUcREVhpMCeGOWVZH_STbET9h=L
zHY$<u+f!bVByKW9L?x%5y1``H<iqq>DOjA!h~TWa_Yl%p%~v+reMH9+dU@e{=kgCi
z`#OTlGMiGO=YG5UY12t}ImIO@lJe~1ba!>ZWJ!kLCtfR^AK?_4X0X9+qJm!KEw`4I
z;6#GnH^@Ej_9tT2A5(+ECfevA(O>ms%JI)7zGEa0ok)X49;N{8v-jW18v=D+$sA$~
z{v+}qpKLU_(6XOPA~Ac!=tKU&&FP3Em0AVA18u<<A?+RQ7clA!!ot(BC&EuyQ#L+Z
zhg+{^U)NX$-WsITp$;rnjk?&j7tb6BIZ;!8RhQ9`XS06e{r#@p<h@^E*@U=>Z4PU2
z?7hp2d08(*M~ycgBOdH~%TBWGzJ~T~1_T~-b4SXp9BzCImZFLapW}SN)s0KG6;+K(
zbPg4UOdpA(KH6J5={qgkQ0X<1KngtS&aH#XS3Vcf4vOs)tYL>2(mMIO&$I{%bBVAZ
ziF?M3)5I7J$^aTG<ENeG^}v8Ea%En=!zr-diMa}BLh0_lxGsXjK(D=!Da=UvoBdCg
z3qa~bY-1<3;}^U!PwvMmyJcb#aOy1SGF|I(*HVPzp-*7hbLcj}6jHZ>Ui=7nafiae
zX}_=m51z2LtDF!&nM!LFY|``#3)}2HA(J*?MD@hr@bhN~r?GpGR3dKf9jyKXs(?bw
z!R_{&XkqRB?pBxX1|!T%XQk5Bpf@3E;+wT%VJ`09Y~R1nOp&rgZGL;aTZ80B1u!0i
z3vyY%Y(0WN1ZzN!p(jEaA$psR*Qw8?tHE#ghmC=}R5%mY5jFF~<35hj?)yFw2&Z5K
zUnmly8uE~a17u{gP$!<<i+zX;TfFqohdx|79U?KNKXO&1!P}c-<VoCa$VZWKlg<qU
zigH7`0hKz@m8?WA^)*SU-#p5We%{lhu3SMRxvVo`AUm{6&=MKqbDQz>PXWc8VaRU&
z!5@OZlSYS|=UT@tO&dsm)}<e2OQ*tR!&Ut@N6dDD7ORe|0{u*IDv+fZR`uOSy64z3
zUB~VBme2KvOrTcBo%9di`A_5Q944%6#e>Q>4Xv(iZupz}ho}8MUTZr>nQ^}@4pInF
z=YxlIGm(e;GeR25YCooQH>{y#=9P~JeiiO#J}y+Nolbi*!URIJAtlBJS)_#au%(45
zSk5jKjBpd<l@G5Y%dyM;jjiM#!lc~jaw|y)b7k}7VKmlNvMohAEYKXi|8g}9e%fN4
zcuTJd5cGo$-OC@UpHsH~0r8hxtp2!cr)MSqid4303R~~X6!H*{#M5lt)CHYh+NueB
z{mkOHG6{HML%X1ZB^6PBDdEa13rw5|$_&rwA|r7fx(;o#lR+y(M@h%0S@ig%o8|IM
z7X0j`kO`l+i5Lg0PC4KRrT_O5Q2PVu&WU*aY+^OMOr?$16uVI;JLM3cKmz6XJ!|t>
z;0=-?XNc-b4wq_0A;;yJrvOx8yeQ@UjsJ01!X#i-tEuO|emnsL4Kld;3VGn#)9to@
zi_y0{%w3<x*xFMo<%?>`#?tGXtntd@H?IZlc2Q)>AEXC{WUV_Rlb8J-on#E!8Rm5)
z;pQ)AvA3XiRYQj_Z)Aw~zPYB~G!;bPW$DojM!u8XcJOR@pQUGF+>mtShw|lN-~dnd
zzlvBakCw4-49odXEqim0r0!iH(9qengY}AHanoM*DTGM;1Wv{PP)xD0Q2SKrVxub6
z!kn78^}DaZ`}z8d;CuD0U5FK>_i4qhX;<HuKQ#DC==pv<AyJ#JP32w%F``y@7=}?E
zy|}Myjp<7K<JA8Jio*D}ub!Vod>~3y@o?`;O2$9J87>yTR~l4sT)y{OwL~`L-y(*>
zbu@B^I_vi`C_8Zcv&aXU{x%PN5Ry1Uc>X*u>y5~C2t0mm2$xTgeEzMkTeyDfZ<@E)
zruC;BXz<*xowTi|Jk3sRpEw)vmie`#>PdKFhX%F8`+mo>VJU&fR}MdDUul@%6g%AJ
zDOf}VvHu?r#hdIG=gJ<d1=5??D6!3_SpGyrC!tbeGO?}%&C2JG+s1OwF6zVAD;h)B
z-Uk`KJ4ufDY>NIZOKY7bO)A%ZGoeF2eT`!^WX-y1Iw~%8m-Bt)h1lD@Qsq6>ce``*
z`wp*bq5fhKQyuc9{w>r}67lYP0TD;#A1J1%6PLG;n`RZ$IN(P#oQ26QvpmX29tc~U
z24p6f6}Y)}(^0X-+?z5Knczj8I`HItJ<iuZb%8PLfN`;tQ)IJ&w%DJZ6DE#X2g8}3
z*n+3+UouJc9VLe)@BF0!;V099!m~mP2jWFj&jdLG?c+}b83Iiu2zB)>dk9b!4%XTd
zpL{<1x;eq7P<4qoZQfmdp)B_Fd@^REsIPh|)I-rY1B<L`@xq_l{j{LKNzqOta7u|{
zzOU5?yQ}kVjuol~mmc$<B%SH~+YbFFU1NH9xu-^m+`0%Y&L2hfO)mUkVaR(UkR<U#
zvC#66y68@!&%&(vE8^EGyY<^wcfASQA6pG2A~qYL!`a&8<@WLJwoTe1maeLNrI@1H
zxCp!<V%wZA!LpUi1kPpKsJ;WurB{fK*Dp`t@MmMCo3}ap?9oBt4K>Ugv;%@aFs~)`
z(Onqu-}E->04r-c=x}Mydicb0DgXp3G{C2$E~B!qkxc%OOr<k2M|8Y{Me>Kd$M%iZ
zdS=8biI~>gG(r9-76tF#Rnf%Pj~)S&A-^BPO`!!Q@ejdisfhI;!;?e6*SszaUX)Wh
ztoKbmwr!;wh+%ns*$U0J3De=bE6_7}0yiLy7=1>t8V{bLBp@vQg<Rc>*FROtX>vKD
zm`h+hs4p^E5N<U+{M-j|3aqFI<3quP;W;vczhFIQpK7F;zem}(jP&WHd_lGOc(POL
zqC}MY(J+7Zqk1KA0?@*+p?(X*n84QiE!tWUhlnsO6x<#SCVkzE+}8d3&vvxE<&!Au
zm%rZ%I2LyyG&V2ssog_1zivn&tWMdI-85j;vtk%%%u#oQdAZ=08gz5}p??#}{^V$v
zrz_ryLSN>~W^yotUneShd_{LtwUy$o@+}F39VL1us;0z^qnlfa-S=^yvTQV08~U}e
z2UEvyebsdYSUJd{xByLr-T`Mm6}1Q)wDSY->q8nV)H<WUaHrdk4Op7jn1jrVw!y#c
zd6XWH@z%rLPy#FhLaP}2KOm68w=0mx=M2><Ab{BJS^BfY3mf$=QHsu7ALIFJh924Z
zm&ipIpR4t`3I>uS$5a`x2zOlfh*x5ZLupMo!$Lam%?S1INz>(6`H;zQWRdM<|I`?~
zxJh;KYK63vo5G{`HS~V{M2_wzLVh=A#QP_N3YGkQLuxD|)5tqJOv^D0Rn5y}X&SpD
zKAo5C62fThHXgF(vrRScyWGPhduQ4ySLjzvnu9$=@9OhRJqZ@0k;6nZ85Zq(huE9d
zYZxHf3{sLVexual-Do7U8X7QpC&XhZvMbe(q#jK^u_q|US|aI<&f!Mlk{E-BzJUEg
zBB7lC#Rv8QOE5F*j{2>2%x$FOdQSq;+sQ_<KZG)->BqqdX8Kr$`W4|TQ&T9~1j&a7
zcc=>*gX$JEoo1W5360(F<-lNbCAtN-o3(uReWWIxG@PJNY}j=bwRKUXgkqRZxxK);
z2D=@wJ`9x1Vm|?2pvL#=wTA$jCp=QRE50Qv<!g{|Lgk%3mB;V;1**vAAP-Zll@tr3
zlgz@7kttsZ%&Pryc;^yBTm=FQ{vcvg@z-v03MG0UgnSQKjZuIj9Qhvr`+e62CbiUk
z0}8dKiKGZvwB;^#C4fV4vVdoK7<jb>p3t}IeyFY+x&F`4-SyrD?pYsjilgEcF;3j7
zS3KyQeI5iT63sr07nuIZno5X!w{h@I1D8)}<5mBCr8jq3f~Cjzv8+^z5mI;W_gAd9
zzRzts&Mw5KU}v8#*lgN7wwLyH$wHF$#rD_edW^97#QLP}b1<y*Su}y9ar;c5Vvv<J
zUhVNqg+Q<UV`Xj$%>+wbG*k9xP>-@YO;g|x^&ME6Akmj4=y^LLlG4j_t?WNw7B&HH
z8$uxokT+JBC?(#)7{s|XTvelSLNEQ`h;2iWePv}aJT#z>VJN0QUc`t3ikP9R<4~B}
zp(i9Bk;i!@CnUk}sk@Kj((`a3g+eyTOon36Gl!Jvoz)ir5hV_yZKs2iW<0Sm-McJu
zbO`+a{2(pMY+Fin*&QZ=58FnHSh_#CdMNZZU(ybf=3tqRWoO|2rX2`foVC8O5lT<_
zC(Za~jAS4lJAZBInuRCocfNwY`c#odCqKTL-@)c|x{R~Og*%Iy!tCZ$rp(>H!09Z1
zW2^nI`yf_hw_oIkUO_f+x+=$iz&0%3a1%f@IE?~MPX-tBh@CZ5>-_;H?0+l2_3hjE
z8S?@yB*`W=yNo?k;!~A1Cxs8~|Kosk3T|qqRw)ufAycNmi7#v}jnhtZVdq*8=YAYv
zyWsD-+ykU+n+<USulcV&{1DM^6!8Sbw>Xj&gVZo!dPX$dZ;WYra9uori!S0>&p<hu
z50s%JUjufl-e>ruvNl=A4qbC+$d@u8lFHPr9Yxk6gX7cLz*!OIx3nVx#{x2U)f}iS
z51uthmQ=;<C0r$HXYVO%rL!Or_LE43&bt{$TQuh)ubdDJ&$qV@yN?Pvyl1*3X2!?<
zSLzX|Wyr7B{Zq2`ZRwz`T#VPN&Vhs^H-eE}%vWC+(?_*Bc$P#5{ia5F2H=?*qq8Bn
zO5T(;4V_x%z<doCX9{`i(Ar8u8XJ_6_Y^iSLGTysQT}k=k<#;oz}8iKCXc2neVDCY
zR`)uco-F^W{gI!!O4>rve1*~Lze<mdZ8QF!U<zx$b?-^@o3*(*KzxTziwnoPc|q!@
z;7ypZ)#(W0PgY=W11yW;s~)9JytoXyYarAN*3@LLux9}HmXW4+03UMT^s2T8yr#Gq
z3m6Lv<zjV;V#pw^W~HpNH(QCMSbaFR!nj;n<K*OlS&dImW*92I2%0F=qJB|tRje)p
z*Vnz?-awdRpW(&^=+BUe32u&OFwbt}IRJ{WA#HG=F6rZz)zjw<{?VoUVWH*)n!w*i
zNYBiV8y+JFFW5wh4D6<u9D8Q=vcKWW@rskH;`+b6DBe&I!k5u<uA?*&?+$<Vqw$7C
z7`#_-_xrPC;V4O~{b@{Rf^gBZP2UAW>#v^Ne|CGeZ!VV~=d+%%$rWnU_Z?q$8pFG|
zSL^_L!B_?q()vx{joFXt2SlHn{(jmE*t~LupY9N1g5=ZZXW9`77fzY4Z(LotaWy^A
zjKz8FY%{)jgz)1Z-Zqe^&*Qb){^kv=ybaRLV-gGPCTbjbdW}pIO!descyLV(_6Xsg
zv$Jl5-IMKA@WB84(i%$21X)`9Ow?7PgoGwD4gRzqjZ0{jrjm)1Wd5!PpmJp9zd1%u
zB~4xlG7e4(1jt5#d2!K-IlxFE1a9>?G*JL2j`Wgq&`N5R`_tY<sS!JMYQ#24W$8O!
zfFI${?Ry*Vy&f&YDINqy{xkJFxR*)b+eQjL2yqi+{FL~FCe^WZ)#U4JN&OE`C47e5
zJ096aZ9C{U%tt3iv&szWOd>d`{o10JH-?enilJ~bm)L9~hmpNArZ&Iz^^962V0ILY
zU}$$vAwRG!UQ=i|qG-y7BM_R3wPSXVKgHX|bKUqhr{=5F?aK-?3K3dJTTa{%rl_4E
zR4|(ki>yXSmh?H~3w!8jB*mI4)z#ePEqUwtF}Lse@wli;L~Uh0(}84KVv^{jw08*&
zbd)zy>+ip0ZdMDgqKGT*r=&M=xm0LG%=fvn?rFd7J%s<J*D@VQ5wJ3Q6{KBx24tAK
zVSPCoGB%F>nq7CKepEPxJ%k=#vSgweLh1NVv+#HOj`68Kx)1rIUc4QAe4&g>X*s3+
zj&69;^NJ!!{RCuXg=k3iYg)C@yvqql$?1jHY4;t{8^_16%Oj<Sk1$IqV(f(&o3-*R
zb$yuG9!O+2VZ$LKJZ%%=+PfVe;HTMbJ;~-0(zyC+QNpg*W%cXAW^a=z{+x|gOJ<uO
ztFvmQDWh$<#Y+0#@v!r=xYo$vq>^^l_o+Fv2}!kxTODzMTUA>@(R>Qi3fjSxzqyih
ze?2Yu2~3k+v3Kb{irHi6(>BCi=cmw3h>Qy+cm9>trJ?wlBo9pBJkYSQKLY)`x-Wr}
zfXQ+g0!F$X0L+Ym81hb0m%n5jjZ4==TVvsbiEX`SAN_ic#x-g%R{3^9ZAr@qKZW$g
z8mZPJdhTvd)>dd2MF$-Sxz6ch-~4N1lJDR4SmtgRC;0yYKRLk0b<kWx4K5Lh1@#8W
zu--9lYK=A46o!clFcrr1E=1S5-ku<`K_r&6y`HVNc~lf4z85khiib=tyT=e0r;S_g
zu;3qwwfWmUWUC%%vbElPe9J??JdG5Qz}m7dA;M@xpP0Y<ekKUYBTaqo0dw<kxlol2
z(h#Nh1kaI|jTK}12jmOn0OrxrWNL+=%2t2-AMw$B+j`sf{H$mSQ=oc{RQNnW64qqe
z1MPFq8#*EimYrvvmggB$)(9KSdDuPiwnoX#w)xd_VXj;8T>DxS=Gu7}2^)X=ui5?R
zdUn^p9Zc@~R|5|zj{Wl9$qsIpg@RPsK`0CSF6NCbr`???sowId%m%_9Ty+)f`Zhko
z!6s!<at;Ko9^~UNVCo_5b<gnW;a=D;V0r-#5m{RSgdYf$(7jg<`ngPcvmmEp$E0Bq
z8rbcGr=ed|S!vjAIrQ?GZ=10{$g>EUO0N)M6X(O+UiX>K|9Js_1107B-#HKA|Fzne
z)&1XIN{;h?`G~)9hus_)zd4Wo8Bu)`sg{Z3n^e&rkbBdsKRT@5B6gMvowq{g{VvgY
zcV9B?|9Js_10^l~w-vJgchB4HYX9Fy$+7<*81eU*4eWcfgs0&6Mh#ho+*_6Sl1cuH
zgQ;x~=hog5<$vqE6O8}ub}IbG{gkrqe`63I&3SVqf<Dexl3(icwt#=Wod|7nq{F`q
z^qtDgjO#xi;CG;;t^dnT5dWofUd8|Kr{q}w`$YUszHQh${OgWH(h=aS<XQhkZNO>g
zzst^L(ErQ)U$y@CP<FikXF+_9bHDge7J2D7&hCwq>-kbQpIV2_FsyS1&l%n4*b;}~
zT*w8dp5!5uomsy-j-TH!3U&TAB)j`$!lBM{p3jXu9mn@pSksy0e=_37w)oHIt+Sx~
zKfi2O@_#R77xF&|PR2C}es(6+7cr@>ypt*df7F_V=20#<LmR#*1Z$Ft7z>-1G1@5T
z$>PyQvT5^RI|XS>R4x{`wXkg4-B!ZhCXh$qTOv((i&?Ekb^G-?Cd>M!UFTsDCjcy<
zq8bF*&YSO{qDFKXe><(?0I*_H%+5)R^zdGLIqz5(UxK{%!PR)spAM`)9`3K*KduKi
z1M81)@Q5A5LKPVe77LDXC?w>MJhV;_OXlHqzBs}m4u`sVLyvy4k#&NcvJb8E$#*ff
zzBsg>YjAl~Tjp`)Z+{O%>ckoTT%+lR7-k+)_ml5oT>UYj;lcer4cb-7Rh;u*V};bU
zveYm^W!I5<|JM!V|7mwSRsQGwlv8jI8AC*)fMFoUA3Uv)2IhvM%8IrGI+Pya64A!V
zDVVMl3aFuTTNI!xq^e-4;<@m7P_*S6K#&TVvO!$HdVYtRd~ymj3+e>C6zNcqEUbb5
z@u~qvn)(c|#=kUK0y-i<RW#H%X<Scc6NU*oIR#gEy~Y~&d^G{GLg-0jsjw#huVDYA
zG5?!1`G4&nR?DXOANx<b(V8xyIg}m^9V`?T(UaE=`lO${Zp`81$?FDNoBzf{S)RQ9
zzbB{QGb9Q&C>UN3=t)B-_}@rkCk;hLuqj?A_}?du4VAErn%{%ebk;v_ep6R;WcE0%
z>jaxW)g`Pkf>jlfCVkeVhW?zpj^y=!);((n@t@k=Zl_xR`zYor(4UF2TrtpTbz1dK
ztJ4P46#}2EnF0D7&4Zqto}7XkMM4@yGB7k55x`am^mQn$kp1KhuoM;0X|%vg^M#uA
zsP^jrIXMN-*Z^zz3^dGuK@ni4L@{R?Kwl-KGoWZd!fRbspe7+99GFYr6hi;9NZ>hx
ziUuH%u>K72!uuY8j5Ev&PlMHLK0Q4(Am`RpteUELlQwULSA)CBpx$Y;_%{!liYVo|
zofLv(Fn<P6=N`6m6#*4K0Zaf~5`<(fG&S%<6vl-d#S8WXxtNj_%7`*In6I~N_7v)S
z0c!wipw^#&;iLwB?N5f2Hz%jy%W(Q}^e_cq`r~o`ZaN%Hz-SDvMt9f4>2P#60i*Yz
zfA=r&X?S=21|Ws45CQ0`PE7tW0gBm=NH#ldf{>4a1r`iZ9ZAYUk$?)dr2&@+Eb#^r
zjZ1z+EbX3J;#*bLihU;&YE<Lo<P_YErh}emRCR*qaIQWB4I!BVir1!mCy;w7TL>|Y
z#>vTo;58qphPWOudB=o-Um-;wr_=kf$h7qlYO;#R8({t>O!X($oByU*v;U2${jWKs
z=;G|;<U~dbu!f5E@|ArGVdj`o@D3~yo7sQPOh#r%+q`_`999qk@2r2!7EofCJimPX
z+Wx}(o?w2qzyxg&dHKq!H@X5>w9ZUc-<ewX8(&0_zibq0K-=+nX7R)00mY|aL9oV<
zCVPL(OOL^2ked6GtWa|e%y`iI%nE@|t!J%h3ZAVnwVG)C03``gI(tOVzMqA&nfr4B
z;m3tOvm&Zy_RcjU7(4Y?Hsslo=+ewOc6t~|;yLnDcbLFhb*rRsrV~Yz6dkJku{FhN
z9A*iCF=B?PVL>1(5;G;0Gx_+mN7_aqSX(2Ffej>z*~g~*QPBo!%#<<aDs!ich(sHB
zzH;bEPy=%W%q2_|SvK{!XP`q$&GpPyXbo0~AOI<VWNDb+(uN>6u}MIJfNrQNk_C5W
z-B4BQ64WW!Skm2+wpP9TB-{YzzQJiNu&UxG^MN%yf~sNe9E$lRrYNS>=6mMeKrIv^
zhJm<v;Ck8<Br@gu17ylvQ5E(qwg{b|4Oh)92C3lC)K(>;=$<gV_*K*cONlfT++3@5
zdu*G&*Mq_RaVw}N0+>x6KE1!6eIAS_!_i%2iyd12#T&_s{Yv<of^|l&=N=f_JKswU
z+avhuB)pt^;0`l)pG<h$UF+GXyFwuK{n#~L>`QSUo$_VO+E4n<mIa<|#}o$6E+c;Z
zy%yLMYJY%t;Qu%^2cDXHy!#N-hBexaC1NjYSEIY>cyx0!7|-rU<7w>;sJ(5yZPi|#
z1nP`m5`pUDUrgrY^KkOezZw2l-_%-Wlfn4&U_2Y%_CE|vrZTR&FyH<q6X4bVFqyyi
z<I&x8aCe=^lTFa(;}qOr{Kyq4M~Pz4l<AlN1f`XT)dvfOQ1%8apsJb@(G+8VVT*(<
zx724L9n+RBC+<i>i-=DiW*J)smsv)Z!DWGQo%TP}Ud4U)d(G3r+8?na8s^aZDC1~u
z!%3uQ46qdWj=90bJfM7MGZh365wjqbqEIughm-!VH-p)5G98X)li~H?sz0v10`J~g
zSMNcVUBMjS(|wTKaks;};b``8G?|9iT2PKhR^dMOS0t41#{A+8X%d#v%lR`y^ksDY
z{j00NWHS3S_*d=K8}Pzli~8FauU<7|#6Puvh-T2;I3gKzA8*0nWN<YeOfxcg%9r%@
z;C=t$W;(kc-VbhucZ1n@G@6<d0`rI{s0JDntJwxx75iTDK*zEaG48SZYp{c3Urd>F
zgK7V|Kkd&xjPI|w3>jVx;wEA2mYs>2^er=*8NPdlnTgQ?f~>^6mcq!5J1~>}?0!7F
zyBgm2Z)`RQKT<f{Sm(^Z88v>pjy(Fr?E%4qrT=IcNh(qRh7W$>GhZaN&;c^#;1@|F
z<t&(b;)^7jbO?L{45GfP)!qcPws)o$7I#F{JeCchW8F|8vyJ4I@k9I}8I<9*@;8#*
zS>UB8sgP1|<y8GL+LH3hJsI&C^sGrQDN+}2fDQ@L*c$*DgVKs06<_($OirzLOhE=g
z7~=_eFK59!>uoW??e4C<0snk^C4S>KyRS}s-#h(lxu2zz2@O=u^5pf@<k-1=*RoC9
z#Vx>tvIw*BANDRB#G-Q6=07!oKwIm9f4;o|HBUd*df@jzzWFPW5j9T^GbeN4j7J54
zcc2~lo{J6l4*dQ{kl)x95@t8P;!f<lZsq^~ci{JbA`K}u_tv`B1GP=N7Hx2;Jt~@P
zz9D=BZlNCcqBGb%5M3pIi_fASF!#{93JpzKAreE;d0)5(^xWAR{r<NY#?qOx#^T-@
zim|zs_u@w>bM@c;I0-DtE4<bXhJcuST(jZ!WjyB+UFHu^BXUkz-@J=xiQ`UDckhTe
zl3m0CFpG+`m!28_drbu1H8$<qA6$oRbCYtWPo0V3ejPVyGt+cYIT{vZhef%QorV?P
z&?xflHKNQyrWzY6YG{Z(Ve+VGOBYgf(}t?Pg5CT**7qW?3$K-ijaTQT&jDIe$=9Yl
z!8azL_FjOSdY^s^&cF{yLj*E$-(U@tcNYPeXRCfmUq#PCzi<h0bez)0e!Fg}4|Qi+
z9$fGwsMpa8*Dmo2Q$mvx^yeNZP@SnRWtWBFpH9JNuTpE@=5QYcB!e~7lm()Uf;m$0
zQ?aRLi;tA~<_etcCY+_rB)wxXsq=a1TCnOq1>Z8N#S)2`a=<s~Q;6?&@>3m2$$e$V
z-=z1J2eTvfWl%=<CNwPNQOyq3$<V4SGs<~8<IHm2FQW@Ua$DWH+}OWbFUGzGH90Hm
zG3ebj7rr}{X>&XLCx!Kt$LTZJdD8_CH_r|kTPe)qJ+P?#6K@Lm){B0~;PP9-0uEQ?
z!2(a-S$v-k7k8N56GY<$W9S<pezMn5Tuk}MaHqHI-4A@@c8`fUz23fk`!>_p-~PzR
zm7^_XUbxn0+zOEIEB>XV8|FGWZ>=+Sob#msTr)rJv|6`H`XaMS1_|L*!d+ChY1TIF
zYJVudRo~KOQHHrvivSzQwuJ1nYaPjoxtA6ec`=W&X>yrVvBX1Es($7>kd<^QIC2Gv
z+wr&KlM%RBD3UGt(^L|cRl!<gnRlVM{<?jbKJ;%=)T#KH7u{{8&Aa%cb;_iRIH&&{
z6YtnH^FoR_kLgKQ5NZp8*V*)ln%LX3>*UTA1m`2}e&UbxEhV{o;t9k&DsQc&pR_Hr
z+|RL)GAgA`dsd7k8KoSWmadxiriHs<Ql4JjrxA8RHB!kZ=`=Z{M@C_=Bc<gO^a)cI
zP-0+#n6&bko?Ig*H$63ebla1m)S=ZE<=LFPL=U|X_q(HI>P}F2Cp%&jQ|6X~%CxjQ
z)6zC3m~5-o_qoTC<@ZJT*89injB>0Nt1?VS-BznruIUJA8<VHZEakMQ*b>|0R+!VU
z!adq+J&yxWb^<wUMq9PZ<E~hwb??PlARh}rY&a4@>=Sw(qeUSKoXR8OhAZKdW&V+`
z5e^-9dv?}2AGI99I#|*TU&Y?u*Ua$viGIg3LlFB(W=5trkKHog-o}D`d8~%{_Ev`Z
z^POBc9GhwWNX?@MG})AYLIis`2p`l+ls;pH6$yY--djNNM9VV_RKx&3{)iZH%FN@F
zCDt6M)@&xI)(#C&i3;`Z>`&WFfV3s)H@@mb(b&ruV<aJEgPbAg{U7bc8y+s-kd3uY
zU)rAD6cg@*Pv1?6fnL3eB6e;0^SSmb3%7w<`Dla0LtcF;^_+rRY%&WM%z_u-H9PUj
zV2&i{AV(+^P^3|XBhK)=zdmB2${SGEktV;4aB$5avpn+3Y;4pUsiG=_J`}UeGYY8)
zDUs|a=u!TA;Sh}&k>hBEy$mrN0hYc6{OiLG^L~fqkn?<KSUo<dGFku`&+bQ)DGy`_
z#VqjH3K6~jtVu6lfrX(-+&d6b0KxyBjP7ixYX4+%JgDD^`K@9o({Q+fS!shT6csfH
zg7Qmq+3??12%6GRL?B4qXu;|#(w1yhd-W=?3~ayIcY+>g)n?%Ln(&~l{qY94zj?dp
zk3bI#8c5?^relqwmz`GYRm?kr(U-L=i%0gXquLuT%v43<rn08l1GNYO?)UU%#N#L4
zFHb~ac8pzERCt5xe9=yBWX#K#22tMtvugvvHLqU1@dUlRIypH}7GO3r*UN0iV<%^`
zHB_|OtY&BHQnZ(^z6Y$PU6cU+la2I^wfY)S3YUmBW93wXePvndNX!4wJrCl4cQ4N>
z{HMJX2j$6*OmQ?h%0=Xe3mU+&*TAQ@)XM23)INs69Dx_H6XZqXWNK~F?xyV{!!w_n
z+M)ILC-f{JKvs~*5|)wNJ9!QM=etg$-DsKX)l@ubui0EGY-P+F5?(i*DeMHMH0LUw
zH~BZsIg}oeCO0XOnww5j2u^A?$NKk-|It|D)0@sOos-w#f4%E8ICvEglrc92yZ{|d
z2Dk7TbXuLWS9$s9g!vEw0!^fCc+K5kPELjbQpMXdR>ZhY@J5l53=|DO&4IddQC1cT
zQf2za^ZiM}sDLL$Rn3tT8GU3IWXq{YSD~UY^py!v5o(Ttoru7VofC~{h<@Z#q=CMg
ziodpW(`;q^Qm7oC5D!#w%vT(|H7g16VLyS;p_kjyl??LVvt;UyrdSt!8~nRY&?2-g
zq~U*d&ja|M-PT#F%Kx>O@+)Smusjiq9;^*&9=B{@IZfd~>q(LYGND-W-9cHS%yOez
z{f8;e`WHh!Q<ePr{nAR}`fp#f+rj*w?XzyXRjvPh6bG=8JX@|0=K7a7q^F|s#q6<N
zoty$p-td<Vjwq+0Cq!(_wG$g4*p2yzrbM9}^pkNwEJfq+!o)g&3$rhEG!jLl407l>
zMPvBn6etTD4bJ?4GxRLpwzWyOGE0mRq#{U>&5T093aR?SPzA2BRfWmDqx|xNzqEpc
z0U7B?laVGpgO}8pi(g+gPCOv<wVK&dtnnIue<7&`Wr)0Z170{Uz4+tg)cdEc$vq<m
z7KW-m+aSsUobwhw&rQZ{t@?%RIBZQMtfLqI?}_`%EtXLaShb#<IGzj>%K!&{|ATWo
z5*UDjVYAZEk0;PzD^sgBC?X&Eq5Y0S+B>n{<^x4O0bt1i>LcF~k4^wEsfjnl$y&hU
z`&^v)?*jR`2Wr0}NDu)vi-VzjZ$GJ>oLCLK#^wRtX>UWt5>z?b3C9&QYZ8EYmZ5-W
z9D42n8B33dG!y}}r8}M;J>d1<5L{y_L32U~8mC~m@cwFHwQ|^pH-I2+0|6r3e1Qqa
zpIz%%vw$$rUj|goL0l`^SiDSy9m#@@=mG8rB#aO4J3R~MVGX~!KXv&}!fJhW|M0*R
z+i~$85eaFGLj}HVd0xBacV0<v>fvPUJe@578kW(-PIM-IVpw%D3<#VF=%gyMUeK|M
zm(LTOAShp9jq=<FVrUp5Yb&VY1A!8{M?}H$1W8zv`3sJd%fxb_=QgLWtaozaq?WMq
zLz%BTUC4-mf<v!ksxWL0zCAZJ%+MU;NBXpE>R7fXP2Do@S-rOGfla&dOQYkPLgq^0
zcB)=r2KgQYvMT)Z&6+~uveTYW07$yg1MOC8?ffF{CVQaWd3&o^zuH&7dA{>y(-0>*
zr+XrDCW^drS7J2{MXo%7d3bi_oo)BlZ~VvouaVH|2(67QD<k8wNL&+S4yDM>_21gY
z^gow@Q6u47YJqj;U1Vu1EMWne%_C5iAzjTeB=VLEC`hhaJ@?hp_&%2gf9B*PvJ^$p
zzryTkj^7$GMFLhH1i`+7HSbuAJ^2matN6*gv#WTC4fZg;>491ko2pT#NtLBG!-jS3
zyTC+3!}o-1Nlve*iuOqDD=YMsA)-O`#{1(MX@>6yo}`ISOogGf=g!5X)dS6c8~QUt
zr0IFWy8+zUtK0KLk+9YS=C3Ci$up!;Ot?s(;X0<Cr=e;frHE2fsm)s12CK#zMbz_I
zJP1`GBfh>V!vro-)@mLhQ|94HKAAs*!B-s-g<rIVs<Q=Wk5kB89lyh?BTd$^IeQ~&
z7PpoI`;GXD*H}g>_0}AC!7<*LYa9{e#r!eZqy7ui7|vbRoSTEdQ>$$be(tGj7(dBZ
zLv)8n*MU6m=Bs6FXzApM`BF~0rt~4^PLQnz`}G1<+0jPnwLs_1yhDK`gNxz}BN6dx
z{FD(DQzSX(L;(IW6zMT6>o|=ozMlXHH1y<1G7mi&QK{!1@uOs2Kt5{dDOAgYu3{(y
z=&&4LLsX-Z)<CeT&kAyh1m}vV%Wj15VIavh5to9DCGI=JcdDU(joZ~b?f8P`RAJ$U
z`jWytg<cX2*!N;jPfvbm#rXQ%o5yP}o1yxBPr2%pq3dJ$k+DRZj^^dbe3ZbcGlz<E
z8b1v)bL!~i37k%?^n<|8oLHRW5UJvv+es0dwJ_&=XU)wd-((B(W9{-MPLD>NkSyu&
z1<m`q-t%eVuGZ!`Mx`I5EQ<9fG_ONlx4sIVq+-ufv8SofdCECa1<zDbr=z%YRrq9;
z=j%YO&(I+t;*1q-qX?a|c6ibXoV6lOTM_52Y$vXaXRf4Em-pNi(W6mkugH#f&tDOP
z5Ilp0PGSCYSjtH(`7FjyV593%51{qjGW}ZzH2%~es%;py*N*sId9T6^COtdThSh$_
zAm|F?M+H&u!3r<2X96n=$AMH_OUQ5REIR_ZQFul0uf&CehMCuCVs0>pnE4@3Txk1G
zco3Q$oJr@B!=OmECtBbgAAdYB+`fy21bG?76#3{m`MgYJpSn~u$`F(RUO1U}tY`c^
zR|~NEbtqwNvRQ_Hzk%}`yu`jo-0nZpQ0N=`LG%~XCmj97^a=aEpgMfg5P6Tu`r2dd
z7Y(a#RU9&+;|*eMDT?YQMvK_>ABOg@ojMfyb8Lu9??26nKho6aKdnjR6_<5!`Q&+r
zdoJ_jP69{zjdgiNbyEf2AS*S1N4h!#ZVNfit3eUr>Dd6*)Mrj}{w$0b@><bCEWEH;
z;FnU|#I7yh0EM}^nivKzxFzF7S^aI(*|K=YO^6dPG<RNFHhpDb^{WImplG_mtd%Nu
zdin-nV)wTxBt@nynP6SUPtN+|x1U%1yP-(x#HEp61|eskw=XaqS!pGZQ7Bl6TwbCU
zh3YDNwy3NW*|tMH$I#~qQwoxvnp%mlYB^-B+3l>9p+A<|7BK!_-NkOtzW`lZj#{%Y
zhN}72OC3|H%vEGNr-52ueS*)l_9hse4Qh8tqz<w_=br>F0n45}|JzdVROJ!HPF3ga
zyU}zo@rep9O?dzPX&;Eqk#gjG&09eYKwYQc$=njW!s6p}dM|SDD%2V>!^&pKvvS`3
zI=dea-VcAPCFKY!sZV_Rad4yqlQK9|Nh&mz6#cnpY0UxhszQ0LJ-C62%5x_LDx$WB
zgS~DY0z&lq3}N-`d}RGde`c6StNOxF)uP`@h71c45LR1$fxqSFAr{JBPM;@NSVqyS
z3B2T~^FjMnu66anQc+^om#0Q+d9f8_-qnS^>R33StSM4A$eRw8uRNZFhcCZcv&Oe)
z%j1Lp=p{vvl|Ghhjixp+CkQ?&+A_$ytEGcKok8&*am}-DT~I`IgD5?-dQ;i()@bSo
zSo0`0Le;WlgF=Nq_J*I0;3EP<9?NG@^%CMf!%%n-idI_(MLTDu(-k`qC-xYYC{`pa
zBY_BIF0d8W4k%jEcqwgpjVH{I6`Z`jItA9(^a;nTFK?Aa_pjgTHkC2PtbPyKss=>l
z(GR$8@;1c^!Kzz?>lCq~t)Ygr;_}aGkH9nH_oQBONdsaw3#zK!%v}kC=@Twd7!WF2
z!xZ^>g9t?j6b5O$lqL+W?jOL|wj!2GT+)r)hX6@8oWODWxZ(6}a1d*)#(B+42?CJ`
z&79FsE5)3~7_1GIDY`18h}m45z64c?XWJ6B=!P(vdJi59+h=e0Ieo)d5~QG}VGVhX
z8vOBlD4gkP?MA0o`fv#|;;u%_GUw(UH1S!EacehPAC#OU7pTNPc-F(D@$<fN&>{SA
z|IobVP73vV)mSRpu10gI8#L2cde8Su-DnCIin=bi6Fn9(D0sfN?_W$oMl{3_Z75h=
zzA#81X>$!VxI}f6p(d49NH$bOTZ+F=xnp_VS0@e37>~FVGw)B%)F<@(r_Gl=7dJ?g
zeOFdu7Oda~0XIdnJN~|qX7RCbM-EmQmiprDcwx`?Nx>=Qtk%JkxvSb%J&Ogt%S+6F
zYGD3~?+xV+u2JY?%W@-P1ijURhheBiArB9SsUE0l8%0(ik7!)#Mi8MwRNn)&yU)Yx
zVZW9@2(IN+D*fB*h`x0O&rWDAIy~4J5q2QHeBXdt+x$<*{LdLrd+i%m%~;#7mcE+5
zVDc!U5&RBGB~|cblNZ!;i)QD0ARMWz5MKLE!#t+0v7s@KQ&7T!`O^~MnxU$H22E_9
z4(B9$pt-_p)ciNzJVVVt==w(TNgd&AC*n&&JX7DN3Brb;1tLh3P;+TzB$GX_)uFC5
zH|<8}ta+*<LKVu8#zYm83YB$z)2>UHczql+^mM<G{Hw<X{0O4voPydvwhC9*;2M3a
z37i~Vg_1Yu)^Y0KF=~DyB7`DHsP1%$e_>G_NntiD*S9MbQYx0+`nhiXSm#+n1D}L$
zk-d-n7s0;T1<4*b|DXgOi|D>v^F$l|vJS=w%3sVg(nym~=}Yn&GPs-7Xb!tYIMYgm
z?ye!rib(v-iP$qcyd0aDgjS@r>O4t5PlIcYpBE#RUDK>>gVlQ5`)YV%pNjv5=k}@n
zkC>V1(60qQ@lVcEx4S}<?bMwc;rVvzojQ?I?lf`MoyJc*=as_U=tRHsCWR_>#f+FW
zSEiVWV2z6(Ylmd!>0RGQ<!@De>;Ar6y0%xqmB+yvq;F7v3h^JM!r2tPE&(8yCU**6
zDhtou>l+_^v5Wobs8ZrGUwyXb4_7e6K|OSfRI8;M0|M-)8w30cJ7gl@bJFRp9;nGk
zRwPqi%rq>cnU2WJUX+1FXeo)-%(}L}19w<P;2sfYD++w)_w?{g)l)DQU?BhsBEn|^
z&XH<rx(g&dODcNjgbLbx{TU==a^8=t1vubx*9I|HmvdwoE;a1@?6{^zE_Sa&%M_7y
zoJgqy4$nULsuRSc&*EMbFF*1jaGDyDdftL92f7}p4YkBKZP1N`SIo+5p^mLZ3o#Hi
zR$qqGkE4evfSMz>z&)1D6=nYOPoHG}Q;cdzqG7qOF=e+yR~L2r-H{@?rNF@X+L(3l
z24-*3n73^|D6uyETImW?mQc|t_|hNW4evhmz@JX&u-$6zF!C#6(3BtTMyDfSa~PK~
z;-|AWade$xWr{cTjDNoQU>muEoGq#t=2|y^62X*mEE>)XjjkZXEca9^d%v2x4rt|)
zc0Jp;6*>E!#SP?9Tb4^v7}3ACJuAq6Ih&T<T|H3a|C|MtMF0MD#;vn&Kg_``S_8<y
z|NYP38o&Ma8+e#po2nF$;d6jM$VbsLRqZA3Y?l$M(7VY0GN2mqirtHj=#|bJUsXt!
zQL7p)7D!?}P`ksH<U=tMI-++viM{id_fGrbJLsOyZu+O2*gx$H-a*~YchEs+yXl~_
z#186qcn5XPkA4b~^TykJJyiDAGg(1%j}*5p<r1f>b#5!30H(9{oZ5i<s{47Y0fv`L
zHFVGE^A9YmckZ!#?RPFNiL~VP&dp|G@$P3XUqV9>m)MXX%V|?wb$flsfwe`$M+7AE
zMTP;=s3G8LDDpN{D9z@^cyEOWyJ}Ks(@nS4JlAzB*KKCX9-@Kk;b;HmJmUaBCmvoz
zQ|;rb*$rH^;O-li_r-Yh3Dg$c`@UvRMCYQRB(6PPiSa`p=w}`v;UdD860YN%5nQ^q
z;#h_3R3SS*X~>S`v+qfU>K*1ttRuegWED-7HM&(agCW`j?X$C%@9EVFNsj_1$bIPq
z*cS2<!|*JMRTy5irmHm_v8KIYcmA8#xDY!4HVS$|9t&N-@87>DO{Hm0@DoL(>G`+k
zZLt_Tjm~+a<s%YYk-+mbYFWC^!?|{x@Ifn!&ItheMiMQ#N>wF<FN@RUK!a03$?S^4
z%0-kYN)Sc~;wZHIBj;hH2#6K}z|N20shq=w{bFN?Mc(WE^Ub64`sJWUmYut@EM68y
zNkgAJj3#k$=1@pp3BZotx+ls;QPC0&OzFluC%C6cP=|9xRhZ(x-IfW~gN`=+n;ZU%
zITyxrDBTnM^*Q6*nH!2KBf?!6>Za_e>*m*i>C$SnyN!0jd;v?zfkoW+v^nUcI6v|^
zQEjcqy|u>OQWm}8O1zT<DOZv1JKW~xzh{C(T7};9+TMm*#N*(lqrV!smM_lYo{@Fz
zGhLT1&eWh^ll_!-e`$Tq)+iiwQ`)*os-hWRvuI7pD5jv@vZiIE&>)7^r*~KzW6XTB
zlOoAnt(NsDC_2Z6#*{U>whcl8BJ7rfd%1_8tZ<I}<EDTH^Bs6Rn?}p}?7IYTEC@BY
zHT+{N1fo}$_G;2WsJ9aF4u5ng$`cEVk@~gr;2L;bK+B|_%N$^S=4@cw+W<;CamOFZ
zERKCAkX%i+`t#>7Z2su0<0k-W<$xyQpHG-Psu;>c8EMQ>$E<_Aa}jgH)3mxX<yVfV
zqfn10uE^wSIo?{}DHfS9*vk|HD9ZqPk`D0i-|%b%e{!wm1y?#={P~7Y8uS&eb$53^
z6?sujeTJY-54?bMU2p%=uD4%ARYuSnZ%|5oFaB(R_pw#gMYtwEqr3=LV&7f4BESVZ
zvRu`})dOV#6h=)g4M5c#Q0G!q+=|hLxwf9M0iK}7F>bJxcYxm%IdL5j=mc#PY*6(X
z@a%#}wp;j&4Tq?Pcw$+%Y3&9Wi@xC(ew?Yfos`1q7w#e@5+^ug2|5kXm*s@-tnrKb
z*!n-mjq?ZHt`Q@OMC+2-hvs_l_Iu5e2sKCZBO66q`Y9-y6|G?J9HGzL>^Hs-o&8VX
z2-&-ft~dM&v<?ZY<AwKT-P!=eH|Q%PFtl_|cw^0;_ia5E@Lq85O}}~*e&hW6;J%Z(
zcL}_{$ZtKG?4@HX%)e><Y-jL7S_%L<!E3};$Pg2Y+x}{ATW?#nm{+K@Lgu)y7}H~4
zAy7xoEVkZ?F*Le%Mt{D7x9$ULMFzh#xs3kQeXv4MWvjn~pSEMa6;Hf9x|MN4p8IsV
z<V7UU>(<-(7g6BbY7rG$L=j7bDl(EFX*j#R*bRE1#_fc)T^<qSxjS*g=@{K-GEp|(
zyBf!dV*O12@}_6^CQ|d;QZyeyv+ylcP<DP_VanpFaknzMksAIaKU;8MR_R~8;rhGX
z*2Ok;m}K3~gbdChMR$RBZG4FUP;LG$_0V^o8Z>hJwyw;i>kCHIA*D~4$Z?gmJKeLb
zy3(R=Y8grvp=XHmV3bOdQv@1HnWC>8({ygZz{Sk}$KKU8w~Zs|`>bDqvOef;E23mM
zo*k=p_bTg5X1y6FzSx=Bs;jFkL_!kEB*7y<+1k1ve}!%U1mCO|+cVBYteUCF1RJm2
zXf%N5xkwdT;PR_uA=hkE>XUOJu^3MmIg@fh6}vM~fac#*zw93WmrLo}A-(eRVwyRp
z@u#+Xr9<*}F$-45!HlX()Otv6-kDdvyIV<dwZ0K~xZITN^6Fw!l7Ia8S0SX@DCr+v
zDRPY0POIL>xm^xa0M~DM8coTyiar+pjdmQjC3D%RI$j}E(^zLrt3$RF|BhFp?oTTm
zSv}sx;_io4d8TlSeAJxj54Omv^B!`2lh8J}3HP|0pt4vjn5=oOLqg+)$hlgY3zj)e
zBav)hfl}&lxz1QFGS$*bwM<mDLs#sT!vbmgcF#g&sz~YP44^18n(mj2`+9RmGrDGy
z(^O=NCq8Z9u6fGaty(TjXq7f*>kJm#ww)9+5kGGhfQ<v#or(?j9d6rZ#!|Xpi|G%a
zO3^3dvA6TzC}Tu(wO=9O%gv3D&2}(*p7?Cm9F!eb!>=274i5k+c(>UvX}Yew?L>6w
z#&c-7TF+=6udkKJGM+9TvZ)D+I8CJz+4e02!le;DEG4+M>RFKZ70da2O)~8-AhsIK
zvXa1KRAf@+j3y)PFOLk}s~mxb0HJBm1=8BKk1Qi@h3=%}D3QgiWRS3tYYFHEoW^8H
z(?~CH19G827(`R&JeLXroOpbG5sMj(9j&zm-VUIRULn(MEX1u|3xkv<0e1Bp2v){a
zs(20S=Vtmpxl;cHKM6pvrO3^4p3t1*G5>iHgA{vP)D*YGsm{FyDG?)Y=t2vPDq!t3
zXWRl+R}LY8>pclhoJKrA*IFfRyC_loS(2$W-jckXXJkghTb4%H{*KO##__rYlf(-l
zcN|G@wY(!BG@p(}CCB+_H7VJWj!e2Mpcp2Su^Mwa(6>S3A^ME<;``(e<WGN|1joU+
zBq&*MwJc@;lH_=}OCFk8EM_D4Vq_{al6k0$gB2LDbQLT_|EH4^m&ITHJP9T{XEE8F
z1+J9)WwYNg7uzp%OPsvYf09d4#8IV%xkOX|3Bf+yMv^Byrnw8~_qDk>>2CCD)+vDk
z6Rrl5&{zuMV4zBh=~)rpGDQZ4kRg|YR|ZEeq$!y(0{#4o$P+!77ojYB>4{tJ_33j-
zK0ZBuYSHopBu{WLZxq?8Iv!xL*M~jk{W8d>Z6=1A;4%~$ls!6x79ZM91@eKg$a9uz
zo3*5Q6pE+}<N5mH{zM+FIaq2vw=whYFYp7aeKzrOH>yPb9dFxFfV`We5xJymG8s=^
z|Hr=N+CtsVtZbLZg&yv356d6!TJ;!LOO}(A$9gP3)Z}xKdlhWX5m<`A>)N0hK-^UV
zx-9S6I`G3nLAr-16!2!Vz_QiwYMMVL4HLVgYT+qKO%s}nY|fekD~6sxoIDSl35;46
zQx03zmZk;J%S4iCpN7ZYIl<p|i+9JFU13Up(Z+xE=yZSViW$};h7}|8o~_9MbGT*e
zO*RETe^wK6GI_m!W?M`qK0rT2PF>}Delxy#xY3U%Cr{As_~lD!_tR%>_v3oIyULpv
z)jf_!jqv&gMs@qbh&~&S$NNe4wk@<f?w?4mT}<9dEXpcJVUe>&p{r-)cM^{h&0o>G
zt8TT}CU>*ne)*K5(akA0)4EMubsNSM!~<{Nu?V%@m*(D!zkgQQdD(3olzT3ua{yO%
z0-tmMS9ag_9l%MPL~mPn-fRV!qS0)>eCon&ZOr(3INwJO!?sLJnvjOehcky1`_{T4
z-Xy5+7C(N3RCb9&kzUgKpZJ{lyC^Q3<H=a=S)Ynvt<+G%u1&_yy~89Py2U9-7$P}G
zEwa(rDpYjwh%>X@$6dXjRhag!)3qHRJlP?H=FyzigE`;Y;gGNGmeUhnAnx~V2;p2S
z%(bF1OPNHn!i3)Qq)2LST;NE8n(Dzo!%*ZAg4UIS_uzFFE8U{(Ze%2nNV%K!G!loa
z$tWl#LTnY!x?1)d!^o$ncoOjlR-yp@X44_en$05E(2`SfboIx#M`fzkR@JFa#x7Zx
zq@z+JT4i|IoI9g>!xKY93S^eZ2#^}ipM>6%*jQfB+{^X#fBjU7v7y@)%h!Y_+J2aj
zqGYPbkgpQY=CXUGy`tD1gppp`Tr*~6$pUjq1n{LQ%44~0G!(v;qtlbgSt<L20Cg+7
z(u6o?j8GyK@cKg-*#s6dnj4&)f9h%nSNiu`gJJYfuh2GhjZ!1QWI9lUr(s+~T6U3g
zMd)mnvlWMrF}AJ$EFJD2m9j{fH;VBbdrDIw@p@X&m|%66P05j-QoSyPIqkxdLIRU4
z{D8Uvr$(U=lieK2#4;2T;!v4)c*6>dh*T`Y=x;!N@yTkHAS_%8LP^4;#Qlp@6lrK%
z(;p+u7pJF40J8VFbah)=O)?Q14~nsrHNahm(L#uYx%L9KOpa!ST+hV)!1u8XW#^`E
zYPJ3#BKC>tfdM*zO&JwQvi4|!@*)LFbv`GeP+0-<7}l~B2i3@nv_y)RH1Y6+wH4Lo
z-Jn_NiBVQy!fGyPzYi@KxIG_}4*SCpz8a<`affzDMD}Kc!B&e%NlDu$G+kp6bXn+1
z@W=`^AfvD?Hs>Lvk^y<6MYG5wHTEV8TLdj^peMLN;P*$pWy`~qu#;tIW|P>)tBvG7
zp|_OKjQbATo{nEl%CotB&23q@;WRn*Zo%7q@KbLeyz^$&X~*5D@#OUZA?D!V?d#wX
z3cR~83%q~lHibz{6_ZNO>ynG~KW*6yB|c{nRm>(dx0`>)bR|5YI}H)CHw%aVwx`m1
z!swzrtoG}w?(yWHx(C&LIjXBvZ14--%oWRj5&5n5hTrj&%jJ}O|J`dBUrviezh=3d
z5+EFOzJUGeQR?ZW-5F`mtDg^CAoix${y|F*TKd~-X_$-Dq8jUE+rLDrmu{bL&cW&J
zzALen=FM}Rvx|ZJ$`fMCeE7$Mq8$|NH}YgZ2*t=e7s;-tNy`Azu;6CnIHB1PLL$MM
zCgtgo8<u1ur}-M-3urEiH1bCHaX>ypu&atkNM<ag+QYVgM#MnEAz(DqLM&lNENDcy
zfkZHJG4+**uD3xxBo^fCypT#HKXX}7J6@_#kN({&7is9({Lbx$<({_5q9W!|^QQM<
zujOEwz8TAu(EATX@-wJ|)YBgXxePBKoc7-x<=j^^D{2U;aZs^?ihV;W=3V!|gX0pf
z(%Sp`#DTbwSpj<scArMiwmm!%ijy-ON9QS_saLsIc+^xFP@BM0-5=7GSU-*CGA-($
zxCg~;DDK0$=^w{?naXL0_>XxOUc<i2&KjfU_d_A&Fe_#;4@XJ-#R|paqhI#e&mqUb
z@#~h$O1~p5g5?Tax8v!GNyQgbF~aAB-RrhZ7jW9g^p)8(w7E-?&|4;nWT|vV7;5M{
z2QA%JOJDX3iiPplf}V!qa?o2rK5|LuN%}3fVNdql$~nw@2bc9}TvmI6Lo1qx+&H6f
z#w^KVmgt58#}yAJLEW^2Diuw&i5Bx7-UGt(?4!<WV<y>KKtj}FN1jp+3tmrX!b}@d
zb%?9zxKr^ivE8YWef*MUquY5ljA@aE%a)hUg<j-YICQZ)lkSZVj)N9s%k1Ck8504+
zKNaydg*HfxoB2jMO=Y%LOLsP>h4#T+yl?erj!uF<9{rvjnuBqC*f^Gpfv<YefQ2!=
zc%j$w*SM5-T#-Em*hMozF+{yPgz4ibf4uCUm-OdbVc@BDJt6s>xLSoJ566@o-FU#b
zgwzIreHvU<wS^>n1xJR<f7ViWc9ZMbqe*ZY7~bpWBmw%~Lzj7396)X<xCMsmSIrl6
zm~p;pcl>!sU*N@O$?_>VJ3H%DjL}n)Tl!*uMTW~KzfI-<mwgLyYA-(@RP3u(v3)~K
z{@`}gRFjgj2buA7@zJtG?ZB91uLoHfLrXQ)^K@u9emy^%AD{Fd(4rlflOD}R<nYq{
zVEMxrGaY4PB2ry<Pn8;g=`C>S2UeAqzIqv~D%(t88$6f|{&x=u#Xeb3w-)WnnMD=Y
zIC~*G+0bfHWwIIvli;i|CpEC)UK;7pMkBY#v#_;!T4D0`-`0Xw?AWw=@vXS25i3@6
zD<i2#WsUSf_k=Ns<Fjwwuw^28Q*TG8zQu(gJcT<yT;i49@<L;3ApGGHAHG{sNgxtK
zOen_4d+Qpnc5PS*^Ciw=Bq^jqq(6HbQWVNjEEs8@SPZaSwXs{?>vmKOcsXfAXQEJ}
zIsM;JA3!XITJSJYv8;XQT^a@%?*DLG_;@`24*h7AYttMC4ekea4|jS$777k)>R~3Q
z<mlvN{N2%unJs*8tF+oxzl&xZt@Iabp+-)5+R}SgDY!KM09-K}%!h9d5IZj!VkeqC
z0Ic(+IvV!N40Gu9Ql{=iehae_Z^P#8^$DMokmbsTU@e%RNe2+5OS*E<hzQhzBwj2J
zdVTT>^N`9Skq#7*MFwXXBDW<aosrR*S&E#Xr+;1Ij~dxRt)Oju40YECPHp{guig}D
z`LDkzmHlw9*EQNq8_-fbqAh5lmJ=7|(}UiTbWIJ%n_Nr9^bBgq8-7GehDJK`x`zf6
zX^Ua9djHNc!6Bfp*-%uXMC5>vLXqbzRBc;hB+Gdk@{GbUw`xJ!j-FRaRB}l4iAaGP
z?!O1scY{}Cu*hjz#55oLkJ)Ier?Gecbx(qzwt^avjgr*vZplpjh~d((<+s!q<Vr+(
zu+12r&xZjO1-2BfT$TLcjzAW-6@oK^ihKU~`sU*$p*Zs))`jkHi%*%qGUZ}4Tsm|~
z^eSLy*RW4Z#1!FCdA*;egvNlHq4<gsT?;XHn9e#AmMR`vfPI|_6ba`ozfxQxo(3+m
z;V2~h)<ucgePF)EgOnE3Lsvebip6WhW<V`t5qJhAh(;JQnzD!#S<u^#k0hBST_G~v
z27sJCC9;^Axk(h6G=Ib&=y2=lJ1?O@Jgz)T|JcSzq;t^SIj!f%63XL-<mqS>vHL*(
z*N`?nJw5$SzwXr-Ryz4rh=Y1?y9K(hS~*+n@vU&l!dt|hG5sP9$ONtsoHIUz`9%8W
zc}R}_;4!+@Xq3_-ndy3dKdxK&D$N^gZYvRrcuM|ubE92wTerX8-AZrwqhap<D%8?L
zNx%0@YG4w>aI#72cGo3ZQrYW!B%ewUN@han!Dp~0v{?{&WUL<eUyj<HMC_jMQf{wb
z`k8?)=$k6QxH)ZsUhmI5R|SoY4J0Bb7sj|4NXwvCty<e`Ay=V4IB?Y15RD#4?xivK
zI)!IWr`l8^gpM|(7EWhiESP;qh6w$V4oiK|c@r8%P-Gu>rNkS#Cl}F`HK65l0h(aH
zwPwQdl#))(FoklMKUk=aaiB--lNZbU&`v+RK6gF?KrokWsWr-(Hk|le(QaVrX_I1a
ze005`$A<0-qq~EkJtIi=P%g$w>U5aJK)1*MS50QP^Lbb6HHvE+y=VQ^o>}{CE5O$G
zmF)oAIUtCxD3A5fCPfOmrma%0*KT@_`uyo9f~$w1MmTDQbFJRzKH(IYLi{H-sS9(*
zwER(7KJBErK@VLqFjyPZ)h{}JW!ux3)S5omoV?oZho{z+guPpw+cy-(q`F4d*{-?M
z%sQBMXeesy*|)v!lV6rpu@$=G*sVdcWI?qUfsLnMXDsxFh?bWXibPyHn(<m&W3A2a
zD_@iIPj78jGGie|0eq3RzgHGp<TyB<1a=`;8zGg^gHN-8%#y{lfRQk)aiif=pQfw1
zv`yFLmz7D`KEuZBYoFFx*u89<jqTHzm8(y~8?YtueS)$*z;N%?8piZjC49Y&Qa_Gj
zA>?i_$OVfjJeesV@+L__*Wd|@jI)U7WhWfYw4dwIZ{{O1i$!=VUy(W7`sFDu3k+_3
z>0-bCfcDg#baZ=|THrg2kH^!w$P;r@X~iYiInOx|*_eKHIz=K87VcE3Up?nR;}=21
zR*0EsE=!NBh>@*6PZt<%b8ou!(2R$mW_f}xJtRkM3(KJL$EL^OkLb!c?98`1-pNtx
zDBdMoJMr3Y<&^wiuR6%8Cc0MhUUQT`V6@A}(T(rZZoRH{+gSQ;ZQrNtd$qn37Kw!N
zbn2fiB0y#DoIuNa(kH-osAnJ?%;ofIU)1K;@}yd|{>&urnqe#NcbsBvQTCi;T^0A5
iWXHjz_iu;i@Eo4Qb9i3(^Zx+=0RR90M``{5xD5dCmkpi(

literal 0
HcmV?d00001

diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/.helmignore b/packs/kubeflow-1.9.1/charts/kubeflow/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/Chart.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/Chart.yaml
new file mode 100644
index 00000000..17a1b167
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/Chart.yaml
@@ -0,0 +1,27 @@
+apiVersion: v2
+name: kubeflow
+description: A Helm chart for Kubeflow
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.5.1
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.9.1"
+maintainers:
+  - name: Kubeflow
+    url: https://github.com/kromanow94/kubeflow-manifests
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/files/pipelines-profile-controller/sync.py b/packs/kubeflow-1.9.1/charts/kubeflow/files/pipelines-profile-controller/sync.py
new file mode 100644
index 00000000..88caaa62
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/files/pipelines-profile-controller/sync.py
@@ -0,0 +1,425 @@
+# Copyright 2020-2021 The Kubeflow Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# NOTE: this file probably needs some parametrization...
+
+from http.server import BaseHTTPRequestHandler, HTTPServer
+import json
+import os
+import base64
+
+
+def main():
+    settings = get_settings_from_env()
+    server = server_factory(**settings)
+    server.serve_forever()
+
+
+def get_settings_from_env(controller_port=None,
+                          visualization_server_image=None, frontend_image=None,
+                          visualization_server_tag=None, frontend_tag=None, disable_istio_sidecar=None,
+                          minio_host=None, minio_access_key=None, minio_secret_key=None,
+                          kfp_default_pipeline_root=None, metadata_grpc_service_host=None,
+                          metadata_grpc_service_port=None, ml_pipeline_sa_principal=None):
+    """
+    Returns a dict of settings from environment variables relevant to the controller
+
+    Environment settings can be overridden by passing them here as arguments.
+
+    Settings are pulled from the all-caps version of the setting name.  The
+    following defaults are used if those environment variables are not set
+    to enable backwards compatibility with previous versions of this script:
+        visualization_server_image: gcr.io/ml-pipeline/visualization-server
+        visualization_server_tag: value of KFP_VERSION environment variable
+        frontend_image: gcr.io/ml-pipeline/frontend
+        frontend_tag: value of KFP_VERSION environment variable
+        disable_istio_sidecar: Required (no default)
+        minio_host: Not required (no default)
+        minio_access_key: Required (no default)
+        minio_secret_key: Required (no default)
+        metadata_grpc_service_host: Required (no default)
+        metadata_grpc_service_port: Required (no default)
+        ml_pipeline_sa_principal: Required (no default)
+    """
+    settings = dict()
+    settings["controller_port"] = \
+        controller_port or \
+        os.environ.get("CONTROLLER_PORT", "8080")
+
+    settings["visualization_server_image"] = \
+        visualization_server_image or \
+        os.environ.get("VISUALIZATION_SERVER_IMAGE", "gcr.io/ml-pipeline/visualization-server")
+
+    settings["frontend_image"] = \
+        frontend_image or \
+        os.environ.get("FRONTEND_IMAGE", "gcr.io/ml-pipeline/frontend")
+
+    # Look for specific tags for each image first, falling back to
+    # previously used KFP_VERSION environment variable for backwards
+    # compatibility
+    settings["visualization_server_tag"] = \
+        visualization_server_tag or \
+        os.environ.get("VISUALIZATION_SERVER_TAG") or \
+        os.environ["KFP_VERSION"]
+
+    settings["frontend_tag"] = \
+        frontend_tag or \
+        os.environ.get("FRONTEND_TAG") or \
+        os.environ["KFP_VERSION"]
+
+    settings["disable_istio_sidecar"] = \
+        disable_istio_sidecar if disable_istio_sidecar is not None \
+            else os.environ.get("DISABLE_ISTIO_SIDECAR") == "true"
+
+    settings["minio_host"] = \
+        minio_host or \
+        os.environ.get("MINIO_HOST")
+
+    settings["minio_access_key"] = \
+        minio_access_key or \
+        base64.b64encode(bytes(os.environ.get("MINIO_ACCESS_KEY"), 'utf-8')).decode('utf-8')
+
+    settings["minio_secret_key"] = \
+        minio_secret_key or \
+        base64.b64encode(bytes(os.environ.get("MINIO_SECRET_KEY"), 'utf-8')).decode('utf-8')
+
+    # KFP_DEFAULT_PIPELINE_ROOT is optional
+    settings["kfp_default_pipeline_root"] = \
+        kfp_default_pipeline_root or \
+        os.environ.get("KFP_DEFAULT_PIPELINE_ROOT")
+
+    settings["metadata_grpc_service_host"] = \
+        metadata_grpc_service_host or \
+        os.environ.get("METADATA_GRPC_SERVICE_HOST")
+
+    settings["metadata_grpc_service_port"] = \
+        metadata_grpc_service_port or \
+        os.environ.get("METADATA_GRPC_SERVICE_PORT")
+
+    settings["ml_pipeline_sa_principal"] = \
+        ml_pipeline_sa_principal or \
+        os.environ.get("ML_PIPELINE_SA_PRINCIPAL")
+
+    return settings
+
+
+def server_factory(visualization_server_image,
+                   visualization_server_tag, frontend_image, frontend_tag,
+                   disable_istio_sidecar, minio_access_key, minio_secret_key,
+                   minio_host=None, kfp_default_pipeline_root=None,
+                   metadata_grpc_service_host=None, metadata_grpc_service_port=None,
+                   ml_pipeline_sa_principal=None, url="", controller_port=8080):
+    """
+    Returns an HTTPServer populated with Handler with customized settings
+    """
+    class Controller(BaseHTTPRequestHandler):
+        def sync(self, parent, attachments):
+            # parent is a namespace
+            namespace = parent.get("metadata", {}).get("name")
+
+            pipeline_enabled = parent.get("metadata", {}).get(
+                "labels", {}).get("pipelines.kubeflow.org/enabled")
+
+            if pipeline_enabled != "true":
+                return {"status": {}, "attachments": []}
+
+            desired_configmap_count = 1
+            desired_resources = []
+            if kfp_default_pipeline_root:
+                desired_configmap_count = 2
+                desired_resources += [{
+                    "apiVersion": "v1",
+                    "kind": "ConfigMap",
+                    "metadata": {
+                        "name": "kfp-launcher",
+                        "namespace": namespace,
+                    },
+                    "data": {
+                        "defaultPipelineRoot": kfp_default_pipeline_root,
+                    },
+                }]
+
+            # Compute status based on observed state.
+            desired_status = {
+                "kubeflow-pipelines-ready":
+                    len(attachments["Secret.v1"]) == 1 and
+                    len(attachments["ConfigMap.v1"]) == desired_configmap_count and
+                    len(attachments["Deployment.apps/v1"]) == 2 and
+                    len(attachments["Service.v1"]) == 2 and
+                    len(attachments["DestinationRule.networking.istio.io/v1alpha3"]) == 1 and
+                    len(attachments["AuthorizationPolicy.security.istio.io/v1beta1"]) == 1 and
+                    "True" or "False"
+            }
+
+            # Generate the desired attachments object(s).
+            desired_resources += [
+                {
+                    "apiVersion": "v1",
+                    "kind": "ConfigMap",
+                    "metadata": {
+                        "name": "metadata-grpc-configmap",
+                        "namespace": namespace,
+                    },
+                    "data": {
+                        "METADATA_GRPC_SERVICE_HOST":
+                            metadata_grpc_service_host,
+                        "METADATA_GRPC_SERVICE_PORT": 
+                            metadata_grpc_service_port,
+                    },
+                },
+                # Visualization server related manifests below
+                {
+                    "apiVersion": "apps/v1",
+                    "kind": "Deployment",
+                    "metadata": {
+                        "labels": {
+                            "app": "ml-pipeline-visualizationserver"
+                        },
+                        "name": "ml-pipeline-visualizationserver",
+                        "namespace": namespace,
+                    },
+                    "spec": {
+                        "selector": {
+                            "matchLabels": {
+                                "app": "ml-pipeline-visualizationserver"
+                            },
+                        },
+                        "template": {
+                            "metadata": {
+                                "labels": {
+                                    "app": "ml-pipeline-visualizationserver"
+                                },
+                                "annotations": disable_istio_sidecar and {
+                                    "sidecar.istio.io/inject": "false"
+                                } or {},
+                            },
+                            "spec": {
+                                "containers": [{
+                                    "image": f"{visualization_server_image}:{visualization_server_tag}",
+                                    "imagePullPolicy":
+                                        "IfNotPresent",
+                                    "name":
+                                        "ml-pipeline-visualizationserver",
+                                    "ports": [{
+                                        "containerPort": 8888
+                                    }],
+                                    "resources": {
+                                        "requests": {
+                                            "cpu": "50m",
+                                            "memory": "200Mi"
+                                        },
+                                        "limits": {
+                                            "cpu": "500m",
+                                            "memory": "1Gi"
+                                        },
+                                    }
+                                }],
+                                "serviceAccountName":
+                                    "default-editor",
+                            },
+                        },
+                    },
+                },
+                {
+                    "apiVersion": "networking.istio.io/v1alpha3",
+                    "kind": "DestinationRule",
+                    "metadata": {
+                        "name": "ml-pipeline-visualizationserver",
+                        "namespace": namespace,
+                    },
+                    "spec": {
+                        "host": "ml-pipeline-visualizationserver",
+                        "trafficPolicy": {
+                            "tls": {
+                                "mode": "ISTIO_MUTUAL"
+                            }
+                        }
+                    }
+                },
+                {
+                    "apiVersion": "security.istio.io/v1beta1",
+                    "kind": "AuthorizationPolicy",
+                    "metadata": {
+                        "name": "ml-pipeline-visualizationserver",
+                        "namespace": namespace,
+                    },
+                    "spec": {
+                        "selector": {
+                            "matchLabels": {
+                                "app": "ml-pipeline-visualizationserver"
+                            }
+                        },
+                        "rules": [{
+                            "from": [{
+                                "source": {
+                                    "principals": [ml_pipeline_sa_principal]
+                                }
+                            }]
+                        }]
+                    }
+                },
+                {
+                    "apiVersion": "v1",
+                    "kind": "Service",
+                    "metadata": {
+                        "name": "ml-pipeline-visualizationserver",
+                        "namespace": namespace,
+                    },
+                    "spec": {
+                        "ports": [{
+                            "name": "http",
+                            "port": 8888,
+                            "protocol": "TCP",
+                            "targetPort": 8888,
+                        }],
+                        "selector": {
+                            "app": "ml-pipeline-visualizationserver",
+                        },
+                    },
+                },
+                # Artifact fetcher related resources below.
+                {
+                    "apiVersion": "apps/v1",
+                    "kind": "Deployment",
+                    "metadata": {
+                        "labels": {
+                            "app": "ml-pipeline-ui-artifact"
+                        },
+                        "name": "ml-pipeline-ui-artifact",
+                        "namespace": namespace,
+                    },
+                    "spec": {
+                        "selector": {
+                            "matchLabels": {
+                                "app": "ml-pipeline-ui-artifact"
+                            }
+                        },
+                        "template": {
+                            "metadata": {
+                                "labels": {
+                                    "app": "ml-pipeline-ui-artifact"
+                                },
+                                "annotations": disable_istio_sidecar and {
+                                    "sidecar.istio.io/inject": "false"
+                                } or {},
+                            },
+                            "spec": {
+                                "containers": [{
+                                    "name":
+                                        "ml-pipeline-ui-artifact",
+                                    "image": f"{frontend_image}:{frontend_tag}",
+                                    "imagePullPolicy":
+                                        "IfNotPresent",
+                                    "ports": [{
+                                        "containerPort": 3000
+                                    }],
+                                    "env": [
+                                        {
+                                            "name": "MINIO_HOST",
+                                            "value": minio_host,
+                                        },
+                                        {
+                                            "name": "MINIO_ACCESS_KEY",
+                                            "valueFrom": {
+                                                "secretKeyRef": {
+                                                    "key": "accesskey",
+                                                    "name": "mlpipeline-minio-artifact"
+                                                }
+                                            }
+                                        },
+                                        {
+                                            "name": "MINIO_SECRET_KEY",
+                                            "valueFrom": {
+                                                "secretKeyRef": {
+                                                    "key": "secretkey",
+                                                    "name": "mlpipeline-minio-artifact"
+                                                }
+                                            }
+                                        }
+                                    ],
+                                    "resources": {
+                                        "requests": {
+                                            "cpu": "10m",
+                                            "memory": "70Mi"
+                                        },
+                                        "limits": {
+                                            "cpu": "100m",
+                                            "memory": "500Mi"
+                                        },
+                                    }
+                                }],
+                                "serviceAccountName":
+                                    "default-editor"
+                            }
+                        }
+                    }
+                },
+                {
+                    "apiVersion": "v1",
+                    "kind": "Service",
+                    "metadata": {
+                        "name": "ml-pipeline-ui-artifact",
+                        "namespace": namespace,
+                        "labels": {
+                            "app": "ml-pipeline-ui-artifact"
+                        }
+                    },
+                    "spec": {
+                        "ports": [{
+                            "name":
+                                "http",  # name is required to let istio understand request protocol
+                            "port": 80,
+                            "protocol": "TCP",
+                            "targetPort": 3000
+                        }],
+                        "selector": {
+                            "app": "ml-pipeline-ui-artifact"
+                        }
+                    }
+                },
+            ]
+            print('Received request:\n', json.dumps(parent, sort_keys=True))
+            print('Desired resources except secrets:\n', json.dumps(desired_resources, sort_keys=True))
+            # Moved after the print argument because this is sensitive data.
+            desired_resources.append({
+                "apiVersion": "v1",
+                "kind": "Secret",
+                "metadata": {
+                    "name": "mlpipeline-minio-artifact",
+                    "namespace": namespace,
+                },
+                "data": {
+                    "accesskey": minio_access_key,
+                    "secretkey": minio_secret_key,
+                },
+            })
+
+            return {"status": desired_status, "attachments": desired_resources}
+
+        def do_POST(self):
+            # Serve the sync() function as a JSON webhook.
+            observed = json.loads(
+                self.rfile.read(int(self.headers.get("content-length"))))
+            desired = self.sync(observed["object"], observed["attachments"])
+
+            self.send_response(200)
+            self.send_header("Content-type", "application/json")
+            self.end_headers()
+            self.wfile.write(bytes(json.dumps(desired), 'utf-8'))
+
+    return HTTPServer((url, int(controller_port)), Controller)
+
+
+if __name__ == "__main__":
+    main()
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/files/validation-messages/mlpipeline-minio-artifact.txt b/packs/kubeflow-1.9.1/charts/kubeflow/files/validation-messages/mlpipeline-minio-artifact.txt
new file mode 100644
index 00000000..a81fc402
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/files/validation-messages/mlpipeline-minio-artifact.txt
@@ -0,0 +1,12 @@
+Kubeflow Pipelines requires the Object Store K8s Secret name to be 'mlpipeline-minio-artifact'.
+This is because the K8s Secret Name and Secret Keys are hardcoded:
+* <=2.1.0:
+  https://github.com/kubeflow/pipelines/blob/2.1.0/backend/src/v2/objectstore/object_store.go#L292
+* >=2.2.0 (state as of 2nd May 2024)
+  https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L39
+
+If the Secret Name is not provided in any of the following fields, the Secret
+'mlpipeline-minio-artifact' will be created with the provided plaintext values:
+* .Values.pipelines.config.objectStore.existingSecretName
+* .Values.pipelines.config.objectStore.accessKey.secretKeyRef.name
+* .Values.pipelines.config.objectStore.secretAccessKey.secretKeyRef.name
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/files/validation-messages/objectstore-accesskey-secretaccesskey-secret-ref.txt b/packs/kubeflow-1.9.1/charts/kubeflow/files/validation-messages/objectstore-accesskey-secretaccesskey-secret-ref.txt
new file mode 100644
index 00000000..46d7198e
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/files/validation-messages/objectstore-accesskey-secretaccesskey-secret-ref.txt
@@ -0,0 +1,3 @@
+Both of the following values must be either nil or 'mlpipeline-minio-artifact' at the same time:
+* .Values.pipelines.config.objectStore.accessKey.secretKeyRef.name
+* .Values.pipelines.config.objectStore.secretAccessKey.secretKeyRef.name
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_NOTES.txt b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_NOTES.txt
new file mode 100644
index 00000000..8029e06b
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_NOTES.txt
@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "kubeflow.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "kubeflow.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "kubeflow.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "kubeflow.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_deployment.yaml
new file mode 100644
index 00000000..48b618f6
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_deployment.yaml
@@ -0,0 +1,61 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "kubeflow.fullname" . }}
+  labels:
+    {{- include "kubeflow.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "kubeflow.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "kubeflow.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "kubeflow.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.port }}
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/_helpers.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/_helpers.tpl
new file mode 100644
index 00000000..2765e201
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/_helpers.tpl
@@ -0,0 +1,398 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kubeflow.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kubeflow.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kubeflow.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kubeflow.common.labels" -}}
+helm.sh/chart: {{ include "kubeflow.chart" . }}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Common selector labels
+*/}}
+{{- define "kubeflow.common.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kubeflow.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Indicates if Kubeflow is deployed in cluster mode.
+*/}}
+{{- define "kubeflow.deploymentMode.cluster" -}}
+{{- ternary true "" (eq .Values.deploymentMode "cluster") -}}
+{{- end }}
+
+{{/*
+Indicates if Kubeflow is deployed in namespace mode.
+TODO: use ternary for other conditionals.
+*/}}
+{{- define "kubeflow.deploymentMode.namespace" -}}
+{{- ternary true "" (eq .Values.deploymentMode "namespace") -}}
+{{- end }}
+
+{{- define "kubeflow.isMultiuser" -}}
+{{- ternary "true" "false" (include "kubeflow.deploymentMode.cluster" . | eq "true") -}}
+{{- end }}
+
+{{- define "kubeflow.deploymentMode.scopedRoleBindingKind" -}}
+{{- ternary "ClusterRoleBinding" "RoleBinding" (include "kubeflow.deploymentMode.cluster" . | eq "true") -}}
+{{- end }}
+
+{{- define "kubeflow.deploymentMode.scopedRoleKind" -}}
+{{- ternary "ClusterRole" "Role" (include "kubeflow.deploymentMode.cluster" . | eq "true") -}}
+{{- end }}
+
+{{/*
+Indicates if should integrate with cert-manager.
+*/}}
+{{- define "kubeflow.certManagerIntegration.enabled" -}}
+{{- ternary true "" .Values.certManagerIntegration.enabled -}}
+{{- end }}
+
+{{/*
+Kubeflow Component Names.
+
+Changing this function will reflect on all component and subcomponent names.
+*/}}
+{{- define "kubeflow.component.name" -}}
+{{- $componentName := index . 0 -}}
+{{- $context := index . 1 -}}
+{{- $componentName }}
+{{- end }}
+
+
+{{/*
+Component specific labels
+*/}}
+{{- define "kubeflow.component.labels" -}}
+{{ include "kubeflow.component.selectorLabels" . }}
+{{- end }}
+
+{{/*
+Component specific selector labels
+*/}}
+{{- define "kubeflow.component.selectorLabels" -}}
+app.kubernetes.io/component: {{ . }}
+{{- end }}
+
+{{/*
+subcomponent specific labels
+*/}}
+{{- define "kubeflow.component.subcomponent.labels" -}}
+{{ include "kubeflow.component.subcomponent.selectorLabels" . }}
+{{- end }}
+
+{{/*
+subcomponent specific selector labels
+*/}}
+{{- define "kubeflow.component.subcomponent.selectorLabels" -}}
+app.kubernetes.io/subcomponent: {{ . }}
+{{- end }}
+
+{{/*
+Role and ClusterRole aggregation rule labels
+*/}}
+{{- define "kubeflow.aggregationRule.labelBase" -}}
+{{- $labelPrefix := "rbac.authorization.kubeflow.org/aggregate-to" -}}
+{{- $roleName := . -}}
+{{- printf "%s-%s: \"%s\""
+  $labelPrefix
+  $roleName
+  "true"
+  -}}
+{{- end -}}
+
+{{/*
+Component Service.
+*/}}
+{{- define "kubeflow.component.svc.name" -}}
+{{- $componentName := . -}}
+{{ print $componentName }}
+{{- end }}
+
+{{- define "kubeflow.component.svc.addressWithNs" -}}
+{{- $ctx := index . 0 -}}
+{{- $componentName := index . 1 -}}
+{{ printf "%s.%s"
+    $componentName
+    (include "kubeflow.namespace" $ctx)
+}}
+{{- end }}
+
+{{- define "kubeflow.component.svc.addressWithSvc" -}}
+{{- $ctx := index . 0 -}}
+{{- $componentName := index . 1 -}}
+{{ printf "%s.%s.svc"
+    $componentName
+    (include "kubeflow.namespace" $ctx)
+}}
+{{- end }}
+
+{{- define "kubeflow.component.svc.fqdn" -}}
+{{- $ctx := index . 0 -}}
+{{- $componentName := index . 1 -}}
+{{ printf "%s.%s.svc.%s"
+    $componentName
+    (include "kubeflow.namespace" $ctx)
+    $ctx.Values.clusterDomain
+}}
+{{- end }}
+
+{{/*
+Namespace for all resources to be installed into
+If not defined in values file then the helm release namespace is used
+By default this is not set so the helm release namespace will be used
+
+This gets around an problem within helm discussed here
+https://github.com/helm/helm/issues/5358
+{{- default .Values.namespace .Release.Namespace }}
+*/}}
+{{- define "kubeflow.namespace" -}}
+{{- default .Release.Namespace .Values.namespace }}
+{{- end -}}
+
+
+{{- define "kubeflow.component.autoscaling.enabled" -}}
+{{- $defaultAutoscaling := index . 0 -}}
+{{- $componentAutoscaling := index . 1 -}}
+{{- if $componentAutoscaling -}}
+  {{- if eq nil $componentAutoscaling.enabled -}}
+      {{- $defaultAutoscaling.enabled }}
+  {{- else -}}
+      {{- $componentAutoscaling.enabled }}
+  {{- end -}}
+{{- else -}}
+  {{- $defaultAutoscaling.enabled }}
+{{- end -}}
+{{- end }}
+
+
+{{- define "kubeflow.component.autoscaling.minReplicas" -}}
+{{- $defaultAutoscaling := index . 0 -}}
+{{- $componentAutoscaling := index . 1 -}}
+{{- if $componentAutoscaling -}}
+  {{- default $defaultAutoscaling.minReplicas $componentAutoscaling.minReplicas }}
+{{- else -}}
+  {{- $defaultAutoscaling.minReplicas }}
+{{- end -}}
+{{- end }}
+
+{{- define "kubeflow.component.autoscaling.maxReplicas" -}}
+{{- $defaultAutoscaling := index . 0 -}}
+{{- $componentAutoscaling := index . 1 -}}
+{{- if $componentAutoscaling -}}
+  {{- default $defaultAutoscaling.maxReplicas $componentAutoscaling.maxReplicas }}
+{{- else -}}
+  {{- $defaultAutoscaling.maxReplicas }}
+{{- end -}}
+{{- end }}
+
+{{- define "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" -}}
+{{- $defaultAutoscaling := index . 0 -}}
+{{- $componentAutoscaling := index . 1 -}}
+{{- if $componentAutoscaling -}}
+  {{- default $defaultAutoscaling.targetCPUUtilizationPercentage $componentAutoscaling.targetCPUUtilizationPercentage }}
+{{- else -}}
+  {{- $defaultAutoscaling.targetCPUUtilizationPercentage }}
+{{- end -}}
+{{- end }}
+
+{{- define "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{- $defaultAutoscaling := index . 0 -}}
+{{- $componentAutoscaling := index . 1 -}}
+{{- if $componentAutoscaling -}}
+  {{- default $defaultAutoscaling.targetMemoryUtilizationPercentage $componentAutoscaling.targetMemoryUtilizationPercentage }}
+{{- else -}}
+  {{- $defaultAutoscaling.targetMemoryUtilizationPercentage }}
+{{- end -}}
+{{- end }}
+
+
+{{- define "kubeflow.component.image" -}}
+{{- $default := index . 0 -}}
+{{- $component := index . 1 -}}
+{{- $registry := default $default.registry $component.registryOverwrite -}}
+{{- $repository :=  $component.repository -}}
+{{- $tag := $component.tag -}}
+{{- printf "%s/%s:%s" $registry $repository $tag }}
+{{- end }}
+
+{{- define "kubeflow.component.imagePullPolicy" -}}
+{{- $default := index . 0 -}}
+{{- $component := index . 1 -}}
+{{- $imagePullPolicy := default $default.pullPolicy $component.pullPolicyOverwrite -}}
+{{- $imagePullPolicy }}
+{{- end }}
+
+{{- define "kubeflow.component.serviceAccountName" -}}
+{{- $componentName := index . 0 -}}
+{{- $componentSA := index . 1 -}}
+{{- if $componentSA.create }}
+  {{- default $componentName $componentSA.name }}
+{{- else }}
+  {{- default "default" $componentSA.name -}}
+{{- end }}
+{{- end }}
+
+{{- define "kubeflow.component.serviceAccountPrincipal" -}}
+{{- $ctx := index . 0 -}}
+{{- $saName := index . 1 -}}
+{{- printf "%s/ns/%s/sa/%s"
+    $ctx.Values.clusterDomain
+    (include "kubeflow.namespace" $ctx)
+    $saName
+}}
+{{- end }}
+
+{{- define "kubeflow.component.authorizationPolicyExtAuthName" -}}
+{{- $componentName := index . 0 -}}
+{{- $istioIntegration := index . 1 -}}
+{{- $providerName := $istioIntegration.envoyExtAuthzHttpExtensionProviderName -}}
+{{ printf "%s-%s" $componentName $providerName }}
+{{- end }}
+
+{{/*
+Kubeflow Component Security Context.
+*/}}
+{{- define "kubeflow.component.containerSecurityContext" -}}
+{{- $defaultContext := index . 0 -}}
+{{- $componentContext := index . 1 -}}
+{{- if $componentContext -}}
+  {{- toYaml $componentContext }}
+{{- else if $defaultContext -}}
+  {{- toYaml $defaultContext }}
+{{- end }}
+{{- end }}
+
+{{/*
+Kubeflow Component Scheduling.
+
+TODO: investigate if this can be simply used like:
+{{- include "mychart.affinity" . | nindent 8 }}
+{{- include "mychart.nodeSelector" . | nindent 8 }}
+{{- include "mychart.tolerations" . | nindent 8 }}
+{{- include "mychart.topologySpreadConstraints" . | nindent 8 }}
+https://chat.openai.com/share/c66d86ba-3b98-4942-a605-56b98889a313
+*/}}
+{{- define "kubeflow.component.topologySpreadConstraints" -}}
+{{- $defaultConstraints := index . 0 -}}
+{{- $componentConstraints := index . 1 -}}
+{{- if $componentConstraints -}}
+  {{- toYaml $componentConstraints }}
+{{- else if $defaultConstraints -}}
+  {{- toYaml $defaultConstraints }}
+{{- end }}
+{{- end }}
+
+{{- define "kubeflow.component.nodeSelector" -}}
+{{- $defaultNodeSelector := index . 0 -}}
+{{- $componentNodeSelector := index . 1 -}}
+{{- if $componentNodeSelector -}}
+  {{- toYaml $componentNodeSelector }}
+{{- else if $defaultNodeSelector -}}
+  {{- toYaml $defaultNodeSelector }}
+{{- end }}
+{{- end }}
+
+{{- define "kubeflow.component.tolerations" -}}
+{{- $defaultTolerations := index . 0 -}}
+{{- $componentTolerations := index . 1 -}}
+{{- if $componentTolerations -}}
+  {{- toYaml $componentTolerations }}
+{{- else if $defaultTolerations -}}
+  {{- toYaml $defaultTolerations }}
+{{- end }}
+{{- end }}
+
+{{- define "kubeflow.component.affinity" -}}
+{{- $defaultAffinity := index . 0 -}}
+{{- $componentAffinity := index . 1 -}}
+{{- if $componentAffinity -}}
+  {{- toYaml $componentAffinity }}
+{{- else if $defaultAffinity -}}
+  {{- toYaml $defaultAffinity }}
+{{- end }}
+{{- end }}
+
+{{- define "kubeflow.component.terminationGracePeriodSeconds" -}}
+{{- $defaultTerminationGracePeriodSeconds := index . 0 -}}
+{{- $componentTerminationGracePeriodSeconds := index . 1 -}}
+{{- if $componentTerminationGracePeriodSeconds -}}
+  {{- toYaml $componentTerminationGracePeriodSeconds }}
+{{- else if $defaultTerminationGracePeriodSeconds -}}
+  {{- toYaml $defaultTerminationGracePeriodSeconds }}
+{{- end }}
+{{- end }}
+
+{{- define "kubeflow.component.pdb.create" -}}
+{{- $componentEnabled := index . 0 -}}
+{{- $defaultPDB := index . 1 -}}
+{{- $componentPDB := index . 2 -}}
+{{- and
+  (or $defaultPDB $componentPDB)
+  ($componentEnabled | eq "true")
+}}
+{{- end }}
+
+{{- define "kubeflow.component.pdb.values" -}}
+{{- $defaultPDB := index . 0 -}}
+{{- $componentPDB := index . 1 -}}
+{{ toYaml (default $defaultPDB $componentPDB) }}
+{{- end }}
+
+{{/*
+Environment Entries parametrization with plaintext value
+or through Secrets.
+*/}}
+{{- define "kubeflow.component.env.spec" -}}
+{{- $envName := index . 0 -}}
+{{- $defaultSecretName := index . 1 -}}
+{{- $entryConfig := index . 2 -}}
+{{- $secretName := default $defaultSecretName $entryConfig.secretKeyRef.name -}}
+{{- $secretKey := $entryConfig.secretKeyRef.key -}}
+{{- $entryValue := $entryConfig.value -}}
+- name: {{ $envName }}
+  {{- if $secretName }}
+  valueFrom:
+    secretKeyRef:
+      name: {{ $secretName }}
+      key: {{ $secretKey }}
+  {{- else }}
+  value: {{ $entryValue | quote }}
+  {{- end }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.admissionWebhook.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.admissionWebhook.tpl
new file mode 100644
index 00000000..f765184d
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.admissionWebhook.tpl
@@ -0,0 +1,301 @@
+{{/*
+Kubeflow Admission Webhook object names.
+*/}}
+{{- define "kubeflow.admissionWebhook.baseName" -}}
+{{- printf "admission-webhook" }}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.admissionWebhook.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (
+    list
+    (include "kubeflow.admissionWebhook.name" .)
+    .Values.admissionWebhook.serviceAccount
+)}}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.tlsCertSecretName" -}}
+{{ printf "%s-%s" (include "kubeflow.admissionWebhook.name" .) "tls-certs" }}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.certIssuerName" -}}
+{{ printf "%s-%s" (include "kubeflow.admissionWebhook.name" .) "selfsigned-issuer" }}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.certName" -}}
+{{ printf "%s-%s" (include "kubeflow.admissionWebhook.name" .) "cert" }}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.webhookName" -}}
+{{ print (include "kubeflow.admissionWebhook.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.mainClusterRoleName" -}}
+{{- printf "%s-%s"
+    (include "kubeflow.fullname" .)
+    (include "kubeflow.admissionWebhook.name" .)
+}}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.mainClusterRoleBindingName" -}}
+{{- include "kubeflow.admissionWebhook.mainClusterRoleName" . }}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.kfPdAdminName" -}}
+{{- printf "poddefaults-admin" }}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.kfPdEditName" -}}
+{{- printf "poddefaults-edit" }}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.kfPdViewName" -}}
+{{- printf "poddefaults-view" }}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.kfPdAdminClusterRoleName" -}}
+{{- printf "%s-%s-%s" (include "kubeflow.fullname" .) (include "kubeflow.admissionWebhook.name" .) (include "kubeflow.admissionWebhook.kfPdAdminName" .) }}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.kfPdEditClusterRoleName" -}}
+{{- printf "%s-%s-%s" (include "kubeflow.fullname" .) (include "kubeflow.admissionWebhook.name" .) (include "kubeflow.admissionWebhook.kfPdEditName" .) }}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.kfPdViewClusterRoleName" -}}
+{{- printf "%s-%s-%s" (include "kubeflow.fullname" .) (include "kubeflow.admissionWebhook.name" .) (include "kubeflow.admissionWebhook.kfPdViewName" .) }}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.kfPdAdminClusterRoleLabelName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) (include "kubeflow.admissionWebhook.kfPdAdminName" .) }}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.kfPdEditClusterRoleLabelName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) (include "kubeflow.admissionWebhook.kfPdEditName" .) }}
+{{- end }}
+
+{{/*
+Role Aggregation Rule Labels
+*/}}
+{{- define "kubeflow.admissionWebhook.kfPdAdminClusterRoleLabel" -}}
+{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.admissionWebhook.kfPdAdminClusterRoleLabelName" .) -}}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.kfPdEditClusterRoleLabel" -}}
+{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.admissionWebhook.kfPdEditClusterRoleLabelName" .) -}}
+{{- end }}
+
+{{/*
+Kubeflow Admission Webhook Service.
+*/}}
+{{- define "kubeflow.admissionWebhook.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.admissionWebhook.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.svc.addressWithNs" -}}
+{{ include "kubeflow.component.svc.addressWithNs"  (
+    list
+    .
+    (include "kubeflow.admissionWebhook.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.svc.addressWithSvc" -}}
+{{ include "kubeflow.component.svc.addressWithSvc"  (
+    list
+    .
+    (include "kubeflow.admissionWebhook.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.admissionWebhook.name" .)
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Admission Webhook object labels.
+*/}}
+{{- define "kubeflow.admissionWebhook.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.admissionWebhook.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.admissionWebhook.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.partOfLabel" -}}
+app.kubernetes.io/part-of: kubeflow-profile
+{{- end }}
+
+{{/*
+Kubeflow Admission Webhook container image settings.
+*/}}
+{{- define "kubeflow.admissionWebhook.image" -}}
+{{ include "kubeflow.component.image" (
+    list
+    .Values.defaults.image
+    .Values.admissionWebhook.image
+)}}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.imagePullPolicy" -}}
+{{ include "kubeflow.component.imagePullPolicy" (
+    list
+    .Values.defaults.image
+    .Values.admissionWebhook.image
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Admission Webhook Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.admissionWebhook.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (
+    list
+    .Values.defaults.autoscaling
+    .Values.admissionWebhook.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (
+    list
+    .Values.defaults.autoscaling
+    .Values.admissionWebhook.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (
+    list
+    .Values.defaults.autoscaling
+    .Values.admissionWebhook.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (
+    list
+    .Values.defaults.autoscaling
+    .Values.admissionWebhook.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.admissionWebhook.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Admission Webhook Security Context.
+*/}}
+{{- define "kubeflow.admissionWebhook.containerSecurityContext" -}}
+{{ include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.admissionWebhook.containerSecurityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Admission Webhook Scheduling.
+*/}}
+{{- define "kubeflow.admissionWebhook.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.admissionWebhook.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.admissionWebhook.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.admissionWebhook.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.admissionWebhook.affinity
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Admission Webhook enable and create toggles.
+*/}}
+{{- define "kubeflow.admissionWebhook.enabled" -}}
+{{- .Values.admissionWebhook.enabled }}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (
+    list
+    .Values.defaults.autoscaling
+    .Values.admissionWebhook.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.rbac.createRoles" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.admissionWebhook.enabled" . | eq "true")
+    .Values.admissionWebhook.rbac.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.createServiceAccount" -}}
+{{- ternary true "" (
+and
+    (include "kubeflow.admissionWebhook.enabled" . | eq "true")
+    .Values.admissionWebhook.serviceAccount.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.admissionWebhook.pdb.create" -}}
+{{- include "kubeflow.component.pdb.create" (
+    list
+    (include "kubeflow.admissionWebhook.enabled" .)
+    .Values.defaults.podDisruptionBudget
+    .Values.admissionWebhook.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Admission Webhook certificate manager.
+*/}}
+{{- define "kubeflow.admissionWebhook.enabledWithCertManager" -}}
+{{- ternary true "" (
+    and
+        (include "kubeflow.admissionWebhook.enabled" . | eq "true" )
+        (include "kubeflow.certManagerIntegration.enabled" . | eq "true" )
+)}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.centraldashboard.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.centraldashboard.tpl
new file mode 100644
index 00000000..47c4e880
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.centraldashboard.tpl
@@ -0,0 +1,221 @@
+{{/*
+Kubeflow Centraldashboard object names.
+*/}}
+{{- define "kubeflow.centraldashboard.baseName" -}}
+{{- printf "centraldashboard" }}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.centraldashboard.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (
+    list
+    (include "kubeflow.centraldashboard.name" .)
+    .Values.centraldashboard.serviceAccount)
+}}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.roleName" -}}
+{{- include "kubeflow.centraldashboard.name" . }}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.roleBindingName" -}}
+{{- include "kubeflow.centraldashboard.name" . }}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.clusterRoleName" -}}
+{{- include "kubeflow.centraldashboard.name" . }}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.clusterRoleBindingName" -}}
+{{- include "kubeflow.centraldashboard.name" . }}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.config.name" -}}
+{{ printf "%s-config" (include "kubeflow.centraldashboard.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.authorizationPolicyExtAuthName" -}}
+{{ include "kubeflow.component.authorizationPolicyExtAuthName" (
+    list
+    (include "kubeflow.centraldashboard.name" .)
+    .Values.istioIntegration
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Centraldashboard Service.
+*/}}
+{{- define "kubeflow.centraldashboard.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.centraldashboard.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.svc.addressWithNs" -}}
+{{ include "kubeflow.component.svc.addressWithNs"  (
+    list
+    .
+    (include "kubeflow.centraldashboard.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.svc.addressWithSvc" -}}
+{{ include "kubeflow.component.svc.addressWithSvc"  (
+    list
+    .
+    (include "kubeflow.centraldashboard.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.centraldashboard.name" .)
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Centraldashboard object labels.
+*/}}
+{{- define "kubeflow.centraldashboard.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.centraldashboard.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.centraldashboard.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Centraldashboard container image settings.
+*/}}
+{{- define "kubeflow.centraldashboard.image" -}}
+{{ include "kubeflow.component.image" (list .Values.defaults.image .Values.centraldashboard.image) }}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.imagePullPolicy" -}}
+{{ include "kubeflow.component.imagePullPolicy" (list .Values.defaults.image .Values.centraldashboard.image) }}
+{{- end }}
+
+{{/*
+Kubeflow Centraldashboard Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.centraldashboard.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.centraldashboard.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.centraldashboard.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.centraldashboard.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.centraldashboard.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.centraldashboard.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.centraldashboard.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Centraldashboard Security Context.
+*/}}
+{{- define "kubeflow.centraldashboard.containerSecurityContext" -}}
+{{ include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.centraldashboard.containerSecurityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Centraldashboard Scheduling.
+*/}}
+{{- define "kubeflow.centraldashboard.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.centraldashboard.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.centraldashboard.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.centraldashboard.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.centraldashboard.affinity
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Centraldashboard enable and create toggles.
+*/}}
+{{- define "kubeflow.centraldashboard.enabled" -}}
+{{- .Values.centraldashboard.enabled }}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.createIstioIntegrationObjects" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.centraldashboard.enabled" . | eq "true")
+    .Values.istioIntegration.enabled
+)}}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.rbac.createRoles" -}}
+{{- and
+    (include "kubeflow.centraldashboard.enabled" . | eq "true")
+    .Values.centraldashboard.rbac.create }}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.createServiceAccount" -}}
+{{- and
+    (include "kubeflow.centraldashboard.enabled" . | eq "true")
+    .Values.centraldashboard.serviceAccount.create
+}}
+{{- end }}
+
+{{- define "kubeflow.centraldashboard.pdb.create" -}}
+{{- include "kubeflow.component.pdb.create" (
+    list
+    (include "kubeflow.centraldashboard.enabled" .)
+    .Values.defaults.podDisruptionBudget
+    .Values.centraldashboard.podDisruptionBudget
+)}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.dexIntegration.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.dexIntegration.tpl
new file mode 100644
index 00000000..0121a79e
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.dexIntegration.tpl
@@ -0,0 +1,61 @@
+{{/*
+Dex Integration object names.
+*/}}
+{{- define "kubeflow.dexIntegration.baseName" -}}
+{{- printf "dex" }}
+{{- end }}
+
+{{- define "kubeflow.dexIntegration.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.dexIntegration.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{/*
+Dex Service.
+*/}}
+{{- define "kubeflow.dexIntegration.svc.fqdn" -}}
+{{ printf "%s.%s.svc.%s"
+  .Values.dexIntegration.svc.name
+  .Values.dexIntegration.svc.namespace
+  .Values.clusterDomain
+}}
+{{- end }}
+
+{{/*
+Dex Integration object labels.
+*/}}
+{{- define "kubeflow.dexIntegration.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.dexIntegration.name" .) }}
+{{- end }}
+
+{{/*
+Dex Integration enable and create toggles.
+*/}}
+{{- define "kubeflow.dexIntegration.enabled" -}}
+{{- or
+    (
+        and
+        (eq .Values.dexIntegration.integrationMode "istio")
+        .Values.istioIntegration.enabled
+        .Values.dexIntegration.enabled
+    )
+    (
+        and
+        (eq .Values.dexIntegration.integrationMode "ingress")
+        .Values.dexIntegration.enabled
+    )
+}}
+{{- end }}
+
+
+{{- define "kubeflow.dexIntegration.istio.enabled" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.dexIntegration.enabled" . | eq "true")
+    .Values.istioIntegration.enabled
+)}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.istio.authorizationPolicy.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.istio.authorizationPolicy.tpl
new file mode 100644
index 00000000..1f8ffe44
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.istio.authorizationPolicy.tpl
@@ -0,0 +1,14 @@
+{{ define "istio.authorizationPolicy" }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  name: "{{ .name }}"
+  namespace: "{{ .namespace }}"
+spec:
+  action: "{{ default "ALLOW" .action }}"
+  rules:
+    - {}
+  selector:
+    matchLabels:
+      {{- toYaml .labels | nindent 6 -}}
+{{- end}}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.istioIntegration.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.istioIntegration.tpl
new file mode 100644
index 00000000..394f5696
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.istioIntegration.tpl
@@ -0,0 +1,133 @@
+{{/*
+Istio Integration object names.
+*/}}
+
+{{- define "kubeflow.istioIntegration.baseName" -}}
+{{- print "istio-integration" }}
+{{- end }}
+
+{{- define "kubeflow.istioIntegration.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.istioIntegration.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.istioIntegration.istioAdminRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "istio-admin" }}
+{{- end }}
+
+{{- define "kubeflow.istioIntegration.istioEditRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "istio-edit" }}
+{{- end }}
+
+{{- define "kubeflow.istioIntegration.istioViewRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "istio-view" }}
+{{- end }}
+
+{{- define "kubeflow.istioIntegration.m2m.requestAuthenticationName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "m2m" }}
+{{- end }}
+
+{{- define "kubeflow.istioIntegration.m2m.selfSigned.jobName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "configure-self-signed-m2m" }}
+{{- end }}
+
+{{- define "kubeflow.istioIntegration.m2m.selfSigned.inClusterClusterRoleBindingName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "unauthenticated-oidc-viewer" }}
+{{- end }}
+
+{{- define "kubeflow.istioIntegration.userAuth.requestAuthenticationName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "user-auth" }}
+{{- end }}
+
+{{- define "kubeflow.istioIntegration.extAuth.authorizationPolicyName" -}}
+{{- printf "%s-ext-auth-%s"
+  (include "kubeflow.fullname" .)
+  .Values.istioIntegration.envoyExtAuthzHttpExtensionProviderName
+}}
+{{- end }}
+
+{{- define "kubeflow.istioIntegration.jwtRequire.authorizationPolicyName" -}}
+{{- printf "%s-jwt-require"
+  (include "kubeflow.fullname" .)
+}}
+{{- end }}
+
+{{/*
+Role Aggregation Rule Labels
+*/}}
+{{- define "kubeflow.istioIntegration.istioAdminRoleLabel" -}}
+{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.istioIntegration.istioAdminRoleName" .) -}}
+{{- end }}
+
+{{/*
+Istio Integration object labels.
+*/}}
+{{- define "kubeflow.istioIntegration.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.istioIntegration.name" .) }}
+{{- end }}
+
+{{/*
+Istio Integration enable and create toggles.
+*/}}
+{{- define "kubeflow.istioIntegration.enabled" -}}
+{{- .Values.istioIntegration.enabled }}
+{{- end }}
+
+{{- define "kubeflow.istioIntegration.m2m.enabled" -}}
+{{- and
+  (include "kubeflow.istioIntegration.enabled" . | eq "true" )
+  .Values.istioIntegration.m2m.enabled
+}}
+{{- end }}
+
+{{- define "kubeflow.istioIntegration.m2m.selfSigned.autoJwksDiscovery" -}}
+{{- and
+  (include "kubeflow.istioIntegration.enabled" . | eq "true" )
+  .Values.istioIntegration.m2m.selfSigned.autoJwksDiscovery
+}}
+{{- end }}
+
+{{- define "kubeflow.istioIntegration.authorizationMode.granular" -}}
+{{- ternary true "" (eq .Values.istioIntegration.authorizationMode "granular") -}}
+{{- end }}
+
+{{- define "kubeflow.istioIntegration.authorizationMode.ingressgateway" -}}
+{{- ternary true "" (eq .Values.istioIntegration.authorizationMode "ingressgateway") -}}
+{{- end }}
+
+{{- define "kubeflow.istioIntegration.istioIngressGateway.serviceAccountPrincipal" -}}
+{{- printf "%s/ns/%s/sa/%s"
+    .Values.clusterDomain
+    .Values.istioIntegration.ingressGatewayNamespace
+    .Values.istioIntegration.ingressGatewayServiceAccountName
+}}
+{{- end }}
+
+{{- define "kubeflow.istioIntegration.kubeflowJwksProxy.name" -}}
+{{- printf "%s-jwks-proxy"
+  (include "kubeflow.fullname" .)
+}}
+{{- end -}}
+
+{{- define "kubeflow.istioIntegration.kubeflowJwksProxy.labels" -}}
+app.kubernetes.io/name: {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.name" . }}
+{{- end -}}
+
+{{- define "kubeflow.istioIntegration.kubeflowJwksProxy.namespace" -}}
+{{ include "kubeflow.namespace" . }}
+{{- end -}}
+
+{{- define "kubeflow.istioIntegration.jwksUri" -}}
+http://{{ include "kubeflow.istioIntegration.kubeflowJwksProxy.name" . }}.{{ include "kubeflow.istioIntegration.kubeflowJwksProxy.namespace" . }}.svc.cluster.local/openid/v1/jwks
+{{- end -}}
+
+{{- define "kubeflow.istioIntegration.kubeflowJwksProxy.enabled" -}}
+{{- and
+  (include "kubeflow.istioIntegration.enabled" . | eq "true" )
+  .Values.istioIntegration.kubeflowJwksProxy.enabled
+}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.controller.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.controller.tpl
new file mode 100644
index 00000000..cb70ec8a
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.controller.tpl
@@ -0,0 +1,332 @@
+{{/*
+Kubeflow Katib Controller object names.
+*/}}
+{{- define "kubeflow.katib.controller.baseName" -}}
+{{- printf "katib-controller" }}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.katib.controller.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (
+    list
+    (include "kubeflow.katib.controller.name" .)
+    .Values.katib.controller.serviceAccount
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.serviceAccountPrincipal" -}}
+{{- include "kubeflow.component.serviceAccountPrincipal" (
+    list
+    .
+    (include "kubeflow.katib.controller.serviceAccountName" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.mainClusterRoleName" -}}
+{{- include "kubeflow.katib.controller.name" . }}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.mainClusterRoleBindingName" -}}
+{{- include "kubeflow.katib.controller.mainClusterRoleName" . }}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.leaderElectionRoleName" -}}
+{{- printf "%s-%s-%s"
+    (include "kubeflow.fullname" .)
+    (include "kubeflow.katib.controller.name" .)
+    "leader-election"
+}}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.leaderElectionRoleBindingName" -}}
+{{- include "kubeflow.katib.controller.leaderElectionRoleName" . }}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.kfNbAdminClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-admin" }}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.kfNbEditClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-edit" }}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.kfNbViewClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-view" }}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.configMapName" -}}
+{{/*
+katib-config ConfigMap name is hardcoded
+https://github.com/kubeflow/katib/blob/0e2ba6efc1bc18b1d1d72b90046598a00f02a2c3/pkg/controller.v1beta1/consts/const.go#L109
+https://github.com/kubeflow/katib/blob/0e2ba6efc1bc18b1d1d72b90046598a00f02a2c3/pkg/util/v1beta1/katibconfig/config.go#L164
+{{- printf "%s-%s" (include "kubeflow.katib.controller.name" .) "config" }}
+*/}}
+{{- printf "katib-config" }}
+{{- end }}
+
+{{/*
+Role Aggregation Rule Labels
+*/}}
+{{- define "kubeflow.katib.controller.kfNbAdminClusterRoleLabel" -}}
+{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.katib.controller.kfNbAdminClusterRoleName" .) -}}
+{{- end }}
+
+{{/*
+Kubeflow Katib Controller Service.
+*/}}
+{{- define "kubeflow.katib.controller.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.katib.controller.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.svc.addressWithNs" -}}
+{{ include "kubeflow.component.svc.addressWithNs"  (
+    list
+    .
+    (include "kubeflow.katib.controller.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.svc.addressWithSvc" -}}
+{{ include "kubeflow.component.svc.addressWithSvc"  (
+    list
+    .
+    (include "kubeflow.katib.controller.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.katib.controller.name" .)
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Katib Controller object labels.
+*/}}
+{{- define "kubeflow.katib.controller.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.katib.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.katib.controller.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.katib.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.katib.controller.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Katib Controller container image settings.
+*/}}
+{{- define "kubeflow.katib.controller.image" -}}
+{{ include "kubeflow.component.image" (
+    list
+    .Values.defaults.image
+    .Values.katib.controller.image
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.imagePullPolicy" -}}
+{{ include "kubeflow.component.imagePullPolicy" (
+    list
+    .Values.defaults.image
+    .Values.katib.controller.image
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Katib Controller Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.katib.controller.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (
+    list
+    .Values.defaults.autoscaling
+    .Values.katib.controller.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (
+    list
+    .Values.defaults.autoscaling
+    .Values.katib.controller.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (
+    list
+    .Values.defaults.autoscaling
+    .Values.katib.controller.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (
+    list
+    .Values.defaults.autoscaling
+    .Values.katib.controller.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.katib.controller.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Katib Controller Security Context.
+*/}}
+{{- define "kubeflow.katib.controller.containerSecurityContext" -}}
+{{ include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.katib.controller.containerSecurityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Katib Controller Scheduling.
+*/}}
+{{- define "kubeflow.katib.controller.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.katib.controller.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.katib.controller.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.katib.controller.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.katib.controller.affinity
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Katib Controller enable and create toggles.
+*/}}
+{{- define "kubeflow.katib.controller.enabled" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.katib.enabled" . | eq "true")
+    .Values.katib.controller.enabled
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (
+    list
+    .Values.defaults.autoscaling
+    .Values.katib.controller.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.rbac.createRoles" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.katib.controller.enabled" . | eq "true")
+    .Values.katib.controller.rbac.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.createServiceAccount" -}}
+{{- ternary true "" (
+and
+    (include "kubeflow.katib.controller.enabled" . | eq "true")
+    .Values.katib.controller.serviceAccount.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.pdb.create" -}}
+{{- include "kubeflow.component.pdb.create" (
+    list
+    (include "kubeflow.katib.controller.enabled" .)
+    .Values.defaults.podDisruptionBudget
+    .Values.katib.controller.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Katib Controller certificate manager.
+*/}}
+{{- define "kubeflow.katib.controller.enabledWithCertManager" -}}
+{{- ternary true "" (
+    and
+        (include "kubeflow.katib.controller.enabled" . | eq "true" )
+        (include "kubeflow.certManagerIntegration.enabled" . | eq "true" )
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.certIssuerName" -}}
+{{ printf "%s-%s" (include "kubeflow.katib.controller.name" .) "selfsigned-issuer" }}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.tlsCertSecretName" -}}
+{{ printf "%s-%s" (include "kubeflow.katib.controller.name" .) "tls-certs" }}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.validatingWebhookName" -}}
+{{ printf "%s-%s" (include "kubeflow.katib.controller.name" .) "validating" }}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.mutatingWebhookName" -}}
+{{ printf "%s-%s" (include "kubeflow.katib.controller.name" .) "mutating" }}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.certName" -}}
+{{ printf "%s-%s" (include "kubeflow.katib.controller.name" .) "cert" }}
+{{- end }}
+
+{{/*
+Kubeflow Katib Controller Admission Webhooks.
+*/}}
+{{- define "kubeflow.katib.controller.webhook.baseName" -}}
+{{ printf "katib.kubeflow.org" }}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.mutatingWebhook.name" -}}
+{{ printf "%s" (include "kubeflow.katib.controller.webhook.baseName" .) }}
+{{- end }}
+
+{{- define "kubeflow.katib.controller.validatingWebhook.name" -}}
+{{ printf "%s" (include "kubeflow.katib.controller.webhook.baseName" .) }}
+{{- end }}
+
+{{/*
+{{- define "kubeflow.katib.controller.mutatingWebhook.experimentDefaulter.name" -}}
+{{ printf "%s.%s" "defaulter.experiment" (include "kubeflow.katib.controller.mutatingWebhook.name" .) }}
+{{- end }}
+*/}}
+
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.dbmanager.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.dbmanager.tpl
new file mode 100644
index 00000000..7f796cb7
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.dbmanager.tpl
@@ -0,0 +1,358 @@
+{{/*
+Kubeflow Katib dbmanager object names.
+*/}}
+{{- define "kubeflow.katib.dbmanager.baseName" -}}
+{{- printf "katib-db-manager" }}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.katib.dbmanager.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (
+    list
+    (include "kubeflow.katib.dbmanager.name" .)
+    .Values.katib.dbmanager.serviceAccount
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.serviceAccountPrincipal" -}}
+{{- include "kubeflow.component.serviceAccountPrincipal" (
+    list
+    .
+    (include "kubeflow.katib.dbmanager.serviceAccountName" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.mainClusterRoleName" -}}
+{{- include "kubeflow.katib.dbmanager.name" . }}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.mainClusterRoleBindingName" -}}
+{{- include "kubeflow.katib.dbmanager.mainClusterRoleName" . }}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.leaderElectionRoleName" -}}
+{{- printf "%s-%s-%s"
+    (include "kubeflow.fullname" .)
+    (include "kubeflow.katib.dbmanager.name" .)
+    "leader-election"
+}}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.leaderElectionRoleBindingName" -}}
+{{- include "kubeflow.katib.dbmanager.leaderElectionRoleName" . }}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.kfNbAdminClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-admin" }}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.kfNbEditClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-edit" }}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.kfNbViewClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-view" }}
+{{- end }}
+
+{{/*
+Role Aggregation Rule Labels
+*/}}
+{{- define "kubeflow.katib.dbmanager.kfNbAdminClusterRoleLabel" -}}
+{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.katib.dbmanager.kfNbAdminClusterRoleName" .) -}}
+{{- end }}
+
+{{/*
+Kubeflow Katib dbmanager Service.
+*/}}
+{{- define "kubeflow.katib.dbmanager.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.katib.dbmanager.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.svc.addressWithNs" -}}
+{{ include "kubeflow.component.svc.addressWithNs"  (
+    list
+    .
+    (include "kubeflow.katib.dbmanager.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.svc.addressWithSvc" -}}
+{{ include "kubeflow.component.svc.addressWithSvc"  (
+    list
+    .
+    (include "kubeflow.katib.dbmanager.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.katib.dbmanager.name" .)
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Katib dbmanager object labels.
+*/}}
+{{- define "kubeflow.katib.dbmanager.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.katib.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.katib.dbmanager.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.katib.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.katib.dbmanager.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Katib dbmanager container image settings.
+*/}}
+{{- define "kubeflow.katib.dbmanager.image" -}}
+{{ include "kubeflow.component.image" (
+    list
+    .Values.defaults.image
+    .Values.katib.dbmanager.image
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.imagePullPolicy" -}}
+{{ include "kubeflow.component.imagePullPolicy" (
+    list
+    .Values.defaults.image
+    .Values.katib.dbmanager.image
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Katib dbmanager Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.katib.dbmanager.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (
+    list
+    .Values.defaults.autoscaling
+    .Values.katib.dbmanager.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (
+    list
+    .Values.defaults.autoscaling
+    .Values.katib.dbmanager.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (
+    list
+    .Values.defaults.autoscaling
+    .Values.katib.dbmanager.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (
+    list
+    .Values.defaults.autoscaling
+    .Values.katib.dbmanager.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.katib.dbmanager.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Katib dbmanager Security Context.
+*/}}
+{{- define "kubeflow.katib.dbmanager.containerSecurityContext" -}}
+{{ include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.katib.dbmanager.containerSecurityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Katib dbmanager Scheduling.
+*/}}
+{{- define "kubeflow.katib.dbmanager.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.katib.dbmanager.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.katib.dbmanager.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.katib.dbmanager.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.katib.dbmanager.affinity
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Katib dbmanager enable and create toggles.
+*/}}
+{{- define "kubeflow.katib.dbmanager.enabled" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.katib.enabled" . | eq "true")
+    .Values.katib.dbmanager.enabled
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (
+    list
+    .Values.defaults.autoscaling
+    .Values.katib.dbmanager.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.rbac.createRoles" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.katib.dbmanager.enabled" . | eq "true")
+    .Values.katib.dbmanager.rbac.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.createServiceAccount" -}}
+{{- ternary true "" (
+and
+    (include "kubeflow.katib.dbmanager.enabled" . | eq "true")
+    .Values.katib.dbmanager.serviceAccount.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.pdb.create" -}}
+{{- include "kubeflow.component.pdb.create" (
+    list
+    (include "kubeflow.katib.dbmanager.enabled" .)
+    .Values.defaults.podDisruptionBudget
+    .Values.katib.dbmanager.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Environment names for database config.
+*/}}
+{{/*
+FYI, This env var is actually the driver
+*/}}
+{{- define "kubeflow.katib.dbmanager.config.db.driver.env.name" -}}
+{{- "DB_NAME" }}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.config.db.host.env.name" -}}
+{{- "KATIB_MYSQL_DB_HOST" }}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.config.db.port.env.name" -}}
+{{- "KATIB_MYSQL_DB_PORT" }}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.config.db.databaseName.env.name" -}}
+{{- "KATIB_MYSQL_DB_DATABASE" }}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.config.db.user.env.name" -}}
+{{- "DB_USER" }}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.config.db.password.env.name" -}}
+{{- "DB_PASSWORD" }}
+{{- end }}
+
+{{/*
+Environment Entries parametrization for database configuration with plaintext
+value or through Secrets.
+*/}}
+
+{{- define "kubeflow.katib.dbmanager.config.db.driver.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.katib.dbmanager.config.db.driver.env.name" . )
+    .Values.katib.dbmanager.config.db.existingSecretName
+    .Values.katib.dbmanager.config.db.driver
+) }}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.config.db.host.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.katib.dbmanager.config.db.host.env.name" . )
+    .Values.katib.dbmanager.config.db.existingSecretName
+    .Values.katib.dbmanager.config.db.host
+) }}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.config.db.port.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.katib.dbmanager.config.db.port.env.name" . )
+    .Values.katib.dbmanager.config.db.existingSecretName
+    .Values.katib.dbmanager.config.db.port
+) }}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.config.db.databaseName.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.katib.dbmanager.config.db.databaseName.env.name" . )
+    .Values.katib.dbmanager.config.db.existingSecretName
+    .Values.katib.dbmanager.config.db.databaseName
+) }}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.config.db.user.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.katib.dbmanager.config.db.user.env.name" . )
+    .Values.katib.dbmanager.config.db.existingSecretName
+    .Values.katib.dbmanager.config.db.user
+) }}
+{{- end }}
+
+{{- define "kubeflow.katib.dbmanager.config.db.password.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.katib.dbmanager.config.db.password.env.name" . )
+    .Values.katib.dbmanager.config.db.existingSecretName
+    .Values.katib.dbmanager.config.db.password
+) }}
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.tpl
new file mode 100644
index 00000000..742037f5
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.tpl
@@ -0,0 +1,265 @@
+{{/*
+Kubeflow Katib object names.
+*/}}
+{{- define "kubeflow.katib.baseName" -}}
+{{- printf "katib" }}
+{{- end }}
+
+{{- define "kubeflow.katib.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.katib.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (
+    list
+    (include "kubeflow.katib.name" .)
+    .Values.katib.serviceAccount
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.serviceAccountPrincipal" -}}
+{{- include "kubeflow.component.serviceAccountPrincipal" (
+    list
+    .
+    (include "kubeflow.katib.serviceAccountName" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.mainClusterRoleName" -}}
+{{- include "kubeflow.katib.name" . }}
+{{- end }}
+
+{{- define "kubeflow.katib.mainClusterRoleBindingName" -}}
+{{- include "kubeflow.katib.mainClusterRoleName" . }}
+{{- end }}
+
+{{- define "kubeflow.katib.leaderElectionRoleName" -}}
+{{- printf "%s-%s-%s"
+    (include "kubeflow.fullname" .)
+    (include "kubeflow.katib.name" .)
+    "leader-election"
+}}
+{{- end }}
+
+{{- define "kubeflow.katib.leaderElectionRoleBindingName" -}}
+{{- include "kubeflow.katib.leaderElectionRoleName" . }}
+{{- end }}
+
+{{- define "kubeflow.katib.adminClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-admin" }}
+{{- end }}
+
+{{- define "kubeflow.katib.editClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-edit" }}
+{{- end }}
+
+{{- define "kubeflow.katib.viewClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-view" }}
+{{- end }}
+
+{{/*
+Role Aggregation Rule Labels
+*/}}
+{{- define "kubeflow.katib.adminClusterRoleLabel" -}}
+{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.katib.adminClusterRoleName" .) -}}
+{{- end }}
+
+{{/*
+Kubeflow Katib Controller Service.
+*/}}
+{{- define "kubeflow.katib.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.katib.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.svc.addressWithNs" -}}
+{{ include "kubeflow.component.svc.addressWithNs"  (
+    list
+    .
+    (include "kubeflow.katib.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.svc.addressWithSvc" -}}
+{{ include "kubeflow.component.svc.addressWithSvc"  (
+    list
+    .
+    (include "kubeflow.katib.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.katib.name" .)
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Katib Controller object labels.
+*/}}
+{{- define "kubeflow.katib.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.katib.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.katib.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.katib.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.katib.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.katib.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Katib Controller container image settings.
+*/}}
+{{- define "kubeflow.katib.image" -}}
+{{ include "kubeflow.component.image" (
+    list
+    .Values.defaults.image
+    .Values.katib.image
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.imagePullPolicy" -}}
+{{ include "kubeflow.component.imagePullPolicy" (
+    list
+    .Values.defaults.image
+    .Values.katib.image
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Katib Controller Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.katib.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (
+    list
+    .Values.defaults.autoscaling
+    .Values.katib.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (
+    list
+    .Values.defaults.autoscaling
+    .Values.katib.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (
+    list
+    .Values.defaults.autoscaling
+    .Values.katib.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (
+    list
+    .Values.defaults.autoscaling
+    .Values.katib.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.katib.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Katib Controller Security Context.
+*/}}
+{{- define "kubeflow.katib.containerSecurityContext" -}}
+{{ include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.katib.containerSecurityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Katib Controller Scheduling.
+*/}}
+{{- define "kubeflow.katib.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.katib.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.katib.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.katib.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.katib.affinity
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Katib enable and create toggles.
+*/}}
+{{- define "kubeflow.katib.enabled" -}}
+{{- ternary true "" .Values.katib.enabled }}
+{{- end }}
+
+{{- define "kubeflow.katib.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (
+    list
+    .Values.defaults.autoscaling
+    .Values.katib.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.rbac.createRoles" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.katib.enabled" . | eq "true")
+    .Values.katib.rbac.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.createServiceAccount" -}}
+{{- ternary true "" (
+and
+    (include "kubeflow.katib.enabled" . | eq "true")
+    .Values.katib.serviceAccount.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.pdb.create" -}}
+{{- include "kubeflow.component.pdb.create" (
+    list
+    (include "kubeflow.katib.enabled" .)
+    .Values.defaults.podDisruptionBudget
+    .Values.katib.podDisruptionBudget
+)}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.ui.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.ui.tpl
new file mode 100644
index 00000000..732a69e3
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.katib.ui.tpl
@@ -0,0 +1,277 @@
+{{/*
+Kubeflow Katib ui object names.
+*/}}
+{{- define "kubeflow.katib.ui.baseName" -}}
+{{- printf "katib-ui" }}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.katib.ui.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (
+    list
+    (include "kubeflow.katib.ui.name" .)
+    .Values.katib.ui.serviceAccount
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.serviceAccountPrincipal" -}}
+{{- include "kubeflow.component.serviceAccountPrincipal" (
+    list
+    .
+    (include "kubeflow.katib.ui.serviceAccountName" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.mainClusterRoleName" -}}
+{{- include "kubeflow.katib.ui.name" . }}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.mainClusterRoleBindingName" -}}
+{{- include "kubeflow.katib.ui.mainClusterRoleName" . }}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.leaderElectionRoleName" -}}
+{{- printf "%s-%s-%s"
+    (include "kubeflow.fullname" .)
+    (include "kubeflow.katib.ui.name" .)
+    "leader-election"
+}}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.leaderElectionRoleBindingName" -}}
+{{- include "kubeflow.katib.ui.leaderElectionRoleName" . }}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.kfNbAdminClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-admin" }}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.kfNbEditClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-edit" }}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.kfNbViewClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "katib-view" }}
+{{- end }}
+
+{{/*
+Role Aggregation Rule Labels
+*/}}
+{{- define "kubeflow.katib.ui.kfNbAdminClusterRoleLabel" -}}
+{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.katib.ui.kfNbAdminClusterRoleName" .) -}}
+{{- end }}
+
+{{/*
+Kubeflow Katib ui Service.
+*/}}
+{{- define "kubeflow.katib.ui.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.katib.ui.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.svc.addressWithNs" -}}
+{{ include "kubeflow.component.svc.addressWithNs"  (
+    list
+    .
+    (include "kubeflow.katib.ui.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.svc.addressWithSvc" -}}
+{{ include "kubeflow.component.svc.addressWithSvc"  (
+    list
+    .
+    (include "kubeflow.katib.ui.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.katib.ui.name" .)
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Katib ui object labels.
+*/}}
+{{- define "kubeflow.katib.ui.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.katib.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.katib.ui.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.katib.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.katib.ui.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Katib ui container image settings.
+*/}}
+{{- define "kubeflow.katib.ui.image" -}}
+{{ include "kubeflow.component.image" (
+    list
+    .Values.defaults.image
+    .Values.katib.ui.image
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.imagePullPolicy" -}}
+{{ include "kubeflow.component.imagePullPolicy" (
+    list
+    .Values.defaults.image
+    .Values.katib.ui.image
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Katib ui Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.katib.ui.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (
+    list
+    .Values.defaults.autoscaling
+    .Values.katib.ui.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (
+    list
+    .Values.defaults.autoscaling
+    .Values.katib.ui.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (
+    list
+    .Values.defaults.autoscaling
+    .Values.katib.ui.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (
+    list
+    .Values.defaults.autoscaling
+    .Values.katib.ui.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.katib.ui.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Katib ui Security Context.
+*/}}
+{{- define "kubeflow.katib.ui.containerSecurityContext" -}}
+{{ include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.katib.ui.containerSecurityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Katib ui Scheduling.
+*/}}
+{{- define "kubeflow.katib.ui.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.katib.ui.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.katib.ui.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.katib.ui.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.katib.ui.affinity
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Katib ui enable and create toggles.
+*/}}
+{{- define "kubeflow.katib.ui.enabled" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.katib.enabled" . | eq "true")
+    .Values.katib.ui.enabled
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (
+    list
+    .Values.defaults.autoscaling
+    .Values.katib.ui.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.rbac.createRoles" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.katib.ui.enabled" . | eq "true")
+    .Values.katib.ui.rbac.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.createServiceAccount" -}}
+{{- ternary true "" (
+and
+    (include "kubeflow.katib.ui.enabled" . | eq "true")
+    .Values.katib.ui.serviceAccount.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.pdb.create" -}}
+{{- include "kubeflow.component.pdb.create" (
+    list
+    (include "kubeflow.katib.ui.enabled" .)
+    .Values.defaults.podDisruptionBudget
+    .Values.katib.ui.podDisruptionBudget
+)}}
+{{- end }}
+
+{{- define "kubeflow.katib.ui.createIstioIntegrationObjects" -}}
+{{- ternary true "" (
+    and
+        (include "kubeflow.katib.ui.enabled" . | eq "true" )
+        .Values.istioIntegration.enabled
+)}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.knativeIntegration.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.knativeIntegration.tpl
new file mode 100644
index 00000000..549d337d
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.knativeIntegration.tpl
@@ -0,0 +1,43 @@
+{{/*
+Knative Integration helpers.
+*/}}
+
+{{- define "kubeflow.knativeIntegration.enabled" -}}
+{{- .Values.knativeIntegration.enabled }}
+{{- end }}
+
+{{/*
+Knative Serving helpers.
+*/}}
+
+{{- define "kubeflow.knativeIntegration.knativeServing.enabled" -}}
+{{- ternary true "" (
+    and
+        (include "kubeflow.knativeIntegration.enabled" . | eq "true")
+        .Values.knativeIntegration.knativeServing.enabled
+)}}
+{{- end }}
+
+{{/*
+Knative Eventing helpers.
+*/}}
+
+{{- define "kubeflow.knativeIntegration.knativeEventing.enabled" -}}
+{{- ternary true "" (
+    and
+        (include "kubeflow.knativeIntegration.enabled" . | eq "true")
+        .Values.knativeIntegration.knativeEventing.enabled
+)}}
+{{- end }}
+
+{{/*
+KNative Istio Ingregration helpers.
+*/}}
+
+{{- define "kubeflow.knativeIntegration.createIstioIntegrationObjects" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.knativeIntegration.enabled" . | eq "true")
+    .Values.istioIntegration.enabled
+)}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.kserveModelsWebApp.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.kserveModelsWebApp.tpl
new file mode 100644
index 00000000..dcb2e50f
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.kserveModelsWebApp.tpl
@@ -0,0 +1,125 @@
+{{/*
+Kubeflow Kserve Models Web App object names.
+*/}}
+{{- define "kubeflow.kserveModelsWebApp.baseName" -}}
+{{- printf "kserve-models-web-app" }}
+{{- end }}
+
+{{- define "kubeflow.kserveModelsWebApp.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.kserveModelsWebApp.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Kserve Models Web App enable and create toggles.
+*/}}
+{{- define "kubeflow.kserveModelsWebApp.enabled" -}}
+{{- ternary true "" 
+    .Values.kserveModelsWebApp.enabled
+}}
+{{- end }}
+
+{{- define "kubeflow.kserveModelsWebApp.createServiceAccount" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.kserveModelsWebApp.enabled" . | eq "true")
+    .Values.kserveModelsWebApp.serviceAccount.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.kserveModelsWebApp.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (list (include "kubeflow.kserveModelsWebApp.name" .) .Values.kserveModelsWebApp.serviceAccount) }}
+{{- end }}
+
+{{/*
+Kubeflow Kserve Models Web App object labels.
+*/}}
+{{- define "kubeflow.kserveModelsWebApp.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.kserveModelsWebApp.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.kserveModelsWebApp.configMapName" -}}
+{{- printf "%s-%s" (include "kubeflow.kserveModelsWebApp.name" .) "viewer-spec" }}
+{{- end }}
+
+{{- define "kubeflow.kserveModelsWebApp.mainClusterRoleName" -}}
+{{- printf "%s-%s"
+    (include "kubeflow.fullname" .)
+    (include "kubeflow.kserveModelsWebApp.name" .)
+}}
+{{- end }}
+
+{{- define "kubeflow.kserveModelsWebApp.mainClusterRoleBindingName" -}}
+{{- include "kubeflow.kserveModelsWebApp.mainClusterRoleName" . }}
+{{- end }}
+
+{{- define "kubeflow.kserveModelsWebApp.rbac.createRole" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.kserveModelsWebApp.enabled" . | eq "true")
+    .Values.kserveModelsWebApp.rbac.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.kserveModelsWebApp.image" -}}
+{{ include "kubeflow.component.image" (list .Values.defaults.image .Values.kserveModelsWebApp.image) }}
+{{- end }}
+
+{{- define "kubeflow.kserveModelsWebApp.imagePullPolicy" -}}
+{{ include "kubeflow.component.imagePullPolicy" (list .Values.defaults.image .Values.kserveModelsWebApp.image) }}
+{{- end }}
+
+{{- define "kubeflow.kserveModelsWebApp.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.kserveModelsWebApp.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.kserveModelsWebApp.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.kserveModelsWebApp.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.kserveModelsWebApp.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.kserveModelsWebApp.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.kserveModelsWebApp.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.kserveModelsWebApp.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.kserveModelsWebApp.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.kserveModelsWebApp.affinity
+)}}
+{{- end }}
+
+{{- define "kubeflow.kserveModelsWebApp.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.kserveModelsWebApp.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.kserveModelsWebApp.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.kserveModelsWebApp.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.kserveModelsWebApp.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.kserveModelsWebApp.autoscaling) }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.kubeflowRoles.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.kubeflowRoles.tpl
new file mode 100644
index 00000000..db57117e
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.kubeflowRoles.tpl
@@ -0,0 +1,121 @@
+{{- define "kubeflow.roles.baseName" -}}
+{{- print "kubeflow-roles" }}
+{{- end }}
+
+{{- define "kubeflow.roles.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.roles.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.kubeflowRoles.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.roles.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Main Role Names.
+*/}}
+{{- define "kubeflow.kubeflowRoles.kubeflowAdminRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "admin" }}
+{{- end }}
+
+{{- define "kubeflow.kubeflowRoles.kubeflowEditRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "edit" }}
+{{- end }}
+
+{{- define "kubeflow.kubeflowRoles.kubeflowViewRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "view" }}
+{{- end }}
+
+
+{{/*
+Kubeflow Kubernetes Role Names.
+*/}}
+{{- define "kubeflow.kubeflowRoles.kubernetesAdminRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "kubernetes-admin" }}
+{{- end }}
+
+{{- define "kubeflow.kubeflowRoles.kubernetesEditRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "kubernetes-edit" }}
+{{- end }}
+
+{{- define "kubeflow.kubeflowRoles.kubernetesViewRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "kubernetes-view" }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Role Names.
+*/}}
+{{- define "kubeflow.kubeflowRoles.kubeflowPipelinesAdminRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "pipelines-admin" }}
+{{- end }}
+
+{{- define "kubeflow.kubeflowRoles.kubeflowPipelinesEditRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "pipelines-edit" }}
+{{- end }}
+
+{{- define "kubeflow.kubeflowRoles.kubeflowPipelinesViewRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "pipelines-view" }}
+{{- end }}
+
+{{- define "kubeflow.kubeflowRoles.aggregateToKubeflowPipelinesEditRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "aggregate-pipelines-edit" }}
+{{- end }}
+
+{{- define "kubeflow.kubeflowRoles.aggregateToKubeflowPipelinesViewRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "aggregate-pipelines-view" }}
+{{- end }}
+
+{{/*
+    ###################################
+    ### Role Aggreation Rule Labels ###
+    ###################################
+*/}}
+
+{{/*
+Kubeflow Main Role Labels.
+*/}}
+{{- define "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" -}}
+{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.kubeflowRoles.kubeflowAdminRoleName" .) -}}
+{{- end }}
+
+{{- define "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" -}}
+{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.kubeflowRoles.kubeflowEditRoleName" .) -}}
+{{- end }}
+
+{{- define "kubeflow.kubeflowRoles.kubeflowViewRoleLabel" -}}
+{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.kubeflowRoles.kubeflowViewRoleName" .) -}}
+{{- end }}
+
+{{/*
+Kubeflow Kubernetes Role Labels.
+*/}}
+{{- define "kubeflow.kubeflowRoles.kubernetesAdminRoleLabel" -}}
+{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.kubeflowRoles.kubernetesAdminRoleName" .) -}}
+{{- end }}
+
+{{- define "kubeflow.kubeflowRoles.kubernetesEditRoleLabel" -}}
+{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.kubeflowRoles.kubernetesEditRoleName" .) -}}
+{{- end }}
+
+{{- define "kubeflow.kubeflowRoles.kubernetesViewRoleLabel" -}}
+{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.kubeflowRoles.kubernetesViewRoleName" .) -}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Role Labels.
+*/}}
+{{- define "kubeflow.kubeflowRoles.kubeflowPipelinesAdminRoleLabel" -}}
+{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.kubeflowRoles.kubeflowPipelinesAdminRoleName" .) -}}
+{{- end }}
+
+{{- define "kubeflow.kubeflowRoles.kubeflowPipelinesEditRoleLabel" -}}
+{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.kubeflowRoles.kubeflowPipelinesEditRoleName" .) -}}
+{{- end }}
+
+{{- define "kubeflow.kubeflowRoles.kubeflowPipelinesViewRoleLabel" -}}
+{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.kubeflowRoles.kubeflowPipelinesViewRoleName" .) -}}
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.modelRegistry.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.modelRegistry.tpl
new file mode 100644
index 00000000..396d5ee0
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.modelRegistry.tpl
@@ -0,0 +1,269 @@
+{{/*
+Kubeflow Model Registry object names.
+*/}}
+{{- define "kubeflow.modelRegistry.baseName" -}}
+{{- printf "model-registry" }}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.modelRegistry.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (
+    list
+    (include "kubeflow.modelRegistry.name" .)
+    .Values.modelRegistry.serviceAccount
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Model Registry Service.
+*/}}
+{{- define "kubeflow.modelRegistry.svc.name" -}}
+{{ printf "%s-%s"
+    (include "kubeflow.component.svc.name" (
+        include "kubeflow.modelRegistry.name" .
+    ))
+    "service"
+}}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.modelRegistry.svc.name" .)
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Model Registry object labels.
+*/}}
+{{- define "kubeflow.modelRegistry.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.modelRegistry.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.modelRegistry.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Model Registry Scheduling.
+*/}}
+{{- define "kubeflow.modelRegistry.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.modelRegistry.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.modelRegistry.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.modelRegistry.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.modelRegistry.affinity
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Model registrry enable and create toggles.
+*/}}
+{{- define "kubeflow.modelRegistry.enabled" -}}
+{{- ternary true "" .Values.modelRegistry.enabled }}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.createServiceAccount" -}}
+{{- ternary true "" (
+and
+    (include "kubeflow.modelRegistry.enabled" . | eq "true")
+    .Values.modelRegistry.serviceAccount.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.configMapName" -}}
+{{- printf "%s" (include "kubeflow.modelRegistry.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.createIstioIntegrationObjects" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.modelRegistry.enabled" . | eq "true")
+    .Values.istioIntegration.enabled
+)}}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.pdb.create" -}}
+{{- include "kubeflow.component.pdb.create" (
+    list
+    (include "kubeflow.modelRegistry.enabled" .)
+    .Values.defaults.podDisruptionBudget
+    .Values.modelRegistry.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Image configuration.
+*/}}
+
+{{- define "kubeflow.modelRegistry.rest.image" -}}
+{{ include "kubeflow.component.image" (list .Values.defaults.image .Values.modelRegistry.rest.image) }}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.rest.imagePullPolicy" -}}
+{{ include "kubeflow.component.imagePullPolicy" (list .Values.modelRegistry.rest.image .Values.modelRegistry.rest.image) }}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.grpc.image" -}}
+{{ include "kubeflow.component.image" (list .Values.modelRegistry.grpc.image .Values.modelRegistry.grpc.image) }}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.grpc.imagePullPolicy" -}}
+{{ include "kubeflow.component.imagePullPolicy" (list .Values.modelRegistry.grpc.image .Values.modelRegistry.grpc.image) }}
+{{- end }}
+
+{{/*
+Kubeflow model-registry Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.modelRegistry.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.modelRegistry.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.modelRegistry.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.modelRegistry.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.modelRegistry.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.modelRegistry.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.modelRegistry.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow model-registry Security Context.
+*/}}
+{{- define "kubeflow.modelRegistry.rest.containerSecurityContext" -}}
+{{ include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.modelRegistry.rest.containerSecurityContext
+)}}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.grpc.containerSecurityContext" -}}
+{{ include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.modelRegistry.grpc.containerSecurityContext
+)}}
+{{- end }}
+
+{{/*
+Environment names for database config.
+*/}}
+{{- define "kubeflow.modelRegistry.config.db.user.env.name" -}}
+{{- "MYSQL_USER_NAME" }}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.config.db.password.env.name" -}}
+{{- "MYSQL_PASSWORD" }}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.config.db.host.env.name" -}}
+{{- "MYSQL_HOST" }}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.config.db.port.env.name" -}}
+{{- "MYSQL_PORT" }}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.config.db.dbName.env.name" -}}
+{{- "MYSQL_DBNAME" }}
+{{- end }}
+
+{{/*
+Environment Entries parametrization for database configuration with plaintext
+value or through Secrets.
+*/}}
+
+{{- define "kubeflow.modelRegistry.config.db.user.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.modelRegistry.config.db.user.env.name" . )
+    .Values.modelRegistry.config.db.existingSecretName
+    .Values.modelRegistry.config.db.user
+) }}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.config.db.password.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.modelRegistry.config.db.password.env.name" . )
+    .Values.modelRegistry.config.db.existingSecretName
+    .Values.modelRegistry.config.db.password
+) }}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.config.db.host.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.modelRegistry.config.db.host.env.name" . )
+    .Values.modelRegistry.config.db.existingSecretName
+    .Values.modelRegistry.config.db.host
+) }}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.config.db.port.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.modelRegistry.config.db.port.env.name" . )
+    .Values.modelRegistry.config.db.existingSecretName
+    .Values.modelRegistry.config.db.port
+) }}
+{{- end }}
+
+{{- define "kubeflow.modelRegistry.config.db.dbName.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.modelRegistry.config.db.dbName.env.name" . )
+    .Values.modelRegistry.config.db.existingSecretName
+    .Values.modelRegistry.config.db.dbName
+) }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.networkPolicies.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.networkPolicies.tpl
new file mode 100644
index 00000000..a93a8008
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.networkPolicies.tpl
@@ -0,0 +1,31 @@
+{{/*
+Kubeflow Network Policies object names.
+*/}}
+{{- define "kubeflow.networkPolicies.baseName" -}}
+{{- printf "network-policies" }}
+{{- end }}
+
+{{- define "kubeflow.networkPolicies.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.networkPolicies.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Network Policies enable and create toggles.
+*/}}
+{{- define "kubeflow.networkPolicies.enabled" -}}
+{{- ternary true "" (
+    .Values.networkPolicies.enabled
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Network Policies object labels.
+*/}}
+{{- define "kubeflow.networkPolicies.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.networkPolicies.name" .) }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.controller.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.controller.tpl
new file mode 100644
index 00000000..e42b8918
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.controller.tpl
@@ -0,0 +1,272 @@
+{{/*
+Kubeflow Notebooks Controller object names.
+*/}}
+{{- define "kubeflow.notebooks.controller.baseName" -}}
+{{- printf "notebooks-controller" }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.notebooks.controller.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (
+    list
+    (include "kubeflow.notebooks.controller.name" .)
+    .Values.notebooks.controller.serviceAccount
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.serviceAccountPrincipal" -}}
+{{- include "kubeflow.component.serviceAccountPrincipal" (
+    list
+    .
+    (include "kubeflow.notebooks.controller.serviceAccountName" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.mainClusterRoleName" -}}
+{{- printf "%s-%s"
+    (include "kubeflow.fullname" .)
+    (include "kubeflow.notebooks.controller.name" .)
+}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.mainClusterRoleBindingName" -}}
+{{- include "kubeflow.notebooks.controller.mainClusterRoleName" . }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.leaderElectionRoleName" -}}
+{{- printf "%s-%s-%s"
+    (include "kubeflow.fullname" .)
+    (include "kubeflow.notebooks.controller.name" .)
+    "leader-election"
+}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.leaderElectionRoleBindingName" -}}
+{{- include "kubeflow.notebooks.controller.leaderElectionRoleName" . }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.kfNbAdminClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "notebooks-admin" }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.kfNbEditClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "notebooks-edit" }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.kfNbViewClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "notebooks-view" }}
+{{- end }}
+
+{{/*
+Role Aggregation Rule Labels
+*/}}
+{{- define "kubeflow.notebooks.controller.kfNbAdminClusterRoleLabel" -}}
+{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.notebooks.controller.kfNbAdminClusterRoleName" .) -}}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks Controller Service.
+*/}}
+{{- define "kubeflow.notebooks.controller.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.notebooks.controller.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.svc.addressWithNs" -}}
+{{ include "kubeflow.component.svc.addressWithNs"  (
+    list
+    .
+    (include "kubeflow.notebooks.controller.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.svc.addressWithSvc" -}}
+{{ include "kubeflow.component.svc.addressWithSvc"  (
+    list
+    .
+    (include "kubeflow.notebooks.controller.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.notebooks.controller.name" .)
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks Controller object labels.
+*/}}
+{{- define "kubeflow.notebooks.controller.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.notebooks.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.notebooks.controller.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.notebooks.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.notebooks.controller.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks Controller container image settings.
+*/}}
+{{- define "kubeflow.notebooks.controller.image" -}}
+{{ include "kubeflow.component.image" (
+    list
+    .Values.defaults.image
+    .Values.notebooks.controller.image
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.imagePullPolicy" -}}
+{{ include "kubeflow.component.imagePullPolicy" (
+    list
+    .Values.defaults.image
+    .Values.notebooks.controller.image
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks Controller Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.notebooks.controller.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (
+    list
+    .Values.defaults.autoscaling
+    .Values.notebooks.controller.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (
+    list
+    .Values.defaults.autoscaling
+    .Values.notebooks.controller.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (
+    list
+    .Values.defaults.autoscaling
+    .Values.notebooks.controller.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (
+    list
+    .Values.defaults.autoscaling
+    .Values.notebooks.controller.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.notebooks.controller.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks Controller Security Context.
+*/}}
+{{- define "kubeflow.notebooks.controller.containerSecurityContext" -}}
+{{ include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.notebooks.controller.containerSecurityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks Controller Scheduling.
+*/}}
+{{- define "kubeflow.notebooks.controller.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.notebooks.controller.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.notebooks.controller.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.notebooks.controller.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.notebooks.controller.affinity
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks Controller enable and create toggles.
+*/}}
+{{- define "kubeflow.notebooks.controller.enabled" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.notebooks.enabled" . | eq "true")
+    .Values.notebooks.controller.enabled
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (
+    list
+    .Values.defaults.autoscaling
+    .Values.notebooks.controller.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.rbac.createRoles" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.notebooks.controller.enabled" . | eq "true")
+    .Values.notebooks.controller.rbac.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.createServiceAccount" -}}
+{{- ternary true "" (
+and
+    (include "kubeflow.notebooks.controller.enabled" . | eq "true")
+    .Values.notebooks.controller.serviceAccount.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.controller.pdb.create" -}}
+{{- include "kubeflow.component.pdb.create" (
+    list
+    (include "kubeflow.notebooks.controller.enabled" .)
+    .Values.defaults.podDisruptionBudget
+    .Values.notebooks.controller.podDisruptionBudget
+)}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.jupyterWebApp.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.jupyterWebApp.tpl
new file mode 100644
index 00000000..bd88015a
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.jupyterWebApp.tpl
@@ -0,0 +1,241 @@
+{{/*
+Kubeflow Notebooks Jupyter Web App object names.
+*/}}
+{{- define "kubeflow.notebooks.jupyterWebApp.baseName" -}}
+{{- printf "jupyter-web-app" }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.notebooks.jupyterWebApp.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks Jupyter Web App object labels.
+*/}}
+{{- define "kubeflow.notebooks.jupyterWebApp.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.notebooks.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.notebooks.jupyterWebApp.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.notebooks.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.notebooks.jupyterWebApp.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.image" -}}
+{{ include "kubeflow.component.image" (list .Values.defaults.image .Values.notebooks.jupyterWebApp.image) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.imagePullPolicy" -}}
+{{ include "kubeflow.component.imagePullPolicy" (list .Values.defaults.image .Values.notebooks.jupyterWebApp.image) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.notebooks.jupyterWebApp.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.notebooks.jupyterWebApp.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.notebooks.jupyterWebApp.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.notebooks.jupyterWebApp.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.notebooks.jupyterWebApp.autoscaling) }}
+{{- end }}
+
+
+{{- define "kubeflow.notebooks.jupyterWebApp.spawnerUI.configMapName" -}}
+{{- printf "%s-%s" (include "kubeflow.notebooks.jupyterWebApp.name" .) "config" }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.logos.configMapName" -}}
+{{- $customConfigMap := .Values.notebooks.jupyterWebApp.logos.customConfigMap -}}
+{{- if $customConfigMap -}}
+    {{- print $customConfigMap }}
+{{- else -}}
+    {{- printf "%s-%s" (include "kubeflow.notebooks.jupyterWebApp.name" .) "logos" }}
+{{- end -}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.mainClusterRoleName" -}}
+{{- printf "%s-%s"
+    (include "kubeflow.fullname" .)
+    (include "kubeflow.notebooks.jupyterWebApp.name" .)
+}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.mainClusterRoleBindingName" -}}
+{{- include "kubeflow.notebooks.jupyterWebApp.mainClusterRoleName" . }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.kfNbUiAdminClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "notebooks-ui-admin" }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.kfNbUiEditClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "notebooks-ui-edit" }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.kfNbUiViewClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "notebooks-ui-view" }}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks Jupyter Web App enable and create toggles.
+*/}}
+{{- define "kubeflow.notebooks.jupyterWebApp.enabled" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.notebooks.enabled" . | eq "true")
+    .Values.notebooks.jupyterWebApp.enabled
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.createIstioIntegrationObjects" -}}
+{{- ternary true "" (
+    and
+        .Values.istioIntegration.enabled
+        (include "kubeflow.notebooks.jupyterWebApp.enabled" . | eq "true" )
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.rbac.createRoles" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.notebooks.jupyterWebApp.enabled" . | eq "true")
+    .Values.notebooks.jupyterWebApp.rbac.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.createServiceAccount" -}}
+{{- ternary true "" (
+and
+    (include "kubeflow.notebooks.jupyterWebApp.enabled" . | eq "true")
+    .Values.notebooks.jupyterWebApp.serviceAccount.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.logos.createConfigMap" -}}
+{{- and
+    (include "kubeflow.notebooks.jupyterWebApp.enabled" . | eq "true")
+    (not .Values.notebooks.jupyterWebApp.logos.customConfigMap)
+}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (list (include "kubeflow.notebooks.jupyterWebApp.name" .) .Values.notebooks.jupyterWebApp.serviceAccount) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.authorizationPolicyExtAuthName" -}}
+{{ include "kubeflow.component.authorizationPolicyExtAuthName" (
+    list
+    (include "kubeflow.notebooks.jupyterWebApp.name" .)
+    .Values.istioIntegration
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks Jupyter Web App Service.
+*/}}
+{{- define "kubeflow.notebooks.jupyterWebApp.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.notebooks.jupyterWebApp.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.svc.addressWithNs" -}}
+{{ include "kubeflow.component.svc.addressWithNs"  (
+    list
+    .
+    (include "kubeflow.notebooks.jupyterWebApp.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.svc.addressWithSvc" -}}
+{{ include "kubeflow.component.svc.addressWithSvc"  (
+    list
+    .
+    (include "kubeflow.notebooks.jupyterWebApp.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.notebooks.jupyterWebApp.name" .)
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks Jupyter Web App Security Context.
+*/}}
+{{- define "kubeflow.notebooks.jupyterWebApp.containerSecurityContext" -}}
+{{ include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.notebooks.jupyterWebApp.containerSecurityContext
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.notebooks.jupyterWebApp.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.notebooks.jupyterWebApp.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.notebooks.jupyterWebApp.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.notebooks.jupyterWebApp.affinity
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.pdb.create" -}}
+{{- include "kubeflow.component.pdb.create" (
+    list
+    (include "kubeflow.notebooks.jupyterWebApp.enabled" .)
+    .Values.defaults.podDisruptionBudget
+    .Values.notebooks.jupyterWebApp.podDisruptionBudget
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.jupyterWebApp.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.notebooks.jupyterWebApp.podDisruptionBudget
+)}}
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.pvcviewerController.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.pvcviewerController.tpl
new file mode 100644
index 00000000..0247b236
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.pvcviewerController.tpl
@@ -0,0 +1,368 @@
+{{/*
+Kubeflow Notebooks PVC Viewer Controller object names.
+*/}}
+{{- define "kubeflow.notebooks.pvcviewerController.baseName" -}}
+{{- printf "pvcviewer-controller" }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.notebooks.pvcviewerController.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.manager.name" -}}
+{{- printf "%s-%s"
+    (include "kubeflow.notebooks.pvcviewerController.name" .)
+    "manager"
+}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.kubeRbacProxy.name" -}}
+{{- printf "%s-%s"
+    (include "kubeflow.notebooks.pvcviewerController.name" .)
+    "kube-rbac-proxy"
+}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (
+    list
+    (include "kubeflow.notebooks.pvcviewerController.name" .)
+    .Values.notebooks.pvcviewerController.serviceAccount
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.mainClusterRoleName" -}}
+{{- printf "%s-%s"
+    (include "kubeflow.fullname" .)
+    (include "kubeflow.notebooks.pvcviewerController.name" .)
+}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.mainClusterRoleBindingName" -}}
+{{- include "kubeflow.notebooks.pvcviewerController.mainClusterRoleName" . }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.leaderElectionRoleName" -}}
+{{- printf "%s-%s-%s"
+    (include "kubeflow.fullname" .)
+    (include "kubeflow.notebooks.pvcviewerController.name" .)
+    "leader-election"
+}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.leaderElectionRoleBindingName" -}}
+{{- include "kubeflow.notebooks.pvcviewerController.leaderElectionRoleName" . }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.metricsReaderClusterRoleName" -}}
+{{- printf "%s-%s-%s"
+    (include "kubeflow.fullname" .)
+    (include "kubeflow.notebooks.pvcviewerController.name" .)
+    "metrics-reader"
+}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.metricsReaderClusterRoleBindingName" -}}
+{{- include "kubeflow.notebooks.pvcviewerController.metricsReaderClusterRoleName" . }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.proxyClusterRoleName" -}}
+{{- printf "%s-%s-%s"
+    (include "kubeflow.fullname" .)
+    (include "kubeflow.notebooks.pvcviewerController.name" .)
+    "proxy"
+}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.proxyClusterRoleBindingName" -}}
+{{- include "kubeflow.notebooks.pvcviewerController.proxyClusterRoleName" . }}
+{{- end }}
+
+
+{{- define "kubeflow.notebooks.pvcviewerController.tlsCertSecretName" -}}
+{{ printf "%s-%s" (include "kubeflow.notebooks.pvcviewerController.name" .) "tls-certs" }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.certIssuerName" -}}
+{{ printf "%s-%s" (include "kubeflow.notebooks.pvcviewerController.name" .) "selfsigned-issuer" }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.certName" -}}
+{{ printf "%s-%s" (include "kubeflow.notebooks.pvcviewerController.name" .) "cert" }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.mutatingWebhookName" -}}
+{{ printf "%s-%s" (include "kubeflow.notebooks.pvcviewerController.name" .) "mutating" }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.validatingWebhookName" -}}
+{{ printf "%s-%s" (include "kubeflow.notebooks.pvcviewerController.name" .) "validating" }}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks PVC Viewer Controller Service.
+*/}}
+{{- define "kubeflow.notebooks.pvcviewerController.manager.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.notebooks.pvcviewerController.manager.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.manager.svc.addressWithNs" -}}
+{{ include "kubeflow.component.svc.addressWithNs"  (
+    list
+    .
+    (include "kubeflow.notebooks.pvcviewerController.manager.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.manager.svc.addressWithSvc" -}}
+{{ include "kubeflow.component.svc.addressWithSvc"  (
+    list
+    .
+    (include "kubeflow.notebooks.pvcviewerController.manager.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.manager.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.notebooks.pvcviewerController.manager.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.kubeRbacProxy.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.notebooks.pvcviewerController.kubeRbacProxy.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.webhook.port" -}}
+{{- .Values.notebooks.pvcviewerController.manager.webhook.port }}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks PVC Viewer Controller object labels.
+*/}}
+{{- define "kubeflow.notebooks.pvcviewerController.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.notebooks.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.notebooks.pvcviewerController.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.notebooks.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.notebooks.pvcviewerController.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks PVC Viewer Controller Manager container image settings.
+*/}}
+{{- define "kubeflow.notebooks.pvcviewerController.manager.image" -}}
+{{ include "kubeflow.component.image" (
+    list
+    .Values.defaults.image
+    .Values.notebooks.pvcviewerController.manager.image
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.manager.imagePullPolicy" -}}
+{{ include "kubeflow.component.imagePullPolicy" (
+    list
+    .Values.defaults.image
+    .Values.notebooks.pvcviewerController.manager.image
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks PVC Viewer Controller Kube RBAC Proxy container image settings.
+*/}}
+{{- define "kubeflow.notebooks.pvcviewerController.kubeRbacProxy.image" -}}
+{{ include "kubeflow.component.image" (
+    list
+    .Values.defaults.image
+    .Values.notebooks.pvcviewerController.kubeRbacProxy.image
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.kubeRbacProxy.imagePullPolicy" -}}
+{{ include "kubeflow.component.imagePullPolicy" (
+    list
+    .Values.defaults.image
+    .Values.notebooks.pvcviewerController.kubeRbacProxy.image
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks PVC Viewer Controller Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.notebooks.pvcviewerController.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (
+    list
+    .Values.defaults.autoscaling
+    .Values.notebooks.pvcviewerController.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (
+    list
+    .Values.defaults.autoscaling
+    .Values.notebooks.pvcviewerController.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (
+    list
+    .Values.defaults.autoscaling
+    .Values.notebooks.pvcviewerController.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (
+    list
+    .Values.defaults.autoscaling
+    .Values.notebooks.pvcviewerController.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.notebooks.pvcviewerController.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks PVC Viewer Controller Security Context.
+*/}}
+{{- define "kubeflow.notebooks.pvcviewerController.manager.containerSecurityContext" -}}
+{{ include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.notebooks.pvcviewerController.manager.containerSecurityContext
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.kubeRbacProxy.containerSecurityContext" -}}
+{{ include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.notebooks.pvcviewerController.kubeRbacProxy.containerSecurityContext
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.securityContext" -}}
+{{ include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.notebooks.pvcviewerController.securityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks PVC Viewer Controller Scheduling.
+*/}}
+{{- define "kubeflow.notebooks.pvcviewerController.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.notebooks.pvcviewerController.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.nodeSelector" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.notebooks.pvcviewerController.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.notebooks.pvcviewerController.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.notebooks.pvcviewerController.affinity
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.terminationGracePeriodSeconds" -}}
+{{ include "kubeflow.component.terminationGracePeriodSeconds" (
+    list
+    .Values.defaults.terminationGracePeriodSeconds
+    .Values.notebooks.pvcviewerController.terminationGracePeriodSeconds
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks PVC Viewer Controller enable and create toggles.
+*/}}
+{{- define "kubeflow.notebooks.pvcviewerController.enabled" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.notebooks.enabled" . | eq "true")
+    .Values.notebooks.pvcviewerController.enabled
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (
+    list
+    .Values.defaults.autoscaling
+    .Values.notebooks.pvcviewerController.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.rbac.createRoles" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.notebooks.pvcviewerController.enabled" . | eq "true")
+    .Values.notebooks.pvcviewerController.rbac.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.createServiceAccount" -}}
+{{- ternary true "" (
+and
+    (include "kubeflow.notebooks.pvcviewerController.enabled" . | eq "true")
+    .Values.notebooks.pvcviewerController.serviceAccount.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pvcviewerController.pdb.create" -}}
+{{- include "kubeflow.component.pdb.create" (
+    list
+    (include "kubeflow.notebooks.pvcviewerController.enabled" .)
+    .Values.defaults.podDisruptionBudget
+    .Values.notebooks.pvcviewerController.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks PVC Viewer Controller certificate manager.
+*/}}
+{{- define "kubeflow.notebooks.pvcviewerController.enabledWithCertManager" -}}
+{{- ternary true "" (
+    and
+        (include "kubeflow.notebooks.pvcviewerController.enabled" . | eq "true" )
+        (include "kubeflow.certManagerIntegration.enabled" . | eq "true" )
+)}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.tpl
new file mode 100644
index 00000000..61539601
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.tpl
@@ -0,0 +1,126 @@
+{{/*
+Kubeflow Notebooks object names.
+*/}}
+{{- define "kubeflow.notebooks.baseName" -}}
+{{- printf "notebooks" }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.baseRbacName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) (include "kubeflow.notebooks.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.notebooks.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks object labels.
+*/}}
+{{- define "kubeflow.notebooks.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.notebooks.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.notebooks.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks container image settings.
+*/}}
+{{- define "kubeflow.notebooks.image" -}}
+{{ include "kubeflow.component.image" (list .Values.defaults.image .Values.notebooks.image) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.imagePullPolicy" -}}
+{{ include "kubeflow.component.imagePullPolicy" (list .Values.defaults.image .Values.notebooks.image) }}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.notebooks.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.notebooks.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.notebooks.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.notebooks.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.notebooks.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.notebooks.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.notebooks.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks Security Context.
+*/}}
+{{- define "kubeflow.notebooks.containerSecurityContext" -}}
+{{ include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.notebooks.containerSecurityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks Scheduling.
+*/}}
+{{- define "kubeflow.notebooks.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.notebooks.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.notebooks.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.notebooks.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.notebooks.affinity
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks enable and create toggles.
+*/}}
+{{- define "kubeflow.notebooks.enabled" -}}
+{{- ternary true "" .Values.notebooks.enabled }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.volumesWebApp.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.volumesWebApp.tpl
new file mode 100644
index 00000000..600147a4
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.notebooks.volumesWebApp.tpl
@@ -0,0 +1,229 @@
+{{/*
+Kubeflow Notebooks Volumes Web App object names.
+*/}}
+{{- define "kubeflow.notebooks.volumesWebApp.baseName" -}}
+{{- printf "volumes-web-app" }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.notebooks.volumesWebApp.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks Volumes Web App object labels.
+*/}}
+{{- define "kubeflow.notebooks.volumesWebApp.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.notebooks.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.notebooks.volumesWebApp.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.notebooks.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.notebooks.volumesWebApp.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.image" -}}
+{{ include "kubeflow.component.image" (list .Values.defaults.image .Values.notebooks.volumesWebApp.image) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.viewerImage" -}}
+{{ include "kubeflow.component.image" (list .Values.defaults.image .Values.notebooks.volumesWebApp.config.viewer.image) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.imagePullPolicy" -}}
+{{ include "kubeflow.component.imagePullPolicy" (list .Values.defaults.image .Values.notebooks.volumesWebApp.image) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.notebooks.volumesWebApp.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.notebooks.volumesWebApp.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.notebooks.volumesWebApp.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.notebooks.volumesWebApp.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.notebooks.volumesWebApp.autoscaling) }}
+{{- end }}
+
+
+{{- define "kubeflow.notebooks.volumesWebApp.configMapName" -}}
+{{- printf "%s-%s" (include "kubeflow.notebooks.volumesWebApp.name" .) "viewer-spec" }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.mainClusterRoleName" -}}
+{{- printf "%s-%s"
+    (include "kubeflow.fullname" .)
+    (include "kubeflow.notebooks.volumesWebApp.name" .)
+}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.mainClusterRoleBindingName" -}}
+{{- include "kubeflow.notebooks.volumesWebApp.mainClusterRoleName" . }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.kfVolUiAdminClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "volumes-ui-admin" }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.kfVolUiEditClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "volumes-ui-edit" }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.kfVolUiViewClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "volumes-ui-view" }}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks Volumes Web App enable and create toggles.
+*/}}
+{{- define "kubeflow.notebooks.volumesWebApp.enabled" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.notebooks.enabled" . | eq "true")
+    .Values.notebooks.volumesWebApp.enabled
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.createIstioIntegrationObjects" -}}
+{{- ternary true "" (
+    and
+        .Values.istioIntegration.enabled
+        (include "kubeflow.notebooks.volumesWebApp.enabled" . | eq "true" )
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.rbac.createRoles" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.notebooks.volumesWebApp.enabled" . | eq "true")
+    .Values.notebooks.volumesWebApp.rbac.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.createServiceAccount" -}}
+{{- ternary true "" (
+and
+    (include "kubeflow.notebooks.volumesWebApp.enabled" . | eq "true")
+    .Values.notebooks.volumesWebApp.serviceAccount.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (list (include "kubeflow.notebooks.volumesWebApp.name" .) .Values.notebooks.volumesWebApp.serviceAccount) }}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.authorizationPolicyExtAuthName" -}}
+{{ include "kubeflow.component.authorizationPolicyExtAuthName" (
+    list
+    (include "kubeflow.notebooks.volumesWebApp.name" .)
+    .Values.istioIntegration
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks Volumes Web App Service.
+*/}}
+{{- define "kubeflow.notebooks.volumesWebApp.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.notebooks.volumesWebApp.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.svc.addressWithNs" -}}
+{{ include "kubeflow.component.svc.addressWithNs"  (
+    list
+    .
+    (include "kubeflow.notebooks.volumesWebApp.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.svc.addressWithSvc" -}}
+{{ include "kubeflow.component.svc.addressWithSvc"  (
+    list
+    .
+    (include "kubeflow.notebooks.volumesWebApp.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.notebooks.volumesWebApp.name" .)
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks Volumes Web App Security Context.
+*/}}
+{{- define "kubeflow.notebooks.volumesWebApp.containerSecurityContext" -}}
+{{ include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.notebooks.volumesWebApp.containerSecurityContext
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.notebooks.volumesWebApp.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.notebooks.volumesWebApp.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.notebooks.volumesWebApp.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.notebooks.volumesWebApp.affinity
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.pdb.create" -}}
+{{- include "kubeflow.component.pdb.create" (
+    list
+    (include "kubeflow.notebooks.volumesWebApp.enabled" .)
+    .Values.defaults.podDisruptionBudget
+    .Values.notebooks.volumesWebApp.podDisruptionBudget
+)}}
+{{- end }}
+
+{{- define "kubeflow.notebooks.volumesWebApp.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.notebooks.volumesWebApp.podDisruptionBudget
+)}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.oauth2ProxyIntegration.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.oauth2ProxyIntegration.tpl
new file mode 100644
index 00000000..aa4170a3
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.oauth2ProxyIntegration.tpl
@@ -0,0 +1,6 @@
+{{- define "kubeflow.oauth2ProxyIntegration.istio.enabled" -}}
+{{- and
+  (include "kubeflow.istioIntegration.enabled" . | eq "true" )
+  .Values.oauth2ProxyIntegration.enabled
+}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.cache.config.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.cache.config.tpl
new file mode 100644
index 00000000..a86fc88f
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.cache.config.tpl
@@ -0,0 +1,108 @@
+{{/*
+Kubeflow Pipelines Cache config.
+*/}}
+
+{{/*
+Environment names for the env spec parametrization.
+*/}}
+{{- define "kubeflow.pipelines.cache.config.db.user.env.name" -}}
+{{- "DBCONFIG_USER" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.config.db.password.env.name" -}}
+{{- "DBCONFIG_PASSWORD" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.config.db.host.env.name" -}}
+{{- "DBCONFIG_HOST" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.config.db.port.env.name" -}}
+{{- "DBCONFIG_PORT" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.config.db.cacheDatabaseName.env.name" -}}
+{{- "DBCONFIG_CACHE_DB_NAME" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.config.db.driver.env.name" -}}
+{{- "DBCONFIG_DRIVER" }}
+{{- end }}
+
+
+{{/*
+Environment Entries parametrization with plaintext value
+or through Secrets.
+*/}}
+{{- define "kubeflow.pipelines.cache.config.db.user.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.cache.config.db.user.env.name" . )
+    .Values.pipelines.config.db.existingSecretName
+    .Values.pipelines.config.db.user
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.config.db.password.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.cache.config.db.password.env.name" . )
+    .Values.pipelines.config.db.existingSecretName
+    .Values.pipelines.config.db.password
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.config.db.host.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.cache.config.db.host.env.name" . )
+    .Values.pipelines.config.db.existingSecretName
+    .Values.pipelines.config.db.host
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.config.db.port.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.cache.config.db.port.env.name" . )
+    .Values.pipelines.config.db.existingSecretName
+    .Values.pipelines.config.db.port
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.config.db.cacheDatabaseName.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.cache.config.db.cacheDatabaseName.env.name" . )
+    .Values.pipelines.config.db.existingSecretName
+    .Values.pipelines.config.db.cacheDatabaseName
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.config.db.pipelineDatabaseName.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.cache.config.db.pipelineDatabaseName.env.name" . )
+    .Values.pipelines.config.db.existingSecretName
+    .Values.pipelines.config.db.pipelineDatabaseName
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.config.db.conMaxLifetime.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.cache.config.db.conMaxLifetime.env.name" . )
+    .Values.pipelines.config.db.existingSecretName
+    .Values.pipelines.config.db.conMaxLifetime
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.config.db.driver.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.cache.config.db.driver.env.name" . )
+    .Values.pipelines.config.db.existingSecretName
+    .Values.pipelines.config.db.driver
+) }}
+{{- end }}
+
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.cache.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.cache.tpl
new file mode 100644
index 00000000..28654916
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.cache.tpl
@@ -0,0 +1,252 @@
+{{/*
+Kubeflow Pipelines Cache object names.
+*/}}
+{{- define "kubeflow.pipelines.cache.baseName" -}}
+{{- printf "ml-pipeline-cache" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.pipelines.cache.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (
+    list
+    (include "kubeflow.pipelines.cache.name" .)
+    .Values.pipelines.cache.serviceAccount)
+}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.serviceAccountPrincipal" -}}
+{{- include "kubeflow.component.serviceAccountPrincipal" (
+    list
+    .
+    (include "kubeflow.pipelines.cache.serviceAccountName" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.roleName" -}}
+{{- include "kubeflow.pipelines.cache.name" . }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.roleBindingName" -}}
+{{- include "kubeflow.pipelines.cache.roleName" . }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.tlsCertSecretName" -}}
+{{ printf "%s-%s" (include "kubeflow.pipelines.cache.name" .) "tls-certs" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.certIssuerName" -}}
+{{ printf "%s-%s" (include "kubeflow.pipelines.cache.name" .) "selfsigned-issuer" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.certName" -}}
+{{ printf "%s-%s" (include "kubeflow.pipelines.cache.name" .) "cert" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.webhookName" -}}
+{{ print (include "kubeflow.pipelines.cache.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Cache Service.
+*/}}
+{{- define "kubeflow.pipelines.cache.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.pipelines.cache.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.svc.addressWithNs" -}}
+{{ include "kubeflow.component.svc.addressWithNs"  (
+    list
+    .
+    (include "kubeflow.pipelines.cache.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.svc.addressWithSvc" -}}
+{{ include "kubeflow.component.svc.addressWithSvc"  (
+    list
+    .
+    (include "kubeflow.pipelines.cache.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.pipelines.cache.name" .)
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Cache object labels.
+*/}}
+{{- define "kubeflow.pipelines.cache.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.cache.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.cache.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.cacheEnabledLabel" -}}
+pipelines.kubeflow.org/cache_enabled: "true"
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.cacheDisabledLabel" -}}
+pipelines.kubeflow.org/cache_enabled: "false"
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Cache container image settings.
+*/}}
+{{- define "kubeflow.pipelines.cache.image" -}}
+{{- include "kubeflow.pipelines.image" (
+    list
+    .Values.defaults.image
+    .Values.pipelines.defaults.image
+    .Values.pipelines.cache.image
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.imagePullPolicy" -}}
+{{- include "kubeflow.pipelines.imagePullPolicy" (
+    list
+    .Values.defaults.image
+    .Values.pipelines.defaults.image
+    .Values.pipelines.cache.image
+)}}
+{{- end }}
+
+
+{{/*
+Kubeflow Pipelines Cache Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.pipelines.cache.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.cache.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.cache.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.cache.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.cache.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.cache.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.pipelines.cache.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Cache Security Context.
+*/}}
+{{- define "kubeflow.pipelines.cache.containerSecurityContext" -}}
+{{- include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.pipelines.cache.containerSecurityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Cache Scheduling.
+*/}}
+{{- define "kubeflow.pipelines.cache.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.pipelines.cache.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.pipelines.cache.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.pipelines.cache.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.pipelines.cache.affinity
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Cache enable and create toggles.
+*/}}
+{{- define "kubeflow.pipelines.cache.enabled" -}}
+{{- ternary true "" (
+    and
+        (include "kubeflow.pipelines.enabled" . | eq "true")
+        .Values.pipelines.cache.enabled
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.rbac.createRoles" -}}
+{{- ternary true "" (
+    and
+        (include "kubeflow.pipelines.cache.enabled" . | eq "true")
+        .Values.pipelines.cache.rbac.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.createServiceAccount" -}}
+{{- ternary true "" (
+    and
+        (include "kubeflow.pipelines.cache.enabled" . | eq "true")
+        .Values.pipelines.cache.serviceAccount.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.enabledWithCertManager" -}}
+{{- ternary true "" (
+    and
+        (include "kubeflow.pipelines.cache.enabled" . | eq "true" )
+        (include "kubeflow.certManagerIntegration.enabled" . | eq "true" )
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.cache.createIstioIntegrationObjects" -}}
+{{- ternary true "" (
+    and
+        (include "kubeflow.pipelines.cache.enabled" . | eq "true" )
+        .Values.istioIntegration.enabled
+)}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataEnvoy.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataEnvoy.tpl
new file mode 100644
index 00000000..34ed877b
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataEnvoy.tpl
@@ -0,0 +1,197 @@
+{{/*
+Kubeflow Pipelines Metadata Envoy object names.
+*/}}
+{{- define "kubeflow.pipelines.metadataEnvoy.baseName" -}}
+{{- printf "ml-pipeline-metadata-envoy" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataEnvoy.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.pipelines.metadataEnvoy.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataEnvoy.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (
+    list
+    (include "kubeflow.pipelines.metadataEnvoy.name" .)
+    .Values.pipelines.metadataEnvoy.serviceAccount)
+}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataEnvoy.roleName" -}}
+{{- include "kubeflow.pipelines.metadataEnvoy.name" . }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataEnvoy.roleBindingName" -}}
+{{- include "kubeflow.pipelines.metadataEnvoy.roleName" . }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Metadata Envoy Service.
+*/}}
+{{- define "kubeflow.pipelines.metadataEnvoy.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.pipelines.metadataEnvoy.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataEnvoy.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.pipelines.metadataEnvoy.name" .)
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Metadata Envoy object labels.
+*/}}
+{{- define "kubeflow.pipelines.metadataEnvoy.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.metadataEnvoy.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataEnvoy.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.metadataEnvoy.name" .) }}
+{{- end }}
+
+
+{{/*
+Kubeflow Pipelines Metadata Envoy container image settings.
+*/}}
+{{- define "kubeflow.pipelines.metadataEnvoy.image" -}}
+{{- include "kubeflow.pipelines.image" (
+    list
+    .Values.defaults.image
+    .Values.pipelines.defaults.image
+    .Values.pipelines.metadataEnvoy.image
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataEnvoy.imagePullPolicy" -}}
+{{- include "kubeflow.pipelines.imagePullPolicy" (
+    list
+    .Values.defaults.image
+    .Values.pipelines.defaults.image
+    .Values.pipelines.metadataEnvoy.image
+)}}
+{{- end }}
+
+
+{{/*
+Kubeflow Pipelines Metadata Envoy Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.pipelines.metadataEnvoy.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.metadataEnvoy.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataEnvoy.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.metadataEnvoy.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataEnvoy.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.metadataEnvoy.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataEnvoy.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.metadataEnvoy.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataEnvoy.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.metadataEnvoy.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataEnvoy.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.pipelines.metadataEnvoy.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Metadata Envoy Security Context.
+*/}}
+{{- define "kubeflow.pipelines.metadataEnvoy.containerSecurityContext" -}}
+{{- include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.pipelines.metadataEnvoy.containerSecurityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Metadata Envoy Scheduling.
+*/}}
+{{- define "kubeflow.pipelines.metadataEnvoy.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.pipelines.metadataEnvoy.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataEnvoy.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.pipelines.metadataEnvoy.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataEnvoy.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.pipelines.metadataEnvoy.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataEnvoy.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.pipelines.metadataEnvoy.affinity
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Metadata Envoy enable and create toggles.
+*/}}
+{{- define "kubeflow.pipelines.metadataEnvoy.enabled" -}}
+{{- and
+    (include "kubeflow.pipelines.enabled" . | eq "true")
+    .Values.pipelines.metadataEnvoy.enabled
+}}
+{{- end }}
+
+{{/*
+NOTE: Currently metadata-envoy doesn't define any rbac.
+Let's be consistent and define functions around Service Account and RBAC.
+*/}}
+{{- define "kubeflow.pipelines.metadataEnvoy.rbac.createRoles" -}}
+{{- and
+    (include "kubeflow.pipelines.metadataEnvoy.enabled" . | eq "true")
+    (((default (dict "create" false) .Values.pipelines.metadataEnvoy.rbac).create))
+    .Values.pipelines.metadataEnvoy.rbac.create }}
+{{- end }}
+
+{{/*
+NOTE: metadata-envoy doesn't define ServiceAccount.
+Let's be consistent and define functions around Service Account and RBAC.
+
+TODO: creation of service account shouldn't depend on if rbac is created.
+People might want to define their own RBAC.
+*/}}
+{{- define "kubeflow.pipelines.metadataEnvoy.createServiceAccount" -}}
+{{- and
+    (include "kubeflow.pipelines.metadataEnvoy.enabled" . | eq "true")
+    .Values.pipelines.metadataEnvoy.serviceAccount.create
+}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataGrpcServer.config.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataGrpcServer.config.tpl
new file mode 100644
index 00000000..ce8449e1
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataGrpcServer.config.tpl
@@ -0,0 +1,76 @@
+{{/*
+Kubeflow Pipelines Metadata GRPC Server config.
+*/}}
+
+{{/*
+Environment names.
+*/}}
+{{- define "kubeflow.pipelines.metadataGrpcServer.config.db.user.env.name" -}}
+{{- "DBCONFIG_USER" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.config.db.password.env.name" -}}
+{{- "DBCONFIG_PASSWORD" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.config.db.host.env.name" -}}
+{{- "DBCONFIG_HOST" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.config.db.port.env.name" -}}
+{{- "DBCONFIG_PORT" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.config.db.mlmdDatabaseName.env.name" -}}
+{{- "DBCONFIG_MLMD_DB_NAME" }}
+{{- end }}
+
+
+{{/*
+Environment Entries parametrization with plaintext value
+or through Secrets.
+*/}}
+{{- define "kubeflow.pipelines.metadataGrpcServer.config.db.user.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.metadataGrpcServer.config.db.user.env.name" . )
+    .Values.pipelines.config.db.existingSecretName
+    .Values.pipelines.config.db.user
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.config.db.password.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.metadataGrpcServer.config.db.password.env.name" . )
+    .Values.pipelines.config.db.existingSecretName
+    .Values.pipelines.config.db.password
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.config.db.host.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.metadataGrpcServer.config.db.host.env.name" . )
+    .Values.pipelines.config.db.existingSecretName
+    .Values.pipelines.config.db.host
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.config.db.port.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.metadataGrpcServer.config.db.port.env.name" . )
+    .Values.pipelines.config.db.existingSecretName
+    .Values.pipelines.config.db.port
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.config.db.mlmdDatabaseName.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.metadataGrpcServer.config.db.mlmdDatabaseName.env.name" . )
+    .Values.pipelines.config.db.existingSecretName
+    .Values.pipelines.config.db.mlmdDatabaseName
+) }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataGrpcServer.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataGrpcServer.tpl
new file mode 100644
index 00000000..067db59d
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataGrpcServer.tpl
@@ -0,0 +1,209 @@
+{{/*
+Kubeflow Pipelines Metadata GRPC Server object names.
+*/}}
+{{- define "kubeflow.pipelines.metadataGrpcServer.baseName" -}}
+{{- printf "ml-pipeline-metadata-grpc-server" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.pipelines.metadataGrpcServer.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (
+    list
+    (include "kubeflow.pipelines.metadataGrpcServer.name" .)
+    .Values.pipelines.metadataGrpcServer.serviceAccount)
+}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.roleName" -}}
+{{- include "kubeflow.pipelines.metadataGrpcServer.name" . }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.roleBindingName" -}}
+{{- include "kubeflow.pipelines.metadataGrpcServer.roleName" . }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Metadata GRPC Server Service.
+*/}}
+{{- define "kubeflow.pipelines.metadataGrpcServer.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.pipelines.metadataGrpcServer.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.svc.addressWithNs" -}}
+{{ include "kubeflow.component.svc.addressWithNs"  (
+    list
+    .
+    (include "kubeflow.pipelines.metadataGrpcServer.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.svc.addressWithSvc" -}}
+{{ include "kubeflow.component.svc.addressWithSvc"  (
+    list
+    .
+    (include "kubeflow.pipelines.metadataGrpcServer.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.pipelines.metadataGrpcServer.name" .)
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Metadata GRPC Server object labels.
+*/}}
+{{- define "kubeflow.pipelines.metadataGrpcServer.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.metadataGrpcServer.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.metadataGrpcServer.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Metadata GRPC Server container image settings.
+*/}}
+{{- define "kubeflow.pipelines.metadataGrpcServer.image" -}}
+{{- include "kubeflow.pipelines.image" (
+    list
+    .Values.defaults.image
+    .Values.pipelines.defaults.image
+    .Values.pipelines.metadataGrpcServer.image
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.imagePullPolicy" -}}
+{{- include "kubeflow.pipelines.imagePullPolicy" (
+    list
+    .Values.defaults.image
+    .Values.pipelines.defaults.image
+    .Values.pipelines.metadataGrpcServer.image
+)}}
+{{- end }}
+
+
+{{/*
+Kubeflow Pipelines Metadata GRPC Server Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.pipelines.metadataGrpcServer.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.metadataGrpcServer.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.metadataGrpcServer.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.metadataGrpcServer.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.metadataGrpcServer.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.metadataGrpcServer.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.pipelines.metadataGrpcServer.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Metadata GRPC Server Security Context.
+*/}}
+{{- define "kubeflow.pipelines.metadataGrpcServer.containerSecurityContext" -}}
+{{- include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.pipelines.metadataGrpcServer.containerSecurityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Metadata GRPC Server Scheduling.
+*/}}
+{{- define "kubeflow.pipelines.metadataGrpcServer.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.pipelines.metadataGrpcServer.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.pipelines.metadataGrpcServer.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.pipelines.metadataGrpcServer.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.pipelines.metadataGrpcServer.affinity
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Metadata GRPC Server enable and create toggles.
+*/}}
+{{- define "kubeflow.pipelines.metadataGrpcServer.enabled" -}}
+{{- ternary true "" (
+    and
+        (include "kubeflow.pipelines.enabled" . | eq "true")
+        .Values.pipelines.metadataGrpcServer.enabled
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.rbac.createRoles" -}}
+{{- and
+    (include "kubeflow.pipelines.metadataGrpcServer.enabled" . | eq "true")
+    .Values.pipelines.metadataGrpcServer.rbac.create }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.createServiceAccount" -}}
+{{- and
+    (include "kubeflow.pipelines.metadataGrpcServer.enabled" . | eq "true")
+    .Values.pipelines.metadataGrpcServer.serviceAccount.create
+}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataGrpcServer.createIstioIntegrationObjects" -}}
+{{- ternary true "" (
+    and
+        (include "kubeflow.pipelines.metadataGrpcServer.enabled" . | eq "true" )
+        .Values.istioIntegration.enabled
+)}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataWriter.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataWriter.tpl
new file mode 100644
index 00000000..7185d771
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.metadataWriter.tpl
@@ -0,0 +1,204 @@
+{{/*
+Kubeflow Pipelines Metadata Writer object names.
+*/}}
+{{- define "kubeflow.pipelines.metadataWriter.baseName" -}}
+{{- printf "ml-pipeline-metadata-writer" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataWriter.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.pipelines.metadataWriter.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataWriter.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (
+    list
+    (include "kubeflow.pipelines.metadataWriter.name" .)
+    .Values.pipelines.metadataWriter.serviceAccount)
+}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataWriter.roleName" -}}
+{{- include "kubeflow.pipelines.metadataWriter.name" . }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataWriter.roleBindingName" -}}
+{{- include "kubeflow.pipelines.metadataWriter.roleName" . }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Metadata Writer Service.
+*/}}
+{{- define "kubeflow.pipelines.metadataWriter.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.pipelines.metadataWriter.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataWriter.svc.addressWithNs" -}}
+{{ include "kubeflow.component.svc.addressWithNs"  (
+    list
+    .
+    (include "kubeflow.pipelines.metadataWriter.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataWriter.svc.addressWithSvc" -}}
+{{ include "kubeflow.component.svc.addressWithSvc"  (
+    list
+    .
+    (include "kubeflow.pipelines.metadataWriter.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataWriter.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.pipelines.metadataWriter.name" .)
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Metadata Writer object labels.
+*/}}
+{{- define "kubeflow.pipelines.metadataWriter.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.metadataWriter.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataWriter.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.metadataWriter.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Metadata Writer container image settings.
+*/}}
+{{- define "kubeflow.pipelines.metadataWriter.image" -}}
+{{- include "kubeflow.pipelines.image" (
+    list
+    .Values.defaults.image
+    .Values.pipelines.defaults.image
+    .Values.pipelines.metadataWriter.image
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataWriter.imagePullPolicy" -}}
+{{- include "kubeflow.pipelines.imagePullPolicy" (
+    list
+    .Values.defaults.image
+    .Values.pipelines.defaults.image
+    .Values.pipelines.metadataWriter.image
+)}}
+{{- end }}
+
+
+{{/*
+Kubeflow Pipelines Metadata Writer Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.pipelines.metadataWriter.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.metadataWriter.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataWriter.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.metadataWriter.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataWriter.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.metadataWriter.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataWriter.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.metadataWriter.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataWriter.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.metadataWriter.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataWriter.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.pipelines.metadataWriter.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Metadata Writer Security Context.
+*/}}
+{{- define "kubeflow.pipelines.metadataWriter.containerSecurityContext" -}}
+{{- include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.pipelines.metadataWriter.containerSecurityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Metadata Writer Scheduling.
+*/}}
+{{- define "kubeflow.pipelines.metadataWriter.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.pipelines.metadataWriter.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataWriter.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.pipelines.metadataWriter.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataWriter.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.pipelines.metadataWriter.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataWriter.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.pipelines.metadataWriter.affinity
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Metadata Writer enable and create toggles.
+*/}}
+{{- define "kubeflow.pipelines.metadataWriter.enabled" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.pipelines.enabled" . | eq "true")
+    .Values.pipelines.metadataWriter.enabled
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataWriter.rbac.createRoles" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.pipelines.metadataWriter.enabled" . | eq "true")
+    .Values.pipelines.metadataWriter.rbac.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.metadataWriter.createServiceAccount" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.pipelines.metadataWriter.enabled" . | eq "true")
+    .Values.pipelines.metadataWriter.serviceAccount.create
+)}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.mlPipeline.config.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.mlPipeline.config.tpl
new file mode 100644
index 00000000..ae1fb959
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.mlPipeline.config.tpl
@@ -0,0 +1,243 @@
+{{/*
+Kubeflow Pipelines ML Pipeline (api-server) config.
+*/}}
+
+{{/*
+NOTE/TODO: KFP 2.0.2 supports postresql. This needs to be handled.
+https://github.com/kubeflow/pipelines/blob/2.0.2/backend/src/apiserver/client_manager/client_manager.go#L47
+
+relic variables
+https://github.com/kubeflow/pipelines/blob/2.0.2/manifests/kustomize/base/pipeline/ml-pipeline-apiserver-deployment.yaml#L36
+
+mysql config
+https://github.com/kubeflow/pipelines/blob/2.0.2/manifests/kustomize/base/pipeline/ml-pipeline-apiserver-deployment.yaml#L73
+
+DBConfig.MySQLConfig.Host == DBCONFIG_MYSQLCONFIG_HOST
+DBConfig.PostgreSQLConfig.Host == DBCONFIG_POSTGRESQLCONFIG_HOST
+*/}}
+
+{{/*
+Environment names for database config.
+*/}}
+
+# This env name is currently hardcoded:
+# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L46
+{{- define "kubeflow.pipelines.mlPipeline.config.db.user.env.name" -}}
+{{- "DBCONFIG_MYSQLCONFIG_USER" }}
+{{- end }}
+
+# This env name is currently hardcoded:
+# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L47
+{{- define "kubeflow.pipelines.mlPipeline.config.db.password.env.name" -}}
+{{- "DBCONFIG_MYSQLCONFIG_PASSWORD" }}
+{{- end }}
+
+# This env name is currently hardcoded:
+# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L44
+{{- define "kubeflow.pipelines.mlPipeline.config.db.host.env.name" -}}
+{{- "DBCONFIG_MYSQLCONFIG_HOST" }}
+{{- end }}
+
+# This env name is currently hardcoded:
+# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L45
+{{- define "kubeflow.pipelines.mlPipeline.config.db.port.env.name" -}}
+{{- "DBCONFIG_MYSQLCONFIG_PORT" }}
+{{- end }}
+
+# This env name is currently hardcoded:
+# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L48
+{{- define "kubeflow.pipelines.mlPipeline.config.db.pipelineDatabaseName.env.name" -}}
+{{- "DBCONFIG_MYSQLCONFIG_DBNAME" }}
+{{- end }}
+
+# This env name is currently hardcoded:
+# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L53
+{{- define "kubeflow.pipelines.mlPipeline.config.db.conMaxLifetime.env.name" -}}
+{{- "DBCONFIG_CONMAXLIFETIME" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.config.db.driver.env.name" -}}
+{{- "DB_DRIVER_NAME" }}
+{{- end }}
+
+{{/*
+Environment names for object store config.
+*/}}
+
+# This env name is currently hardcoded:
+# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L408
+{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.secure.env.name" -}}
+{{- "OBJECTSTORECONFIG_SECURE" }}
+{{- end }}
+
+# This env name is currently hardcoded:
+# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L411
+{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.bucketName.env.name" -}}
+{{- "OBJECTSTORECONFIG_BUCKETNAME" }}
+{{- end }}
+
+# This env name is currently hardcoded:
+# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L402
+{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.host.env.name" -}}
+{{- "OBJECTSTORECONFIG_HOST" }}
+{{- end }}
+
+# This env name is currently hardcoded:
+# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L409
+{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.accessKey.env.name" -}}
+{{- "OBJECTSTORECONFIG_ACCESSKEY" }}
+{{- end }}
+
+# This env name is currently hardcoded:
+# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L410
+{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.secretAccessKey.env.name" -}}
+{{- "OBJECTSTORECONFIG_SECRETACCESSKEY" }}
+{{- end }}
+
+# This env name is currently hardcoded:
+# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L403
+{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.port.env.name" -}}
+{{- "OBJECTSTORECONFIG_PORT" }}
+{{- end }}
+
+# This env name is currently hardcoded:
+# https://github.com/kubeflow/pipelines/blob/63ca91850a9f42a357f3417110a3011ddbf43290/backend/src/apiserver/client_manager.go#L405
+{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.region.env.name" -}}
+{{- "OBJECTSTORECONFIG_REGION" }}
+{{- end }}
+
+{{/*
+Environment Entries parametrization for database configuration with plaintext
+value or through Secrets.
+*/}}
+
+{{- define "kubeflow.pipelines.mlPipeline.config.db.user.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.mlPipeline.config.db.user.env.name" . )
+    .Values.pipelines.config.db.existingSecretName
+    .Values.pipelines.config.db.user
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.config.db.password.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.mlPipeline.config.db.password.env.name" . )
+    .Values.pipelines.config.db.existingSecretName
+    .Values.pipelines.config.db.password
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.config.db.host.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.mlPipeline.config.db.host.env.name" . )
+    .Values.pipelines.config.db.existingSecretName
+    .Values.pipelines.config.db.host
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.config.db.port.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.mlPipeline.config.db.port.env.name" . )
+    .Values.pipelines.config.db.existingSecretName
+    .Values.pipelines.config.db.port
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.config.db.pipelineDatabaseName.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.mlPipeline.config.db.pipelineDatabaseName.env.name" . )
+    .Values.pipelines.config.db.existingSecretName
+    .Values.pipelines.config.db.pipelineDatabaseName
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.config.db.conMaxLifetime.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.mlPipeline.config.db.conMaxLifetime.env.name" . )
+    .Values.pipelines.config.db.existingSecretName
+    .Values.pipelines.config.db.conMaxLifetime
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.config.db.driver.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.mlPipeline.config.db.driver.env.name" . )
+    .Values.pipelines.config.db.existingSecretName
+    .Values.pipelines.config.db.driver
+) }}
+{{- end }}
+
+{{/*
+Environment Entries parametrization for object store config with plaintext value
+or through Secrets.
+*/}}
+
+{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.secure.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.mlPipeline.config.objectStore.secure.env.name" . )
+    .Values.pipelines.config.objectStore.existingSecretName
+    .Values.pipelines.config.objectStore.secure
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.bucketName.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.mlPipeline.config.objectStore.bucketName.env.name" . )
+    .Values.pipelines.config.objectStore.existingSecretName
+    .Values.pipelines.config.objectStore.bucketName
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.host.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.mlPipeline.config.objectStore.host.env.name" . )
+    .Values.pipelines.config.objectStore.existingSecretName
+    .Values.pipelines.config.objectStore.host
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.accessKey.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.mlPipeline.config.objectStore.accessKey.env.name" . )
+    .Values.pipelines.config.objectStore.existingSecretName
+    .Values.pipelines.config.objectStore.accessKey
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.secretAccessKey.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.mlPipeline.config.objectStore.secretAccessKey.env.name" . )
+    .Values.pipelines.config.objectStore.existingSecretName
+    .Values.pipelines.config.objectStore.secretAccessKey
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.port.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.mlPipeline.config.objectStore.port.env.name" . )
+    .Values.pipelines.config.objectStore.existingSecretName
+    .Values.pipelines.config.objectStore.port
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.config.objectStore.region.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.mlPipeline.config.objectStore.region.env.name" . )
+    .Values.pipelines.config.objectStore.existingSecretName
+    .Values.pipelines.config.objectStore.region
+) }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.mlPipeline.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.mlPipeline.tpl
new file mode 100644
index 00000000..01c46265
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.mlPipeline.tpl
@@ -0,0 +1,220 @@
+{{/*
+Kubeflow Pipelines ML Pipeline (api-server) object names.
+*/}}
+{{- define "kubeflow.pipelines.mlPipeline.baseName" -}}
+{{- printf "ml-pipeline" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.pipelines.mlPipeline.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (
+    list
+    (include "kubeflow.pipelines.mlPipeline.name" .)
+    .Values.pipelines.mlPipeline.serviceAccount)
+}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.serviceAccountPrincipal" -}}
+{{- include "kubeflow.component.serviceAccountPrincipal" (
+    list
+    .
+    (include "kubeflow.pipelines.mlPipeline.serviceAccountName" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.roleName" -}}
+{{- include "kubeflow.pipelines.mlPipeline.name" . }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.roleBindingName" -}}
+{{- include "kubeflow.pipelines.mlPipeline.roleName" . }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines ML Pipeline Service.
+*/}}
+{{- define "kubeflow.pipelines.mlPipeline.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.pipelines.mlPipeline.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.svc.addressWithNs" -}}
+{{ include "kubeflow.component.svc.addressWithNs"  (
+    list
+    .
+    (include "kubeflow.pipelines.mlPipeline.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.svc.addressWithSvc" -}}
+{{ include "kubeflow.component.svc.addressWithSvc"  (
+    list
+    .
+    (include "kubeflow.pipelines.mlPipeline.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.pipelines.mlPipeline.name" .)
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines ML Pipeline object labels.
+*/}}
+{{- define "kubeflow.pipelines.mlPipeline.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.mlPipeline.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.mlPipeline.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines ML Pipeline container image settings.
+*/}}
+{{- define "kubeflow.pipelines.mlPipeline.image" -}}
+{{- include "kubeflow.pipelines.image" (
+    list
+    .Values.defaults.image
+    .Values.pipelines.defaults.image
+    .Values.pipelines.mlPipeline.image
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.imagePullPolicy" -}}
+{{- include "kubeflow.pipelines.imagePullPolicy" (
+    list
+    .Values.defaults.image
+    .Values.pipelines.defaults.image
+    .Values.pipelines.mlPipeline.image
+)}}
+{{- end }}
+
+
+{{/*
+Kubeflow Pipelines ML Pipeline Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.pipelines.mlPipeline.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.mlPipeline.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.mlPipeline.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.mlPipeline.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.mlPipeline.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.mlPipeline.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.pipelines.mlPipeline.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines ML Pipeline Security Context.
+*/}}
+{{- define "kubeflow.pipelines.mlPipeline.containerSecurityContext" -}}
+{{- include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.pipelines.mlPipeline.containerSecurityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines ML Pipeline Scheduling.
+*/}}
+{{- define "kubeflow.pipelines.mlPipeline.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.pipelines.mlPipeline.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.pipelines.mlPipeline.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.pipelines.mlPipeline.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.pipelines.mlPipeline.affinity
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines ML Pipeline enable and create toggles.
+*/}}
+{{- define "kubeflow.pipelines.mlPipeline.enabled" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.pipelines.enabled" . | eq "true")
+    .Values.pipelines.mlPipeline.enabled
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.rbac.createRoles" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.pipelines.mlPipeline.enabled" . | eq "true")
+    .Values.pipelines.mlPipeline.rbac.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.createServiceAccount" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.pipelines.mlPipeline.enabled" . | eq "true")
+    .Values.pipelines.mlPipeline.serviceAccount.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.mlPipeline.createIstioIntegrationObjects" -}}
+{{- ternary true "" (
+    and
+        (include "kubeflow.pipelines.mlPipeline.enabled" . | eq "true" )
+        .Values.istioIntegration.enabled
+)}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.persistenceAgent.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.persistenceAgent.tpl
new file mode 100644
index 00000000..8cabf331
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.persistenceAgent.tpl
@@ -0,0 +1,208 @@
+{{/*
+Kubeflow Pipelines Persistence Agent object names.
+*/}}
+{{- define "kubeflow.pipelines.persistenceAgent.baseName" -}}
+{{- printf "ml-pipeline-persistenceagent" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.persistenceAgent.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.pipelines.persistenceAgent.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.persistenceAgent.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (
+    list
+    (include "kubeflow.pipelines.persistenceAgent.name" .)
+    .Values.pipelines.persistenceAgent.serviceAccount)
+}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.persistenceAgent.serviceAccountPrincipal" -}}
+{{- include "kubeflow.component.serviceAccountPrincipal" (
+    list
+    .
+    (include "kubeflow.pipelines.persistenceAgent.serviceAccountName" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.persistenceAgent.roleName" -}}
+{{- include "kubeflow.pipelines.persistenceAgent.name" . }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.persistenceAgent.roleBindingName" -}}
+{{- include "kubeflow.pipelines.persistenceAgent.roleName" . }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Persistence Agent Service.
+*/}}
+{{- define "kubeflow.pipelines.persistenceAgent.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.pipelines.persistenceAgent.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.persistenceAgent.svc.addressWithNs" -}}
+{{ include "kubeflow.component.svc.addressWithNs"  (
+    list
+    .
+    (include "kubeflow.pipelines.persistenceAgent.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.persistenceAgent.svc.addressWithSvc" -}}
+{{ include "kubeflow.component.svc.addressWithSvc"  (
+    list
+    .
+    (include "kubeflow.pipelines.persistenceAgent.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.persistenceAgent.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.pipelines.persistenceAgent.name" .)
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Persistence Agent object labels.
+*/}}
+{{- define "kubeflow.pipelines.persistenceAgent.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.persistenceAgent.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.persistenceAgent.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.persistenceAgent.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Persistence Agent container image settings.
+*/}}
+{{- define "kubeflow.pipelines.persistenceAgent.image" -}}
+{{- include "kubeflow.pipelines.image" (
+    list
+    .Values.defaults.image
+    .Values.pipelines.defaults.image
+    .Values.pipelines.persistenceAgent.image
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.persistenceAgent.imagePullPolicy" -}}
+{{- include "kubeflow.pipelines.imagePullPolicy" (
+    list
+    .Values.defaults.image
+    .Values.pipelines.defaults.image
+    .Values.pipelines.persistenceAgent.image
+)}}
+{{- end }}
+
+
+{{/*
+Kubeflow Pipelines Persistence Agent Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.pipelines.persistenceAgent.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.persistenceAgent.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.persistenceAgent.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.persistenceAgent.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.persistenceAgent.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.persistenceAgent.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.persistenceAgent.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.persistenceAgent.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.persistenceAgent.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.persistenceAgent.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.persistenceAgent.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.pipelines.persistenceAgent.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Persistence Agent Security Context.
+*/}}
+{{- define "kubeflow.pipelines.persistenceAgent.containerSecurityContext" -}}
+{{- include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.pipelines.persistenceAgent.containerSecurityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Persistence Agent Scheduling.
+*/}}
+{{- define "kubeflow.pipelines.persistenceAgent.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.pipelines.persistenceAgent.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.persistenceAgent.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.pipelines.persistenceAgent.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.persistenceAgent.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.pipelines.persistenceAgent.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.persistenceAgent.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.pipelines.persistenceAgent.affinity
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Persistence Agent enable and create toggles.
+*/}}
+{{- define "kubeflow.pipelines.persistenceAgent.enabled" -}}
+{{- and
+    (include "kubeflow.pipelines.enabled" . | eq "true")
+    .Values.pipelines.persistenceAgent.enabled
+}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.persistenceAgent.rbac.createRoles" -}}
+{{- and
+    (include "kubeflow.pipelines.persistenceAgent.enabled" . | eq "true")
+    .Values.pipelines.persistenceAgent.rbac.create }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.persistenceAgent.createServiceAccount" -}}
+{{- and
+    (include "kubeflow.pipelines.persistenceAgent.enabled" . | eq "true")
+    .Values.pipelines.persistenceAgent.serviceAccount.create
+}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.profileController.config.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.profileController.config.tpl
new file mode 100644
index 00000000..e32e67db
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.profileController.config.tpl
@@ -0,0 +1,51 @@
+{{/*
+Kubeflow Pipelines Profile Controller config.
+*/}}
+
+{{/*
+Environment names for object store config.
+*/}}
+
+{{- define "kubeflow.pipelines.profileController.config.objectStore.host.env.name" -}}
+{{- "MINIO_HOST" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.config.objectStore.accessKey.env.name" -}}
+{{- "MINIO_ACCESS_KEY" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.config.objectStore.secretAccessKey.env.name" -}}
+{{- "MINIO_SECRET_KEY" }}
+{{- end }}
+
+{{/*
+Environment Entries parametrization for object store configuration with plaintext
+value or through Secrets.
+*/}}
+
+{{- define "kubeflow.pipelines.profileController.config.objectStore.host.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.profileController.config.objectStore.host.env.name" . )
+    .Values.pipelines.config.objectStore.existingSecretName
+    .Values.pipelines.config.objectStore.host
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.config.objectStore.accessKey.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.profileController.config.objectStore.accessKey.env.name" . )
+    .Values.pipelines.config.objectStore.existingSecretName
+    .Values.pipelines.config.objectStore.accessKey
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.config.objectStore.secretAccessKey.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.profileController.config.objectStore.secretAccessKey.env.name" . )
+    .Values.pipelines.config.objectStore.existingSecretName
+    .Values.pipelines.config.objectStore.secretAccessKey
+) }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.profileController.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.profileController.tpl
new file mode 100644
index 00000000..952cace6
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.profileController.tpl
@@ -0,0 +1,227 @@
+{{/*
+Kubeflow Pipelines Profile Controller object names.
+*/}}
+{{- define "kubeflow.pipelines.profileController.baseName" -}}
+{{- printf "ml-pipeline-profile-controller" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.pipelines.profileController.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (
+    list
+    (include "kubeflow.pipelines.profileController.name" .)
+    .Values.pipelines.profileController.serviceAccount)
+}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.serviceAccountPrincipal" -}}
+{{- include "kubeflow.component.serviceAccountPrincipal" (
+    list
+    .
+    (include "kubeflow.pipelines.profileController.serviceAccountName" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.roleName" -}}
+{{- include "kubeflow.pipelines.profileController.name" . }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.roleBindingName" -}}
+{{- include "kubeflow.pipelines.profileController.roleName" . }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.configMapName" -}}
+{{- printf "%s-%s"
+    (include "kubeflow.pipelines.profileController.name" .)
+    "sync"
+}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines ML Pipeline Service.
+*/}}
+{{- define "kubeflow.pipelines.profileController.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.pipelines.profileController.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.svc.addressWithNs" -}}
+{{ include "kubeflow.component.svc.addressWithNs"  (
+    list
+    .
+    (include "kubeflow.pipelines.profileController.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.svc.addressWithSvc" -}}
+{{ include "kubeflow.component.svc.addressWithSvc"  (
+    list
+    .
+    (include "kubeflow.pipelines.profileController.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.pipelines.profileController.name" .)
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines ML Pipeline object labels.
+*/}}
+{{- define "kubeflow.pipelines.profileController.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.profileController.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.profileController.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines ML Pipeline container image settings.
+*/}}
+{{- define "kubeflow.pipelines.profileController.image" -}}
+{{- include "kubeflow.pipelines.image" (
+    list
+    .Values.defaults.image
+    .Values.pipelines.defaults.image
+    .Values.pipelines.profileController.image
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.imagePullPolicy" -}}
+{{- include "kubeflow.pipelines.imagePullPolicy" (
+    list
+    .Values.defaults.image
+    .Values.pipelines.defaults.image
+    .Values.pipelines.profileController.image
+)}}
+{{- end }}
+
+
+{{/*
+Kubeflow Pipelines ML Pipeline Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.pipelines.profileController.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.profileController.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.profileController.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.profileController.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.profileController.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.profileController.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.pipelines.profileController.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines ML Pipeline Security Context.
+*/}}
+{{- define "kubeflow.pipelines.profileController.containerSecurityContext" -}}
+{{- include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.pipelines.profileController.containerSecurityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines ML Pipeline Scheduling.
+*/}}
+{{- define "kubeflow.pipelines.profileController.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.pipelines.profileController.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.pipelines.profileController.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.pipelines.profileController.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.pipelines.profileController.affinity
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines ML Pipeline enable and create toggles.
+*/}}
+{{- define "kubeflow.pipelines.profileController.enabled" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.pipelines.enabled" . | eq "true")
+    .Values.pipelines.profileController.enabled
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.rbac.createRoles" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.pipelines.profileController.enabled" . | eq "true")
+    .Values.pipelines.profileController.rbac.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.createServiceAccount" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.pipelines.profileController.enabled" . | eq "true")
+    .Values.pipelines.profileController.serviceAccount.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.profileController.createIstioIntegrationObjects" -}}
+{{- ternary true "" (
+    and
+        (include "kubeflow.pipelines.profileController.enabled" . | eq "true" )
+        .Values.istioIntegration.enabled
+)}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.scheduledWorkflow.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.scheduledWorkflow.tpl
new file mode 100644
index 00000000..7fcad61e
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.scheduledWorkflow.tpl
@@ -0,0 +1,209 @@
+{{/*
+Kubeflow Pipelines Scheduled Workflow object names.
+*/}}
+{{- define "kubeflow.pipelines.scheduledWorkflow.baseName" -}}
+{{- printf "ml-pipeline-scheduledworkflow" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.scheduledWorkflow.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.pipelines.scheduledWorkflow.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.scheduledWorkflow.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (
+    list
+    (include "kubeflow.pipelines.scheduledWorkflow.name" .)
+    .Values.pipelines.scheduledWorkflow.serviceAccount)
+}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.scheduledWorkflow.serviceAccountPrincipal" -}}
+{{- include "kubeflow.component.serviceAccountPrincipal" (
+    list
+    .
+    (include "kubeflow.pipelines.scheduledWorkflow.serviceAccountName" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.scheduledWorkflow.roleName" -}}
+{{- include "kubeflow.pipelines.scheduledWorkflow.name" . }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.scheduledWorkflow.roleBindingName" -}}
+{{- include "kubeflow.pipelines.scheduledWorkflow.roleName" . }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Scheduled Workflow Service.
+*/}}
+{{- define "kubeflow.pipelines.scheduledWorkflow.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.pipelines.scheduledWorkflow.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.scheduledWorkflow.svc.addressWithNs" -}}
+{{ include "kubeflow.component.svc.addressWithNs"  (
+    list
+    .
+    (include "kubeflow.pipelines.scheduledWorkflow.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.scheduledWorkflow.svc.addressWithSvc" -}}
+{{ include "kubeflow.component.svc.addressWithSvc"  (
+    list
+    .
+    (include "kubeflow.pipelines.scheduledWorkflow.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.scheduledWorkflow.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.pipelines.scheduledWorkflow.name" .)
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Scheduled Workflow object labels.
+*/}}
+{{- define "kubeflow.pipelines.scheduledWorkflow.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.scheduledWorkflow.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.scheduledWorkflow.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.scheduledWorkflow.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Scheduled Workflow container image settings.
+*/}}
+{{- define "kubeflow.pipelines.scheduledWorkflow.image" -}}
+{{- include "kubeflow.pipelines.image" (
+    list
+    .Values.defaults.image
+    .Values.pipelines.defaults.image
+    .Values.pipelines.scheduledWorkflow.image
+)}}
+
+{{- end }}
+
+{{- define "kubeflow.pipelines.scheduledWorkflow.imagePullPolicy" -}}
+{{- include "kubeflow.pipelines.imagePullPolicy" (
+    list
+    .Values.defaults.image
+    .Values.pipelines.defaults.image
+    .Values.pipelines.scheduledWorkflow.image
+)}}
+{{- end }}
+
+
+{{/*
+Kubeflow Pipelines Scheduled Workflow Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.pipelines.scheduledWorkflow.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.scheduledWorkflow.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.scheduledWorkflow.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.scheduledWorkflow.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.scheduledWorkflow.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.scheduledWorkflow.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.scheduledWorkflow.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.scheduledWorkflow.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.scheduledWorkflow.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.scheduledWorkflow.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.scheduledWorkflow.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.pipelines.scheduledWorkflow.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Scheduled Workflow Security Context.
+*/}}
+{{- define "kubeflow.pipelines.scheduledWorkflow.containerSecurityContext" -}}
+{{- include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.pipelines.scheduledWorkflow.containerSecurityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Scheduled Workflow Scheduling.
+*/}}
+{{- define "kubeflow.pipelines.scheduledWorkflow.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.pipelines.scheduledWorkflow.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.scheduledWorkflow.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.pipelines.scheduledWorkflow.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.scheduledWorkflow.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.pipelines.scheduledWorkflow.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.scheduledWorkflow.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.pipelines.scheduledWorkflow.affinity
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Scheduled Workflow enable and create toggles.
+*/}}
+{{- define "kubeflow.pipelines.scheduledWorkflow.enabled" -}}
+{{- and
+    (include "kubeflow.pipelines.enabled" . | eq "true")
+    .Values.pipelines.scheduledWorkflow.enabled
+}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.scheduledWorkflow.rbac.createRoles" -}}
+{{- and
+    (include "kubeflow.pipelines.scheduledWorkflow.enabled" . | eq "true")
+    .Values.pipelines.scheduledWorkflow.rbac.create }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.scheduledWorkflow.createServiceAccount" -}}
+{{- and
+    (include "kubeflow.pipelines.scheduledWorkflow.enabled" . | eq "true")
+    .Values.pipelines.scheduledWorkflow.serviceAccount.create
+}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.tpl
new file mode 100644
index 00000000..b3218d9a
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.tpl
@@ -0,0 +1,150 @@
+{{/*
+Kubeflow Pipelines object names.
+*/}}
+{{- define "kubeflow.pipelines.baseName" -}}
+{{- printf "pipelines" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.baseRbacName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) (include "kubeflow.pipelines.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.pipelines.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.rbac.cacheDeployer.serviceAccountName" -}}
+{{- $saName := printf "%s-%s" (include "kubeflow.pipelines.baseRbacName" .) "cache-deployer" -}}
+{{- include "kubeflow.component.serviceAccountName"  (list $saName .Values.pipelines.serviceAccount) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.rbac.cacheDeployer.clusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.pipelines.baseRbacName" .) "cache-deployer" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.rbac.cacheDeployer.clusterRoleBindingName" -}}
+{{- include "kubeflow.pipelines.rbac.cacheDeployer.clusterRoleName" . }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines object labels.
+*/}}
+{{- define "kubeflow.pipelines.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines container image settings.
+*/}}
+
+{{- define "kubeflow.pipelines.image" -}}
+{{- $default := index . 0 -}}
+{{- $pipelinesDefault := index . 1 -}}
+{{- $component := index . 2 -}}
+{{- $registry := default $default.registry (default $pipelinesDefault.registry $component.registryOverwrite) -}}
+{{- $repository := $component.repository -}}
+{{- $tag := default $pipelinesDefault.tag $component.tagOverwrite -}}
+{{- printf "%s/%s:%s" $registry $repository $tag }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.imagePullPolicy" -}}
+{{- $default := index . 0 -}}
+{{- $pipelinesDefault := index . 1 -}}
+{{- $component := index . 2 -}}
+{{- $imagePullPolicy := default $default.pullPolicy (default $pipelinesDefault.pullPolicy $component.pullPolicyOverwrite) -}}
+{{- $imagePullPolicy }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.pipelines.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.pipelines.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Security Context.
+*/}}
+{{- define "kubeflow.pipelines.containerSecurityContext" -}}
+{{ include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.pipelines.containerSecurityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Scheduling.
+*/}}
+{{- define "kubeflow.pipelines.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.pipelines.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.pipelines.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.pipelines.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.pipelines.affinity
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines enable and create toggles.
+*/}}
+{{- define "kubeflow.pipelines.enabled" -}}
+{{- ternary true "" .Values.pipelines.enabled }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.ui.config.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.ui.config.tpl
new file mode 100644
index 00000000..cb4c8c35
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.ui.config.tpl
@@ -0,0 +1,51 @@
+{{/*
+Kubeflow Pipelines UI config.
+*/}}
+
+{{/*
+Environment names for object store config.
+*/}}
+
+{{- define "kubeflow.pipelines.ui.config.objectStore.host.env.name" -}}
+{{- "MINIO_HOST" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.config.objectStore.accessKey.env.name" -}}
+{{- "MINIO_ACCESS_KEY" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.config.objectStore.secretAccessKey.env.name" -}}
+{{- "MINIO_SECRET_KEY" }}
+{{- end }}
+
+{{/*
+Environment Entries parametrization for object store configuration with plaintext
+value or through Secrets.
+*/}}
+
+{{- define "kubeflow.pipelines.ui.config.objectStore.host.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.ui.config.objectStore.host.env.name" . )
+    .Values.pipelines.config.objectStore.existingSecretName
+    .Values.pipelines.config.objectStore.host
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.config.objectStore.accessKey.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.ui.config.objectStore.accessKey.env.name" . )
+    .Values.pipelines.config.objectStore.existingSecretName
+    .Values.pipelines.config.objectStore.accessKey
+) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.config.objectStore.secretAccessKey.env.spec" -}}
+{{- include "kubeflow.component.env.spec" (
+    list
+    (include "kubeflow.pipelines.ui.config.objectStore.secretAccessKey.env.name" . )
+    .Values.pipelines.config.objectStore.existingSecretName
+    .Values.pipelines.config.objectStore.secretAccessKey
+) }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.ui.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.ui.tpl
new file mode 100644
index 00000000..3dda1b1e
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.ui.tpl
@@ -0,0 +1,233 @@
+{{/*
+Kubeflow Pipelines UI (aka ml-pipeline-ui) object names.
+*/}}
+{{- define "kubeflow.pipelines.ui.baseName" -}}
+{{- printf "ml-pipeline-ui" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.pipelines.ui.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (
+    list
+    (include "kubeflow.pipelines.ui.name" .)
+    .Values.pipelines.ui.serviceAccount)
+}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.serviceAccountPrincipal" -}}
+{{- include "kubeflow.component.serviceAccountPrincipal" (
+    list
+    .
+    (include "kubeflow.pipelines.ui.serviceAccountName" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.configMapName" -}}
+{{- include "kubeflow.pipelines.ui.name" . }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.roleName" -}}
+{{- include "kubeflow.pipelines.ui.name" . }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.roleBindingName" -}}
+{{- include "kubeflow.pipelines.ui.roleName" . }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.authorizationPolicyExtAuthName" -}}
+{{ include "kubeflow.component.authorizationPolicyExtAuthName" (
+    list
+    (include "kubeflow.pipelines.ui.name" .)
+    .Values.istioIntegration
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines UI Service.
+*/}}
+{{- define "kubeflow.pipelines.ui.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.pipelines.ui.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.svc.addressWithNs" -}}
+{{ include "kubeflow.component.svc.addressWithNs"  (
+    list
+    .
+    (include "kubeflow.pipelines.ui.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.svc.addressWithSvc" -}}
+{{ include "kubeflow.component.svc.addressWithSvc"  (
+    list
+    .
+    (include "kubeflow.pipelines.ui.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.pipelines.ui.name" .)
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines UI object labels.
+*/}}
+{{- define "kubeflow.pipelines.ui.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.ui.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.ui.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines UI container image settings.
+*/}}
+{{- define "kubeflow.pipelines.ui.image" -}}
+{{- include "kubeflow.pipelines.image" (
+    list
+    .Values.defaults.image
+    .Values.pipelines.defaults.image
+    .Values.pipelines.ui.image
+)}}
+
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.imagePullPolicy" -}}
+{{- include "kubeflow.pipelines.imagePullPolicy" (
+    list
+    .Values.defaults.image
+    .Values.pipelines.defaults.image
+    .Values.pipelines.ui.image
+)}}
+{{- end }}
+
+
+{{/*
+Kubeflow Pipelines UI Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.pipelines.ui.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.ui.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.ui.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.ui.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.ui.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.ui.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.pipelines.ui.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines UI Security Context.
+*/}}
+{{- define "kubeflow.pipelines.ui.containerSecurityContext" -}}
+{{- include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.pipelines.ui.containerSecurityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines UI Scheduling.
+*/}}
+{{- define "kubeflow.pipelines.ui.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.pipelines.ui.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.pipelines.ui.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.pipelines.ui.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.pipelines.ui.affinity
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines UI enable and create toggles.
+*/}}
+{{- define "kubeflow.pipelines.ui.enabled" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.pipelines.enabled" . | eq "true")
+    .Values.pipelines.ui.enabled
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.rbac.createRoles" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.pipelines.ui.enabled" . | eq "true")
+    .Values.pipelines.ui.rbac.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.createServiceAccount" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.pipelines.ui.enabled" . | eq "true")
+    .Values.pipelines.ui.serviceAccount.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.ui.createIstioIntegrationObjects" -}}
+{{- ternary true "" (
+    and
+        (include "kubeflow.pipelines.ui.enabled" . | eq "true" )
+        .Values.istioIntegration.enabled
+)}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.viewerCrd.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.viewerCrd.tpl
new file mode 100644
index 00000000..59fb4d63
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.viewerCrd.tpl
@@ -0,0 +1,209 @@
+{{/*
+Kubeflow Pipelines ML Pipeline object names.
+*/}}
+{{- define "kubeflow.pipelines.viewerCrd.baseName" -}}
+{{- printf "ml-pipeline-viewer-crd" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.viewerCrd.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.pipelines.viewerCrd.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.viewerCrd.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (
+    list
+    (include "kubeflow.pipelines.viewerCrd.name" .)
+    .Values.pipelines.viewerCrd.serviceAccount)
+}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.viewerCrd.serviceAccountPrincipal" -}}
+{{- include "kubeflow.component.serviceAccountPrincipal" (
+    list
+    .
+    (include "kubeflow.pipelines.viewerCrd.serviceAccountName" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.viewerCrd.roleName" -}}
+{{- include "kubeflow.pipelines.viewerCrd.name" . }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.viewerCrd.roleBindingName" -}}
+{{- include "kubeflow.pipelines.viewerCrd.roleName" . }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines ML Pipeline Service.
+*/}}
+{{- define "kubeflow.pipelines.viewerCrd.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.pipelines.viewerCrd.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.viewerCrd.svc.addressWithNs" -}}
+{{ include "kubeflow.component.svc.addressWithNs"  (
+    list
+    .
+    (include "kubeflow.pipelines.viewerCrd.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.viewerCrd.svc.addressWithSvc" -}}
+{{ include "kubeflow.component.svc.addressWithSvc"  (
+    list
+    .
+    (include "kubeflow.pipelines.viewerCrd.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.viewerCrd.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.pipelines.viewerCrd.name" .)
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines ML Pipeline object labels.
+*/}}
+{{- define "kubeflow.pipelines.viewerCrd.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.viewerCrd.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.viewerCrd.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.viewerCrd.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines ML Pipeline container image settings.
+*/}}
+{{- define "kubeflow.pipelines.viewerCrd.image" -}}
+{{- include "kubeflow.pipelines.image" (
+    list
+    .Values.defaults.image
+    .Values.pipelines.defaults.image
+    .Values.pipelines.viewerCrd.image
+)}}
+
+{{- end }}
+
+{{- define "kubeflow.pipelines.viewerCrd.imagePullPolicy" -}}
+{{- include "kubeflow.pipelines.imagePullPolicy" (
+    list
+    .Values.defaults.image
+    .Values.pipelines.defaults.image
+    .Values.pipelines.viewerCrd.image
+)}}
+{{- end }}
+
+
+{{/*
+Kubeflow Pipelines ML Pipeline Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.pipelines.viewerCrd.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.viewerCrd.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.viewerCrd.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.viewerCrd.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.viewerCrd.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.viewerCrd.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.viewerCrd.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.viewerCrd.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.viewerCrd.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.viewerCrd.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.viewerCrd.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.pipelines.viewerCrd.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines ML Pipeline Security Context.
+*/}}
+{{- define "kubeflow.pipelines.viewerCrd.containerSecurityContext" -}}
+{{- include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.pipelines.viewerCrd.containerSecurityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines ML Pipeline Scheduling.
+*/}}
+{{- define "kubeflow.pipelines.viewerCrd.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.pipelines.viewerCrd.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.viewerCrd.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.pipelines.viewerCrd.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.viewerCrd.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.pipelines.viewerCrd.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.viewerCrd.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.pipelines.viewerCrd.affinity
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines ML Pipeline enable and create toggles.
+*/}}
+{{- define "kubeflow.pipelines.viewerCrd.enabled" -}}
+{{- and
+    (include "kubeflow.pipelines.enabled" . | eq "true")
+    .Values.pipelines.viewerCrd.enabled
+}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.viewerCrd.rbac.createRoles" -}}
+{{- and
+    (include "kubeflow.pipelines.viewerCrd.enabled" . | eq "true")
+    .Values.pipelines.viewerCrd.rbac.create }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.viewerCrd.createServiceAccount" -}}
+{{- and
+    (include "kubeflow.pipelines.viewerCrd.enabled" . | eq "true")
+    .Values.pipelines.viewerCrd.serviceAccount.create
+}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.visualization.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.visualization.tpl
new file mode 100644
index 00000000..e40b4663
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.pipelines.visualization.tpl
@@ -0,0 +1,213 @@
+{{/*
+Kubeflow Pipelines Visualization object names.
+*/}}
+{{- define "kubeflow.pipelines.visualization.baseName" -}}
+{{- printf "ml-pipeline-visualizationserver" }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.visualization.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.pipelines.visualization.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.visualization.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (
+    list
+    (include "kubeflow.pipelines.visualization.name" .)
+    .Values.pipelines.visualization.serviceAccount)
+}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.visualization.roleName" -}}
+{{- include "kubeflow.pipelines.visualization.name" . }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.visualization.roleBindingName" -}}
+{{- include "kubeflow.pipelines.visualization.roleName" . }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Visualization Service.
+*/}}
+{{- define "kubeflow.pipelines.visualization.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.pipelines.visualization.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.visualization.svc.addressWithNs" -}}
+{{ include "kubeflow.component.svc.addressWithNs"  (
+    list
+    .
+    (include "kubeflow.pipelines.visualization.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.visualization.svc.addressWithSvc" -}}
+{{ include "kubeflow.component.svc.addressWithSvc"  (
+    list
+    .
+    (include "kubeflow.pipelines.visualization.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.visualization.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.pipelines.visualization.name" .)
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Visualization object labels.
+*/}}
+{{- define "kubeflow.pipelines.visualization.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.pipelines.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.visualization.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.visualization.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.pipelines.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.pipelines.visualization.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Visualization container image settings.
+*/}}
+{{- define "kubeflow.pipelines.visualization.image" -}}
+{{- include "kubeflow.pipelines.image" (
+    list
+    .Values.defaults.image
+    .Values.pipelines.defaults.image
+    .Values.pipelines.visualization.image
+)}}
+
+{{- end }}
+
+{{- define "kubeflow.pipelines.visualization.imagePullPolicy" -}}
+{{- include "kubeflow.pipelines.imagePullPolicy" (
+    list
+    .Values.defaults.image
+    .Values.pipelines.defaults.image
+    .Values.pipelines.visualization.image
+)}}
+{{- end }}
+
+
+{{/*
+Kubeflow Pipelines Visualization Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.pipelines.visualization.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.pipelines.visualization.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.visualization.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.pipelines.visualization.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.visualization.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.pipelines.visualization.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.visualization.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.visualization.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.visualization.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.pipelines.visualization.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.pipelines.visualization.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.pipelines.visualization.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Visualization Security Context.
+*/}}
+{{- define "kubeflow.pipelines.visualization.containerSecurityContext" -}}
+{{- include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.pipelines.visualization.containerSecurityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Visualization Scheduling.
+*/}}
+{{- define "kubeflow.pipelines.visualization.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.pipelines.visualization.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.visualization.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.pipelines.visualization.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.visualization.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.pipelines.visualization.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.visualization.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.pipelines.visualization.affinity
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Visualization enable and create toggles.
+*/}}
+{{- define "kubeflow.pipelines.visualization.enabled" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.pipelines.enabled" . | eq "true")
+    .Values.pipelines.visualization.enabled
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.visualization.rbac.createRoles" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.pipelines.visualization.enabled" . | eq "true")
+    .Values.pipelines.visualization.rbac.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.visualization.createServiceAccount" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.pipelines.visualization.enabled" . | eq "true")
+    .Values.pipelines.visualization.serviceAccount.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.pipelines.visualization.createIstioIntegrationObjects" -}}
+{{- ternary true "" (
+    and
+        (include "kubeflow.pipelines.visualization.enabled" . | eq "true" )
+        .Values.istioIntegration.enabled
+)}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.profilesController.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.profilesController.tpl
new file mode 100644
index 00000000..1e317202
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.profilesController.tpl
@@ -0,0 +1,205 @@
+{{/*
+Kubeflow Profiles Controller object names.
+TODO: define profilesController.manager, standardize kubeflow.component.name template (and maybe others) to include ctx either as always first or always last.
+*/}}
+{{- define "kubeflow.profilesController.baseName" -}}
+{{- printf "profiles-controller" }}
+{{- end }}
+
+{{- define "kubeflow.profilesController.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.profilesController.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.profilesController.kfam.name" -}}
+{{- printf "%s-%s"
+    (include "kubeflow.profilesController.name" .)
+    "kfam"
+}}
+{{- end }}
+
+
+{{- define "kubeflow.profilesController.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (
+    list
+    (include "kubeflow.profilesController.name" .)
+    .Values.profilesController.serviceAccount
+)}}
+{{- end }}
+
+{{/*
+'cluster-admin' role should not be used...
+This is the default in kubeflow/manifests and kubeflow/kubeflow.
+TODO: use proper cluster role dedicated to profiles-controller.
+*/}}
+{{- define "kubeflow.profilesController.mainClusterRoleName" -}}
+{{- printf "cluster-admin" -}}
+{{- end }}
+
+
+{{- define "kubeflow.profilesController.mainClusterRoleBindingName" -}}
+{{- printf "%s-%s"
+    (include "kubeflow.fullname" .)
+    (include "kubeflow.profilesController.name" .)
+}}
+{{- end }}
+
+{{- define "kubeflow.profilesController.leaderElectionRoleName" -}}
+{{- printf "%s-%s-%s"
+    (include "kubeflow.fullname" .)
+    (include "kubeflow.profilesController.name" .)
+    "leader-election"
+}}
+{{- end }}
+
+{{- define "kubeflow.profilesController.leaderElectionRoleBindingName" -}}
+{{- include "kubeflow.profilesController.leaderElectionRoleName" . }}
+{{- end }}
+
+{{- define "kubeflow.profilesController.namespaceLabelsConfigMapName" -}}
+{{- printf "%s-%s"
+    (include "kubeflow.profilesController.name" .)
+    "namespace-labels"
+}}
+{{- end }}
+
+# ---
+{{/*
+Kubeflow Profiles Controller Service.
+*/}}
+{{- define "kubeflow.profilesController.kfam.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.profilesController.kfam.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.profilesController.kfam.svc.addressWithNs" -}}
+{{ include "kubeflow.component.svc.addressWithNs"  (
+    list
+    .
+    (include "kubeflow.profilesController.kfam.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.profilesController.kfam.svc.addressWithSvc" -}}
+{{ include "kubeflow.component.svc.addressWithSvc"  (
+    list
+    .
+    (include "kubeflow.profilesController.kfam.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.profilesController.kfam.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.profilesController.kfam.name" .)
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Profiles Controller object labels.
+*/}}
+{{- define "kubeflow.profilesController.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.profilesController.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.profilesController.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.profilesController.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Profiles Controller container image settings.
+*/}}
+{{- define "kubeflow.profilesController.manager.image" -}}
+{{ include "kubeflow.component.image" (list .Values.defaults.image .Values.profilesController.manager.image) }}
+{{- end }}
+
+{{- define "kubeflow.profilesController.kfam.image" -}}
+{{ include "kubeflow.component.image" (list .Values.defaults.image .Values.profilesController.kfam.image) }}
+{{- end }}
+
+{{- define "kubeflow.profilesController.manager.imagePullPolicy" -}}
+{{ include "kubeflow.component.imagePullPolicy" (list .Values.defaults.image .Values.profilesController.manager.image) }}
+{{- end }}
+
+{{- define "kubeflow.profilesController.kfam.imagePullPolicy" -}}
+{{ include "kubeflow.component.imagePullPolicy" (list .Values.defaults.image .Values.profilesController.kfam.image) }}
+{{- end }}
+
+{{/*
+Kubeflow Profiles Controller Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.profilesController.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (
+    list
+    .Values.defaults.autoscaling
+    .Values.profilesController.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.profilesController.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.profilesController.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.profilesController.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.profilesController.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.profilesController.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.profilesController.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.profilesController.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.profilesController.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.profilesController.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.profilesController.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Profiles Controller enable and create toggles.
+*/}}
+{{- define "kubeflow.profilesController.enabled" -}}
+{{- .Values.profilesController.enabled }}
+{{- end }}
+
+{{- define "kubeflow.profilesController.createIstioIntegrationObjects" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.profilesController.enabled" . | eq "true" )
+    .Values.istioIntegration.enabled
+)}}
+{{- end }}
+
+{{- define "kubeflow.profilesController.rbac.createRoles" -}}
+{{- and
+    (include "kubeflow.profilesController.enabled" . | eq "true")
+    .Values.profilesController.rbac.create }}
+{{- end }}
+
+{{- define "kubeflow.profilesController.createServiceAccount" -}}
+{{- and
+    (include "kubeflow.profilesController.enabled" . | eq "true")
+    .Values.profilesController.serviceAccount.create
+}}
+{{- end }}
+
+{{- define "kubeflow.profilesController.pdb.create" -}}
+{{- include "kubeflow.component.pdb.create" (
+    list
+    (include "kubeflow.profilesController.enabled" .)
+    .Values.defaults.podDisruptionBudget
+    .Values.profilesController.podDisruptionBudget
+)}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.tensorboard.controller.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.tensorboard.controller.tpl
new file mode 100644
index 00000000..d85efb99
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.tensorboard.controller.tpl
@@ -0,0 +1,314 @@
+{{/*
+Kubeflow Tensorboard Controller object names.
+*/}}
+{{- define "kubeflow.tensorboard.controller.baseName" -}}
+{{- printf "tensorboard-controller" }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.tensorboard.controller.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.manager.name" -}}
+{{- printf "%s-%s"
+    (include "kubeflow.tensorboard.controller.name" .)
+    "manager"
+}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.kubeRbacProxy.name" -}}
+{{- printf "%s-%s"
+    (include "kubeflow.tensorboard.controller.name" .)
+    "kube-rbac-proxy"
+}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (
+    list
+    (include "kubeflow.tensorboard.controller.name" .)
+    .Values.tensorboard.controller.serviceAccount
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.mainClusterRoleName" -}}
+{{- printf "%s-%s"
+    (include "kubeflow.fullname" .)
+    (include "kubeflow.tensorboard.controller.name" .)
+}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.mainClusterRoleBindingName" -}}
+{{- include "kubeflow.tensorboard.controller.mainClusterRoleName" . }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.leaderElectionRoleName" -}}
+{{- printf "%s-%s-%s"
+    (include "kubeflow.fullname" .)
+    (include "kubeflow.tensorboard.controller.name" .)
+    "leader-election"
+}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.leaderElectionRoleBindingName" -}}
+{{- include "kubeflow.tensorboard.controller.leaderElectionRoleName" . }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.metricsReaderClusterRoleName" -}}
+{{- printf "%s-%s-%s"
+    (include "kubeflow.fullname" .)
+    (include "kubeflow.tensorboard.controller.name" .)
+    "metrics-reader"
+}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.metricsReaderClusterRoleBindingName" -}}
+{{- include "kubeflow.tensorboard.controller.metricsReaderClusterRoleName" . }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.proxyClusterRoleName" -}}
+{{- printf "%s-%s-%s"
+    (include "kubeflow.fullname" .)
+    (include "kubeflow.tensorboard.controller.name" .)
+    "proxy"
+}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.proxyClusterRoleBindingName" -}}
+{{- include "kubeflow.tensorboard.controller.proxyClusterRoleName" . }}
+{{- end }}
+
+{{/*
+Kubeflow Tensorboard Controller Manager Metrics Service.
+*/}}
+
+{{- define "kubeflow.tensorboard.controller.metricsService.svc.name" -}}
+{{- printf "%s-%s"
+    ( include "kubeflow.component.svc.name" (
+        include "kubeflow.tensorboard.controller.name" .
+    ))
+    "controller-manager-metrics-service"
+}}
+{{- end }}
+
+{{/*
+Kubeflow Tensorboard Controller object labels.
+*/}}
+{{- define "kubeflow.tensorboard.controller.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.tensorboard.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.tensorboard.controller.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.tensorboard.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.tensorboard.controller.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Tensorboard Controller Manager container image settings.
+*/}}
+{{- define "kubeflow.tensorboard.controller.manager.image" -}}
+{{ include "kubeflow.component.image" (
+    list
+    .Values.defaults.image
+    .Values.tensorboard.controller.manager.image
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.manager.tensorboardImage" -}}
+{{ include "kubeflow.component.image" (
+    list
+    .Values.defaults.image
+    .Values.tensorboard.controller.manager.config.tensorboard.image
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.manager.imagePullPolicy" -}}
+{{ include "kubeflow.component.imagePullPolicy" (
+    list
+    .Values.defaults.image
+    .Values.tensorboard.controller.manager.image
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Tensorboard Controller Kube RBAC Proxy container image settings.
+*/}}
+{{- define "kubeflow.tensorboard.controller.kubeRbacProxy.image" -}}
+{{ include "kubeflow.component.image" (
+    list
+    .Values.defaults.image
+    .Values.tensorboard.controller.kubeRbacProxy.image
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.kubeRbacProxy.imagePullPolicy" -}}
+{{ include "kubeflow.component.imagePullPolicy" (
+    list
+    .Values.defaults.image
+    .Values.tensorboard.controller.kubeRbacProxy.image
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Tensorboard Controller Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.tensorboard.controller.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (
+    list
+    .Values.defaults.autoscaling
+    .Values.tensorboard.controller.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (
+    list
+    .Values.defaults.autoscaling
+    .Values.tensorboard.controller.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (
+    list
+    .Values.defaults.autoscaling
+    .Values.tensorboard.controller.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (
+    list
+    .Values.defaults.autoscaling
+    .Values.tensorboard.controller.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.tensorboard.controller.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Tensorboard Controller Security Context.
+*/}}
+{{- define "kubeflow.tensorboard.controller.manager.containerSecurityContext" -}}
+{{ include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.tensorboard.controller.manager.containerSecurityContext
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.kubeRbacProxy.containerSecurityContext" -}}
+{{ include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.tensorboard.controller.kubeRbacProxy.containerSecurityContext
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.securityContext" -}}
+{{ include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.tensorboard.controller.securityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Tensorboard Controller Scheduling.
+*/}}
+{{- define "kubeflow.tensorboard.controller.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.tensorboard.controller.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.nodeSelector" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.tensorboard.controller.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.tensorboard.controller.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.tensorboard.controller.affinity
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.terminationGracePeriodSeconds" -}}
+{{ include "kubeflow.component.terminationGracePeriodSeconds" (
+    list
+    .Values.defaults.terminationGracePeriodSeconds
+    .Values.tensorboard.controller.terminationGracePeriodSeconds
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Tensorboard Controller enable and create toggles.
+*/}}
+{{- define "kubeflow.tensorboard.controller.enabled" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.tensorboard.enabled" . | eq "true")
+    .Values.tensorboard.controller.enabled
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (
+    list
+    .Values.defaults.autoscaling
+    .Values.tensorboard.controller.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.rbac.createRoles" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.tensorboard.controller.enabled" . | eq "true")
+    .Values.tensorboard.controller.rbac.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.createServiceAccount" -}}
+{{- ternary true "" (
+and
+    (include "kubeflow.tensorboard.controller.enabled" . | eq "true")
+    .Values.tensorboard.controller.serviceAccount.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.controller.pdb.create" -}}
+{{- include "kubeflow.component.pdb.create" (
+    list
+    (include "kubeflow.tensorboard.controller.enabled" .)
+    .Values.defaults.podDisruptionBudget
+    .Values.tensorboard.controller.podDisruptionBudget
+)}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.tensorboard.tensorboardsWebApp.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.tensorboard.tensorboardsWebApp.tpl
new file mode 100644
index 00000000..482aef7d
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.tensorboard.tensorboardsWebApp.tpl
@@ -0,0 +1,220 @@
+{{/*
+Kubeflow Tensorboard Tensorboards Web App object names.
+*/}}
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.baseName" -}}
+{{- printf "tensorboards-web-app" }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.tensorboard.tensorboardsWebApp.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Tensorboard Tensorboards Web App object labels.
+*/}}
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.tensorboard.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.tensorboard.tensorboardsWebApp.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.tensorboard.name" .) }}
+{{ include "kubeflow.component.subcomponent.labels" (include "kubeflow.tensorboard.tensorboardsWebApp.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.image" -}}
+{{ include "kubeflow.component.image" (list .Values.defaults.image .Values.tensorboard.tensorboardsWebApp.image) }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.imagePullPolicy" -}}
+{{ include "kubeflow.component.imagePullPolicy" (list .Values.defaults.image .Values.tensorboard.tensorboardsWebApp.image) }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.tensorboard.tensorboardsWebApp.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.tensorboard.tensorboardsWebApp.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.tensorboard.tensorboardsWebApp.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.tensorboard.tensorboardsWebApp.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.tensorboard.tensorboardsWebApp.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.mainClusterRoleName" -}}
+{{- printf "%s-%s"
+    (include "kubeflow.fullname" .)
+    (include "kubeflow.tensorboard.tensorboardsWebApp.name" .)
+}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.mainClusterRoleBindingName" -}}
+{{- include "kubeflow.tensorboard.tensorboardsWebApp.mainClusterRoleName" . }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.kfTenUiAdminClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "tensorboards-ui-admin" }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.kfTenUiEditClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "tensorboards-ui-edit" }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.kfTenUiViewClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "tensorboards-ui-view" }}
+{{- end }}
+
+{{/*
+Kubeflow Tensorboard Tensorboards Web App enable and create toggles.
+*/}}
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.enabled" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.tensorboard.enabled" . | eq "true")
+    .Values.tensorboard.tensorboardsWebApp.enabled
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.createIstioIntegrationObjects" -}}
+{{- ternary true "" (
+    and
+        .Values.istioIntegration.enabled
+        (include "kubeflow.tensorboard.tensorboardsWebApp.enabled" . | eq "true" )
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.rbac.createRoles" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.tensorboard.tensorboardsWebApp.enabled" . | eq "true")
+    .Values.tensorboard.tensorboardsWebApp.rbac.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.createServiceAccount" -}}
+{{- ternary true "" (
+and
+    (include "kubeflow.tensorboard.tensorboardsWebApp.enabled" . | eq "true")
+    .Values.tensorboard.tensorboardsWebApp.serviceAccount.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (list (include "kubeflow.tensorboard.tensorboardsWebApp.name" .) .Values.tensorboard.tensorboardsWebApp.serviceAccount) }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.authorizationPolicyExtAuthName" -}}
+{{ include "kubeflow.component.authorizationPolicyExtAuthName" (
+    list
+    (include "kubeflow.tensorboard.tensorboardsWebApp.name" .)
+    .Values.istioIntegration
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Tensorboard Tensorboards Web App Service.
+*/}}
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.tensorboard.tensorboardsWebApp.name" .
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.svc.addressWithNs" -}}
+{{ include "kubeflow.component.svc.addressWithNs"  (
+    list
+    .
+    (include "kubeflow.tensorboard.tensorboardsWebApp.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.svc.addressWithSvc" -}}
+{{ include "kubeflow.component.svc.addressWithSvc"  (
+    list
+    .
+    (include "kubeflow.tensorboard.tensorboardsWebApp.name" .)
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.svc.fqdn" -}}
+{{ include "kubeflow.component.svc.fqdn"  (
+    list
+    .
+    (include "kubeflow.tensorboard.tensorboardsWebApp.name" .)
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Tensorboard Tensorboards Web App Security Context.
+*/}}
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.containerSecurityContext" -}}
+{{ include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.tensorboard.tensorboardsWebApp.containerSecurityContext
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.tensorboard.tensorboardsWebApp.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.tensorboard.tensorboardsWebApp.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.tensorboard.tensorboardsWebApp.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.tensorboard.tensorboardsWebApp.affinity
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.pdb.create" -}}
+{{- include "kubeflow.component.pdb.create" (
+    list
+    (include "kubeflow.tensorboard.tensorboardsWebApp.enabled" .)
+    .Values.defaults.podDisruptionBudget
+    .Values.tensorboard.tensorboardsWebApp.podDisruptionBudget
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tensorboardsWebApp.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.tensorboard.tensorboardsWebApp.podDisruptionBudget
+)}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.tensorboard.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.tensorboard.tpl
new file mode 100644
index 00000000..a341569c
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.tensorboard.tpl
@@ -0,0 +1,126 @@
+{{/*
+Kubeflow Tensorboard object names.
+*/}}
+{{- define "kubeflow.tensorboard.baseName" -}}
+{{- printf "tensorboard" }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.baseRbacName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) (include "kubeflow.tensorboard.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.tensorboard.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Tensorboard object labels.
+*/}}
+{{- define "kubeflow.tensorboard.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.tensorboard.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.tensorboard.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Tensorboard container image settings.
+*/}}
+{{- define "kubeflow.tensorboard.image" -}}
+{{ include "kubeflow.component.image" (list .Values.defaults.image .Values.tensorboard.image) }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.imagePullPolicy" -}}
+{{ include "kubeflow.component.imagePullPolicy" (list .Values.defaults.image .Values.tensorboard.image) }}
+{{- end }}
+
+{{/*
+Kubeflow Tensorboard Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.tensorboard.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (list .Values.defaults.autoscaling .Values.tensorboard.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (list .Values.defaults.autoscaling .Values.tensorboard.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (list .Values.defaults.autoscaling .Values.tensorboard.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (list .Values.defaults.autoscaling .Values.tensorboard.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (list .Values.defaults.autoscaling .Values.tensorboard.autoscaling) }}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.tensorboard.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Tensorboard Security Context.
+*/}}
+{{- define "kubeflow.tensorboard.containerSecurityContext" -}}
+{{ include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.tensorboard.containerSecurityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Tensorboard Scheduling.
+*/}}
+{{- define "kubeflow.tensorboard.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.tensorboard.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.tensorboard.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.tensorboard.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.tensorboard.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.tensorboard.affinity
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Tensorboard enable and create toggles.
+*/}}
+{{- define "kubeflow.tensorboard.enabled" -}}
+{{- ternary true "" .Values.tensorboard.enabled }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.trainingOperator.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.trainingOperator.tpl
new file mode 100644
index 00000000..f41eabe4
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/kubeflow.trainingOperator.tpl
@@ -0,0 +1,234 @@
+{{/*
+Kubeflow Training Operator object names.
+*/}}
+{{- define "kubeflow.trainingOperator.baseName" -}}
+{{- printf "training-operator" }}
+{{- end }}
+
+{{- define "kubeflow.trainingOperator.name" -}}
+{{- include "kubeflow.component.name" (
+    list
+    (include "kubeflow.trainingOperator.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflow.trainingOperator.serviceAccountName" -}}
+{{- include "kubeflow.component.serviceAccountName"  (
+    list
+    (include "kubeflow.trainingOperator.name" .)
+    .Values.trainingOperator.serviceAccount
+)}}
+{{- end }}
+
+{{- define "kubeflow.trainingOperator.mainClusterRoleName" -}}
+{{- printf "%s-%s"
+    (include "kubeflow.fullname" .)
+    (include "kubeflow.trainingOperator.name" .)
+}}
+{{- end }}
+
+{{- define "kubeflow.trainingOperator.mainClusterRoleBindingName" -}}
+{{- include "kubeflow.trainingOperator.mainClusterRoleName" . }}
+{{- end }}
+
+{{- define "kubeflow.trainingOperator.kfTrAdminClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "training-admin" }}
+{{- end }}
+
+{{- define "kubeflow.trainingOperator.kfTrEditClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "training-edit" }}
+{{- end }}
+
+{{- define "kubeflow.trainingOperator.kfTrViewClusterRoleName" -}}
+{{- printf "%s-%s" (include "kubeflow.fullname" .) "training-view" }}
+{{- end }}
+
+{{/*
+Role Aggregation Rule Labels
+*/}}
+{{- define "kubeflow.trainingOperator.kfTrAdminClusterRoleLabel" -}}
+{{- include "kubeflow.aggregationRule.labelBase" (include "kubeflow.trainingOperator.kfTrAdminClusterRoleName" .) -}}
+{{- end }}
+
+{{/*
+Kubeflow Training Operator Service.
+*/}}
+{{- define "kubeflow.trainingOperator.svc.name" -}}
+{{ include "kubeflow.component.svc.name" (
+    include "kubeflow.trainingOperator.name" .
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Training Operator object labels.
+*/}}
+{{- define "kubeflow.trainingOperator.labels" -}}
+{{ include "kubeflow.common.labels" . }}
+{{ include "kubeflow.component.labels" (include "kubeflow.trainingOperator.name" .) }}
+{{- end }}
+
+{{- define "kubeflow.trainingOperator.selectorLabels" -}}
+{{ include "kubeflow.common.selectorLabels" . }}
+{{ include "kubeflow.component.selectorLabels" (include "kubeflow.trainingOperator.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Training Operator container image settings.
+*/}}
+{{- define "kubeflow.trainingOperator.image" -}}
+{{ include "kubeflow.component.image" (
+    list
+    .Values.defaults.image
+    .Values.trainingOperator.image
+)}}
+{{- end }}
+
+{{- define "kubeflow.trainingOperator.imagePullPolicy" -}}
+{{ include "kubeflow.component.imagePullPolicy" (
+    list
+    .Values.defaults.image
+    .Values.trainingOperator.image
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Training Operator Autoscaling and Availability.
+*/}}
+{{- define "kubeflow.trainingOperator.autoscaling.minReplicas" -}}
+{{ include "kubeflow.component.autoscaling.minReplicas" (
+    list
+    .Values.defaults.autoscaling
+    .Values.trainingOperator.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.trainingOperator.autoscaling.maxReplicas" -}}
+{{ include "kubeflow.component.autoscaling.maxReplicas" (
+    list
+    .Values.defaults.autoscaling
+    .Values.trainingOperator.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.trainingOperator.autoscaling.targetCPUUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetCPUUtilizationPercentage" (
+    list
+    .Values.defaults.autoscaling
+    .Values.trainingOperator.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.trainingOperator.autoscaling.targetMemoryUtilizationPercentage" -}}
+{{ include "kubeflow.component.autoscaling.targetMemoryUtilizationPercentage" (
+    list
+    .Values.defaults.autoscaling
+    .Values.trainingOperator.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.trainingOperator.pdb.values" -}}
+{{- include "kubeflow.component.pdb.values" (
+    list
+    .Values.defaults.podDisruptionBudget
+    .Values.trainingOperator.podDisruptionBudget
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Training Operator Security Context.
+*/}}
+{{- define "kubeflow.trainingOperator.containerSecurityContext" -}}
+{{ include "kubeflow.component.containerSecurityContext" (
+    list
+    .Values.defaults.containerSecurityContext
+    .Values.trainingOperator.containerSecurityContext
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Training Operator Scheduling.
+*/}}
+{{- define "kubeflow.trainingOperator.topologySpreadConstraints" -}}
+{{ include "kubeflow.component.topologySpreadConstraints" (
+    list
+    .Values.defaults.topologySpreadConstraints
+    .Values.trainingOperator.topologySpreadConstraints
+)}}
+{{- end }}
+
+{{- define "kubeflow.trainingOperator.nodeSelector" -}}
+{{ include "kubeflow.component.nodeSelector" (
+    list
+    .Values.defaults.nodeSelector
+    .Values.trainingOperator.nodeSelector
+)}}
+{{- end }}
+
+{{- define "kubeflow.trainingOperator.tolerations" -}}
+{{ include "kubeflow.component.tolerations" (
+    list
+    .Values.defaults.tolerations
+    .Values.trainingOperator.tolerations
+)}}
+{{- end }}
+
+{{- define "kubeflow.trainingOperator.affinity" -}}
+{{ include "kubeflow.component.affinity" (
+    list
+    .Values.defaults.affinity
+    .Values.trainingOperator.affinity
+)}}
+{{- end }}
+
+{{- define "kubeflow.trainingOperator.terminationGracePeriodSeconds" -}}
+{{ include "kubeflow.component.terminationGracePeriodSeconds" (
+    list
+    .Values.defaults.terminationGracePeriodSeconds
+    .Values.trainingOperator.terminationGracePeriodSeconds
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Training Operator enable and create toggles.
+*/}}
+{{- define "kubeflow.trainingOperator.enabled" -}}
+{{- .Values.trainingOperator.enabled }}
+{{- end }}
+
+{{- define "kubeflow.trainingOperator.autoscaling.enabled" -}}
+{{ include "kubeflow.component.autoscaling.enabled" (
+    list
+    .Values.defaults.autoscaling
+    .Values.trainingOperator.autoscaling
+)}}
+{{- end }}
+
+{{- define "kubeflow.trainingOperator.rbac.createRoles" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflow.trainingOperator.enabled" . | eq "true")
+    .Values.trainingOperator.rbac.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.trainingOperator.createServiceAccount" -}}
+{{- ternary true "" (
+and
+    (include "kubeflow.trainingOperator.enabled" . | eq "true")
+    .Values.trainingOperator.serviceAccount.create
+)}}
+{{- end }}
+
+{{- define "kubeflow.trainingOperator.pdb.create" -}}
+{{- include "kubeflow.component.pdb.create" (
+    list
+    (include "kubeflow.trainingOperator.enabled" .)
+    .Values.defaults.podDisruptionBudget
+    .Values.trainingOperator.podDisruptionBudget
+)}}
+{{- end }}
+
+{{- define "kubeflow.trainingOperator.tlsCertSecretName" -}}
+{{- printf "training-operator-webhook-cert" }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/validation.tpl b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/validation.tpl
new file mode 100644
index 00000000..d484876b
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_helpers/validation.tpl
@@ -0,0 +1,51 @@
+{{/*
+Dex validations.
+*/}}
+
+{{- if (ne .Values.dexIntegration.integrationType "internal" ) -}}
+{{- fail "Currently only 'dexIntegration.integrationType: internal' is supported." -}}
+{{- end }}
+
+{{- if (ne .Values.dexIntegration.integrationMode "istio" ) -}}
+{{- fail "Currently only 'dexIntegration.integrationMode: istio' is supported." -}}
+{{- end }}
+
+{{- if (ne .Values.pipelines.config.db.driver.value "mysql" ) -}}
+{{- fail "Currently only 'pipelines.config.db.driver: mysql' is supported." -}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines validations.
+*/}}
+
+# vars
+{{- $hardcodedSecretName := "mlpipeline-minio-artifact" -}}
+{{- $objectStoreCredentialsSecretKeyRefMessage := (.Files.Get "files/validation-messages/objectstore-accesskey-secretaccesskey-secret-ref.txt") -}}
+{{- $secretConstraintsGeneralMessage := (.Files.Get "files/validation-messages/mlpipeline-minio-artifact.txt") -}}
+
+# Check if the secret name for object store is either nil or $hardcodedSecretName.
+{{- range $key, $val := (dict
+    ".Values.pipelines.config.objectStore.existingSecretName" .Values.pipelines.config.objectStore.existingSecretName
+    ".Values.pipelines.config.objectStore.accessKey.secretKeyRef.name" .Values.pipelines.config.objectStore.accessKey.secretKeyRef.name
+    ".Values.pipelines.config.objectStore.secretAccessKey.secretKeyRef.name" .Values.pipelines.config.objectStore.secretAccessKey.secretKeyRef.name
+) }}
+    {{- if not (has $val (list nil $hardcodedSecretName)) -}}
+    {{- fail (printf "%s must be one of [nil, '%s'], current value: %s\n\n%s"
+        $key $hardcodedSecretName $val $secretConstraintsGeneralMessage
+    ) }}
+    {{- end }}
+{{- end }}
+
+# Check if objectStore accessKey and secretAccessKey references are the same.
+{{- if (ne
+    .Values.pipelines.config.objectStore.accessKey.secretKeyRef.name
+    .Values.pipelines.config.objectStore.secretAccessKey.secretKeyRef.name
+)}}
+{{- fail (printf "%s\n%s"
+    $objectStoreCredentialsSecretKeyRefMessage
+    $secretConstraintsGeneralMessage
+) -}}
+{{- end }}
+
+{{/*
+*/}}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_hpa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_hpa.yaml
new file mode 100644
index 00000000..d0957663
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_hpa.yaml
@@ -0,0 +1,28 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "kubeflow.fullname" . }}
+  labels:
+    {{- include "kubeflow.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "kubeflow.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_ingress.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_ingress.yaml
new file mode 100644
index 00000000..07285334
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_ingress.yaml
@@ -0,0 +1,61 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "kubeflow.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "kubeflow.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            pathType: {{ .pathType }}
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+              {{- else }}
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+              {{- end }}
+          {{- end }}
+    {{- end }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_service.yaml
new file mode 100644
index 00000000..4cdb4258
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "kubeflow.fullname" . }}
+  labels:
+    {{- include "kubeflow.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "kubeflow.selectorLabels" . | nindent 4 }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/_serviceaccount.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_serviceaccount.yaml
new file mode 100644
index 00000000..8cea7961
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/_serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "kubeflow.serviceAccountName" . }}
+  labels:
+    {{- include "kubeflow.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/certmanager.certificate.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/certmanager.certificate.yaml
new file mode 100644
index 00000000..d53bfd94
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/certmanager.certificate.yaml
@@ -0,0 +1,23 @@
+{{- if (include "kubeflow.admissionWebhook.enabledWithCertManager" . )}}
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  labels:
+    {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.admissionWebhook.certName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  commonName: {{ include "kubeflow.admissionWebhook.certName" . }}
+  dnsNames:
+  - {{ include "kubeflow.admissionWebhook.svc.name" . }}
+  - {{ include "kubeflow.admissionWebhook.svc.addressWithNs" . }}
+  - {{ include "kubeflow.admissionWebhook.svc.addressWithSvc" . }}
+  - {{ include "kubeflow.admissionWebhook.svc.fqdn" . }}
+  isCA: true
+  issuerRef:
+    kind: Issuer
+    name: {{ include "kubeflow.admissionWebhook.certIssuerName" . }}
+  secretName: {{ include "kubeflow.admissionWebhook.tlsCertSecretName" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/certmanager.issuer.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/certmanager.issuer.yaml
new file mode 100644
index 00000000..32d6fb74
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/certmanager.issuer.yaml
@@ -0,0 +1,13 @@
+{{- if (include "kubeflow.admissionWebhook.enabledWithCertManager" . )}}
+
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  labels:
+    {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.admissionWebhook.certIssuerName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  selfSigned: {}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/cluster-role-binding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/cluster-role-binding.yaml
new file mode 100644
index 00000000..6fbf8a8c
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/cluster-role-binding.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.admissionWebhook.rbac.createRoles" . | eq "true" ) -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.admissionWebhook.mainClusterRoleBindingName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kubeflow.admissionWebhook.mainClusterRoleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kubeflow.admissionWebhook.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/clusterrole.main.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/clusterrole.main.yaml
new file mode 100644
index 00000000..d06cc62d
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/clusterrole.main.yaml
@@ -0,0 +1,23 @@
+{{- if (include "kubeflow.admissionWebhook.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.admissionWebhook.mainClusterRoleName" . }}
+rules:
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - poddefaults
+  verbs:
+  - get
+  - watch
+  - list
+  - update
+  - create
+  - patch
+  - delete
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/clusterroles.user.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/clusterroles.user.yaml
new file mode 100644
index 00000000..260a2836
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/clusterroles.user.yaml
@@ -0,0 +1,52 @@
+{{- if (include "kubeflow.admissionWebhook.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.admissionWebhook.kfPdAdminClusterRoleName" . }}
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      {{- include "kubeflow.admissionWebhook.kfPdAdminClusterRoleLabel" . | nindent 6 }}
+rules: []
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.admissionWebhook.kfPdEditClusterRoleName" . }}
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      {{- include "kubeflow.admissionWebhook.kfPdEditClusterRoleLabel" . | nindent 6 }}
+rules: []
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowViewRoleLabel" . | nindent 4 }}
+    {{- include "kubeflow.admissionWebhook.kfPdAdminClusterRoleLabel" . | nindent 4 }}
+    {{- include "kubeflow.admissionWebhook.kfPdEditClusterRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.admissionWebhook.kfPdViewClusterRoleName" . }}
+rules:
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - poddefaults
+  verbs:
+  - get
+  - list
+  - watch
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/deployment.yaml
new file mode 100644
index 00000000..25e4aba4
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/deployment.yaml
@@ -0,0 +1,88 @@
+{{- if (include "kubeflow.admissionWebhook.enabled" . | eq "true") -}}
+
+{{- $autoscalingEnabled := include "kubeflow.admissionWebhook.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.admissionWebhook.autoscaling.minReplicas" . -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.admissionWebhook.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.admissionWebhook.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      labels:
+        {{- include "kubeflow.admissionWebhook.selectorLabels" . | nindent 8 }}
+
+    spec:
+      containers:
+      - name: {{ include "kubeflow.admissionWebhook.baseName" . }}
+        image: {{ include "kubeflow.admissionWebhook.image" . }}
+        imagePullPolicy: {{ include "kubeflow.admissionWebhook.imagePullPolicy" . }}
+
+        args:
+        - --tlsCertFile=/etc/webhook/certs/tls.crt
+        - --tlsKeyFile=/etc/webhook/certs/tls.key
+
+        ports:
+        - containerPort: {{ .Values.admissionWebhook.service.targetPort }}
+          name: https-webhook
+
+        {{- with .Values.admissionWebhook.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        volumeMounts:
+        - mountPath: /etc/webhook/certs
+          name: webhook-cert
+          readOnly: true
+
+        {{- with include "kubeflow.admissionWebhook.containerSecurityContext" . }}
+        securityContext:
+          {{- . | nindent 10 }}
+        {{- end }}
+
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      serviceAccountName: {{ include "kubeflow.admissionWebhook.serviceAccountName" . }}
+
+      volumes:
+      - name: webhook-cert
+        secret:
+          secretName: {{ include "kubeflow.admissionWebhook.tlsCertSecretName" . }}
+
+      {{- with include "kubeflow.admissionWebhook.nodeSelector" . }}
+      nodeSelector:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.admissionWebhook.tolerations" . }}
+      tolerations:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.admissionWebhook.affinity" . }}
+      affinity:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.admissionWebhook.topologySpreadConstraints" . }}
+      topologySpreadConstraints:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/hpa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/hpa.yaml
new file mode 100644
index 00000000..ced53e74
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/hpa.yaml
@@ -0,0 +1,36 @@
+{{- if (include "kubeflow.admissionWebhook.autoscaling.enabled" . | eq "true") -}}
+
+{{- $componentName := include "kubeflow.admissionWebhook.name" . -}}
+{{- $minReplicas := include "kubeflow.admissionWebhook.autoscaling.minReplicas" . -}}
+{{- $maxReplicas := include "kubeflow.admissionWebhook.autoscaling.maxReplicas" . -}}
+{{- $targetCPUUtilizationPercentage := include "kubeflow.admissionWebhook.autoscaling.targetCPUUtilizationPercentage" . -}}
+{{- $targetMemoryUtilizationPercentage := include "kubeflow.admissionWebhook.autoscaling.targetMemoryUtilizationPercentage" . -}}
+
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  labels:
+    {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }}
+  name: {{ $componentName }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ $componentName }}
+  minReplicas: {{ $minReplicas }}
+  maxReplicas: {{ $maxReplicas }}
+  metrics:
+    {{- if $targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ $targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if $targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ $targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/mutatingwebhook.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/mutatingwebhook.yaml
new file mode 100644
index 00000000..f68da31c
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/mutatingwebhook.yaml
@@ -0,0 +1,42 @@
+{{- if (include "kubeflow.admissionWebhook.enabled" .) -}}
+
+{{- $ca := printf "%s/%s"
+  (include "kubeflow.namespace" .)
+  (include "kubeflow.admissionWebhook.certName" .)
+-}}
+
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: {{ $ca }}
+  labels:
+    {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.admissionWebhook.webhookName" . }}
+webhooks:
+- admissionReviewVersions:
+  - v1beta1
+  - v1
+  clientConfig:
+    caBundle: ""
+    service:
+      name: {{ include "kubeflow.admissionWebhook.svc.name" .}}
+      namespace: {{ include "kubeflow.namespace" . }}
+      path: /apply-poddefault
+  failurePolicy: Fail
+  name: {{ include "kubeflow.admissionWebhook.svc.addressWithSvc" . }}
+  namespaceSelector:
+    matchLabels:
+      {{- include "kubeflow.admissionWebhook.partOfLabel" . | nindent 6}}
+  rules:
+  - apiGroups:
+    - ""
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    resources:
+    - pods
+  sideEffects: None
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/poddisruptionbudget.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/poddisruptionbudget.yaml
new file mode 100644
index 00000000..eb40ded0
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/poddisruptionbudget.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.admissionWebhook.pdb.create" . | eq "true") -}}
+
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.admissionWebhook.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "kubeflow.admissionWebhook.selectorLabels" . | nindent 6 }}
+  {{- with (include "kubeflow.admissionWebhook.pdb.values" .) }}
+    {{- . | nindent 2 }}
+  {{- end }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/service-account.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/service-account.yaml
new file mode 100644
index 00000000..4dd2f725
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/service-account.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.admissionWebhook.createServiceAccount" . | eq "true") -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.admissionWebhook.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.admissionWebhook.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/service.yaml
new file mode 100644
index 00000000..188bd516
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/admission-webhook/service.yaml
@@ -0,0 +1,24 @@
+{{- if (include "kubeflow.admissionWebhook.enabled" . | eq "true") -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  {{- with .Values.admissionWebhook.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.admissionWebhook.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.admissionWebhook.svc.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+    - name: https-webhook
+      port: {{ .Values.admissionWebhook.service.port }}
+      targetPort: https-webhook
+  selector:
+    {{- include "kubeflow.admissionWebhook.selectorLabels" . | nindent 4 }}
+  sessionAffinity: None
+  type: {{ .Values.admissionWebhook.service.type }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/authorizationpolicy.extAuthz.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/authorizationpolicy.extAuthz.yaml
new file mode 100644
index 00000000..05f4f630
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/authorizationpolicy.extAuthz.yaml
@@ -0,0 +1,41 @@
+{{- if and
+  (include "kubeflow.centraldashboard.createIstioIntegrationObjects" . | eq "true")
+  (include "kubeflow.istioIntegration.authorizationMode.granular" . | eq "true")
+-}}
+
+# NOTE: this AuthorizationPolicy forces traffic through ext authz http extension
+# so we don't have to provide configuration to allow traffic only from
+# istio-ingressgateway. The .spec.rules.to.operations.notPaths is configured for
+# CloudFlare integration and allows only static, non-secret assets to be
+# accessible without the Istio Auth.
+
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.centraldashboard.authorizationPolicyExtAuthName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  action: CUSTOM
+  provider:
+    name: {{ .Values.istioIntegration.envoyExtAuthzHttpExtensionProviderName }}
+  rules:
+    - to:
+      - operation:
+          notPaths:
+          - /favicon*
+          - /webcomponentsjs*
+          - /vendor.bundle.js
+          - /app.bundle.js
+          - /dashboard_lib.bundle.js
+          - /assets*
+          - /app.css
+          # Exclude paths used by Knative healthchecks
+          - /metrics
+          - /healthz
+  selector:
+    matchLabels:
+      {{- include "kubeflow.centraldashboard.selectorLabels" . | nindent 6 }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/authorizationpolicy.yaml
new file mode 100644
index 00000000..9466a5f4
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/authorizationpolicy.yaml
@@ -0,0 +1,20 @@
+{{- if (include "kubeflow.centraldashboard.createIstioIntegrationObjects" .) -}}
+
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.centraldashboard.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "kubeflow.centraldashboard.selectorLabels" . | nindent 6 }}
+  rules:
+  - from:
+    - source:
+        namespaces:
+        - {{ .Values.istioIntegration.ingressGatewayNamespace }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/clusterrole-binding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/clusterrole-binding.yaml
new file mode 100644
index 00000000..e4c35d5e
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/clusterrole-binding.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.centraldashboard.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.centraldashboard.clusterRoleBindingName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kubeflow.centraldashboard.clusterRoleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kubeflow.centraldashboard.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/clusterrole.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/clusterrole.yaml
new file mode 100644
index 00000000..eaf15ddb
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/clusterrole.yaml
@@ -0,0 +1,21 @@
+{{- if (include "kubeflow.centraldashboard.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.centraldashboard.clusterRoleName" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  - namespaces
+  - nodes
+  verbs:
+  - get
+  - list
+  - watch
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/configmap.centraldashboard-config.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/configmap.centraldashboard-config.yaml
new file mode 100644
index 00000000..66524329
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/configmap.centraldashboard-config.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.centraldashboard.enabled" . | eq "true") -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.centraldashboard.config.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+data:
+  settings: |-
+    {
+      "DASHBOARD_FORCE_IFRAME": {{ .Values.centraldashboard.config.forceIFrame }}
+    }
+  links: |-
+    {{- .Values.centraldashboard.config.links | toJson | nindent 4 }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/deployment.yaml
new file mode 100644
index 00000000..e23efadd
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/deployment.yaml
@@ -0,0 +1,99 @@
+{{- if (include "kubeflow.centraldashboard.enabled" . | eq "true") -}}
+
+{{- $autoscalingEnabled := include "kubeflow.centraldashboard.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.centraldashboard.autoscaling.minReplicas" . -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.centraldashboard.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.centraldashboard.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      labels:
+        {{- include "kubeflow.centraldashboard.selectorLabels" . | nindent 8 }}
+
+    spec:
+      containers:
+      - name: {{ include "kubeflow.centraldashboard.baseName" . }}
+        image: {{ include "kubeflow.centraldashboard.image" . }}
+        imagePullPolicy: {{ include "kubeflow.centraldashboard.imagePullPolicy" . }}
+
+        env:
+        - name: USERID_HEADER
+          value: {{ .Values.auth.userHeaderName | quote }}
+        - name: USERID_PREFIX
+          value: {{ .Values.auth.userIdPrefix | quote }}
+        - name: PROFILES_KFAM_SERVICE_HOST
+          value: {{ include "kubeflow.profilesController.kfam.svc.fqdn" . }}
+        - name: REGISTRATION_FLOW
+          value: {{ .Values.centraldashboard.config.enableRegistrationFlow | quote }}
+        - name: DASHBOARD_LINKS_CONFIGMAP
+          value: {{ include "kubeflow.centraldashboard.config.name" . }}
+        - name: LOGOUT_URL
+          value: {{ .Values.centraldashboard.config.logoutURL | quote }}
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+
+        ports:
+        - containerPort: 8082
+          protocol: TCP
+
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8082
+          initialDelaySeconds: 30
+          periodSeconds: 30
+
+        {{- with .Values.centraldashboard.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        {{- with include "kubeflow.centraldashboard.containerSecurityContext" . }}
+        securityContext:
+          {{- . | nindent 10 }}
+        {{- end }}
+
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      serviceAccountName: {{ include "kubeflow.centraldashboard.serviceAccountName" . }}
+
+      {{- with include "kubeflow.centraldashboard.nodeSelector" . }}
+      nodeSelector:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.centraldashboard.tolerations" . }}
+      tolerations:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.centraldashboard.affinity" . }}
+      affinity:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.centraldashboard.topologySpreadConstraints" . }}
+      topologySpreadConstraints:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/hpa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/hpa.yaml
new file mode 100644
index 00000000..7847d47c
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/hpa.yaml
@@ -0,0 +1,36 @@
+{{- if (include "kubeflow.centraldashboard.autoscaling.enabled" . | eq "true") -}}
+
+{{- $componentName := include "kubeflow.centraldashboard.name" . -}}
+{{- $minReplicas := include "kubeflow.centraldashboard.autoscaling.minReplicas" . -}}
+{{- $maxReplicas := include "kubeflow.centraldashboard.autoscaling.maxReplicas" . -}}
+{{- $targetCPUUtilizationPercentage := include "kubeflow.centraldashboard.autoscaling.targetCPUUtilizationPercentage" . -}}
+{{- $targetMemoryUtilizationPercentage := include "kubeflow.centraldashboard.autoscaling.targetMemoryUtilizationPercentage" . -}}
+
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  labels:
+    {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }}
+  name: {{ $componentName }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ $componentName }}
+  minReplicas: {{ $minReplicas }}
+  maxReplicas: {{ $maxReplicas }}
+  metrics:
+    {{- if $targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ $targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if $targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ $targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/poddisruptionbudget.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/poddisruptionbudget.yaml
new file mode 100644
index 00000000..3d1b7d08
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/poddisruptionbudget.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.centraldashboard.pdb.create" . | eq "true") -}}
+
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.centraldashboard.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "kubeflow.centraldashboard.selectorLabels" . | nindent 6 }}
+  {{- with (include "kubeflow.centraldashboard.pdb.values" .) }}
+    {{- . | nindent 2 }}
+  {{- end }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/role-binding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/role-binding.yaml
new file mode 100644
index 00000000..ffe58d2c
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/role-binding.yaml
@@ -0,0 +1,19 @@
+{{- if (include "kubeflow.centraldashboard.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.centraldashboard.roleBindingName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "kubeflow.centraldashboard.roleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kubeflow.centraldashboard.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/role.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/role.yaml
new file mode 100644
index 00000000..e9cd371b
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/role.yaml
@@ -0,0 +1,31 @@
+{{- if (include "kubeflow.centraldashboard.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.centraldashboard.roleName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+rules:
+- apiGroups:
+  - ""
+  - "app.k8s.io"
+  resources:
+  - applications
+  - pods
+  - pods/exec
+  - pods/log
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  - configmaps
+  verbs:
+  - get
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/service-account.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/service-account.yaml
new file mode 100644
index 00000000..2fa04106
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/service-account.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.centraldashboard.createServiceAccount" . | eq "true") -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.centraldashboard.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.centraldashboard.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/service.yaml
new file mode 100644
index 00000000..9dd2352b
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/service.yaml
@@ -0,0 +1,25 @@
+{{- if (include "kubeflow.centraldashboard.enabled" . | eq "true") -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  {{- with .Values.centraldashboard.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.centraldashboard.svc.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+    - name: http
+      port: 80
+      protocol: TCP
+      targetPort: 8082
+  selector:
+    {{- include "kubeflow.centraldashboard.selectorLabels" . | nindent 4 }}
+  sessionAffinity: None
+  type: {{ .Values.centraldashboard.service.type }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/virtual-service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/virtual-service.yaml
new file mode 100644
index 00000000..8bdc1f5e
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/centraldashboard/virtual-service.yaml
@@ -0,0 +1,27 @@
+{{- if (include "kubeflow.centraldashboard.createIstioIntegrationObjects" . | eq "true") -}}
+
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  labels:
+    {{- include "kubeflow.centraldashboard.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.centraldashboard.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  gateways:
+  - {{ .Values.istioIntegration.gateway.name }}
+  hosts:
+  - '*'
+  http:
+  - match:
+    - uri:
+        prefix: /
+    rewrite:
+      uri: /
+    route:
+    - destination:
+        host: {{ include "kubeflow.centraldashboard.svc.fqdn" . }}
+        port:
+          number: 80
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/dex-integration/virtualservice.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/dex-integration/virtualservice.yaml
new file mode 100644
index 00000000..ba581a5c
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/dex-integration/virtualservice.yaml
@@ -0,0 +1,29 @@
+{{- if (include "kubeflow.dexIntegration.istio.enabled" . | eq "true") -}}
+
+{{- $vsName := include "kubeflow.dexIntegration.name" . -}}
+{{- $svcName := .Values.dexIntegration.svc.name -}}
+{{- $svcNamespace := .Values.dexIntegration.svc.namespace -}}
+
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  labels:
+    {{- include "kubeflow.dexIntegration.labels" . | nindent 4 }}
+  name: {{ $vsName }}
+  namespace: {{ $svcNamespace }}
+spec:
+  gateways:
+  - {{ include "kubeflow.namespace" . }}/{{ .Values.istioIntegration.gateway.name }}
+  hosts:
+  - "{{ default "*" .Values.dexIntegration.host }}"
+  http:
+  - match:
+    - uri:
+        prefix: {{ .Values.dexIntegration.urlPrefix }}/
+    route:
+    - destination:
+        host: {{ include "kubeflow.dexIntegration.svc.fqdn" . }}
+        port:
+          number: {{ .Values.dexIntegration.svc.port }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-jwks-proxy/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-jwks-proxy/deployment.yaml
new file mode 100644
index 00000000..b5c8526e
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-jwks-proxy/deployment.yaml
@@ -0,0 +1,55 @@
+{{- if (include "kubeflow.istioIntegration.kubeflowJwksProxy.enabled" . | eq "true") -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.name" . }}
+  namespace: {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.namespace" . }}
+  labels:
+    {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.labels" . | nindent 4 }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.labels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.labels" . | nindent 8 }}
+    spec:
+      serviceAccountName: {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.name" . }}
+      containers:
+        - name: kubectl-proxy
+          image: docker.io/bitnami/kubectl
+          ports:
+            - name: http
+              containerPort: 8080
+          startupProbe:
+            initialDelaySeconds: 5
+            periodSeconds: 5
+            timeoutSeconds: 2
+            httpGet:
+              path: /openid/v1/jwks
+              port: http
+          livenessProbe:
+            initialDelaySeconds: 15
+            periodSeconds: 15
+            timeoutSeconds: 5
+            httpGet:
+              path: /openid/v1/jwks
+              port: http
+          readinessProbe:
+            initialDelaySeconds: 15
+            periodSeconds: 15
+            timeoutSeconds: 5
+            httpGet:
+              path: /openid/v1/jwks
+              port: http
+          args:
+            - proxy
+            - --address=0.0.0.0
+            - --port=8080
+            - --accept-hosts=.*
+            - --accept-paths=^(?:/openid/v1/jwks)|(?:/.well-known/openid-configuration)$
+            - --reject-methods=^(POST|PUT|PATCH|DELETE|HEAD|OPTIONS|CONNECT|TRACE)$
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-jwks-proxy/service-account.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-jwks-proxy/service-account.yaml
new file mode 100644
index 00000000..78653c59
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-jwks-proxy/service-account.yaml
@@ -0,0 +1,9 @@
+{{- if (include "kubeflow.istioIntegration.kubeflowJwksProxy.enabled" . | eq "true") -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.name" . }}
+  namespace: {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.namespace" . }}
+  labels:
+    {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.labels" . | nindent 4 }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-jwks-proxy/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-jwks-proxy/service.yaml
new file mode 100644
index 00000000..61dbc4a9
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-jwks-proxy/service.yaml
@@ -0,0 +1,16 @@
+{{- if (include "kubeflow.istioIntegration.kubeflowJwksProxy.enabled" . | eq "true") -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.name" . }}
+  namespace: {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.namespace" . }}
+  labels:
+    {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.labels" . | nindent 4 }}
+spec:
+  ports:
+    - name: http
+      port: 80
+      targetPort: http
+  selector:
+    {{ include "kubeflow.istioIntegration.kubeflowJwksProxy.labels" . | nindent 4 }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-roles.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-roles.yaml
new file mode 100644
index 00000000..49d20176
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/cluster-roles.yaml
@@ -0,0 +1,60 @@
+{{- if .Values.istioIntegration.enabled }}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.istioIntegration.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.istioIntegration.istioAdminRoleName" . }}
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      {{- include "kubeflow.istioIntegration.istioAdminRoleLabel" . | nindent 6 }}
+rules: []
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.istioIntegration.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 4 }}
+    {{- include "kubeflow.istioIntegration.istioAdminRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.istioIntegration.istioEditRoleName" . }}
+rules:
+- apiGroups: 
+  - istio.io
+  - networking.istio.io
+  resources: ["*"]
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - delete
+  - deletecollection
+  - patch
+  - update
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.istioIntegration.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowViewRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.istioIntegration.istioViewRoleName" . }}
+rules:
+- apiGroups:
+  - istio.io
+  - networking.istio.io
+  resources: ["*"]
+  verbs:
+  - get
+  - list
+  - watch
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/gateway.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/gateway.yaml
new file mode 100644
index 00000000..808f57b0
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/gateway.yaml
@@ -0,0 +1,16 @@
+{{- if (include "kubeflow.istioIntegration.enabled" . | eq "true") -}}
+
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  labels:
+    {{- include "kubeflow.istioIntegration.labels" . | nindent 4 }}
+  name: {{ .Values.istioIntegration.gateway.name }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  selector:
+    {{- toYaml .Values.istioIntegration.gateway.selector | nindent 4 }}
+  servers:
+    {{- toYaml .Values.istioIntegration.gateway.servers | nindent 4 }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-external-auth/authorizationpolicy.jwt-require.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-external-auth/authorizationpolicy.jwt-require.yaml
new file mode 100644
index 00000000..dfb75908
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-external-auth/authorizationpolicy.jwt-require.yaml
@@ -0,0 +1,41 @@
+{{- if and
+  (include "kubeflow.istioIntegration.enabled" . | eq "true")
+  (include "kubeflow.istioIntegration.authorizationMode.ingressgateway" . | eq "true")
+-}}
+
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.istioIntegration.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.istioIntegration.jwtRequire.authorizationPolicyName" . }}
+  namespace: {{ .Values.istioIntegration.ingressGatewayNamespace }}
+spec:
+  action: DENY
+  rules:
+    - from:
+      - source:
+          notRequestPrincipals: ["*"]
+      to:
+      - operation:
+          notPaths:
+          # Exclude dex paths, otherwise users won't be able to log in.
+          - /dex/*
+          - /dex/**
+          - /oauth2/*
+          # Exclude paths which are safe to cache by Cloudflare.
+          - /favicon*
+          - /webcomponentsjs*
+          - /vendor.bundle.js
+          - /app.bundle.js
+          - /dashboard_lib.bundle.js
+          - /assets*
+          - /app.css
+          # Exclude paths used by Knative healthchecks
+          - /metrics
+          - /healthz
+  selector:
+    matchLabels:
+      {{- toYaml .Values.istioIntegration.gateway.selector | nindent 6 }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-external-auth/authorizationpolicy.oauth2-proxy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-external-auth/authorizationpolicy.oauth2-proxy.yaml
new file mode 100644
index 00000000..7f4dfcf6
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-external-auth/authorizationpolicy.oauth2-proxy.yaml
@@ -0,0 +1,48 @@
+{{- if and
+  (include "kubeflow.istioIntegration.enabled" . | eq "true")
+  (include "kubeflow.istioIntegration.authorizationMode.ingressgateway" . | eq "true")
+-}}
+
+# NOTE: this AuthorizationPolicy forces traffic through ext authz http extension.
+# The .spec.rules.to.operations.notPaths is configured for
+# CloudFlare integration and allows only static, non-secret assets to be
+# accessible without the Istio Auth.
+
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.istioIntegration.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.istioIntegration.extAuth.authorizationPolicyName" . }}
+  namespace: {{ .Values.istioIntegration.ingressGatewayNamespace }}
+spec:
+  action: CUSTOM
+  provider:
+    name: {{ .Values.istioIntegration.envoyExtAuthzHttpExtensionProviderName }}
+  rules:
+    - when:
+      - key: request.headers[authorization]
+        notValues: ["*"]
+      to:
+      - operation:
+          notPaths:
+          # Exclude dex paths, otherwise users won't be able to log in.
+          - /dex/*
+          - /dex/**
+          - /oauth2/*
+          # Exclude paths which are safe to cache by Cloudflare.
+          - /favicon*
+          - /webcomponentsjs*
+          - /vendor.bundle.js
+          - /app.bundle.js
+          - /dashboard_lib.bundle.js
+          - /assets*
+          - /app.css
+          # Exclude paths used by Knative healthchecks
+          - /metrics
+          - /healthz
+  selector:
+    matchLabels:
+      {{- toYaml .Values.istioIntegration.gateway.selector | nindent 6 }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-external-auth/requestauthentication.user-auth.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-external-auth/requestauthentication.user-auth.yaml
new file mode 100644
index 00000000..9ebd6f72
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-external-auth/requestauthentication.user-auth.yaml
@@ -0,0 +1,26 @@
+{{- if (include "kubeflow.istioIntegration.enabled" . | eq "true") -}}
+
+apiVersion: security.istio.io/v1beta1
+kind: RequestAuthentication
+metadata:
+  labels:
+    {{- include "kubeflow.istioIntegration.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.istioIntegration.userAuth.requestAuthenticationName" . }}
+  namespace: {{ .Values.istioIntegration.ingressGatewayNamespace }}
+spec:
+  selector:
+    matchLabels:
+      {{- toYaml .Values.istioIntegration.gateway.selector | nindent 6 }}
+  jwtRules:
+    - issuer: {{ .Values.istioIntegration.userAuth.issuer }}
+      forwardOriginalToken: true
+      outputClaimToHeaders:
+        - claim: {{ .Values.istioIntegration.userAuth.userClaim }}
+          header: {{ .Values.auth.userHeaderName }}
+        - claim: {{ .Values.istioIntegration.m2m.groupsClaim }}
+          header: {{ .Values.auth.groupsHeaderName }}
+      fromHeaders:
+        - name: {{ .Values.auth.authHeader.name }}
+          prefix: {{ .Values.auth.authHeader.prefix }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-m2m/requestauthentication.m2m.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-m2m/requestauthentication.m2m.yaml
new file mode 100644
index 00000000..547b0184
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/istio-integration/istio-m2m/requestauthentication.m2m.yaml
@@ -0,0 +1,29 @@
+{{- if (include "kubeflow.istioIntegration.m2m.enabled" . | eq "true") -}}
+
+apiVersion: security.istio.io/v1beta1
+kind: RequestAuthentication
+metadata:
+  labels:
+    {{- include "kubeflow.istioIntegration.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.istioIntegration.m2m.requestAuthenticationName" . }}
+  namespace: {{ .Values.istioIntegration.ingressGatewayNamespace }}
+spec:
+  selector:
+    matchLabels:
+      {{- toYaml .Values.istioIntegration.gateway.selector | nindent 6 }}
+  jwtRules:
+    - issuer: {{ .Values.istioIntegration.m2m.issuer }}
+      forwardOriginalToken: true
+      outputClaimToHeaders:
+        - claim: {{ .Values.istioIntegration.m2m.userClaim }}
+          header: {{ .Values.auth.userHeaderName }}
+        - claim: {{ .Values.istioIntegration.m2m.groupsClaim }}
+          header: {{ .Values.auth.groupsHeaderName }}
+      fromHeaders:
+        - name: {{ .Values.auth.authHeader.name }}
+          prefix: {{ .Values.auth.authHeader.prefix }}
+{{- if .Values.istioIntegration.kubeflowJwksProxy.enabled }}
+      jwksUri: {{ include "kubeflow.istioIntegration.jwksUri" . }}
+{{- end }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/certmanager.certificate.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/certmanager.certificate.yaml
new file mode 100644
index 00000000..1082e03e
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/certmanager.certificate.yaml
@@ -0,0 +1,22 @@
+{{- if (include "kubeflow.katib.controller.enabledWithCertManager" . )}}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  labels:
+    {{- include "kubeflow.katib.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.controller.certName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  isCA: true
+  commonName: {{ include "kubeflow.katib.controller.svc.addressWithSvc" . }}
+  dnsNames:
+    - {{ include "kubeflow.katib.controller.svc.name" . }}
+    - {{ include "kubeflow.katib.controller.svc.addressWithNs" . }}
+    - {{ include "kubeflow.katib.controller.svc.addressWithSvc" . }}
+    - {{ include "kubeflow.katib.controller.svc.fqdn" . }}
+  issuerRef:
+    kind: Issuer
+    name: {{ include "kubeflow.katib.controller.certIssuerName" . }}
+  secretName: {{ include "kubeflow.katib.controller.tlsCertSecretName" . }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/certmanager.issuer.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/certmanager.issuer.yaml
new file mode 100644
index 00000000..c845f543
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/certmanager.issuer.yaml
@@ -0,0 +1,12 @@
+{{- if (include "kubeflow.katib.controller.enabledWithCertManager" . )}}
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  labels:
+    {{- include "kubeflow.katib.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.controller.certIssuerName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  selfSigned: {}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/configmap.katib-config.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/configmap.katib-config.yaml
new file mode 100644
index 00000000..cc6b6138
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/configmap.katib-config.yaml
@@ -0,0 +1,17 @@
+{{- if (include "kubeflow.katib.enabled" .) -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    {{- include "kubeflow.katib.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.controller.configMapName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+data:
+  katib-config.yaml: |
+    ---
+    apiVersion: config.kubeflow.org/v1beta1
+    kind: KatibConfig
+    {{- .Values.katib.config | toYaml | nindent 4 }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/deployment.yaml
new file mode 100644
index 00000000..53e03415
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/deployment.yaml
@@ -0,0 +1,80 @@
+{{- if (include "kubeflow.katib.controller.enabled" .) -}}
+
+{{- $autoscalingEnabled := include "kubeflow.katib.controller.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.katib.controller.autoscaling.minReplicas" . -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.katib.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.controller.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.katib.controller.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      labels:
+        {{- include "kubeflow.katib.controller.selectorLabels" . | nindent 8 }}
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "8080"
+    spec:
+      containers:
+        - name: {{ include "kubeflow.katib.controller.baseName" . }}
+          image: {{ include "kubeflow.katib.controller.image" . }}
+          command: ["./katib-controller"]
+          args:
+            - --katib-config=/katib-config.yaml
+          ports:
+            - name: webhook
+              containerPort: {{ .Values.katib.controller.service.webhook.targetPort }}
+              protocol: TCP
+            - name: metrics
+              containerPort: {{ .Values.katib.controller.service.metrics.targetPort }}
+              protocol: TCP
+            - name: healthz
+              containerPort: {{ .Values.katib.controller.service.healthz.targetPort }}
+              protocol: TCP
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: healthz
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: healthz
+          env:
+            - name: KATIB_CORE_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          volumeMounts:
+            - mountPath: /tmp/cert
+              name: cert
+              readOnly: true
+            - mountPath: /katib-config.yaml
+              name: katib-config
+              subPath: katib-config.yaml
+              readOnly: true
+      {{- with .Values.katib.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "kubeflow.katib.controller.serviceAccountName" . }}
+      volumes:
+        - name: cert
+          secret:
+            defaultMode: 420
+            secretName: {{ include "kubeflow.katib.controller.tlsCertSecretName" . }}
+        - name: katib-config
+          configMap:
+            name: {{ include "kubeflow.katib.controller.configMapName" . }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/rbac/clusterrole.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/rbac/clusterrole.yaml
new file mode 100644
index 00000000..80c75812
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/rbac/clusterrole.yaml
@@ -0,0 +1,133 @@
+{{- if (include "kubeflow.katib.enabled" . | eq "true") -}}
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  labels:
+    {{- include "kubeflow.katib.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.controller.mainClusterRoleName" . }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - "get"
+      - "list"
+      - "watch"
+      - "create"
+      - "delete"
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - "create"
+      - "patch"
+      - "update"
+  - apiGroups:
+      - ""
+    resources:
+      - serviceaccounts
+      - persistentvolumes
+      - persistentvolumeclaims
+    verbs:
+      - "get"
+      - "list"
+      - "watch"
+      - "create"
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+      - configmaps
+    verbs:
+      - "get"
+      - "list"
+      - "watch"
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - pods/status
+    verbs:
+      - "get"
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - "get"
+      - "list"
+      - "watch"
+      - "patch"
+  - apiGroups:
+      - apps
+    resources:
+      - deployments
+    verbs:
+      - "get"
+      - "list"
+      - "watch"
+      - "create"
+      - "delete"
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - roles
+      - rolebindings
+    verbs:
+      - "get"
+      - "create"
+      - "list"
+      - "watch"
+  - apiGroups:
+      - batch
+    resources:
+      - jobs
+      - cronjobs
+    verbs:
+      - "get"
+      - "list"
+      - "watch"
+      - "create"
+      - "delete"
+  - apiGroups:
+      - kubeflow.org
+    resources:
+      - tfjobs
+      - pytorchjobs
+      - mpijobs
+      - xgboostjobs
+      - mxjobs
+    verbs:
+      - "get"
+      - "list"
+      - "watch"
+      - "create"
+      - "delete"
+  - apiGroups:
+      - kubeflow.org
+    resources:
+      - experiments
+      - experiments/status
+      - experiments/finalizers
+      - trials
+      - trials/status
+      - trials/finalizers
+      - suggestions
+      - suggestions/status
+      - suggestions/finalizers
+    verbs:
+      - "*"
+  - apiGroups:
+      - admissionregistration.k8s.io
+    resources:
+      - validatingwebhookconfigurations
+      - mutatingwebhookconfigurations
+    verbs:
+      - "get"
+      - "watch"
+      - "list"
+      - "patch"
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/rbac/clusterrolebinding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/rbac/clusterrolebinding.yaml
new file mode 100644
index 00000000..7603b5e2
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/rbac/clusterrolebinding.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.katib.enabled" . | eq "true") -}}
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  labels:
+    {{- include "kubeflow.katib.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.controller.mainClusterRoleBindingName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kubeflow.katib.controller.mainClusterRoleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kubeflow.katib.controller.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/rbac/serviceaccount.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/rbac/serviceaccount.yaml
new file mode 100644
index 00000000..0aac5e86
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/rbac/serviceaccount.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.katib.enabled" . | eq "true") -}}
+{{- if (include "kubeflow.katib.controller.createServiceAccount" . | eq "true") -}}
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.katib.controller.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4}}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.katib.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.controller.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/service.yaml
new file mode 100644
index 00000000..00ec19fd
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/service.yaml
@@ -0,0 +1,30 @@
+{{- if (include "kubeflow.katib.enabled" . | eq "true") -}}
+{{- if (include "kubeflow.katib.controller.enabled" . | eq "true") -}}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  {{- with .Values.katib.controller.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.katib.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.controller.svc.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+    - name: webhook
+      port: {{ .Values.katib.controller.service.webhook.port }}
+      targetPort: {{ .Values.katib.controller.service.webhook.targetPort }}
+      protocol: TCP
+    - name: metrics
+      port: {{ .Values.katib.controller.service.metrics.port }}
+      targetPort: {{ .Values.katib.controller.service.metrics.targetPort }}
+    - name: healthz
+      port: {{ .Values.katib.controller.service.healthz.port }}
+      targetPort: {{ .Values.katib.controller.service.healthz.targetPort }}
+  selector:
+    {{- include "kubeflow.katib.controller.selectorLabels" . | nindent 4 }}
+{{- end }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/trial-templates.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/trial-templates.yaml
new file mode 100644
index 00000000..b4a64e9a
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/trial-templates.yaml
@@ -0,0 +1,80 @@
+{{- if (include "kubeflow.katib.enabled" .) -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: trial-templates
+  namespace: kubeflow
+  labels:
+    katib.kubeflow.org/component: trial-templates
+data:
+  defaultTrialTemplate.yaml: |-
+    apiVersion: batch/v1
+    kind: Job
+    spec:
+      template:
+        spec:
+          containers:
+            - name: training-container
+              image: docker.io/kubeflowkatib/pytorch-mnist-cpu:v0.17.0
+              command:
+                - "python3"
+                - "/opt/pytorch-mnist/mnist.py"
+                - "--epochs=1"
+                - "--batch-size=16"
+                - "--lr=${trialParameters.learningRate}"
+                - "--momentum=${trialParameters.momentum}"
+          restartPolicy: Never
+  # For ConfigMap templates double quotes must set in commands to correct parse JSON parameters in Trial Template (e.g nn_config, architecture)
+  enasCPUTemplate: |-
+    apiVersion: batch/v1
+    kind: Job
+    spec:
+      template:
+        spec:
+          containers:
+            - name: training-container
+              image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v0.17.0
+              command:
+                - python3
+                - -u
+                - RunTrial.py
+                - --num_epochs=1
+                - "--architecture=\"${trialParameters.neuralNetworkArchitecture}\""
+                - "--nn_config=\"${trialParameters.neuralNetworkConfig}\""
+          restartPolicy: Never
+  pytorchJobTemplate: |-
+    apiVersion: kubeflow.org/v1
+    kind: PyTorchJob
+    spec:
+      pytorchReplicaSpecs:
+        Master:
+          replicas: 1
+          restartPolicy: OnFailure
+          template:
+            spec:
+              containers:
+                - name: pytorch
+                  image: docker.io/kubeflowkatib/pytorch-mnist-cpu:v0.17.0
+                  command:
+                    - "python3"
+                    - "/opt/pytorch-mnist/mnist.py"
+                    - "--epochs=1"
+                    - "--lr=${trialParameters.learningRate}"
+                    - "--momentum=${trialParameters.momentum}"
+        Worker:
+          replicas: 2
+          restartPolicy: OnFailure
+          template:
+            spec:
+              containers:
+                - name: pytorch
+                  image: docker.io/kubeflowkatib/pytorch-mnist-cpu:v0.17.0
+                  command:
+                    - "python3"
+                    - "/opt/pytorch-mnist/mnist.py"
+                    - "--epochs=1"
+                    - "--lr=${trialParameters.learningRate}"
+                    - "--momentum=${trialParameters.momentum}"
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/webhook.mutating.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/webhook.mutating.yaml
new file mode 100644
index 00000000..41508813
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/webhook.mutating.yaml
@@ -0,0 +1,67 @@
+{{- if (include "kubeflow.katib.controller.enabled" .) -}}
+
+{{- $ca := printf "%s/%s"
+  (include "kubeflow.namespace" .)
+  (include "kubeflow.katib.controller.certName" .)
+-}}
+
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: {{ $ca }}
+  labels:
+    {{- include "kubeflow.katib.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.controller.mutatingWebhook.name" . }}
+webhooks:
+  - name: defaulter.experiment.katib.kubeflow.org
+    clientConfig:
+      service:
+        name: {{ include "kubeflow.katib.controller.svc.name" .}}
+        namespace: {{ include "kubeflow.namespace" . }}
+        path: /mutate-experiment
+    sideEffects: None
+    admissionReviewVersions:
+      - v1
+    rules:
+      - apiGroups:
+          - kubeflow.org
+        apiVersions:
+          - v1beta1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - experiments
+  - name: mutator.pod.katib.kubeflow.org
+    clientConfig:
+      service:
+        name: {{ include "kubeflow.katib.controller.svc.name" .}}
+        namespace: {{ include "kubeflow.namespace" . }}
+        path: /mutate-pod
+    sideEffects: None
+    admissionReviewVersions:
+      - v1
+    namespaceSelector:
+      matchLabels:
+        katib.kubeflow.org/metrics-collector-injection: enabled
+    # Once the AdmissionWebhookMatchConditions feature gate is enabled by default, we should switch to control based on userInfo.
+    # REF:
+    # - AdmissionWebhookMatchConditions: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchconditions
+    # - Tracking issue: https://github.com/kubeflow/katib/issues/2206
+    objectSelector:
+      matchExpressions:
+        - key: katib.kubeflow.org/metrics-collector-injection
+          operator: NotIn
+          values:
+            - disabled
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+        resources:
+          - pods
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/webhook.validating.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/webhook.validating.yaml
new file mode 100644
index 00000000..0e319962
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/controller/webhook.validating.yaml
@@ -0,0 +1,36 @@
+{{- if (include "kubeflow.katib.controller.enabled" .) -}}
+
+{{- $ca := printf "%s/%s"
+  (include "kubeflow.namespace" .)
+  (include "kubeflow.katib.controller.certName" .)
+-}}
+
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: {{ $ca }}
+  labels:
+    {{- include "kubeflow.katib.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.controller.validatingWebhook.name" . }}
+webhooks:
+  - name: validator.experiment.katib.kubeflow.org
+    clientConfig:
+      service:
+        name: {{ include "kubeflow.katib.controller.svc.name" .}}
+        namespace: {{ include "kubeflow.namespace" . }}
+        path: /validate-experiment
+    sideEffects: None
+    admissionReviewVersions:
+      - v1
+    rules:
+      - apiGroups:
+          - kubeflow.org
+        apiVersions:
+          - v1beta1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - experiments
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/db-manager/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/db-manager/deployment.yaml
new file mode 100644
index 00000000..e51c77ab
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/db-manager/deployment.yaml
@@ -0,0 +1,56 @@
+{{- if (include "kubeflow.katib.dbmanager.enabled" . | eq "true") -}}
+
+  {{- $autoscalingEnabled := include "kubeflow.katib.dbmanager.autoscaling.enabled" . -}}
+  {{- $replicas := include "kubeflow.katib.dbmanager.autoscaling.minReplicas" . -}}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.katib.dbmanager.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.dbmanager.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.katib.dbmanager.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      labels:
+        {{- include "kubeflow.katib.dbmanager.selectorLabels" . | nindent 8 }}
+      {{- with .Values.katib.dbmanager.annotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+      containers:
+        - name: {{ include "kubeflow.katib.dbmanager.baseName" . }}
+          image: {{ include "kubeflow.katib.dbmanager.image" . }} # docker.io/kubeflowkatib/katib-db-manager
+          env:
+            {{- include "kubeflow.katib.dbmanager.config.db.driver.env.spec" . | nindent 12 }}
+            {{- include "kubeflow.katib.dbmanager.config.db.host.env.spec" . | nindent 12 }}
+            {{- include "kubeflow.katib.dbmanager.config.db.port.env.spec" . | nindent 12 }}
+            {{- include "kubeflow.katib.dbmanager.config.db.databaseName.env.spec" . | nindent 12 }}
+            {{- include "kubeflow.katib.dbmanager.config.db.user.env.spec" . | nindent 12 }}
+            {{- include "kubeflow.katib.dbmanager.config.db.password.env.spec" . | nindent 12 }}
+          command:
+            - "./katib-db-manager"
+          ports:
+            - name: api
+              containerPort: 6789
+          livenessProbe:
+            grpc:
+              port: 6789
+            initialDelaySeconds: 10
+            periodSeconds: 60
+            failureThreshold: 5
+      {{- with .Values.katib.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/db-manager/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/db-manager/service.yaml
new file mode 100644
index 00000000..61c101d9
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/db-manager/service.yaml
@@ -0,0 +1,24 @@
+{{- if (include "kubeflow.katib.enabled" . | eq "true") -}}
+{{- if (include "kubeflow.katib.dbmanager.enabled" . | eq "true") -}}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  {{- with .Values.katib.dbmanager.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.katib.dbmanager.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.dbmanager.svc.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  type: {{ .Values.katib.dbmanager.service.type }}
+  ports:
+    - port: 6789
+      protocol: TCP
+      name: api
+  selector:
+    {{- include "kubeflow.katib.dbmanager.selectorLabels" . | nindent 4 }}
+{{- end }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/authorizationpolicy.yaml
new file mode 100644
index 00000000..eec5f552
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/authorizationpolicy.yaml
@@ -0,0 +1,22 @@
+{{- if (include "kubeflow.katib.ui.createIstioIntegrationObjects" .) -}}
+
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.katib.ui.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.ui.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "kubeflow.katib.ui.selectorLabels" . | nindent 6 }}
+  rules:
+  - from:
+    - source:
+        namespaces:
+        # in upstream this is directly the istio-ingressgateway service account
+        # apps/katib/upstream/installs/katib-with-kubeflow/istio-authorizationpolicy.yaml
+        - {{ .Values.istioIntegration.ingressGatewayNamespace }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/deployment.yaml
new file mode 100644
index 00000000..247aa719
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/deployment.yaml
@@ -0,0 +1,52 @@
+{{- if (include "kubeflow.katib.enabled" . | eq "true") -}}
+{{- if (include "kubeflow.katib.ui.enabled" . | eq "true") -}}
+
+{{- $autoscalingEnabled := include "kubeflow.katib.ui.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.katib.ui.autoscaling.minReplicas" . -}}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.katib.ui.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.ui.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.katib.ui.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      labels:
+        {{- include "kubeflow.katib.ui.selectorLabels" . | nindent 8 }}
+      {{- with .Values.katib.ui.annotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+      containers:
+        - name: {{ include "kubeflow.katib.ui.baseName" . }}
+          image: {{ include "kubeflow.katib.ui.image" . }} # kubeflowkatib/katib-ui
+          command:
+            - "./katib-ui"
+          args:
+            - "--port=8080"
+          env:
+            - name: KATIB_CORE_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: APP_DISABLE_AUTH
+              value: 'false'
+          ports:
+            - name: ui
+              containerPort: 8080
+      serviceAccountName: {{ include "kubeflow.katib.ui.serviceAccountName" . }}
+
+{{- end }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/rbac/clusterrole.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/rbac/clusterrole.yaml
new file mode 100644
index 00000000..684b80da
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/rbac/clusterrole.yaml
@@ -0,0 +1,44 @@
+{{- if (include "kubeflow.katib.enabled" . | eq "true") -}}
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  labels:
+    {{- include "kubeflow.katib.ui.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.ui.mainClusterRoleName" . }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - namespaces
+    verbs:
+      - "*"
+  - apiGroups:
+      - kubeflow.org
+    resources:
+      - experiments
+      - trials
+      - suggestions
+    verbs:
+      - "*"
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - list
+  - apiGroups:
+      - ""
+    resources:
+      - pods/log
+    verbs:
+      - get
+  # the following only in multi-user mode
+  - apiGroups:
+      - authorization.k8s.io
+    resources:
+      - subjectaccessreviews
+    verbs:
+      - create
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/rbac/clusterrolebinding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/rbac/clusterrolebinding.yaml
new file mode 100644
index 00000000..03faad7d
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/rbac/clusterrolebinding.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.katib.enabled" . | eq "true") -}}
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  labels:
+    {{- include "kubeflow.katib.ui.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.ui.mainClusterRoleBindingName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kubeflow.katib.ui.mainClusterRoleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kubeflow.katib.ui.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/rbac/serviceaccount.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/rbac/serviceaccount.yaml
new file mode 100644
index 00000000..5539ff04
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/rbac/serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- if (include "kubeflow.katib.enabled" . | eq "true") -}}
+{{- if (include "kubeflow.katib.ui.createServiceAccount" . | eq "true") -}}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.katib.ui.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4}}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.katib.ui.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.ui.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/service.yaml
new file mode 100644
index 00000000..e90780e9
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/service.yaml
@@ -0,0 +1,25 @@
+{{- if (include "kubeflow.katib.enabled" . | eq "true") -}}
+{{- if (include "kubeflow.katib.ui.enabled" . | eq "true") -}}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  {{- with .Values.katib.ui.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.katib.ui.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.ui.svc.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      protocol: TCP
+      name: ui
+      targetPort: 8080
+  selector:
+    {{- include "kubeflow.katib.ui.selectorLabels" . | nindent 4 }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/virtualservice.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/virtualservice.yaml
new file mode 100644
index 00000000..e55ca465
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/ui/virtualservice.yaml
@@ -0,0 +1,38 @@
+{{- if (include "kubeflow.katib.ui.createIstioIntegrationObjects" .) -}}
+
+# apps/katib/upstream/installs/katib-with-kubeflow/ui-virtual-service.yaml
+
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  labels:
+    {{- include "kubeflow.katib.ui.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.ui.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  gateways:
+    - {{ .Values.katib.istioIntegration.gateway.name }}
+  hosts:
+    - '*'
+  http:
+    - match:
+        - uri:
+            prefix: {{ .Values.katib.urlPrefix }}  # upstream contains trailing forward slash
+      rewrite:
+        uri: {{ .Values.katib.urlPrefix }}  # upstream contains trailing forward slash
+      route:
+        - destination:
+            host: {{ include "kubeflow.katib.ui.svc.fqdn" . }}
+            port:
+              number: 80
+      # maybe we don't need this...
+      headers:
+        request:
+          add:
+            x-forwarded-prefix: {{ .Values.katib.urlPrefix }}
+            Tracing-Context: {{ include "kubeflow.katib.ui.baseName" . }}
+        response:
+          add:
+            Tracing-Context: {{ include "kubeflow.katib.ui.baseName" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/user-roles/clusterrole.kubeflow-katib-admin.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/user-roles/clusterrole.kubeflow-katib-admin.yaml
new file mode 100644
index 00000000..6b2c6d1c
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/user-roles/clusterrole.kubeflow-katib-admin.yaml
@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.adminClusterRoleName" . }}
+aggregationRule:
+  clusterRoleSelectors:
+    - matchLabels:
+        {{- include "kubeflow.katib.adminClusterRoleLabel" . | nindent 8 }}
+rules: []
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/user-roles/clusterrole.kubeflow-katib-edit.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/user-roles/clusterrole.kubeflow-katib-edit.yaml
new file mode 100644
index 00000000..5d0abdb0
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/user-roles/clusterrole.kubeflow-katib-edit.yaml
@@ -0,0 +1,35 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.katib.adminClusterRoleLabel" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.editClusterRoleName" . }}
+rules:
+  - apiGroups:
+      - kubeflow.org
+    resources:
+      - experiments
+      - trials
+      - suggestions
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - delete
+      - deletecollection
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - list
+  - apiGroups:
+      - ""
+    resources:
+      - pods/log
+    verbs:
+      - get
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/user-roles/clusterrole.kubeflow-katib-view.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/user-roles/clusterrole.kubeflow-katib-view.yaml
new file mode 100644
index 00000000..c82d58f9
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/katib/user-roles/clusterrole.kubeflow-katib-view.yaml
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.kubeflowRoles.kubernetesViewRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.viewClusterRoleName" . }}
+rules:
+  - apiGroups:
+      - kubeflow.org
+    resources:
+      - experiments
+      - trials
+      - suggestions
+    verbs:
+      - get
+      - list
+      - watch
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/istio.authrizationpolicies.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/istio.authrizationpolicies.yaml
new file mode 100644
index 00000000..d9ac47bc
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/istio.authrizationpolicies.yaml
@@ -0,0 +1,41 @@
+{{- if (include "kubeflow.knativeIntegration.createIstioIntegrationObjects" .) }}
+---
+{{ include "istio.authorizationPolicy" (dict
+  "name" "activator-service"
+  "namespace" .Values.knativeIntegration.knativeServing.namespace
+  "action" "ALLOW"
+  "labels" (dict "app" "activator"))
+}}
+
+---
+{{ include "istio.authorizationPolicy" (dict
+  "name" "autoscaler"
+  "namespace" .Values.knativeIntegration.knativeServing.namespace
+  "action" "ALLOW"
+  "labels" (dict "app" "autoscaler"))
+}}
+
+---
+{{ include "istio.authorizationPolicy" (dict
+  "name" "controller"
+  "namespace" .Values.knativeIntegration.knativeServing.namespace
+  "action" "ALLOW"
+  "labels" (dict "app" "controller"))
+}}
+
+---
+{{ include "istio.authorizationPolicy" (dict
+  "name" "istio-webhook"
+  "namespace" .Values.knativeIntegration.knativeServing.namespace
+  "action" "ALLOW"
+  "labels" (dict "app" "net-istio-webhook"))
+}}
+
+---
+{{ include "istio.authorizationPolicy" (dict
+  "name" "webhook"
+  "namespace" .Values.knativeIntegration.knativeServing.namespace
+  "action" "ALLOW"
+  "labels" (dict "role" "webhook"))
+}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/istio.destinationrules.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/istio.destinationrules.yaml
new file mode 100644
index 00000000..7bd24f81
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/istio.destinationrules.yaml
@@ -0,0 +1,16 @@
+{{/*
+DestinationRule for mTLS 
+*/}}
+{{- if (include "kubeflow.knativeIntegration.createIstioIntegrationObjects" .) }}
+
+apiVersion: "networking.istio.io/v1alpha3"
+kind: DestinationRule
+metadata:
+  name: knative
+  namespace: {{ .Values.knativeIntegration.knativeServing.namespace }}
+spec:
+  host: "*.{{ .Values.knativeIntegration.knativeServing.namespace }}.svc.cluster.local"
+  trafficPolicy:
+    tls:
+      mode: ISTIO_MUTUAL
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/operator.knative.eventing.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/operator.knative.eventing.yaml
new file mode 100644
index 00000000..9722fdf8
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/operator.knative.eventing.yaml
@@ -0,0 +1,11 @@
+{{- if (include "kubeflow.knativeIntegration.knativeEventing.enabled" .) }}
+
+apiVersion: operator.knative.dev/v1beta1
+kind: KnativeEventing
+metadata:
+  name: {{ .Values.knativeIntegration.knativeEventing.name }}
+  namespace: {{ .Values.knativeIntegration.knativeEventing.namespace }}
+spec:
+  {{- toYaml .Values.knativeIntegration.knativeEventing.operatorSpec | nindent 2 -}}
+{{- end }}
+
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/operator.knative.serving.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/operator.knative.serving.yaml
new file mode 100644
index 00000000..b9dac742
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/knative-integration/operator.knative.serving.yaml
@@ -0,0 +1,10 @@
+{{- if (include "kubeflow.knativeIntegration.knativeServing.enabled" .) }}
+
+apiVersion: operator.knative.dev/v1beta1
+kind: KnativeServing
+metadata:
+  name: {{ .Values.knativeIntegration.knativeServing.name }}
+  namespace: {{ .Values.knativeIntegration.knativeServing.namespace }}
+spec:
+  {{- toYaml .Values.knativeIntegration.knativeServing.operatorSpec | nindent 2 -}}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/authorizationpolicy.yaml
new file mode 100644
index 00000000..35f11e40
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/authorizationpolicy.yaml
@@ -0,0 +1,21 @@
+{{- if (include "kubeflow.kserveModelsWebApp.enabled" . | eq "true") -}}
+
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.kserveModelsWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.kserveModelsWebApp.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  action: ALLOW
+  selector:
+    matchLabels:
+      {{- include "kubeflow.kserveModelsWebApp.selectorLabels" . | nindent 6 }}
+  rules:
+  - from:
+    - source:
+        namespaces:
+        - {{ .Values.istioIntegration.ingressGatewayNamespace }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/cluster-role-binding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/cluster-role-binding.yaml
new file mode 100644
index 00000000..186102bf
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/cluster-role-binding.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.kserveModelsWebApp.enabled" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    {{- include "kubeflow.kserveModelsWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.kserveModelsWebApp.mainClusterRoleBindingName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kubeflow.kserveModelsWebApp.mainClusterRoleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kubeflow.kserveModelsWebApp.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/cluster-role.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/cluster-role.yaml
new file mode 100644
index 00000000..1b8c7b14
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/cluster-role.yaml
@@ -0,0 +1,55 @@
+{{- if (include "kubeflow.kserveModelsWebApp.rbac.createRole" . | eq "true" ) -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.kserveModelsWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.kserveModelsWebApp.mainClusterRoleName" . }}
+rules:
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  - pods
+  - pods/log
+  - events
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - serving.kserve.io
+  resources:
+  - inferenceservices
+  - inferenceservices/status
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - delete
+  - deletecollection
+  - patch
+  - update
+- apiGroups:
+  - serving.knative.dev
+  resources:
+  - services
+  - services/status
+  - routes
+  - routes/status
+  - configurations
+  - configurations/status
+  - revisions
+  - revisions/status
+  verbs:
+  - get
+  - list
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/cm.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/cm.yaml
new file mode 100644
index 00000000..a7e27018
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/cm.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.kserveModelsWebApp.enabled" . | eq "true" ) -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    {{- include "kubeflow.kserveModelsWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.kserveModelsWebApp.configMapName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+data:
+  APP_DISABLE_AUTH: "True"
+  USERID_HEADER: {{ .Values.auth.userHeaderName | quote }}
+  APP_PREFIX: "{{ .Values.kserveModelsWebApp.config.urlPrefix }}"
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/deployment.yaml
new file mode 100644
index 00000000..b1bbe6ef
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/deployment.yaml
@@ -0,0 +1,79 @@
+{{- if (include "kubeflow.kserveModelsWebApp.enabled" . | eq "true") -}}
+
+{{- $autoscalingEnabled := include "kubeflow.kserveModelsWebApp.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.kserveModelsWebApp.autoscaling.minReplicas" . -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "kubeflow.kserveModelsWebApp.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.kserveModelsWebApp.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      labels:
+        {{- include "kubeflow.kserveModelsWebApp.selectorLabels" . | nindent 8 }}
+
+    spec:
+      containers:
+      - image: {{ include "kubeflow.kserveModelsWebApp.image" . }}
+        imagePullPolicy: {{ include "kubeflow.kserveModelsWebApp.imagePullPolicy" . }}
+        name: {{ include "kubeflow.kserveModelsWebApp.baseName" . }}
+        {{- with .Values.kserveModelsWebApp.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+        envFrom:
+          - configMapRef:
+              name: {{ include "kubeflow.kserveModelsWebApp.configMapName" . }}
+        ports:
+        - containerPort: 5000
+          name: http
+        livenessProbe:
+          httpGet:
+            path: /healthz/liveness
+            port: http
+          initialDelaySeconds: 0
+          periodSeconds: 10
+          timeoutSeconds: 1
+          failureThreshold: 3
+          successThreshold: 1
+        readinessProbe:
+          httpGet:
+            path: /healthz/readiness
+            port: http
+          initialDelaySeconds: 0
+          periodSeconds: 10
+          timeoutSeconds: 1
+          failureThreshold: 3
+          successThreshold: 1
+      serviceAccountName: {{ include "kubeflow.kserveModelsWebApp.serviceAccountName" . }}
+      {{- with include "kubeflow.kserveModelsWebApp.nodeSelector" . }}
+      nodeSelector:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.kserveModelsWebApp.tolerations" . }}
+      tolerations:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.kserveModelsWebApp.affinity" . }}
+      affinity:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.kserveModelsWebApp.topologySpreadConstraints" . }}
+      topologySpreadConstraints:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/service-account.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/service-account.yaml
new file mode 100644
index 00000000..2ac59c06
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/service-account.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.kserveModelsWebApp.createServiceAccount" . | eq "true") -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.kserveModelsWebApp.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.kserveModelsWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.kserveModelsWebApp.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/service.yaml
new file mode 100644
index 00000000..8a30246e
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/service.yaml
@@ -0,0 +1,24 @@
+{{- if (include "kubeflow.kserveModelsWebApp.enabled" . | eq "true") -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  {{- with .Values.kserveModelsWebApp.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.kserveModelsWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.kserveModelsWebApp.svc.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: 5000
+  selector:
+    {{- include "kubeflow.kserveModelsWebApp.selectorLabels" . | nindent 4 }}
+  type: {{ .Values.kserveModelsWebApp.service.type }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/virtual-service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/virtual-service.yaml
new file mode 100644
index 00000000..b93c6adf
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kserve-models-web-app/virtual-service.yaml
@@ -0,0 +1,25 @@
+{{- if (include "kubeflow.kserveModelsWebApp.enabled" . | eq "true") -}}
+
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: {{ include "kubeflow.kserveModelsWebApp.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  gateways:
+  - {{ include "kubeflow.namespace" . }}/{{ .Values.istioIntegration.gateway.name }}
+  hosts:
+  - '*'
+  http:
+  - match:
+    - uri:
+        prefix: {{ .Values.kserveModelsWebApp.config.urlPrefix }}/
+    rewrite:
+      uri: /
+    route:
+    - destination:
+        host: {{ include "kubeflow.kserveModelsWebApp.svc.name" . }}.{{ include "kubeflow.namespace" . }}.svc.cluster.local
+        port:
+          number: 80
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/kubeflow-roles/kubeflow-pipelines-roles.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kubeflow-roles/kubeflow-pipelines-roles.yaml
new file mode 100644
index 00000000..e8c8ae55
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kubeflow-roles/kubeflow-pipelines-roles.yaml
@@ -0,0 +1,146 @@
+# NOTE: IMPORTANT
+# We need to separate out actual rules from aggregation rules due to
+# https://github.com/kubernetes/kubernetes/issues/65171
+# TL;DR: We can't have both aggregation and rules in a [Cluster]Role. When that
+# is the case, the rules get ignored.
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.kubeflowRoles.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.kubeflowRoles.kubeflowPipelinesEditRoleName" . }}
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      {{- include "kubeflow.kubeflowRoles.kubeflowPipelinesEditRoleLabel" . | nindent 6 }}
+rules: []
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.kubeflowRoles.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowPipelinesEditRoleLabel" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowViewRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.kubeflowRoles.kubeflowPipelinesViewRoleName" . }}
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      {{- include "kubeflow.kubeflowRoles.kubeflowPipelinesViewRoleLabel" . | nindent 6 }}
+rules: []
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.kubeflowRoles.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowPipelinesEditRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.kubeflowRoles.aggregateToKubeflowPipelinesEditRoleName" . }}
+rules:
+- apiGroups:
+  - pipelines.kubeflow.org
+  resources:
+  - pipelines
+  - pipelines/versions
+  verbs:
+  - create
+  - delete
+  - update
+- apiGroups:
+  - pipelines.kubeflow.org
+  resources:
+  - experiments
+  verbs:
+  - archive
+  - create
+  - delete
+  - unarchive
+- apiGroups:
+  - pipelines.kubeflow.org
+  resources:
+  - runs
+  verbs:
+  - archive
+  - create
+  - delete
+  - retry
+  - terminate
+  - unarchive
+  - reportMetrics
+  - readArtifact
+- apiGroups:
+  - pipelines.kubeflow.org
+  resources:
+  - jobs
+  verbs:
+  - create
+  - delete
+  - disable
+  - enable
+- apiGroups:
+  - kubeflow.org
+  verbs:
+  - '*'
+  resources:
+  - scheduledworkflows
+- apiGroups:
+  - argoproj.io
+  verbs:
+  - '*'
+  resources:
+  - cronworkflows
+  - cronworkflows/finalizers
+  - workflows
+  - workflows/finalizers
+  - workfloweventbindings
+  - workflowtemplates
+  - workflowtaskresults
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.kubeflowRoles.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowPipelinesViewRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.kubeflowRoles.aggregateToKubeflowPipelinesViewRoleName" . }}
+rules:
+- apiGroups:
+  - pipelines.kubeflow.org
+  resources:
+  - pipelines
+  - pipelines/versions
+  - experiments
+  - jobs
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - pipelines.kubeflow.org
+  resources:
+  - runs
+  verbs:
+  - get
+  - list
+  - readArtifact
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - viewers
+  verbs:
+  - create
+  - get
+  - delete
+- apiGroups:
+  - pipelines.kubeflow.org
+  resources:
+  - visualizations
+  verbs:
+  - create
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/kubeflow-roles/kubeflow-roles.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kubeflow-roles/kubeflow-roles.yaml
new file mode 100644
index 00000000..80486ba8
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kubeflow-roles/kubeflow-roles.yaml
@@ -0,0 +1,43 @@
+# TODO: these roles should only be added in MULTIUSER mode.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.kubeflowRoles.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.kubeflowRoles.kubeflowAdminRoleName" . }}
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      {{- include "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" . | nindent 6 }}
+rules: []
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.kubeflowRoles.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.kubeflowRoles.kubeflowEditRoleName" . }}
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 6 }}
+rules: []
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.kubeflowRoles.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.kubeflowRoles.kubeflowViewRoleName" . }}
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      {{- include "kubeflow.kubeflowRoles.kubeflowViewRoleLabel" . | nindent 6 }}
+rules: []
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/kubeflow-roles/kubernetes-roles.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kubeflow-roles/kubernetes-roles.yaml
new file mode 100644
index 00000000..cce4366b
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/kubeflow-roles/kubernetes-roles.yaml
@@ -0,0 +1,296 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.kubeflowRoles.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.kubeflowRoles.kubernetesAdminRoleName" . }}
+rules:
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - localsubjectaccessreviews
+  verbs:
+  - create
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  - roles
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.kubeflowRoles.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.kubeflowRoles.kubernetesEditRoleName" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods/attach
+  - pods/exec
+  - pods/portforward
+  - pods/proxy
+  - secrets
+  - services/proxy
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  verbs:
+  - impersonate
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/attach
+  - pods/exec
+  - pods/portforward
+  - pods/proxy
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - patch
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - endpoints
+  - persistentvolumeclaims
+  - replicationcontrollers
+  - replicationcontrollers/scale
+  - secrets
+  - serviceaccounts
+  - services
+  - services/proxy
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - patch
+  - update
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  - deployments
+  - deployments/rollback
+  - deployments/scale
+  - replicasets
+  - replicasets/scale
+  - statefulsets
+  - statefulsets/scale
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - patch
+  - update
+- apiGroups:
+  - autoscaling
+  resources:
+  - horizontalpodautoscalers
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - patch
+  - update
+- apiGroups:
+  - batch
+  resources:
+  - cronjobs
+  - jobs
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - patch
+  - update
+- apiGroups:
+  - extensions
+  resources:
+  - daemonsets
+  - deployments
+  - deployments/rollback
+  - deployments/scale
+  - ingresses
+  - networkpolicies
+  - replicasets
+  - replicasets/scale
+  - replicationcontrollers/scale
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - patch
+  - update
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - patch
+  - update
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  - networkpolicies
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - patch
+  - update
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.kubeflowRoles.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowViewRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.kubeflowRoles.kubernetesViewRoleName" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - endpoints
+  - persistentvolumeclaims
+  - persistentvolumeclaims/status
+  - pods
+  - replicationcontrollers
+  - replicationcontrollers/scale
+  - serviceaccounts
+  - services
+  - services/status
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - bindings
+  - events
+  - limitranges
+  - namespaces/status
+  - pods/log
+  - pods/status
+  - replicationcontrollers/status
+  - resourcequotas
+  - resourcequotas/status
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - controllerrevisions
+  - daemonsets
+  - daemonsets/status
+  - deployments
+  - deployments/scale
+  - deployments/status
+  - replicasets
+  - replicasets/scale
+  - replicasets/status
+  - statefulsets
+  - statefulsets/scale
+  - statefulsets/status
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - autoscaling
+  resources:
+  - horizontalpodautoscalers
+  - horizontalpodautoscalers/status
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - batch
+  resources:
+  - cronjobs
+  - cronjobs/status
+  - jobs
+  - jobs/status
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - extensions
+  resources:
+  - daemonsets
+  - daemonsets/status
+  - deployments
+  - deployments/scale
+  - deployments/status
+  - ingresses
+  - ingresses/status
+  - networkpolicies
+  - replicasets
+  - replicasets/scale
+  - replicasets/status
+  - replicationcontrollers/scale
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  - poddisruptionbudgets/status
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  - ingresses/status
+  - networkpolicies
+  verbs:
+  - get
+  - list
+  - watch
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/authorizationpolicy.yaml
new file mode 100644
index 00000000..582fd634
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/authorizationpolicy.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.modelRegistry.createIstioIntegrationObjects" .) -}}
+
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.modelRegistry.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.modelRegistry.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  action: ALLOW
+  selector:
+    matchLabels:
+      {{- include "kubeflow.modelRegistry.selectorLabels" . | nindent 6 }}
+  rules:
+  - {}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/cm.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/cm.yaml
new file mode 100644
index 00000000..49178724
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/cm.yaml
@@ -0,0 +1,16 @@
+{{- if (include "kubeflow.modelRegistry.enabled" . | eq "true" ) -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    {{- include "kubeflow.modelRegistry.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.modelRegistry.configMapName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+data:
+  MODEL_REGISTRY_REST_SERVICE_HOST: "{{ include "kubeflow.modelRegistry.svc.name" . }}"
+  MODEL_REGISTRY_REST_SERVICE_PORT: "{{ .Values.modelRegistry.service.restPort }}"
+  MODEL_REGISTRY_GRPC_SERVICE_HOST: "{{ include "kubeflow.modelRegistry.svc.name" . }}"
+  MODEL_REGISTRY_GRPC_SERVICE_PORT: "{{ .Values.modelRegistry.service.grpcPort }}"
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/deployment.yaml
new file mode 100644
index 00000000..8580d239
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/deployment.yaml
@@ -0,0 +1,156 @@
+{{- if (include "kubeflow.modelRegistry.enabled" . | eq "true") -}}
+
+{{- $autoscalingEnabled := include "kubeflow.modelRegistry.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.modelRegistry.autoscaling.minReplicas" . -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.modelRegistry.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.modelRegistry.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.modelRegistry.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      {{- with .Values.modelRegistry.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "kubeflow.modelRegistry.selectorLabels" . | nindent 8 }}
+
+    spec:
+      containers:
+      - name: rest-container
+        image: {{ include "kubeflow.modelRegistry.rest.image" . }}
+        imagePullPolicy: {{ include "kubeflow.modelRegistry.rest.imagePullPolicy" . }}
+
+        command:
+          - /model-registry
+          - proxy
+        args:
+          - --hostname=0.0.0.0
+          - --port=$(MODEL_REGISTRY_REST_SERVICE_PORT)
+          - --mlmd-hostname=localhost
+          - --mlmd-port=$(MODEL_REGISTRY_GRPC_SERVICE_PORT)
+
+        envFrom:
+          - configMapRef:
+              name: {{ include "kubeflow.modelRegistry.configMapName" . }}
+
+        ports:
+          - name: http-api
+            containerPort: {{ .Values.modelRegistry.service.restPort }}
+
+        livenessProbe:
+          initialDelaySeconds: 30
+          periodSeconds: 5
+          tcpSocket:
+            port: http-api
+          timeoutSeconds: 2
+        readinessProbe:
+          initialDelaySeconds: 3
+          periodSeconds: 5
+          tcpSocket:
+            port: http-api
+          timeoutSeconds: 2
+
+        {{- with .Values.modelRegistry.rest.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        {{- with include "kubeflow.modelRegistry.rest.containerSecurityContext" . }}
+        securityContext:
+          {{- . | nindent 10 }}
+        {{- end }}
+
+      - name: grpc-container
+        image: {{ include "kubeflow.modelRegistry.grpc.image" . }}
+        imagePullPolicy: {{ include "kubeflow.modelRegistry.grpc.imagePullPolicy" . }}
+
+        command:
+          - /bin/metadata_store_server
+        args:
+          - "--grpc_port=$(MODEL_REGISTRY_GRPC_SERVICE_PORT)"
+          - "--mysql_config_user=$({{ include "kubeflow.modelRegistry.config.db.user.env.name" . }})"
+          - "--mysql_config_password=$({{ include "kubeflow.modelRegistry.config.db.password.env.name" . }})"
+          - "--mysql_config_host=$({{ include "kubeflow.modelRegistry.config.db.host.env.name" . }})"
+          - "--mysql_config_port=$({{ include "kubeflow.modelRegistry.config.db.port.env.name" . }})"
+          - "--mysql_config_database=$({{ include "kubeflow.modelRegistry.config.db.dbName.env.name" . }})"
+
+        env:
+          {{- include "kubeflow.modelRegistry.config.db.user.env.spec" . | nindent 10 }}
+          {{- include "kubeflow.modelRegistry.config.db.password.env.spec" . | nindent 10 }}
+          {{- include "kubeflow.modelRegistry.config.db.host.env.spec" . | nindent 10 }}
+          {{- include "kubeflow.modelRegistry.config.db.port.env.spec" . | nindent 10 }}
+          {{- include "kubeflow.modelRegistry.config.db.dbName.env.spec" . | nindent 10 }}
+
+        envFrom:
+          - configMapRef:
+              name: {{ include "kubeflow.modelRegistry.configMapName" . }}
+
+        ports:
+        - name: grpc-api
+          containerPort: {{ .Values.modelRegistry.service.grpcPort }}
+
+        livenessProbe:
+          tcpSocket:
+            port: grpc-api
+          initialDelaySeconds: 3
+          periodSeconds: 5
+          timeoutSeconds: 2
+        readinessProbe:
+          tcpSocket:
+            port: grpc-api
+          initialDelaySeconds: 3
+          periodSeconds: 5
+          timeoutSeconds: 2
+
+        {{- with .Values.modelRegistry.grpc.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        {{- with include "kubeflow.modelRegistry.grpc.containerSecurityContext" . }}
+        securityContext:
+          {{- . | nindent 10 }}
+        {{- end }}
+
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      serviceAccountName: {{ include "kubeflow.modelRegistry.serviceAccountName" . }}
+
+      {{- with include "kubeflow.modelRegistry.nodeSelector" . }}
+      nodeSelector:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.modelRegistry.tolerations" . }}
+      tolerations:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.modelRegistry.affinity" . }}
+      affinity:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.modelRegistry.topologySpreadConstraints" . }}
+      topologySpreadConstraints:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/destinationrule.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/destinationrule.yaml
new file mode 100644
index 00000000..80efb127
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/destinationrule.yaml
@@ -0,0 +1,16 @@
+{{- if (include "kubeflow.modelRegistry.createIstioIntegrationObjects" .) -}}
+
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  labels:
+    {{- include "kubeflow.modelRegistry.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.modelRegistry.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  host: {{ include "kubeflow.modelRegistry.svc.fqdn" . }}
+  trafficPolicy:
+    tls:
+      mode: ISTIO_MUTUAL
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/hpa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/hpa.yaml
new file mode 100644
index 00000000..cc2e572f
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/hpa.yaml
@@ -0,0 +1,36 @@
+{{- if (include "kubeflow.modelRegistry.autoscaling.enabled" . | eq "true") -}}
+
+{{- $componentName := include "kubeflow.modelRegistry.name" . -}}
+{{- $minReplicas := include "kubeflow.modelRegistry.autoscaling.minReplicas" . -}}
+{{- $maxReplicas := include "kubeflow.modelRegistry.autoscaling.maxReplicas" . -}}
+{{- $targetCPUUtilizationPercentage := include "kubeflow.modelRegistry.autoscaling.targetCPUUtilizationPercentage" . -}}
+{{- $targetMemoryUtilizationPercentage := include "kubeflow.modelRegistry.autoscaling.targetMemoryUtilizationPercentage" . -}}
+
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  labels:
+    {{- include "kubeflow.modelRegistry.labels" . | nindent 4 }}
+  name: {{ $componentName }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ $componentName }}
+  minReplicas: {{ $minReplicas }}
+  maxReplicas: {{ $maxReplicas }}
+  metrics:
+    {{- if $targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ $targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if $targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ $targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/poddisruptionbudget.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/poddisruptionbudget.yaml
new file mode 100644
index 00000000..2e0e639c
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/poddisruptionbudget.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.modelRegistry.pdb.create" . | eq "true") -}}
+
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    {{- include "kubeflow.modelRegistry.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.modelRegistry.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "kubeflow.modelRegistry.selectorLabels" . | nindent 6 }}
+  {{- with (include "kubeflow.modelRegistry.pdb.values" .) }}
+    {{- . | nindent 2 }}
+  {{- end }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/service.yaml
new file mode 100644
index 00000000..b241a303
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/service.yaml
@@ -0,0 +1,29 @@
+{{- if (include "kubeflow.modelRegistry.enabled" . | eq "true") -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  {{- with .Values.modelRegistry.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.modelRegistry.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.modelRegistry.svc.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+  - port: {{ .Values.modelRegistry.service.restPort }}
+    protocol: TCP
+    appProtocol: http
+    name: http-api
+  - port: {{ .Values.modelRegistry.service.grpcPort }}
+    protocol: TCP
+    appProtocol: grpc
+    name: grpc-api
+  selector:
+    {{- include "kubeflow.modelRegistry.selectorLabels" . | nindent 4 }}
+  sessionAffinity: None
+  type: {{ .Values.modelRegistry.service.type }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/serviceaccount.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/serviceaccount.yaml
new file mode 100644
index 00000000..92c609b7
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/serviceaccount.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.modelRegistry.createServiceAccount" . | eq "true") -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.modelRegistry.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4}}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.modelRegistry.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.modelRegistry.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/virtualservice.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/virtualservice.yaml
new file mode 100644
index 00000000..4364dfa2
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/model-registry/virtualservice.yaml
@@ -0,0 +1,36 @@
+{{- if (include "kubeflow.modelRegistry.createIstioIntegrationObjects" .) -}}
+
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  labels:
+    {{- include "kubeflow.modelRegistry.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.modelRegistry.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  gateways:
+  - {{ .Values.istioIntegration.gateway.name }}
+  hosts:
+  - '*'
+  http:
+  - match:
+    - uri:
+        prefix: {{ .Values.modelRegistry.config.rest.urlPrefix }}
+    route:
+    - destination:
+        host: {{ include "kubeflow.modelRegistry.svc.fqdn" . }}
+        port:
+          number: {{ .Values.modelRegistry.service.restPort }}
+  - match:
+    - port: {{ .Values.modelRegistry.service.grpcPort }}
+    - authority:
+        regex: {{ include "kubeflow.modelRegistry.svc.name" . }}(\..+)?(:{{ .Values.modelRegistry.service.grpcPort }})?
+    - uri:
+        prefix: {{ .Values.modelRegistry.config.grpc.urlPrefix }}
+    route:
+    - destination:
+        host: {{ include "kubeflow.modelRegistry.svc.fqdn" . }}
+        port:
+          number: {{ .Values.modelRegistry.service.grpcPort }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/admission-webhook.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/admission-webhook.yaml
new file mode 100644
index 00000000..8a080b19
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/admission-webhook.yaml
@@ -0,0 +1,30 @@
+{{- if (include "kubeflow.networkPolicies.enabled" .) -}}
+
+{{/*
+Admission Webhook is also known as PodDefaults.
+*/}}
+
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.admissionWebhook.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  podSelector:
+    matchExpressions:
+      - key: app.kubernetes.io/component
+        operator: In
+        values:
+          - {{ include "kubeflow.admissionWebhook.name" . }} # mutating webhook
+  # https://www.elastic.co/guide/en/cloud-on-k8s/1.1/k8s-webhook-network-policies.html
+  # The kubernetes api server must reach the webhook
+  ingress:
+    - ports:
+        - protocol: TCP
+          port: {{ .Values.admissionWebhook.service.targetPort }}
+  policyTypes:
+    - Ingress
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/centraldashboard.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/centraldashboard.yaml
new file mode 100644
index 00000000..319ae42c
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/centraldashboard.yaml
@@ -0,0 +1,29 @@
+{{- if (include "kubeflow.networkPolicies.enabled" .) -}}
+
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.centraldashboard.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  podSelector:
+    matchExpressions:
+      - key: app.kubernetes.io/component
+        operator: In
+        values:
+          - {{ include "kubeflow.centraldashboard.name" . }}
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchExpressions:
+              - key: kubernetes.io/metadata.name
+                operator: In
+                values:
+                  - {{ .Values.istioIntegration.ingressGatewayNamespace }}
+        - podSelector: {}
+  policyTypes:
+    - Ingress
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/default-allow-same-namespace.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/default-allow-same-namespace.yaml
new file mode 100644
index 00000000..2f4a76a2
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/default-allow-same-namespace.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.networkPolicies.enabled" .) -}}
+
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }}
+  name: default-allow-same-namespace
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  podSelector: {}
+  ingress:
+    - from:
+        - podSelector: {}
+  policyTypes:
+    - Ingress
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/katib-controller.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/katib-controller.yaml
new file mode 100644
index 00000000..56749591
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/katib-controller.yaml
@@ -0,0 +1,33 @@
+{{- if (include "kubeflow.networkPolicies.enabled" .) -}}
+
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.controller.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  podSelector:
+    matchExpressions:
+      - key: app.kubernetes.io/component
+        operator: In
+        values:
+          - {{ include "kubeflow.katib.name" . }}
+      - key: app.kubernetes.io/subcomponent
+        operator: In
+        values:
+          - {{ include "kubeflow.katib.controller.name" . }}
+  # https://www.elastic.co/guide/en/cloud-on-k8s/1.1/k8s-webhook-network-policies.html
+  # The kubernetes api server must reach the webhook
+  ingress:
+    - ports: # webhook
+        - protocol: TCP
+          port: {{ .Values.katib.controller.service.webhook.targetPort }}
+    - ports: # metrics
+        - protocol: TCP
+          port: {{ .Values.katib.controller.service.metrics.targetPort }}
+  policyTypes:
+    - Ingress
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/katib-db-manager.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/katib-db-manager.yaml
new file mode 100644
index 00000000..8b0ceff7
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/katib-db-manager.yaml
@@ -0,0 +1,34 @@
+{{- if (include "kubeflow.networkPolicies.enabled" .) -}}
+
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.dbmanager.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  podSelector:
+    matchExpressions:
+      # the metrics loggers write directly to this database
+      - key: app.kubernetes.io/component
+        operator: In
+        values:
+          - {{ include "kubeflow.katib.name" . }}
+      - key: app.kubernetes.io/subcomponent
+        operator: In
+        values:
+          - {{ include "kubeflow.katib.dbmanager.name" . }}
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchExpressions:
+              - key: app.kubernetes.io/part-of
+                operator: In
+                values:
+                  - kubeflow-profile
+        - podSelector: {} # allow all pods from the same namespace
+  policyTypes:
+    - Ingress
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/katib-ui.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/katib-ui.yaml
new file mode 100644
index 00000000..3d1ce28b
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/katib-ui.yaml
@@ -0,0 +1,32 @@
+{{- if (include "kubeflow.networkPolicies.enabled" .) -}}
+
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.katib.ui.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  podSelector:
+    matchExpressions:
+      - key: app.kubernetes.io/component
+        operator: In
+        values:
+          - {{ include "kubeflow.katib.name" . }}
+      - key: app.kubernetes.io/subcomponent
+        operator: In
+        values:
+          - {{ include "kubeflow.katib.ui.name" . }}
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchExpressions:
+              - key: kubernetes.io/metadata.name
+                operator: In
+                values:
+                  - {{ .Values.istioIntegration.ingressGatewayNamespace }}
+  policyTypes:
+    - Ingress
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/kserve-models-web-app.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/kserve-models-web-app.yaml
new file mode 100644
index 00000000..e10a2f6d
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/kserve-models-web-app.yaml
@@ -0,0 +1,28 @@
+{{- if (include "kubeflow.networkPolicies.enabled" .) -}}
+
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.kserveModelsWebApp.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  podSelector:
+    matchExpressions:
+      - key: app.kubernetes.io/component
+        operator: In
+        values:
+          - {{ include "kubeflow.kserveModelsWebApp.name" . }}
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchExpressions:
+              - key: kubernetes.io/metadata.name
+                operator: In
+                values:
+                  - {{ .Values.istioIntegration.ingressGatewayNamespace }}
+  policyTypes:
+    - Ingress
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-apiserver.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-apiserver.yaml
new file mode 100644
index 00000000..7cbd166a
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-apiserver.yaml
@@ -0,0 +1,38 @@
+{{- if (include "kubeflow.networkPolicies.enabled" .) -}}
+
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.mlPipeline.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  podSelector:
+    matchExpressions:
+      - key: app.kubernetes.io/component
+        operator: In
+        values:
+          - {{ include "kubeflow.pipelines.name" . }}
+      - key: app.kubernetes.io/subcomponent
+        operator: In
+        values:
+          - {{ include "kubeflow.pipelines.mlPipeline.name" . }}
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchExpressions:
+              - key: app.kubernetes.io/part-of
+                operator: In
+                values:
+                  - kubeflow-profile
+        - namespaceSelector:
+            matchExpressions:
+              - key: kubernetes.io/metadata.name
+                operator: In
+                values:
+                  - {{ .Values.istioIntegration.ingressGatewayNamespace }}
+  policyTypes:
+    - Ingress
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-cache.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-cache.yaml
new file mode 100644
index 00000000..59c8c7e5
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-cache.yaml
@@ -0,0 +1,30 @@
+{{- if (include "kubeflow.networkPolicies.enabled" .) -}}
+
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.cache.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  podSelector:
+    matchExpressions:
+      - key: app.kubernetes.io/component
+        operator: In
+        values:
+          - {{ include "kubeflow.pipelines.name" . }}
+      - key: app.kubernetes.io/subcomponent
+        operator: In
+        values:
+          - {{ include "kubeflow.pipelines.cache.name" . }} # mutating webhook
+  # https://www.elastic.co/guide/en/cloud-on-k8s/1.1/k8s-webhook-network-policies.html
+  # The kubernetes api server must reach the webhook
+  ingress:
+    - ports:
+        - protocol: TCP
+          port: {{ .Values.pipelines.cache.service.targetPort }}
+  policyTypes:
+    - Ingress
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-metadata-envoy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-metadata-envoy.yaml
new file mode 100644
index 00000000..0c0d70c5
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-metadata-envoy.yaml
@@ -0,0 +1,33 @@
+{{- if (include "kubeflow.networkPolicies.enabled" .) -}}
+
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.metadataEnvoy.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  podSelector:
+    matchExpressions:
+      - key: app.kubernetes.io/component
+        operator: In
+        values:
+          - {{ include "kubeflow.pipelines.name" . }}
+      - key: app.kubernetes.io/subcomponent
+        operator: In
+        values:
+          - {{ include "kubeflow.pipelines.metadataEnvoy.name" . }}
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchExpressions:
+              - key: kubernetes.io/metadata.name
+                operator: In
+                values:
+                  - {{ .Values.istioIntegration.ingressGatewayNamespace }}
+        - podSelector: {}
+  policyTypes:
+    - Ingress
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-metadata-grpc-server.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-metadata-grpc-server.yaml
new file mode 100644
index 00000000..b589b84a
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-metadata-grpc-server.yaml
@@ -0,0 +1,33 @@
+{{- if (include "kubeflow.networkPolicies.enabled" .) -}}
+
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.metadataGrpcServer.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  podSelector:
+    matchExpressions:
+      - key: app.kubernetes.io/component
+        operator: In
+        values:
+          - {{ include "kubeflow.pipelines.name" . }}
+      - key: app.kubernetes.io/subcomponent
+        operator: In
+        values:
+          - {{ include "kubeflow.pipelines.metadataGrpcServer.name" . }}
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchExpressions:
+              - key: app.kubernetes.io/part-of
+                operator: In
+                values:
+                  - kubeflow-profile
+        - podSelector: {} # allow all pods from the same namespace
+  policyTypes:
+    - Ingress
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-ui.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-ui.yaml
new file mode 100644
index 00000000..f3a15c20
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/ml-pipeline-ui.yaml
@@ -0,0 +1,32 @@
+{{- if (include "kubeflow.networkPolicies.enabled" .) -}}
+
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.ui.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  podSelector:
+    matchExpressions:
+      - key: app.kubernetes.io/component
+        operator: In
+        values:
+          - {{ include "kubeflow.pipelines.name" . }}
+      - key: app.kubernetes.io/subcomponent
+        operator: In
+        values:
+          - {{ include "kubeflow.pipelines.ui.name" . }}
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchExpressions:
+              - key: kubernetes.io/metadata.name
+                operator: In
+                values:
+                  - {{ .Values.istioIntegration.ingressGatewayNamespace }}
+  policyTypes:
+    - Ingress
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/model-registry.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/model-registry.yaml
new file mode 100644
index 00000000..6de89019
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/model-registry.yaml
@@ -0,0 +1,39 @@
+{{- if (include "kubeflow.networkPolicies.enabled" .) -}}
+
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.modelRegistry.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  podSelector:
+    matchExpressions:
+      - key: app.kubernetes.io/component
+        operator: In
+        values:
+          - {{ include "kubeflow.modelRegistry.name" . }}
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchExpressions:
+              - key: app.kubernetes.io/part-of
+                operator: In
+                values:
+                  - kubeflow-profile
+        - namespaceSelector:
+            matchExpressions:
+              - key: kubernetes.io/metadata.name
+                operator: In
+                values:
+                  - {{ .Values.istioIntegration.ingressGatewayNamespace }}
+      ports:
+        - port: {{ .Values.modelRegistry.service.restPort }}
+          protocol: TCP
+        - port: {{ .Values.modelRegistry.service.grpcPort }}
+          protocol: TCP
+  policyTypes:
+    - Ingress
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/notebooks-jupyter-web-app.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/notebooks-jupyter-web-app.yaml
new file mode 100644
index 00000000..cec14c84
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/notebooks-jupyter-web-app.yaml
@@ -0,0 +1,33 @@
+{{- if (include "kubeflow.networkPolicies.enabled" .) -}}
+
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.jupyterWebApp.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  podSelector:
+    matchExpressions:
+      - key: app.kubernetes.io/component
+        operator: In
+        values:
+          - {{ include "kubeflow.notebooks.name" . }}
+      - key: app.kubernetes.io/subcomponent
+        operator: In
+        values:
+          - {{ include "kubeflow.notebooks.jupyterWebApp.name" . }}
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchExpressions:
+              - key: kubernetes.io/metadata.name
+                operator: In
+                values:
+                  - {{ .Values.istioIntegration.ingressGatewayNamespace }}
+        - podSelector: {}
+  policyTypes:
+    - Ingress
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/notebooks-pvcviewer.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/notebooks-pvcviewer.yaml
new file mode 100644
index 00000000..2d2cbec1
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/notebooks-pvcviewer.yaml
@@ -0,0 +1,30 @@
+{{- if (include "kubeflow.networkPolicies.enabled" .) -}}
+
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.pvcviewerController.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  podSelector:
+    matchExpressions:
+      - key: app.kubernetes.io/component
+        operator: In
+        values:
+          - {{ include "kubeflow.notebooks.name" . }}
+      - key: app.kubernetes.io/subcomponent
+        operator: In
+        values:
+          - {{ include "kubeflow.notebooks.pvcviewerController.name" . }}
+  # https://www.elastic.co/guide/en/cloud-on-k8s/1.1/k8s-webhook-network-policies.html
+  # The kubernetes api server must reach the webhook
+  ingress:
+    - ports:
+        - protocol: TCP
+          port: {{ include "kubeflow.notebooks.pvcviewerController.webhook.port" . }}
+  policyTypes:
+    - Ingress
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/notebooks-volumes-web-app.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/notebooks-volumes-web-app.yaml
new file mode 100644
index 00000000..f6cc2989
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/notebooks-volumes-web-app.yaml
@@ -0,0 +1,33 @@
+{{- if (include "kubeflow.networkPolicies.enabled" .) -}}
+
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.volumesWebApp.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  podSelector:
+    matchExpressions:
+      - key: app.kubernetes.io/component
+        operator: In
+        values:
+          - {{ include "kubeflow.notebooks.name" . }}
+      - key: app.kubernetes.io/subcomponent
+        operator: In
+        values:
+          - {{ include "kubeflow.notebooks.volumesWebApp.name" . }}
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchExpressions:
+              - key: kubernetes.io/metadata.name
+                operator: In
+                values:
+                  - {{ .Values.istioIntegration.ingressGatewayNamespace }}
+        - podSelector: {}
+  policyTypes:
+    - Ingress
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/tensorboards-web-app.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/tensorboards-web-app.yaml
new file mode 100644
index 00000000..2d82dfb6
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/tensorboards-web-app.yaml
@@ -0,0 +1,35 @@
+{{- if (include "kubeflow.networkPolicies.enabled" .) -}}
+
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  podSelector:
+    matchExpressions:
+      - key: app.kubernetes.io/component
+        operator: In
+        values:
+          - {{ include "kubeflow.tensorboard.name" . }}
+      - key: app.kubernetes.io/subcomponent
+        operator: In
+        values:
+          - {{ include "kubeflow.tensorboard.tensorboardsWebApp.name" . }}
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchExpressions:
+              - key: kubernetes.io/metadata.name
+                operator: In
+                values:
+                  - {{ .Values.istioIntegration.ingressGatewayNamespace }}
+      ports:
+        - protocol: TCP
+          port: {{ .Values.tensorboard.tensorboardsWebApp.service.targetPort }}
+  policyTypes:
+    - Ingress
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/training-operator-webhook.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/training-operator-webhook.yaml
new file mode 100644
index 00000000..63f8914f
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/networkpolicies/training-operator-webhook.yaml
@@ -0,0 +1,26 @@
+{{- if (include "kubeflow.networkPolicies.enabled" .) -}}
+
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.networkPolicies.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.trainingOperator.name" . }}-webhook
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  podSelector:
+    matchExpressions:
+    - key: app.kubernetes.io/component
+      operator: In
+      values:
+      - {{ include "kubeflow.trainingOperator.name" . }}
+  # https://www.elastic.co/guide/en/cloud-on-k8s/1.1/k8s-webhook-network-policies.html
+  # The kubernetes api server must reach the webhook
+  ingress:
+  - ports:
+    - protocol: TCP
+      port: {{ include "kubeflow.notebooks.pvcviewerController.webhook.port" . }}
+  policyTypes:
+  - Ingress
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/deployment.yaml
new file mode 100644
index 00000000..e3d4808b
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/deployment.yaml
@@ -0,0 +1,71 @@
+{{- if (include "kubeflow.notebooks.controller.enabled" . | eq "true") -}}
+
+{{- $autoscalingEnabled := include "kubeflow.notebooks.controller.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.notebooks.controller.autoscaling.minReplicas" . -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.controller.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.notebooks.controller.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      labels:
+        {{- include "kubeflow.notebooks.controller.selectorLabels" . | nindent 8 }}
+
+    spec:
+      containers:
+      - name: {{ include "kubeflow.notebooks.controller.baseName" . }}
+        image: {{ include "kubeflow.notebooks.controller.image" . }}
+        imagePullPolicy: {{ include "kubeflow.notebooks.controller.imagePullPolicy" . }}
+
+        command:
+          - /manager
+
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 8081
+          initialDelaySeconds: 5
+          periodSeconds: 10
+
+        env:
+          - name: USE_ISTIO
+            value: {{ .Values.istioIntegration.enabled | quote }}
+          - name: ISTIO_GATEWAY
+            value: {{ include "kubeflow.namespace" . }}/{{ .Values.istioIntegration.gateway.name }}
+          - name: ISTIO_HOST
+            value: "*"
+          - name: CLUSTER_DOMAIN
+            value: {{ .Values.clusterDomain }}
+          - name: ENABLE_CULLING
+            value: {{ .Values.notebooks.controller.config.culling.enabled | quote }}
+          - name: CULL_IDLE_TIME
+            value: {{ .Values.notebooks.controller.config.culling.idleTimeMinutes | quote }}
+          - name: IDLENESS_CHECK_PERIOD
+            value: {{ .Values.notebooks.controller.config.culling.idleCheckPeriodMinutes | quote }}
+
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "kubeflow.notebooks.controller.serviceAccountName" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/clusterrole.main.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/clusterrole.main.yaml
new file mode 100644
index 00000000..4eabbe6e
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/clusterrole.main.yaml
@@ -0,0 +1,55 @@
+{{- if (include "kubeflow.notebooks.controller.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.controller.mainClusterRoleName" . }}
+rules:
+- apiGroups:
+  - apps
+  resources:
+  - statefulsets
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - '*'
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - notebooks
+  - notebooks/finalizers
+  - notebooks/status
+  verbs:
+  - '*'
+- apiGroups:
+  - networking.istio.io
+  resources:
+  - virtualservices
+  verbs:
+  - '*'
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/clusterrolebinding.main.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/clusterrolebinding.main.yaml
new file mode 100644
index 00000000..ae2b88a2
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/clusterrolebinding.main.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.notebooks.controller.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.controller.mainClusterRoleBindingName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kubeflow.notebooks.controller.mainClusterRoleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kubeflow.notebooks.controller.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/clusterroles.user.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/clusterroles.user.yaml
new file mode 100644
index 00000000..fba2a5b4
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/clusterroles.user.yaml
@@ -0,0 +1,62 @@
+{{- if (include "kubeflow.notebooks.controller.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.controller.kfNbAdminClusterRoleName" . }}
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      {{- include "kubeflow.notebooks.controller.kfNbAdminClusterRoleLabel" . | nindent 6 }}
+rules: []
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 4 }}
+    {{- include "kubeflow.notebooks.controller.kfNbAdminClusterRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.controller.kfNbEditClusterRoleName" . }}
+rules:
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - notebooks
+  - notebooks/status
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - delete
+  - deletecollection
+  - patch
+  - update
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowViewRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.controller.kfNbViewClusterRoleName" . }}
+rules:
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - notebooks
+  - notebooks/status
+  verbs:
+  - get
+  - list
+  - watch
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/role.leader-election.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/role.leader-election.yaml
new file mode 100644
index 00000000..d25471a0
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/role.leader-election.yaml
@@ -0,0 +1,38 @@
+{{- if (include "kubeflow.notebooks.controller.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.controller.leaderElectionRoleName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - configmaps/status
+  verbs:
+  - get
+  - update
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/rolebinding.leader-election.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/rolebinding.leader-election.yaml
new file mode 100644
index 00000000..484fdae7
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/rolebinding.leader-election.yaml
@@ -0,0 +1,19 @@
+{{- if (include "kubeflow.notebooks.controller.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.controller.leaderElectionRoleBindingName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "kubeflow.notebooks.controller.leaderElectionRoleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kubeflow.notebooks.controller.serviceAccountName" .}}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/serviceaccount.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/serviceaccount.yaml
new file mode 100644
index 00000000..b70de3c9
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/rbac/serviceaccount.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.notebooks.controller.createServiceAccount" . | eq "true") -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.notebooks.controller.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4}}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.controller.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/service.yaml
new file mode 100644
index 00000000..a691d5b4
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/controller/service.yaml
@@ -0,0 +1,22 @@
+{{- if (include "kubeflow.notebooks.controller.enabled" . | eq "true") -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  {{- with .Values.notebooks.controller.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.controller.svc.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+  - port: 443
+  selector:
+    {{- include "kubeflow.notebooks.controller.selectorLabels" . | nindent 4 }}
+  sessionAffinity: None
+  type: {{ .Values.notebooks.controller.service.type }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/NOTES.txt b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/NOTES.txt
new file mode 100644
index 00000000..2e8a9be5
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/NOTES.txt
@@ -0,0 +1 @@
+The Role and RoleBinding were not added because of https://github.com/kubeflow/manifests/issues/2601
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/authorizationpolicy.extAuth.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/authorizationpolicy.extAuth.yaml
new file mode 100644
index 00000000..0a119299
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/authorizationpolicy.extAuth.yaml
@@ -0,0 +1,29 @@
+{{- if and
+  (include "kubeflow.notebooks.jupyterWebApp.createIstioIntegrationObjects" . | eq "true")
+  (include "kubeflow.istioIntegration.authorizationMode.granular" . | eq "true")
+-}}
+
+# NOTE: this AuthorizationPolicy forces traffic through ext authz http extension
+# so we don't have to provide configuration to allow traffic only from
+# istio-ingressgateway. The .spec.rules.to.operations.notPaths is configured for
+# CloudFlare integration and allows only static, non-secret assets to be
+# accessible without the Istio Auth.
+
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.jupyterWebApp.authorizationPolicyExtAuthName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  action: CUSTOM
+  provider:
+    name: {{ .Values.istioIntegration.envoyExtAuthzHttpExtensionProviderName }}
+  rules:
+    - {}
+  selector:
+    matchLabels:
+      {{- include "kubeflow.notebooks.jupyterWebApp.selectorLabels" . | nindent 6 }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/authorizationpolicy.yaml
new file mode 100644
index 00000000..8e35226b
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/authorizationpolicy.yaml
@@ -0,0 +1,20 @@
+{{- if (include "kubeflow.notebooks.jupyterWebApp.createIstioIntegrationObjects" .) -}}
+
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.jupyterWebApp.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "kubeflow.notebooks.jupyterWebApp.selectorLabels" . | nindent 6 }}
+  rules:
+  - from:
+    - source:
+        namespaces:
+        - {{ .Values.istioIntegration.ingressGatewayNamespace }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cluster-role-binding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cluster-role-binding.yaml
new file mode 100644
index 00000000..aabda11d
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cluster-role-binding.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.notebooks.jupyterWebApp.rbac.createRoles" . | eq "true" ) -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.jupyterWebApp.mainClusterRoleBindingName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kubeflow.notebooks.jupyterWebApp.mainClusterRoleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kubeflow.notebooks.jupyterWebApp.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cluster-role.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cluster-role.yaml
new file mode 100644
index 00000000..c80c7615
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cluster-role.yaml
@@ -0,0 +1,123 @@
+{{- if (include "kubeflow.notebooks.jupyterWebApp.rbac.createRoles" . | eq "true" ) -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.jupyterWebApp.mainClusterRoleName" . }}
+rules:
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - notebooks
+  - notebooks/finalizers
+  - poddefaults
+  verbs:
+  - get
+  - list
+  - create
+  - delete
+  - patch
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - events
+  - nodes
+  verbs:
+  - list
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/log
+  verbs:
+  - list
+  - get
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.jupyterWebApp.kfNbUiAdminClusterRoleName" . }}
+rules: []
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.jupyterWebApp.kfNbUiEditClusterRoleName" . }}
+rules:
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - notebooks
+  - notebooks/finalizers
+  - poddefaults
+  verbs:
+  - get
+  - list
+  - create
+  - delete
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowViewRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.jupyterWebApp.kfNbUiViewClusterRoleName" . }}
+rules:
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - notebooks
+  - notebooks/finalizers
+  - poddefaults
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+  - watch
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cm.logos.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cm.logos.yaml
new file mode 100644
index 00000000..14a24039
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cm.logos.yaml
@@ -0,0 +1,229 @@
+{{- if (include "kubeflow.notebooks.jupyterWebApp.logos.createConfigMap" . | eq "true" ) -}}
+
+{{- $jupyterIconSvg := .Values.notebooks.jupyterWebApp.logos.icons.jupyterIconSvg -}}
+{{- $jupyterLabLogoSvg := .Values.notebooks.jupyterWebApp.logos.icons.jupyterLabLogoSvg -}}
+{{- $groupOneLogoSvg := .Values.notebooks.jupyterWebApp.logos.icons.groupOneLogoSvg -}}
+{{- $groupOneIconSvg := .Values.notebooks.jupyterWebApp.logos.icons.groupOneIconSvg -}}
+{{- $groupTwoIconSvg := .Values.notebooks.jupyterWebApp.logos.icons.groupTwoIconSvg -}}
+{{- $groupTwoLogoSvg := .Values.notebooks.jupyterWebApp.logos.icons.groupTwoLogoSvg -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.jupyterWebApp.logos.configMapName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+data:
+  jupyter-icon.svg: |
+    {{- if $jupyterIconSvg }}
+    {{- $jupyterIconSvg | nindent 4 }}
+    {{ else }}
+    <svg width="44" height="51" viewBox="0 0 44 51" version="2.0" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:figma="http://www.figma.com/figma/ns">
+    <desc>Created using Figma 0.90</desc>
+    <g id="Canvas" transform="translate(-1640 -2453)" figma:type="canvas">
+    <g id="Group" style="mix-blend-mode:normal;" figma:type="group">
+    <g id="Group" style="mix-blend-mode:normal;" figma:type="group">
+    <g id="Group" style="mix-blend-mode:normal;" figma:type="group">
+    <g id="g" style="mix-blend-mode:normal;" figma:type="group">
+    <g id="path" style="mix-blend-mode:normal;" figma:type="group">
+    <g id="path9 fill" style="mix-blend-mode:normal;" figma:type="vector">
+    <use xlink:href="#path0_fill" transform="translate(1640.54 2474.36)" fill="#4E4E4E" style="mix-blend-mode:normal;"/>
+    </g>
+    </g>
+    <g id="path" style="mix-blend-mode:normal;" figma:type="group">
+    <g id="path10 fill" style="mix-blend-mode:normal;" figma:type="vector">
+    <use xlink:href="#path1_fill" transform="translate(1645.68 2474.37)" fill="#4E4E4E" style="mix-blend-mode:normal;"/>
+    </g>
+    </g>
+    <g id="path" style="mix-blend-mode:normal;" figma:type="group">
+    <g id="path11 fill" style="mix-blend-mode:normal;" figma:type="vector">
+    <use xlink:href="#path2_fill" transform="translate(1653.39 2474.26)" fill="#4E4E4E" style="mix-blend-mode:normal;"/>
+    </g>
+    </g>
+    <g id="path" style="mix-blend-mode:normal;" figma:type="group">
+    <g id="path12 fill" style="mix-blend-mode:normal;" figma:type="vector">
+    <use xlink:href="#path3_fill" transform="translate(1660.43 2474.39)" fill="#4E4E4E" style="mix-blend-mode:normal;"/>
+    </g>
+    </g>
+    <g id="path" style="mix-blend-mode:normal;" figma:type="group">
+    <g id="path13 fill" style="mix-blend-mode:normal;" figma:type="vector">
+    <use xlink:href="#path4_fill" transform="translate(1667.55 2472.54)" fill="#4E4E4E" style="mix-blend-mode:normal;"/>
+    </g>
+    </g>
+    <g id="path" style="mix-blend-mode:normal;" figma:type="group">
+    <g id="path14 fill" style="mix-blend-mode:normal;" figma:type="vector">
+    <use xlink:href="#path5_fill" transform="translate(1672.47 2474.29)" fill="#4E4E4E" style="mix-blend-mode:normal;"/>
+    </g>
+    </g>
+    <g id="path" style="mix-blend-mode:normal;" figma:type="group">
+    <g id="path15 fill" style="mix-blend-mode:normal;" figma:type="vector">
+    <use xlink:href="#path6_fill" transform="translate(1679.98 2474.24)" fill="#4E4E4E" style="mix-blend-mode:normal;"/>
+    </g>
+    </g>
+    </g>
+    </g>
+    <g id="g" style="mix-blend-mode:normal;" figma:type="group">
+    <g id="path" style="mix-blend-mode:normal;" figma:type="group">
+    <g id="path16 fill" style="mix-blend-mode:normal;" figma:type="vector">
+    <use xlink:href="#path7_fill" transform="translate(1673.48 2453.69)" fill="#767677" style="mix-blend-mode:normal;"/>
+    </g>
+    </g>
+    <g id="path" style="mix-blend-mode:normal;" figma:type="group">
+    <g id="path17 fill" style="mix-blend-mode:normal;" figma:type="vector">
+    <use xlink:href="#path8_fill" transform="translate(1643.21 2484.27)" fill="#F37726" style="mix-blend-mode:normal;"/>
+    </g>
+    </g>
+    <g id="path" style="mix-blend-mode:normal;" figma:type="group">
+    <g id="path18 fill" style="mix-blend-mode:normal;" figma:type="vector">
+    <use xlink:href="#path9_fill" transform="translate(1643.21 2457.88)" fill="#F37726" style="mix-blend-mode:normal;"/>
+    </g>
+    </g>
+    <g id="path" style="mix-blend-mode:normal;" figma:type="group">
+    <g id="path19 fill" style="mix-blend-mode:normal;" figma:type="vector">
+    <use xlink:href="#path10_fill" transform="translate(1643.28 2496.09)" fill="#9E9E9E" style="mix-blend-mode:normal;"/>
+    </g>
+    </g>
+    <g id="path" style="mix-blend-mode:normal;" figma:type="group">
+    <g id="path20 fill" style="mix-blend-mode:normal;" figma:type="vector">
+    <use xlink:href="#path11_fill" transform="translate(1641.87 2458.43)" fill="#616262" style="mix-blend-mode:normal;"/>
+    </g>
+    </g>
+    </g>
+    </g>
+    </g>
+    </g>
+    <defs>
+    <path id="path0_fill" d="M 1.74498 5.47533C 1.74498 7.03335 1.62034 7.54082 1.29983 7.91474C 0.943119 8.23595 0.480024 8.41358 0 8.41331L 0.124642 9.3036C 0.86884 9.31366 1.59095 9.05078 2.15452 8.56466C 2.45775 8.19487 2.6834 7.76781 2.818 7.30893C 2.95261 6.85005 2.99341 6.36876 2.93798 5.89377L 2.93798 0L 1.74498 0L 1.74498 5.43972L 1.74498 5.47533Z"/>
+    <path id="path1_fill" d="M 5.50204 4.76309C 5.50204 5.43081 5.50204 6.02731 5.55545 6.54368L 4.496 6.54368L 4.42478 5.48423C 4.20318 5.85909 3.88627 6.16858 3.50628 6.38125C 3.12628 6.59392 2.69675 6.70219 2.26135 6.69503C 1.22861 6.69503 0 6.13415 0 3.84608L 0 0.0445149L 1.193 0.0445149L 1.193 3.6057C 1.193 4.84322 1.57583 5.67119 2.65309 5.67119C 2.87472 5.67358 3.09459 5.63168 3.29982 5.54796C 3.50505 5.46424 3.69149 5.34039 3.84822 5.18366C 4.00494 5.02694 4.1288 4.84049 4.21252 4.63527C 4.29623 4.43004 4.33813 4.21016 4.33575 3.98853L 4.33575 0L 5.52874 0L 5.52874 4.72748L 5.50204 4.76309Z"/>
+    <path id="path2_fill" d="M 0.0534178 2.27264C 0.0534178 1.44466 0.0534178 0.768036 0 0.153731L 1.06836 0.153731L 1.12177 1.2666C 1.3598 0.864535 1.70247 0.534594 2.11325 0.311954C 2.52404 0.0893145 2.98754 -0.0176786 3.45435 0.00238095C 5.03908 0.00238095 6.23208 1.32892 6.23208 3.30538C 6.23208 5.63796 4.7987 6.79535 3.24958 6.79535C 2.85309 6.81304 2.45874 6.7281 2.10469 6.54874C 1.75064 6.36937 1.44888 6.10166 1.22861 5.77151L 1.22861 5.77151L 1.22861 9.33269L 0.0534178 9.33269L 0.0534178 2.29935L 0.0534178 2.27264ZM 1.22861 4.00872C 1.23184 4.17026 1.24972 4.33117 1.28203 4.48948C 1.38304 4.88479 1.61299 5.23513 1.93548 5.48506C 2.25798 5.735 2.65461 5.87026 3.06262 5.86944C 4.31794 5.86944 5.05689 4.8456 5.05689 3.3588C 5.05689 2.05897 4.36246 0.946096 3.10714 0.946096C 2.61036 0.986777 2.14548 1.20726 1.79965 1.5662C 1.45382 1.92514 1.25079 2.3979 1.22861 2.89585L 1.22861 4.00872Z"/>
+    <path id="path3_fill" d="M 1.31764 0.0178059L 2.75102 3.85499C 2.90237 4.28233 3.06262 4.7987 3.16946 5.18153C 3.2941 4.7898 3.42764 4.29123 3.5879 3.82828L 4.88773 0.0178059L 6.14305 0.0178059L 4.36246 4.64735C 3.47216 6.87309 2.92908 8.02158 2.11 8.71601C 1.69745 9.09283 1.19448 9.35658 0.649917 9.48166L 0.356119 8.48453C 0.736886 8.35942 1.09038 8.16304 1.39777 7.90584C 1.8321 7.55188 2.17678 7.10044 2.4038 6.5882C 2.45239 6.49949 2.48551 6.40314 2.50173 6.3033C 2.49161 6.19586 2.46457 6.0907 2.42161 5.9917L 0 0L 1.29983 0L 1.31764 0.0178059Z"/>
+    <path id="path4_fill" d="M 2.19013 0L 2.19013 1.86962L 3.8995 1.86962L 3.8995 2.75992L 2.19013 2.75992L 2.19013 6.26769C 2.19013 7.06896 2.42161 7.53191 3.08043 7.53191C 3.31442 7.53574 3.54789 7.5088 3.77486 7.45179L 3.82828 8.34208C 3.48794 8.45999 3.12881 8.51431 2.76882 8.50234C 2.53042 8.51726 2.29161 8.48043 2.06878 8.39437C 1.84595 8.30831 1.64438 8.17506 1.47789 8.00377C 1.11525 7.51873 0.949826 6.91431 1.01494 6.31221L 1.01494 2.75102L 0 2.75102L 0 1.86072L 1.03274 1.86072L 1.03274 0.275992L 2.19013 0Z"/>
+    <path id="path5_fill" d="M 1.17716 3.57899C 1.153 3.88093 1.19468 4.18451 1.29933 4.46876C 1.40398 4.75301 1.5691 5.01114 1.78329 5.22532C 1.99747 5.43951 2.2556 5.60463 2.53985 5.70928C 2.8241 5.81393 3.12768 5.85561 3.42962 5.83145C 4.04033 5.84511 4.64706 5.72983 5.21021 5.49313L 5.41498 6.38343C 4.72393 6.66809 3.98085 6.80458 3.23375 6.78406C 2.79821 6.81388 2.36138 6.74914 1.95322 6.59427C 1.54505 6.43941 1.17522 6.19809 0.869071 5.88688C 0.562928 5.57566 0.327723 5.2019 0.179591 4.79125C 0.0314584 4.38059 -0.0260962 3.94276 0.0108748 3.50777C 0.0108748 1.54912 1.17716 0 3.0824 0C 5.21911 0 5.75329 1.86962 5.75329 3.06262C 5.76471 3.24644 5.76471 3.43079 5.75329 3.61461L 1.15046 3.61461L 1.17716 3.57899ZM 4.66713 2.6887C 4.70149 2.45067 4.68443 2.20805 4.61709 1.97718C 4.54976 1.74631 4.43372 1.53255 4.2768 1.35031C 4.11987 1.16808 3.92571 1.0216 3.70739 0.920744C 3.48907 0.81989 3.25166 0.767006 3.01118 0.765656C 2.52201 0.801064 2.06371 1.01788 1.72609 1.37362C 1.38847 1.72935 1.19588 2.19835 1.18607 2.6887L 4.66713 2.6887Z"/>
+    <path id="path6_fill" d="M 0.0534178 2.19228C 0.0534178 1.42663 0.0534178 0.767806 0 0.162404L 1.06836 0.162404L 1.06836 1.43553L 1.12177 1.43553C 1.23391 1.04259 1.4656 0.694314 1.78468 0.439049C 2.10376 0.183783 2.4944 0.034196 2.90237 0.0110538C 3.01466 -0.00368459 3.12839 -0.00368459 3.24068 0.0110538L 3.24068 1.12393C 3.10462 1.10817 2.9672 1.10817 2.83114 1.12393C 2.427 1.13958 2.04237 1.30182 1.7491 1.58035C 1.45583 1.85887 1.27398 2.23462 1.23751 2.63743C 1.20422 2.8196 1.18635 3.00425 1.1841 3.18941L 1.1841 6.65267L 0.00890297 6.65267L 0.00890297 2.20118L 0.0534178 2.19228Z"/>
+    <path id="path7_fill" d="M 6.03059 2.83565C 6.06715 3.43376 5.92485 4.02921 5.6218 4.54615C 5.31875 5.0631 4.86869 5.47813 4.32893 5.73839C 3.78917 5.99864 3.18416 6.09233 2.59097 6.00753C 1.99778 5.92272 1.44326 5.66326 0.998048 5.26219C 0.552837 4.86113 0.23709 4.33661 0.0910307 3.75546C -0.0550287 3.17431 -0.0247891 2.56283 0.177897 1.99893C 0.380583 1.43503 0.746541 0.944221 1.22915 0.589037C 1.71176 0.233853 2.28918 0.0303686 2.88784 0.00450543C 3.28035 -0.0170932 3.67326 0.0391144 4.04396 0.169896C 4.41467 0.300677 4.75587 0.503453 5.04794 0.766561C 5.34 1.02967 5.57718 1.34792 5.74582 1.70301C 5.91446 2.0581 6.01124 2.44303 6.03059 2.83565L 6.03059 2.83565Z"/>
+    <path id="path8_fill" d="M 18.6962 7.12238C 10.6836 7.12238 3.64131 4.24672 0 0C 1.41284 3.82041 3.96215 7.1163 7.30479 9.44404C 10.6474 11.7718 14.623 13.0196 18.6962 13.0196C 22.7695 13.0196 26.745 11.7718 30.0877 9.44404C 33.4303 7.1163 35.9796 3.82041 37.3925 4.0486e-13C 33.7601 4.24672 26.7445 7.12238 18.6962 7.12238Z"/>
+    <path id="path9_fill" d="M 18.6962 5.89725C 26.7089 5.89725 33.7512 8.77291 37.3925 13.0196C 35.9796 9.19922 33.4303 5.90333 30.0877 3.57559C 26.745 1.24785 22.7695 4.0486e-13 18.6962 0C 14.623 4.0486e-13 10.6474 1.24785 7.30479 3.57559C 3.96215 5.90333 1.41284 9.19922 0 13.0196C 3.64131 8.76401 10.648 5.89725 18.6962 5.89725Z"/>
+    <path id="path10_fill" d="M 7.59576 3.56656C 7.64276 4.31992 7.46442 5.07022 7.08347 5.72186C 6.70251 6.3735 6.13619 6.89698 5.45666 7.22561C 4.77713 7.55424 4.01515 7.67314 3.26781 7.56716C 2.52046 7.46117 1.82158 7.13511 1.26021 6.63051C 0.698839 6.12591 0.300394 5.46561 0.115637 4.73375C -0.0691191 4.00188 -0.0318219 3.23159 0.222777 2.52099C 0.477376 1.8104 0.93775 1.19169 1.54524 0.743685C 2.15274 0.295678 2.87985 0.0386595 3.63394 0.00537589C 4.12793 -0.0210471 4.62229 0.0501173 5.08878 0.214803C 5.55526 0.37949 5.98473 0.63447 6.35264 0.965179C 6.72055 1.29589 7.01971 1.69584 7.233 2.1422C 7.4463 2.58855 7.56957 3.07256 7.59576 3.56656L 7.59576 3.56656Z"/>
+    <path id="path11_fill" d="M 2.25061 4.37943C 1.81886 4.39135 1.39322 4.27535 1.02722 4.04602C 0.661224 3.81668 0.371206 3.48424 0.193641 3.09052C 0.0160762 2.69679 -0.0411078 2.25935 0.0292804 1.83321C 0.0996686 1.40707 0.294486 1.01125 0.589233 0.695542C 0.883981 0.37983 1.2655 0.158316 1.68581 0.0588577C 2.10611 -0.0406005 2.54644 -0.0135622 2.95143 0.136572C 3.35641 0.286707 3.70796 0.553234 3.96186 0.902636C 4.21577 1.25204 4.3607 1.66872 4.37842 2.10027C 4.39529 2.6838 4.18131 3.25044 3.78293 3.67715C 3.38455 4.10387 2.83392 4.35623 2.25061 4.37943Z"/>
+    </defs>
+    </svg>
+    {{- end }}
+  jupyterlab-logo.svg: |
+    {{- if $jupyterLabLogoSvg }}
+    {{- $jupyterLabLogoSvg | nindent 4 }}
+    {{ else }}
+    <svg xmlns="http://www.w3.org/2000/svg" width="200" viewBox="0 0 1860.8 475">
+      <g class="jp-icon2" fill="#4E4E4E" transform="translate(480.136401, 64.271493)">
+        <g transform="translate(0.000000, 58.875566)">
+          <g transform="translate(0.087603, 0.140294)">
+            <path d="M-426.9,169.8c0,48.7-3.7,64.7-13.6,76.4c-10.8,10-25,15.5-39.7,15.5l3.7,29 c22.8,0.3,44.8-7.9,61.9-23.1c17.8-18.5,24-44.1,24-83.3V0H-427v170.1L-426.9,169.8L-426.9,169.8z"/>
+          </g>
+        </g>
+        <g transform="translate(155.045296, 56.837104)">
+          <g transform="translate(1.562453, 1.799842)">
+            <path d="M-312,148c0,21,0,39.5,1.7,55.4h-31.8l-2.1-33.3h-0.8c-6.7,11.6-16.4,21.3-28,27.9 c-11.6,6.6-24.8,10-38.2,9.8c-31.4,0-69-17.7-69-89V0h36.4v112.7c0,38.7,11.6,64.7,44.6,64.7c10.3-0.2,20.4-3.5,28.9-9.4 c8.5-5.9,15.1-14.3,18.9-23.9c2.2-6.1,3.3-12.5,3.3-18.9V0.2h36.4V148H-312L-312,148z"/>
+          </g>
+        </g>
+        <g transform="translate(390.013322, 53.479638)">
+          <g transform="translate(1.706458, 0.231425)">
+            <path d="M-478.6,71.4c0-26-0.8-47-1.7-66.7h32.7l1.7,34.8h0.8c7.1-12.5,17.5-22.8,30.1-29.7 c12.5-7,26.7-10.3,41-9.8c48.3,0,84.7,41.7,84.7,103.3c0,73.1-43.7,109.2-91,109.2c-12.1,0.5-24.2-2.2-35-7.8 c-10.8-5.6-19.9-13.9-26.6-24.2h-0.8V291h-36v-220L-478.6,71.4L-478.6,71.4z M-442.6,125.6c0.1,5.1,0.6,10.1,1.7,15.1 c3,12.3,9.9,23.3,19.8,31.1c9.9,7.8,22.1,12.1,34.7,12.1c38.5,0,60.7-31.9,60.7-78.5c0-40.7-21.1-75.6-59.5-75.6 c-12.9,0.4-25.3,5.1-35.3,13.4c-9.9,8.3-16.9,19.7-19.6,32.4c-1.5,4.9-2.3,10-2.5,15.1V125.6L-442.6,125.6L-442.6,125.6z"/>
+          </g>
+        </g>
+        <g transform="translate(606.740726, 56.837104)">
+          <g transform="translate(0.751226, 1.989299)">
+            <path d="M-440.8,0l43.7,120.1c4.5,13.4,9.5,29.4,12.8,41.7h0.8c3.7-12.2,7.9-27.7,12.8-42.4 l39.7-119.2h38.5L-346.9,145c-26,69.7-43.7,105.4-68.6,127.2c-12.5,11.7-27.9,20-44.6,23.9l-9.1-31.1 c11.7-3.9,22.5-10.1,31.8-18.1c13.2-11.1,23.7-25.2,30.6-41.2c1.5-2.8,2.5-5.7,2.9-8.8c-0.3-3.3-1.2-6.6-2.5-9.7L-480.2,0.1 h39.7L-440.8,0L-440.8,0z"/>
+          </g>
+        </g>
+        <g transform="translate(822.748104, 0.000000)">
+          <g transform="translate(1.464050, 0.378914)">
+            <path d="M-413.7,0v58.3h52v28.2h-52V196c0,25,7,39.5,27.3,39.5c7.1,0.1,14.2-0.7,21.1-2.5 l1.7,27.7c-10.3,3.7-21.3,5.4-32.2,5c-7.3,0.4-14.6-0.7-21.3-3.4c-6.8-2.7-12.9-6.8-17.9-12.1c-10.3-10.9-14.1-29-14.1-52.9 V86.5h-31V58.3h31V9.6L-413.7,0L-413.7,0z"/>
+          </g>
+        </g>
+        <g transform="translate(974.433286, 53.479638)">
+          <g transform="translate(0.990034, 0.610339)">
+            <path d="M-445.8,113c0.8,50,32.2,70.6,68.6,70.6c19,0.6,37.9-3,55.3-10.5l6.2,26.4 c-20.9,8.9-43.5,13.1-66.2,12.6c-61.5,0-98.3-41.2-98.3-102.5C-480.2,48.2-444.7,0-386.5,0c65.2,0,82.7,58.3,82.7,95.7 c-0.1,5.8-0.5,11.5-1.2,17.2h-140.6H-445.8L-445.8,113z M-339.2,86.6c0.4-23.5-9.5-60.1-50.4-60.1 c-36.8,0-52.8,34.4-55.7,60.1H-339.2L-339.2,86.6L-339.2,86.6z"/>
+          </g>
+        </g>
+        <g transform="translate(1201.961058, 53.479638)">
+          <g transform="translate(1.179640, 0.705068)">
+            <path d="M-478.6,68c0-23.9-0.4-44.5-1.7-63.4h31.8l1.2,39.9h1.7c9.1-27.3,31-44.5,55.3-44.5 c3.5-0.1,7,0.4,10.3,1.2v34.8c-4.1-0.9-8.2-1.3-12.4-1.2c-25.6,0-43.7,19.7-48.7,47.4c-1,5.7-1.6,11.5-1.7,17.2v108.3h-36V68 L-478.6,68z"/>
+          </g>
+        </g>
+      </g>
+
+      <g class="jp-icon-warn0" fill="#F37726">
+        <path d="M1352.3,326.2h37V28h-37V326.2z M1604.8,326.2c-2.5-13.9-3.4-31.1-3.4-48.7v-76 c0-40.7-15.1-83.1-77.3-83.1c-25.6,0-50,7.1-66.8,18.1l8.4,24.4c14.3-9.2,34-15.1,53-15.1c41.6,0,46.2,30.2,46.2,47v4.2 c-78.6-0.4-122.3,26.5-122.3,75.6c0,29.4,21,58.4,62.2,58.4c29,0,50.9-14.3,62.2-30.2h1.3l2.9,25.6H1604.8z M1565.7,257.7 c0,3.8-0.8,8-2.1,11.8c-5.9,17.2-22.7,34-49.2,34c-18.9,0-34.9-11.3-34.9-35.3c0-39.5,45.8-46.6,86.2-45.8V257.7z M1698.5,326.2 l1.7-33.6h1.3c15.1,26.9,38.7,38.2,68.1,38.2c45.4,0,91.2-36.1,91.2-108.8c0.4-61.7-35.3-103.7-85.7-103.7 c-32.8,0-56.3,14.7-69.3,37.4h-0.8V28h-36.6v245.7c0,18.1-0.8,38.6-1.7,52.5H1698.5z M1704.8,208.2c0-5.9,1.3-10.9,2.1-15.1 c7.6-28.1,31.1-45.4,56.3-45.4c39.5,0,60.5,34.9,60.5,75.6c0,46.6-23.1,78.1-61.8,78.1c-26.9,0-48.3-17.6-55.5-43.3 c-0.8-4.2-1.7-8.8-1.7-13.4V208.2z"/>
+      </g>
+    </svg>
+    {{- end }}
+  group-one-icon.svg: |-
+    {{- if $groupOneIconSvg }}
+    {{- $groupOneIconSvg | nindent 4 }}
+    {{ else }}
+    <?xml version="1.0" encoding="utf-8"?>
+    <!-- Generator: Adobe Illustrator 13.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 14948)  -->
+    <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+    <svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+      width="14.35px" height="42.88px" viewBox="0 0 14.35 42.88" enable-background="new 0 0 14.35 42.88" xml:space="preserve">
+    <g>
+      <path d="M9.442,30.084H7.333V16.643c-0.508,0.484-1.174,0.969-1.998,1.453s-1.564,0.848-2.221,1.09v-2.039
+        c1.18-0.555,2.211-1.227,3.094-2.016s1.508-1.555,1.875-2.297h1.359V30.084z"/>
+    </g>
+    </svg>
+    {{- end }}
+  group-one-logo.svg: |-
+    {{- if $groupOneLogoSvg }}
+    {{- $groupOneLogoSvg | nindent 4 }}
+    {{ else }}
+    <?xml version="1.0" encoding="utf-8"?>
+    <!-- Generator: Adobe Illustrator 13.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 14948)  -->
+    <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+    <svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+      width="14.35px" height="42.88px" viewBox="0 0 14.35 42.88" enable-background="new 0 0 14.35 42.88" xml:space="preserve">
+    <g>
+      <path d="M9.442,30.084H7.333V16.643c-0.508,0.484-1.174,0.969-1.998,1.453s-1.564,0.848-2.221,1.09v-2.039
+        c1.18-0.555,2.211-1.227,3.094-2.016s1.508-1.555,1.875-2.297h1.359V30.084z"/>
+    </g>
+    </svg>
+    {{- end }}
+  group-two-icon.svg: |-
+    {{- if $groupTwoIconSvg }}
+    {{- $groupTwoIconSvg | nindent 4 }}
+    {{ else }}
+    <?xml version="1.0" encoding="utf-8"?>
+    <!-- Generator: Adobe Illustrator 13.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 14948)  -->
+    <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+    <svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+      width="14.35px" height="42.88px" viewBox="0 0 14.35 42.88" enable-background="new 0 0 14.35 42.88" xml:space="preserve">
+    <g>
+      <path d="M12.583,28.057v2.027H1.228c-0.016-0.508,0.066-0.996,0.246-1.465c0.289-0.773,0.752-1.535,1.389-2.285
+        s1.557-1.617,2.76-2.602c1.867-1.531,3.129-2.744,3.785-3.639s0.984-1.74,0.984-2.537c0-0.836-0.299-1.541-0.896-2.115
+        s-1.377-0.861-2.338-0.861c-1.016,0-1.828,0.305-2.438,0.914s-0.918,1.453-0.926,2.531l-2.168-0.223
+        c0.148-1.617,0.707-2.85,1.676-3.697s2.27-1.271,3.902-1.271c1.648,0,2.953,0.457,3.914,1.371s1.441,2.047,1.441,3.398
+        c0,0.688-0.141,1.363-0.422,2.027s-0.748,1.363-1.4,2.098s-1.736,1.742-3.252,3.023c-1.266,1.063-2.078,1.783-2.438,2.162
+        s-0.656,0.76-0.891,1.143H12.583z"/>
+    </g>
+    </svg>
+    {{- end }}
+  group-two-logo.svg: |-
+    {{- if $groupTwoLogoSvg }}
+    {{- $groupTwoLogoSvg | nindent 4 }}
+    {{ else }}
+    <?xml version="1.0" encoding="utf-8"?>
+    <!-- Generator: Adobe Illustrator 13.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 14948)  -->
+    <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+    <svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+      width="14.35px" height="42.88px" viewBox="0 0 14.35 42.88" enable-background="new 0 0 14.35 42.88" xml:space="preserve">
+    <g>
+      <path d="M12.583,28.057v2.027H1.228c-0.016-0.508,0.066-0.996,0.246-1.465c0.289-0.773,0.752-1.535,1.389-2.285
+        s1.557-1.617,2.76-2.602c1.867-1.531,3.129-2.744,3.785-3.639s0.984-1.74,0.984-2.537c0-0.836-0.299-1.541-0.896-2.115
+        s-1.377-0.861-2.338-0.861c-1.016,0-1.828,0.305-2.438,0.914s-0.918,1.453-0.926,2.531l-2.168-0.223
+        c0.148-1.617,0.707-2.85,1.676-3.697s2.27-1.271,3.902-1.271c1.648,0,2.953,0.457,3.914,1.371s1.441,2.047,1.441,3.398
+        c0,0.688-0.141,1.363-0.422,2.027s-0.748,1.363-1.4,2.098s-1.736,1.742-3.252,3.023c-1.266,1.063-2.078,1.783-2.438,2.162
+        s-0.656,0.76-0.891,1.143H12.583z"/>
+    </g>
+    </svg>
+    {{- end }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cm.spawner-ui.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cm.spawner-ui.yaml
new file mode 100644
index 00000000..cd1f6210
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/cm.spawner-ui.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.notebooks.jupyterWebApp.enabled" . | eq "true" ) -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.jupyterWebApp.spawnerUI.configMapName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+data:
+  spawner_ui_config.yaml: |
+    spawnerFormDefaults:
+      {{- toYaml .Values.notebooks.jupyterWebApp.spawnerFormDefaults | nindent 6 }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/deployment.yaml
new file mode 100644
index 00000000..265a30ba
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/deployment.yaml
@@ -0,0 +1,100 @@
+{{- if (include "kubeflow.notebooks.jupyterWebApp.enabled" . | eq "true") -}}
+
+{{- $autoscalingEnabled := include "kubeflow.notebooks.jupyterWebApp.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.notebooks.jupyterWebApp.autoscaling.minReplicas" . -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.jupyterWebApp.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.notebooks.jupyterWebApp.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      labels:
+        {{- include "kubeflow.notebooks.jupyterWebApp.selectorLabels" . | nindent 8 }}
+
+    spec:
+      containers:
+      - name: {{ include "kubeflow.notebooks.jupyterWebApp.baseName" . }}
+        image: {{ include "kubeflow.notebooks.jupyterWebApp.image" . }}
+        imagePullPolicy: {{ include "kubeflow.notebooks.jupyterWebApp.imagePullPolicy" . }}
+
+        ports:
+        - containerPort: 5000
+          protocol: TCP
+
+        {{- with .Values.notebooks.jupyterWebApp.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        volumeMounts:
+        - mountPath: /etc/config
+          name: config-volume
+        - mountPath: /src/apps/default/static/assets/logos
+          name: logos-volume
+
+        env:
+        - name: APP_PREFIX
+          value: {{ .Values.notebooks.jupyterWebApp.urlPrefix }}
+        - name: UI
+          value: {{ .Values.notebooks.jupyterWebApp.uiFlavor }}
+        - name: USERID_HEADER
+          value: {{ .Values.auth.userHeaderName | quote }}
+        - name: USERID_PREFIX
+          value: {{ .Values.auth.userIdPrefix | quote }}
+        - name: APP_SECURE_COOKIES
+          value: {{ .Values.notebooks.jupyterWebApp.secureCookies | quote }}
+
+        {{- with include "kubeflow.notebooks.jupyterWebApp.containerSecurityContext" . }}
+        securityContext:
+          {{- . | nindent 10 }}
+        {{- end }}
+
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      serviceAccountName: {{ include "kubeflow.notebooks.jupyterWebApp.serviceAccountName" . }}
+
+      volumes:
+      - name: config-volume
+        configMap:
+          name: {{ include "kubeflow.notebooks.jupyterWebApp.spawnerUI.configMapName" . }}
+      - name: logos-volume
+        configMap:
+          name: {{ include "kubeflow.notebooks.jupyterWebApp.logos.configMapName" . }}
+
+      {{- with include "kubeflow.notebooks.jupyterWebApp.nodeSelector" . }}
+      nodeSelector:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.notebooks.jupyterWebApp.tolerations" . }}
+      tolerations:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.notebooks.jupyterWebApp.affinity" . }}
+      affinity:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.notebooks.jupyterWebApp.topologySpreadConstraints" . }}
+      topologySpreadConstraints:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/destination-rule.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/destination-rule.yaml
new file mode 100644
index 00000000..14497016
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/destination-rule.yaml
@@ -0,0 +1,16 @@
+{{- if (include "kubeflow.notebooks.jupyterWebApp.createIstioIntegrationObjects" . | eq "true") -}}
+
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.jupyterWebApp.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  host: {{ include "kubeflow.notebooks.jupyterWebApp.svc.fqdn" . }}
+  trafficPolicy:
+    tls:
+      mode: ISTIO_MUTUAL
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/hpa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/hpa.yaml
new file mode 100644
index 00000000..1d82eb32
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/hpa.yaml
@@ -0,0 +1,36 @@
+{{- if (include "kubeflow.notebooks.jupyterWebApp.autoscaling.enabled" . | eq "true") -}}
+
+{{- $componentName := include "kubeflow.notebooks.jupyterWebApp.name" . -}}
+{{- $minReplicas := include "kubeflow.notebooks.jupyterWebApp.autoscaling.minReplicas" . -}}
+{{- $maxReplicas := include "kubeflow.notebooks.jupyterWebApp.autoscaling.maxReplicas" . -}}
+{{- $targetCPUUtilizationPercentage := include "kubeflow.notebooks.jupyterWebApp.autoscaling.targetCPUUtilizationPercentage" . -}}
+{{- $targetMemoryUtilizationPercentage := include "kubeflow.notebooks.jupyterWebApp.autoscaling.targetMemoryUtilizationPercentage" . -}}
+
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }}
+  name: {{ $componentName }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ $componentName }}
+  minReplicas: {{ $minReplicas }}
+  maxReplicas: {{ $maxReplicas }}
+  metrics:
+    {{- if $targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ $targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if $targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ $targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/poddisruptionbudget.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/poddisruptionbudget.yaml
new file mode 100644
index 00000000..e7552b06
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/poddisruptionbudget.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.notebooks.jupyterWebApp.pdb.create" . | eq "true") -}}
+
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.jupyterWebApp.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "kubeflow.notebooks.jupyterWebApp.selectorLabels" . | nindent 6 }}
+  {{- with (include "kubeflow.notebooks.jupyterWebApp.pdb.values" .) }}
+    {{- . | nindent 2 }}
+  {{- end }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/service-account.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/service-account.yaml
new file mode 100644
index 00000000..1ebeb8c6
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/service-account.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.notebooks.jupyterWebApp.createServiceAccount" . | eq "true") -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.notebooks.jupyterWebApp.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4}}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.jupyterWebApp.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/service.yaml
new file mode 100644
index 00000000..2da61632
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/service.yaml
@@ -0,0 +1,25 @@
+{{- if (include "kubeflow.notebooks.jupyterWebApp.enabled" . | eq "true") -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  {{- with .Values.notebooks.jupyterWebApp.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.jupyterWebApp.svc.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: 5000
+  selector:
+    {{- include "kubeflow.notebooks.jupyterWebApp.selectorLabels" . | nindent 4 }}
+  sessionAffinity: None
+  type: {{ .Values.notebooks.jupyterWebApp.service.type }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/virtual-service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/virtual-service.yaml
new file mode 100644
index 00000000..1010dd08
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/jupyter-web-app/virtual-service.yaml
@@ -0,0 +1,31 @@
+{{- if (include "kubeflow.notebooks.jupyterWebApp.createIstioIntegrationObjects" . | eq "true") -}}
+
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.jupyterWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.jupyterWebApp.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  gateways:
+  - {{ .Values.istioIntegration.gateway.name }}
+  hosts:
+  - '*'
+  http:
+  - match:
+    - uri:
+        prefix: {{ .Values.notebooks.jupyterWebApp.urlPrefix }}/
+    rewrite:
+      uri: /
+    route:
+    - destination:
+        host: {{ include "kubeflow.notebooks.jupyterWebApp.svc.fqdn" . }}
+        port:
+          number: 80
+    headers:
+      request:
+        add:
+          x-forwarded-prefix: {{ .Values.notebooks.jupyterWebApp.urlPrefix }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/certmanager.certificate.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/certmanager.certificate.yaml
new file mode 100644
index 00000000..554a67eb
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/certmanager.certificate.yaml
@@ -0,0 +1,21 @@
+{{- if (include "kubeflow.notebooks.pvcviewerController.enabledWithCertManager" . )}}
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.pvcviewerController.certName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  dnsNames:
+  - {{ include "kubeflow.notebooks.pvcviewerController.manager.svc.name" . }}
+  - {{ include "kubeflow.notebooks.pvcviewerController.manager.svc.addressWithNs" . }}
+  - {{ include "kubeflow.notebooks.pvcviewerController.manager.svc.addressWithSvc" . }}
+  - {{ include "kubeflow.notebooks.pvcviewerController.manager.svc.fqdn" . }}
+  issuerRef:
+    kind: Issuer
+    name: {{ include "kubeflow.notebooks.pvcviewerController.certIssuerName" . }}
+  secretName: {{ include "kubeflow.notebooks.pvcviewerController.tlsCertSecretName" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/certmanager.issuer.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/certmanager.issuer.yaml
new file mode 100644
index 00000000..e52f06f2
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/certmanager.issuer.yaml
@@ -0,0 +1,13 @@
+{{- if (include "kubeflow.notebooks.pvcviewerController.enabledWithCertManager" . )}}
+
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.pvcviewerController.certIssuerName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  selfSigned: {}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/deployment.yaml
new file mode 100644
index 00000000..5a6e0d6f
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/deployment.yaml
@@ -0,0 +1,144 @@
+{{- if (include "kubeflow.notebooks.pvcviewerController.enabled" . | eq "true") -}}
+
+{{- $autoscalingEnabled := include "kubeflow.notebooks.pvcviewerController.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.notebooks.pvcviewerController.autoscaling.minReplicas" . -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.pvcviewerController.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.notebooks.pvcviewerController.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: manager
+        traffic.sidecar.istio.io/excludeInboundPorts: {{ include "kubeflow.notebooks.pvcviewerController.webhook.port" . | quote }}
+      labels:
+        {{- include "kubeflow.notebooks.pvcviewerController.selectorLabels" . | nindent 8 }}
+
+    spec:
+      containers:
+      - name: manager
+        image: {{ include "kubeflow.notebooks.pvcviewerController.manager.image" . }}
+        imagePullPolicy: {{ include "kubeflow.notebooks.pvcviewerController.manager.imagePullPolicy" . }}
+
+        args:
+        - --health-probe-bind-address=:8081
+        - --metrics-bind-address=127.0.0.1:8080
+        - --leader-elect
+        command:
+        - /manager
+
+        ports:
+        - containerPort: {{ include "kubeflow.notebooks.pvcviewerController.webhook.port" . }}
+          name: webhook-server
+          protocol: TCP
+
+        {{- with .Values.notebooks.pvcviewerController.manager.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 8081
+          initialDelaySeconds: 5
+          periodSeconds: 10
+
+        volumeMounts:
+        - mountPath: /tmp/k8s-webhook-server/serving-certs
+          name: cert
+          readOnly: true
+
+        {{- with include "kubeflow.notebooks.pvcviewerController.manager.containerSecurityContext" . }}
+        securityContext:
+          {{- . | nindent 10 }}
+        {{- end }}
+
+      - name: kube-rbac-proxy
+        image: {{ include "kubeflow.notebooks.pvcviewerController.kubeRbacProxy.image" . }}
+        imagePullPolicy: {{ include "kubeflow.notebooks.pvcviewerController.kubeRbacProxy.imagePullPolicy" . }}
+
+        args:
+        - --secure-listen-address=0.0.0.0:8443
+        - --upstream=http://127.0.0.1:8080/
+        - --logtostderr=true
+        - --v=0
+
+        ports:
+        - containerPort: 8443
+          name: https
+          protocol: TCP
+
+        {{- with .Values.notebooks.pvcviewerController.kubeRbacProxy.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        {{- with include "kubeflow.notebooks.pvcviewerController.kubeRbacProxy.containerSecurityContext" . }}
+        securityContext:
+          {{- . | nindent 10 }}
+        {{- end }}
+
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      serviceAccountName: {{ include "kubeflow.notebooks.pvcviewerController.serviceAccountName" . }}
+
+      volumes:
+      - name: cert
+        secret:
+          defaultMode: 420
+          secretName: {{ include "kubeflow.notebooks.pvcviewerController.tlsCertSecretName" . }}
+
+      {{- with include "kubeflow.notebooks.pvcviewerController.nodeSelector" . }}
+      nodeSelector:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.notebooks.pvcviewerController.tolerations" . }}
+      tolerations:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.notebooks.pvcviewerController.affinity" . }}
+      affinity:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.notebooks.pvcviewerController.topologySpreadConstraints" . }}
+      topologySpreadConstraints:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.notebooks.pvcviewerController.terminationGracePeriodSeconds" . }}
+      terminationGracePeriodSeconds:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.notebooks.pvcviewerController.securityContext" . }}
+      securityContext:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrole.manager.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrole.manager.yaml
new file mode 100644
index 00000000..809a6b34
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrole.manager.yaml
@@ -0,0 +1,83 @@
+{{- if (include "kubeflow.notebooks.pvcviewerController.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.pvcviewerController.mainClusterRoleName" . }}
+rules:
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  verbs:
+  - create
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - create
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - pvcviewers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - pvcviewers/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - pvcviewers/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - networking.istio.io
+  resources:
+  - virtualservices
+  verbs:
+  - create
+  - get
+  - list
+  - update
+  - watch
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrole.metrics-reader.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrole.metrics-reader.yaml
new file mode 100644
index 00000000..10061844
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrole.metrics-reader.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.notebooks.pvcviewerController.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.pvcviewerController.metricsReaderClusterRoleName" . }}
+rules:
+- nonResourceURLs:
+  - /metrics
+  verbs:
+  - get
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrole.proxy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrole.proxy.yaml
new file mode 100644
index 00000000..e6dcf396
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrole.proxy.yaml
@@ -0,0 +1,23 @@
+{{- if (include "kubeflow.notebooks.pvcviewerController.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.pvcviewerController.proxyClusterRoleName" . }}
+rules:
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrolebinding.manager.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrolebinding.manager.yaml
new file mode 100644
index 00000000..925b08d1
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrolebinding.manager.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.notebooks.pvcviewerController.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.pvcviewerController.mainClusterRoleBindingName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kubeflow.notebooks.pvcviewerController.mainClusterRoleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kubeflow.notebooks.pvcviewerController.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrolebinding.proxy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrolebinding.proxy.yaml
new file mode 100644
index 00000000..17679fc1
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/clusterrolebinding.proxy.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.notebooks.pvcviewerController.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.pvcviewerController.proxyClusterRoleBindingName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kubeflow.notebooks.pvcviewerController.proxyClusterRoleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kubeflow.notebooks.pvcviewerController.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/role.leader-election.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/role.leader-election.yaml
new file mode 100644
index 00000000..d74e2f93
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/role.leader-election.yaml
@@ -0,0 +1,43 @@
+{{- if (include "kubeflow.notebooks.pvcviewerController.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.pvcviewerController.leaderElectionRoleName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/rolebinding.leader-election.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/rolebinding.leader-election.yaml
new file mode 100644
index 00000000..a1dd7ce4
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/rolebinding.leader-election.yaml
@@ -0,0 +1,19 @@
+{{- if (include "kubeflow.notebooks.pvcviewerController.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.pvcviewerController.leaderElectionRoleBindingName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "kubeflow.notebooks.pvcviewerController.leaderElectionRoleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kubeflow.notebooks.pvcviewerController.serviceAccountName" .}}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/volumesviewer_editor_role.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/volumesviewer_editor_role.yaml
new file mode 100644
index 00000000..1c56f01e
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/volumesviewer_editor_role.yaml
@@ -0,0 +1,36 @@
+{{/*
+# Permissions for end users to edit pvcviewers.
+# Currently not used anywhere.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: pvcviewer-editor-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: pvc-viewer
+    app.kubernetes.io/part-of: pvc-viewer
+    app.kubernetes.io/managed-by: kustomize
+  name: pvcviewer-editor-role
+rules:
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - pvcviewers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - pvcviewers/status
+  verbs:
+  - get
+
+*/}}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/volumesviewer_viewer_role.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/volumesviewer_viewer_role.yaml
new file mode 100644
index 00000000..75545786
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/rbac/volumesviewer_viewer_role.yaml
@@ -0,0 +1,32 @@
+{{/*
+# Permissions for end users to view pvcviewers.
+# Currently not used anywhere.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: pvcviewer-viewer-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: pvc-viewer
+    app.kubernetes.io/part-of: pvc-viewer
+    app.kubernetes.io/managed-by: kustomize
+  name: pvcviewer-viewer-role
+rules:
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - pvcviewers
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - pvcviewers/status
+  verbs:
+  - get
+
+*/}}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/service.kube-rbac-proxy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/service.kube-rbac-proxy.yaml
new file mode 100644
index 00000000..895a2baa
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/service.kube-rbac-proxy.yaml
@@ -0,0 +1,25 @@
+{{- if (include "kubeflow.notebooks.pvcviewerController.enabled" . | eq "true") -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  {{- with .Values.notebooks.pvcviewerController.kubeRbacProxy.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.pvcviewerController.kubeRbacProxy.svc.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+  - name: https
+    port: 8443
+    protocol: TCP
+    targetPort: https
+  selector:
+    {{- include "kubeflow.notebooks.pvcviewerController.selectorLabels" . | nindent 4 }}
+  sessionAffinity: None
+  type: {{ .Values.notebooks.pvcviewerController.kubeRbacProxy.service.type }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/service.manager.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/service.manager.yaml
new file mode 100644
index 00000000..8c43a1b1
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/service.manager.yaml
@@ -0,0 +1,24 @@
+{{- if (include "kubeflow.notebooks.pvcviewerController.enabled" . | eq "true") -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  {{- with .Values.notebooks.pvcviewerController.manager.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.pvcviewerController.manager.svc.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+  - port: 443
+    protocol: TCP
+    targetPort: {{ include "kubeflow.notebooks.pvcviewerController.webhook.port" . }}
+  selector:
+    {{- include "kubeflow.notebooks.pvcviewerController.selectorLabels" . | nindent 4 }}
+  sessionAffinity: None
+  type: {{ .Values.notebooks.pvcviewerController.manager.service.type }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/serviceaccount.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/serviceaccount.yaml
new file mode 100644
index 00000000..20fb9750
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/serviceaccount.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.notebooks.pvcviewerController.createServiceAccount" . | eq "true") -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.notebooks.pvcviewerController.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4}}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.pvcviewerController.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/webhook/mutating.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/webhook/mutating.yaml
new file mode 100644
index 00000000..e73b3f18
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/webhook/mutating.yaml
@@ -0,0 +1,38 @@
+{{- if (include "kubeflow.notebooks.pvcviewerController.enabled" .) -}}
+
+{{- $ca := printf "%s/%s"
+  (include "kubeflow.namespace" .)
+  (include "kubeflow.notebooks.pvcviewerController.certName" .)
+-}}
+
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: {{ $ca }}
+  labels:
+    {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.pvcviewerController.mutatingWebhookName" . }}
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: {{ include "kubeflow.notebooks.pvcviewerController.manager.svc.name" .}}
+      namespace: {{ include "kubeflow.namespace" . }}
+      path: /mutate-kubeflow-org-v1alpha1-pvcviewer
+  failurePolicy: Fail
+  name: {{ include "kubeflow.notebooks.pvcviewerController.manager.svc.addressWithSvc" . }}
+  rules:
+  - apiGroups:
+    - kubeflow.org
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - pvcviewers
+  sideEffects: None
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/webhook/validating.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/webhook/validating.yaml
new file mode 100644
index 00000000..2d20fbf1
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/pvcviewer-controller/webhook/validating.yaml
@@ -0,0 +1,38 @@
+{{- if (include "kubeflow.notebooks.pvcviewerController.enabled" .) -}}
+
+{{- $ca := printf "%s/%s"
+  (include "kubeflow.namespace" .)
+  (include "kubeflow.notebooks.pvcviewerController.certName" .)
+-}}
+
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: {{ $ca }}
+  labels:
+    {{- include "kubeflow.notebooks.pvcviewerController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.pvcviewerController.validatingWebhookName" . }}
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: {{ include "kubeflow.notebooks.pvcviewerController.manager.svc.name" .}}
+      namespace: {{ include "kubeflow.namespace" . }}
+      path: /validate-kubeflow-org-v1alpha1-pvcviewer
+  failurePolicy: Fail
+  name: {{ include "kubeflow.notebooks.pvcviewerController.manager.svc.addressWithSvc" . }}
+  rules:
+  - apiGroups:
+    - kubeflow.org
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - pvcviewers
+  sideEffects: None
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/authorizationpolicy.extAuth.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/authorizationpolicy.extAuth.yaml
new file mode 100644
index 00000000..6795b4bd
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/authorizationpolicy.extAuth.yaml
@@ -0,0 +1,29 @@
+{{- if and
+  (include "kubeflow.notebooks.volumesWebApp.createIstioIntegrationObjects" . | eq "true")
+  (include "kubeflow.istioIntegration.authorizationMode.granular" . | eq "true")
+-}}
+
+# NOTE: this AuthorizationPolicy forces traffic through ext authz http extension
+# so we don't have to provide configuration to allow traffic only from
+# istio-ingressgateway. The .spec.rules.to.operations.notPaths is configured for
+# CloudFlare integration and allows only static, non-secret assets to be
+# accessible without the Istio Auth.
+
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.volumesWebApp.authorizationPolicyExtAuthName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  action: CUSTOM
+  provider:
+    name: {{ .Values.istioIntegration.envoyExtAuthzHttpExtensionProviderName }}
+  rules:
+    - {}
+  selector:
+    matchLabels:
+      {{- include "kubeflow.notebooks.volumesWebApp.selectorLabels" . | nindent 6 }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/authorizationpolicy.yaml
new file mode 100644
index 00000000..5e58d1fe
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/authorizationpolicy.yaml
@@ -0,0 +1,20 @@
+{{- if (include "kubeflow.notebooks.volumesWebApp.createIstioIntegrationObjects" .) -}}
+
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.volumesWebApp.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "kubeflow.notebooks.volumesWebApp.selectorLabels" . | nindent 6 }}
+  rules:
+  - from:
+    - source:
+        namespaces:
+        - {{ .Values.istioIntegration.ingressGatewayNamespace }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/cluster-role-binding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/cluster-role-binding.yaml
new file mode 100644
index 00000000..f653e7d8
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/cluster-role-binding.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.notebooks.volumesWebApp.rbac.createRoles" . | eq "true" ) -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.volumesWebApp.mainClusterRoleBindingName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kubeflow.notebooks.volumesWebApp.mainClusterRoleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kubeflow.notebooks.volumesWebApp.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/cluster-role.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/cluster-role.yaml
new file mode 100644
index 00000000..89e780ee
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/cluster-role.yaml
@@ -0,0 +1,143 @@
+{{- if (include "kubeflow.notebooks.volumesWebApp.rbac.createRoles" . | eq "true" ) -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.volumesWebApp.mainClusterRoleName" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  - pods
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - watch
+  - update
+  - patch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - list
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - notebooks
+  verbs:
+  - list
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - pvcviewers
+  verbs:
+  - get
+  - list
+  - create
+  - delete
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.volumesWebApp.kfVolUiAdminClusterRoleName" . }}
+rules: []
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.volumesWebApp.kfVolUiEditClusterRoleName" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - watch
+  - update
+  - patch
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - pvcviewers
+  verbs:
+  - get
+  - list
+  - create
+  - delete
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowViewRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.volumesWebApp.kfVolUiViewClusterRoleName" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - pvcviewers
+  verbs:
+  - get
+  - list
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/cm.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/cm.yaml
new file mode 100644
index 00000000..66630fa8
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/cm.yaml
@@ -0,0 +1,59 @@
+{{- if (include "kubeflow.notebooks.volumesWebApp.enabled" . | eq "true" ) -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.volumesWebApp.configMapName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+data:
+  viewer-spec.yaml: |
+    # Note: the volumes-web-app allows expanding strings using ${VAR_NAME}
+    # You may use any environment variable. This lets us e.g. specify images that can be modified using kustomize's image transformer.
+    # Additionally, 'PVC_NAME', 'NAME' and 'NAMESPACE' are defined
+    # Name of the pvc is set by the volumes web app
+    pvc: $NAME
+    podSpec:
+      serviceAccountName: {{ .Values.notebooks.volumesWebApp.config.viewer.serviceAccountName }}
+      containers:
+        - name: main
+          image: {{ include "kubeflow.notebooks.volumesWebApp.viewerImage" . }}
+          env:
+            - name: FB_ADDRESS
+              value: "0.0.0.0"
+            - name: FB_PORT
+              value: "8080"
+            - name: FB_DATABASE
+              value: /tmp/filebrowser.db
+            - name: FB_NOAUTH
+              value: "true"
+            - name: FB_BASEURL
+              value: /pvcviewers/$NAMESPACE/$NAME/
+          readinessProbe:
+            tcpSocket:
+              port: 8080
+            initialDelaySeconds: 2
+            periodSeconds: 10
+          # viewer-volume is provided automatically by the volumes web app
+          volumeMounts:
+            - name: viewer-volume
+              mountPath: /srv
+          workingDir: /srv
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+      volumes:
+        - name: viewer-volume
+          persistentVolumeClaim:
+            claimName: $NAME
+    networking:
+      targetPort: 8080
+      basePrefix: "/pvcviewers"
+      rewrite: "/"
+      timeout: 30s
+    rwoScheduling: true
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/deployment.yaml
new file mode 100644
index 00000000..ec0a8c66
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/deployment.yaml
@@ -0,0 +1,94 @@
+{{- if (include "kubeflow.notebooks.volumesWebApp.enabled" . | eq "true") -}}
+
+{{- $autoscalingEnabled := include "kubeflow.notebooks.volumesWebApp.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.notebooks.volumesWebApp.autoscaling.minReplicas" . -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.volumesWebApp.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.notebooks.volumesWebApp.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      labels:
+        {{- include "kubeflow.notebooks.volumesWebApp.selectorLabels" . | nindent 8 }}
+
+    spec:
+      containers:
+      - name: {{ include "kubeflow.notebooks.volumesWebApp.baseName" . }}
+        image: {{ include "kubeflow.notebooks.volumesWebApp.image" . }}
+        imagePullPolicy: {{ include "kubeflow.notebooks.volumesWebApp.imagePullPolicy" . }}
+
+        ports:
+        - containerPort: 5000
+          protocol: TCP
+
+        {{- with .Values.notebooks.volumesWebApp.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        volumeMounts:
+        - mountPath: /etc/config/viewer-spec.yaml
+          name: viewer-spec
+          subPath: viewer-spec.yaml
+
+        env:
+        - name: APP_PREFIX
+          value: {{ .Values.notebooks.volumesWebApp.config.urlPrefix }}
+        - name: USERID_HEADER
+          value: {{ .Values.auth.userHeaderName | quote }}
+        - name: USERID_PREFIX
+          value: {{ .Values.auth.userIdPrefix | quote }}
+        - name: APP_SECURE_COOKIES
+          value: {{ .Values.notebooks.volumesWebApp.config.secureCookies | quote }}
+
+        {{- with include "kubeflow.notebooks.volumesWebApp.containerSecurityContext" . }}
+        securityContext:
+          {{- . | nindent 10 }}
+        {{- end }}
+
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      serviceAccountName: {{ include "kubeflow.notebooks.volumesWebApp.serviceAccountName" . }}
+
+      volumes:
+      - name: viewer-spec
+        configMap:
+          name: {{ include "kubeflow.notebooks.volumesWebApp.configMapName" . }}
+
+      {{- with include "kubeflow.notebooks.volumesWebApp.nodeSelector" . }}
+      nodeSelector:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.notebooks.volumesWebApp.tolerations" . }}
+      tolerations:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.notebooks.volumesWebApp.affinity" . }}
+      affinity:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.notebooks.volumesWebApp.topologySpreadConstraints" . }}
+      topologySpreadConstraints:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/destination-rule.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/destination-rule.yaml
new file mode 100644
index 00000000..a3e276e9
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/destination-rule.yaml
@@ -0,0 +1,16 @@
+{{- if (include "kubeflow.notebooks.volumesWebApp.createIstioIntegrationObjects" . | eq "true") -}}
+
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.volumesWebApp.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  host: {{ include "kubeflow.notebooks.volumesWebApp.svc.fqdn" . }}
+  trafficPolicy:
+    tls:
+      mode: ISTIO_MUTUAL
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/hpa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/hpa.yaml
new file mode 100644
index 00000000..41620b82
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/hpa.yaml
@@ -0,0 +1,36 @@
+{{- if (include "kubeflow.notebooks.volumesWebApp.autoscaling.enabled" . | eq "true") -}}
+
+{{- $componentName := include "kubeflow.notebooks.volumesWebApp.name" . -}}
+{{- $minReplicas := include "kubeflow.notebooks.volumesWebApp.autoscaling.minReplicas" . -}}
+{{- $maxReplicas := include "kubeflow.notebooks.volumesWebApp.autoscaling.maxReplicas" . -}}
+{{- $targetCPUUtilizationPercentage := include "kubeflow.notebooks.volumesWebApp.autoscaling.targetCPUUtilizationPercentage" . -}}
+{{- $targetMemoryUtilizationPercentage := include "kubeflow.notebooks.volumesWebApp.autoscaling.targetMemoryUtilizationPercentage" . -}}
+
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }}
+  name: {{ $componentName }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ $componentName }}
+  minReplicas: {{ $minReplicas }}
+  maxReplicas: {{ $maxReplicas }}
+  metrics:
+    {{- if $targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ $targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if $targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ $targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/poddisruptionbudget.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/poddisruptionbudget.yaml
new file mode 100644
index 00000000..d9ba40b4
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/poddisruptionbudget.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.notebooks.volumesWebApp.pdb.create" . | eq "true") -}}
+
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.volumesWebApp.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "kubeflow.notebooks.volumesWebApp.selectorLabels" . | nindent 6 }}
+  {{- with (include "kubeflow.notebooks.volumesWebApp.pdb.values" .) }}
+    {{- . | nindent 2 }}
+  {{- end }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/service-account.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/service-account.yaml
new file mode 100644
index 00000000..23c72629
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/service-account.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.notebooks.volumesWebApp.createServiceAccount" . | eq "true") -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.notebooks.volumesWebApp.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4}}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.volumesWebApp.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/service.yaml
new file mode 100644
index 00000000..e8881467
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/service.yaml
@@ -0,0 +1,25 @@
+{{- if (include "kubeflow.notebooks.volumesWebApp.enabled" . | eq "true") -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  {{- with .Values.notebooks.volumesWebApp.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.volumesWebApp.svc.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: 5000
+  selector:
+    {{- include "kubeflow.notebooks.volumesWebApp.selectorLabels" . | nindent 4 }}
+  sessionAffinity: None
+  type: {{ .Values.notebooks.volumesWebApp.service.type }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/virtual-service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/virtual-service.yaml
new file mode 100644
index 00000000..7939994e
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/notebooks/volumes-web-app/virtual-service.yaml
@@ -0,0 +1,31 @@
+{{- if (include "kubeflow.notebooks.volumesWebApp.createIstioIntegrationObjects" . | eq "true") -}}
+
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.volumesWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.notebooks.volumesWebApp.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  gateways:
+  - {{ .Values.istioIntegration.gateway.name }}
+  hosts:
+  - '*'
+  http:
+  - match:
+    - uri:
+        prefix: {{ .Values.notebooks.volumesWebApp.config.urlPrefix }}/
+    rewrite:
+      uri: /
+    route:
+    - destination:
+        host: {{ include "kubeflow.notebooks.volumesWebApp.svc.fqdn" . }}
+        port:
+          number: 80
+    headers:
+      request:
+        add:
+          x-forwarded-prefix: {{ .Values.notebooks.volumesWebApp.config.urlPrefix }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/oauth2-proxy-integration/virtualservice.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/oauth2-proxy-integration/virtualservice.yaml
new file mode 100644
index 00000000..bd34ef7f
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/oauth2-proxy-integration/virtualservice.yaml
@@ -0,0 +1,23 @@
+{{- if (include "kubeflow.oauth2ProxyIntegration.istio.enabled" . | eq "true") -}}
+
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: {{ .Values.oauth2ProxyIntegration.svc.name }}
+  namespace: {{ .Values.oauth2ProxyIntegration.svc.namespace }}
+spec:
+  gateways:
+  - {{ include "kubeflow.namespace" . }}/{{ .Values.istioIntegration.gateway.name }}
+  hosts:
+  - "{{ default "*" .Values.oauth2ProxyIntegration.host }}"
+  http:
+  - match:
+    - uri:
+        prefix: {{ .Values.oauth2ProxyIntegration.urlPrefix }}/
+    route:
+    - destination:
+        host: {{ .Values.oauth2ProxyIntegration.svc.name }}.{{ .Values.oauth2ProxyIntegration.svc.namespace }}.svc.cluster.local
+        port:
+          number: {{ .Values.oauth2ProxyIntegration.svc.port }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/_notes.txt b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/_notes.txt
new file mode 100644
index 00000000..cd988a3f
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/_notes.txt
@@ -0,0 +1,5 @@
+CRDs:
+from cluster-scoped-resources all copied to helm charts crds directory
+requiring argo wf as subchart
+
+investigate if it makes sense to add crd/applications.app.k8s.io
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/authorizationpolicy.yaml
new file mode 100644
index 00000000..3c52cdc0
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/authorizationpolicy.yaml
@@ -0,0 +1,17 @@
+{{- if (include "kubeflow.pipelines.cache.createIstioIntegrationObjects" .) -}}
+
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.cache.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.cache.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "kubeflow.pipelines.cache.selectorLabels" . | nindent 6 }}
+  rules:
+  - {}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/certmanager.certificate.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/certmanager.certificate.yaml
new file mode 100644
index 00000000..ccaff1f1
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/certmanager.certificate.yaml
@@ -0,0 +1,23 @@
+{{- if (include "kubeflow.pipelines.cache.enabledWithCertManager" . )}}
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.cache.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.cache.certName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  commonName: {{ include "kubeflow.pipelines.cache.certName" . }}
+  isCA: true
+  dnsNames:
+  - {{ include "kubeflow.pipelines.cache.svc.name" . }}
+  - {{ include "kubeflow.pipelines.cache.svc.addressWithNs" . }}
+  - {{ include "kubeflow.pipelines.cache.svc.addressWithSvc" . }}
+  - {{ include "kubeflow.pipelines.cache.svc.fqdn" . }}
+  issuerRef:
+    kind: Issuer
+    name: {{ include "kubeflow.pipelines.cache.certIssuerName" . }}
+  secretName: {{ include "kubeflow.pipelines.cache.tlsCertSecretName" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/certmanager.issuer.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/certmanager.issuer.yaml
new file mode 100644
index 00000000..2ffdc030
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/certmanager.issuer.yaml
@@ -0,0 +1,13 @@
+{{- if (include "kubeflow.pipelines.cache.enabledWithCertManager" . )}}
+
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.cache.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.cache.certIssuerName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  selfSigned: {}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/deployment.yaml
new file mode 100644
index 00000000..40cd5f0c
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/deployment.yaml
@@ -0,0 +1,127 @@
+{{- if (include "kubeflow.pipelines.cache.enabled" .) -}}
+
+{{- $autoscalingEnabled := include "kubeflow.pipelines.cache.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.pipelines.cache.autoscaling.minReplicas" . -}}
+
+# TODO: Add cache-deployer if cert-manager integration is disabled.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.cache.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.cache.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.pipelines.cache.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      labels:
+        {{- include "kubeflow.pipelines.cache.selectorLabels" . | nindent 8 }}
+
+    spec:
+      containers:
+      - name: server
+        image: {{ include "kubeflow.pipelines.cache.image" . }}
+        imagePullPolicy: {{ include "kubeflow.pipelines.cache.imagePullPolicy" . }}
+
+        args:
+        - --db_user=$({{ include "kubeflow.pipelines.cache.config.db.user.env.name" . }})
+        - --db_password=$({{ include "kubeflow.pipelines.cache.config.db.password.env.name" . }})
+        - --db_host=$({{ include "kubeflow.pipelines.cache.config.db.host.env.name" . }})
+        - --db_port=$({{ include "kubeflow.pipelines.cache.config.db.port.env.name" . }})
+        - --db_driver=$({{ include "kubeflow.pipelines.cache.config.db.driver.env.name" . }})
+        - --db_name=$({{ include "kubeflow.pipelines.cache.config.db.cacheDatabaseName.env.name" . }})
+        - --namespace_to_watch=$(NAMESPACE_TO_WATCH)
+        - --listen_port=$(WEBHOOK_PORT)
+        {{- if (include "kubeflow.certManagerIntegration.enabled" . )}}
+        - --tls_cert_filename=tls.crt
+        - --tls_key_filename=tls.key
+        {{- end }}
+
+        env:
+        {{- include "kubeflow.pipelines.cache.config.db.user.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.cache.config.db.password.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.cache.config.db.host.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.cache.config.db.port.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.cache.config.db.driver.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.cache.config.db.cacheDatabaseName.env.spec" . | nindent 8 }}
+
+        - name: DEFAULT_CACHE_STALENESS
+          value: {{ .Values.pipelines.cache.config.defaultCacheStaleness | quote }}
+        - name: MAXIMUM_CACHE_STALENESS
+          value: {{ .Values.pipelines.cache.config.maximumCacheStaleness | quote }}
+        - name: CACHE_IMAGE
+          value: {{ .Values.pipelines.cache.config.cacheImage }}
+        - name: CACHE_NODE_RESTRICTIONS
+          value: {{ .Values.pipelines.cache.config.cacheNodeRestrictions | quote }}
+        - name: WEBHOOK_PORT
+          value: {{ .Values.pipelines.cache.service.targetPort | quote }}
+
+        - name: NAMESPACE_TO_WATCH
+          {{- if (include "kubeflow.deploymentMode.namespace" .) }}
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+          {{- else }}
+          value: ""
+          {{- end }}
+
+        ports:
+        - containerPort: {{ .Values.pipelines.cache.service.targetPort }}
+          name: webhook-api
+
+        {{- with .Values.pipelines.cache.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        {{- with include "kubeflow.pipelines.cache.containerSecurityContext" . }}
+        securityContext:
+          {{- . | nindent 10 }}
+        {{- end }}
+
+        volumeMounts:
+        - name: webhook-tls-certs
+          mountPath: /etc/webhook/certs
+          readOnly: true
+
+      volumes:
+      - name: webhook-tls-certs
+        secret:
+          secretName: {{ include "kubeflow.pipelines.cache.tlsCertSecretName" . }}
+
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      serviceAccountName: {{ include "kubeflow.pipelines.cache.serviceAccountName" . }}
+
+      {{- with include "kubeflow.pipelines.cache.nodeSelector" . }}
+      nodeSelector:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.cache.tolerations" . }}
+      tolerations:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.cache.affinity" . }}
+      affinity:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.cache.topologySpreadConstraints" . }}
+      topologySpreadConstraints:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/mutatingwebhook.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/mutatingwebhook.yaml
new file mode 100644
index 00000000..6c191e51
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/mutatingwebhook.yaml
@@ -0,0 +1,36 @@
+{{- if (include "kubeflow.pipelines.cache.enabled" .) -}}
+
+{{- $ca := printf "%s/%s"
+  (include "kubeflow.namespace" .)
+  (include "kubeflow.pipelines.cache.certName" .)
+-}}
+
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: {{ $ca }}
+  labels:
+    {{- include "kubeflow.pipelines.cache.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.cache.webhookName" . }}
+webhooks:
+  - name: {{ include "kubeflow.pipelines.cache.svc.addressWithSvc" . }}
+    clientConfig:
+      service:
+        name: {{ include "kubeflow.pipelines.cache.svc.name" .}}
+        namespace: {{ include "kubeflow.namespace" . }}
+        path: "/mutate"
+    rules:
+    - operations: [ "CREATE" ]
+      apiGroups: [""]
+      apiVersions: ["v1"]
+      resources: ["pods"]
+    failurePolicy: Ignore
+    sideEffects: None
+    timeoutSeconds: 5
+    objectSelector:
+      matchLabels:
+        {{- include "kubeflow.pipelines.cache.cacheEnabledLabel" . | nindent 8}}
+    admissionReviewVersions: ["v1beta1"]
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/role-or-clusterrole.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/role-or-clusterrole.yaml
new file mode 100644
index 00000000..5125f5c5
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/role-or-clusterrole.yaml
@@ -0,0 +1,57 @@
+{{- if (include "kubeflow.pipelines.cache.enabled" .) -}}
+
+{{- $kind := ternary "ClusterRole" "Role" (include "kubeflow.deploymentMode.cluster" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: {{ $kind }}
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.cache.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.cache.roleName" .}}
+  namespace: {{ include "kubeflow.namespace" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+- apiGroups:
+  - argoproj.io
+  resources:
+  - workflows
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+  - patch
+- apiGroups:
+  - tekton.dev
+  resources:
+  - pipelineruns
+  - customruns
+  - taskruns
+  - conditions
+  - runs
+  - tasks
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - update
+  - patch
+  - delete
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/rolebinding-or-clusterrolebinding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/rolebinding-or-clusterrolebinding.yaml
new file mode 100644
index 00000000..e7c0a262
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/rolebinding-or-clusterrolebinding.yaml
@@ -0,0 +1,22 @@
+{{- if (include "kubeflow.pipelines.cache.enabled" .) -}}
+
+{{- $kind := ternary "ClusterRoleBinding" "RoleBinding" (include "kubeflow.deploymentMode.cluster" . | eq "true") -}}
+{{- $roleRefKind := ternary "ClusterRole" "Role" (include "kubeflow.deploymentMode.cluster" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: {{ $kind }}
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.cache.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.cache.roleBindingName" .}}
+  namespace: {{ include "kubeflow.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: {{ $roleRefKind }}
+  name: {{ include "kubeflow.pipelines.cache.roleName" .}}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kubeflow.pipelines.cache.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/sa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/sa.yaml
new file mode 100644
index 00000000..577b15ea
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/sa.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.pipelines.cache.createServiceAccount" . | eq "true") -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.pipelines.cache.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.pipelines.cache.labels" . | nindent 4 }}
+  name:  {{ include "kubeflow.pipelines.cache.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/service.yaml
new file mode 100644
index 00000000..fa5093c5
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/cache/service.yaml
@@ -0,0 +1,47 @@
+{{- if (include "kubeflow.pipelines.cache.enabled" .) -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  {{- with .Values.pipelines.cache.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.pipelines.cache.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.cache.svc.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+    - port: {{ .Values.pipelines.cache.service.port }}
+      targetPort: webhook-api
+  selector:
+    {{- include "kubeflow.pipelines.cache.selectorLabels" . | nindent 4 }}
+  sessionAffinity: None
+  type: {{ .Values.pipelines.cache.service.type }}
+
+---
+
+# TODO: having this SVC is a workaround... cache-server service might be hardcoded...
+
+apiVersion: v1
+kind: Service
+metadata:
+  {{- with .Values.pipelines.cache.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.pipelines.cache.labels" . | nindent 4 }}
+  name: cache-server
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+    - port: {{ .Values.pipelines.cache.service.port }}
+      targetPort: webhook-api
+  selector:
+    {{- include "kubeflow.pipelines.cache.selectorLabels" . | nindent 4 }}
+  sessionAffinity: None
+  type: {{ .Values.pipelines.cache.service.type }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/authorizationpolicy.yaml
new file mode 100644
index 00000000..7d149086
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/authorizationpolicy.yaml
@@ -0,0 +1,41 @@
+{{- if (include "kubeflow.pipelines.mlPipeline.createIstioIntegrationObjects" .) -}}
+
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.mlPipeline.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.mlPipeline.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "kubeflow.pipelines.mlPipeline.selectorLabels" . | nindent 6 }}
+  rules:
+  - from:
+    - source:
+        principals:
+        - {{ include "kubeflow.pipelines.mlPipeline.serviceAccountPrincipal" . }}
+        - {{ include "kubeflow.pipelines.ui.serviceAccountPrincipal" . }}
+        - {{ include "kubeflow.pipelines.persistenceAgent.serviceAccountPrincipal" . }}
+        - {{ include "kubeflow.pipelines.scheduledWorkflow.serviceAccountPrincipal" . }}
+        - {{ include "kubeflow.pipelines.viewerCrd.serviceAccountPrincipal" . }}
+        - {{ include "kubeflow.pipelines.cache.serviceAccountPrincipal" . }}
+
+  # NOTE(kromanow94): with m2m tokens through istio/oauth2-proxy and
+  # ml-pipeline-ui, the following is probably not needed anymore.
+  # NOTE(kromanow94) UPDATE!!!: It's needed, otherwise the KF Pipeline Steps
+  # cannot reach ml-pipeline and appareantly it's needed to process the step...
+  # For user workloads, which cannot use http headers for authentication
+  # Allow all requests that dont have a `kubeflow-userid` header.
+  - when:
+    - key: request.headers[{{ .Values.auth.userHeaderName }}]
+      notValues: ['*']
+
+  # allow access by any trusted principal
+  # Please see the following for reference:
+  # https://github.com/kubeflow/manifests/issues/2747
+  - from:
+    - source:
+        requestPrincipals: ["*"]
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/deployment.yaml
new file mode 100644
index 00000000..f67303ad
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/deployment.yaml
@@ -0,0 +1,162 @@
+{{- if (include "kubeflow.pipelines.mlPipeline.enabled" . | eq "true") -}}
+
+{{- $autoscalingEnabled := include "kubeflow.pipelines.mlPipeline.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.pipelines.mlPipeline.autoscaling.minReplicas" . -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.mlPipeline.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.mlPipeline.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.pipelines.mlPipeline.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      annotations:
+        cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
+      labels:
+        {{- include "kubeflow.pipelines.mlPipeline.selectorLabels" . | nindent 8 }}
+
+    spec:
+      containers:
+      - name: ml-pipeline-api-server
+        image: {{ include "kubeflow.pipelines.mlPipeline.image" . }}
+        imagePullPolicy: {{ include "kubeflow.pipelines.mlPipeline.imagePullPolicy" . }}
+
+        env:
+        {{- include "kubeflow.pipelines.mlPipeline.config.db.user.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.mlPipeline.config.db.password.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.mlPipeline.config.db.host.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.mlPipeline.config.db.port.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.mlPipeline.config.db.pipelineDatabaseName.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.mlPipeline.config.db.conMaxLifetime.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.mlPipeline.config.db.driver.env.spec" . | nindent 8 }}
+
+        {{- include "kubeflow.pipelines.mlPipeline.config.objectStore.accessKey.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.mlPipeline.config.objectStore.secretAccessKey.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.mlPipeline.config.objectStore.host.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.mlPipeline.config.objectStore.port.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.mlPipeline.config.objectStore.region.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.mlPipeline.config.objectStore.bucketName.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.mlPipeline.config.objectStore.secure.env.spec" . | nindent 8 }}
+
+        # ---
+        # variables from pipeline-api-server-config-dc9hkg52h6
+        # TODO: parameterize DEFAULTPIPELINERUNNERSERVICEACCOUNT
+        - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT
+          value: default-editor
+        - name: MULTIUSER
+          value: {{ (include "kubeflow.isMultiuser" .) | quote }}
+        - name: VISUALIZATIONSERVICE_NAME
+          value: ml-pipeline-visualizationserver
+        - name: VISUALIZATIONSERVICE_PORT
+          value: "8888"
+        - name: LOG_LEVEL
+          value: "info"
+        # ---
+
+        - name: KUBEFLOW_USERID_HEADER
+          value: {{ .Values.auth.userHeaderName | quote }}
+        - name: KUBEFLOW_USERID_PREFIX
+          value: {{ .Values.auth.userIdPrefix | quote }}
+        - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION
+          value: {{ .Values.pipelines.mlPipeline.config.autoUpdatePipelineDefaultVersion | quote }}
+
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+
+        ports:
+        - name: http
+          containerPort: 8888
+        - name: grpc
+          containerPort: 8887
+
+        # readinessProbe:
+        #   exec:
+        #     command:
+        #       - wget
+        #       - -q # quiet
+        #       - -S # show server response
+        #       - -O
+        #       - "-" # Redirect output to stdout
+        #       - http://localhost:8888/apis/v1beta1/healthz
+        #   initialDelaySeconds: 3
+        #   periodSeconds: 5
+        #   timeoutSeconds: 2
+        # livenessProbe:
+        #   exec:
+        #     command:
+        #       - wget
+        #       - -q # quiet
+        #       - -S # show server response
+        #       - -O
+        #       - "-" # Redirect output to stdout
+        #       - http://localhost:8888/apis/v1beta1/healthz
+        #   initialDelaySeconds: 3
+        #   periodSeconds: 5
+        #   timeoutSeconds: 2
+        # # This startup probe provides up to a 60 second grace window before the
+        # # liveness probe takes over to accomodate the occasional database
+        # # migration.
+        # startupProbe:
+        #   exec:
+        #     command:
+        #       - wget
+        #       - -q # quiet
+        #       - -S # show server response
+        #       - -O
+        #       - "-" # Redirect output to stdout
+        #       - http://localhost:8888/apis/v1beta1/healthz
+        #   failureThreshold: 12
+        #   periodSeconds: 5
+        #   timeoutSeconds: 2
+
+        {{- with .Values.pipelines.mlPipeline.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        {{- with include "kubeflow.pipelines.mlPipeline.containerSecurityContext" . }}
+        securityContext:
+          {{- . | nindent 10 }}
+        {{- end }}
+
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      serviceAccountName: {{ include "kubeflow.pipelines.mlPipeline.serviceAccountName" . }}
+
+      {{- with include "kubeflow.pipelines.mlPipeline.nodeSelector" . }}
+      nodeSelector:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.mlPipeline.tolerations" . }}
+      tolerations:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.mlPipeline.affinity" . }}
+      affinity:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.mlPipeline.topologySpreadConstraints" . }}
+      topologySpreadConstraints:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/destinationrule.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/destinationrule.yaml
new file mode 100644
index 00000000..43419ead
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/destinationrule.yaml
@@ -0,0 +1,16 @@
+{{- if (include "kubeflow.pipelines.mlPipeline.createIstioIntegrationObjects" .) -}}
+
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.mlPipeline.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.mlPipeline.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  host: {{ include "kubeflow.pipelines.mlPipeline.svc.fqdn" . }}
+  trafficPolicy:
+    tls:
+      mode: ISTIO_MUTUAL
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/role-or-clusterrole.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/role-or-clusterrole.yaml
new file mode 100644
index 00000000..1aa0a28b
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/role-or-clusterrole.yaml
@@ -0,0 +1,85 @@
+{{- if (include "kubeflow.pipelines.mlPipeline.rbac.createRoles" .) -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }}
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.mlPipeline.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.mlPipeline.roleName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/log
+  verbs:
+  - get
+  - list
+  - delete
+- apiGroups:
+  - argoproj.io
+  resources:
+  - workflows
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - scheduledworkflows
+  verbs:
+  - create
+  - get
+  - list
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - tekton.dev
+  resources:
+  - pipelineruns
+  - taskruns
+  - conditions
+  - runs
+  - tasks
+  - customruns
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - custom.tekton.dev
+  resources:
+  - pipelineloops
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - update
+  - patch
+  - delete
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/rolebinding-or-clusterrolebinding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/rolebinding-or-clusterrolebinding.yaml
new file mode 100644
index 00000000..aa9961c8
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/rolebinding-or-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- if (include "kubeflow.pipelines.mlPipeline.rbac.createRoles" .) -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: {{ include "kubeflow.deploymentMode.scopedRoleBindingKind" . }}
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.mlPipeline.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.mlPipeline.roleBindingName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }}
+  name: {{ include "kubeflow.pipelines.mlPipeline.roleName" . }}
+subjects:
+- kind: ServiceAccount
+  name:  {{ include "kubeflow.pipelines.mlPipeline.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/sa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/sa.yaml
new file mode 100644
index 00000000..0a57ee60
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/sa.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.pipelines.mlPipeline.createServiceAccount" . | eq "true") -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.pipelines.mlPipeline.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.pipelines.mlPipeline.labels" . | nindent 4 }}
+  name:  {{ include "kubeflow.pipelines.mlPipeline.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/service.yaml
new file mode 100644
index 00000000..a2da4146
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/apiserver/service.yaml
@@ -0,0 +1,32 @@
+{{- if (include "kubeflow.pipelines.mlPipeline.enabled" . | eq "true") -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+  {{- with .Values.pipelines.mlPipeline.service.annotations }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+    prometheus.io/port: "8888"
+    prometheus.io/scheme: http
+    prometheus.io/scrape: "true"
+  labels:
+    {{- include "kubeflow.pipelines.mlPipeline.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.mlPipeline.svc.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+  - name: http
+    port: 8888
+    protocol: TCP
+    targetPort: 8888
+  - name: grpc
+    port: 8887
+    protocol: TCP
+    targetPort: 8887
+  selector:
+    {{- include "kubeflow.pipelines.mlPipeline.selectorLabels" . | nindent 4 }}
+  sessionAffinity: None
+  type: {{ .Values.pipelines.mlPipeline.service.type }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-envoy/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-envoy/deployment.yaml
new file mode 100644
index 00000000..8ba88c2e
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-envoy/deployment.yaml
@@ -0,0 +1,76 @@
+{{- if (include "kubeflow.pipelines.metadataEnvoy.enabled" . | eq "true") -}}
+
+{{- $autoscalingEnabled := include "kubeflow.pipelines.metadataEnvoy.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.pipelines.metadataEnvoy.autoscaling.minReplicas" . -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.metadataEnvoy.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.metadataEnvoy.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.pipelines.metadataEnvoy.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      labels:
+        {{- include "kubeflow.pipelines.metadataEnvoy.selectorLabels" . | nindent 8 }}
+
+    spec:
+      containers:
+      - name: metadata-envoy
+        image: {{ include "kubeflow.pipelines.metadataEnvoy.image" . }}
+        imagePullPolicy: {{ include "kubeflow.pipelines.metadataEnvoy.imagePullPolicy" . }}
+
+        ports:
+        - name: md-envoy
+          containerPort: 9090
+        - name: envoy-admin
+          containerPort: 9901
+
+        {{- with .Values.pipelines.metadataEnvoy.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        {{- with include "kubeflow.pipelines.metadataEnvoy.containerSecurityContext" . }}
+        securityContext:
+          {{- . | nindent 10 }}
+        {{- end }}
+
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      serviceAccountName: {{ include "kubeflow.pipelines.metadataEnvoy.serviceAccountName" . }}
+
+      {{- with include "kubeflow.pipelines.metadataEnvoy.nodeSelector" . }}
+      nodeSelector:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.metadataEnvoy.tolerations" . }}
+      tolerations:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.metadataEnvoy.affinity" . }}
+      affinity:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.metadataEnvoy.topologySpreadConstraints" . }}
+      topologySpreadConstraints:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-envoy/sa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-envoy/sa.yaml
new file mode 100644
index 00000000..94ce2414
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-envoy/sa.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.pipelines.metadataEnvoy.createServiceAccount" . | eq "true") -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.pipelines.metadataEnvoy.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.pipelines.metadataEnvoy.labels" . | nindent 4 }}
+  name:  {{ include "kubeflow.pipelines.metadataEnvoy.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-envoy/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-envoy/service.yaml
new file mode 100644
index 00000000..e73db2f7
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-envoy/service.yaml
@@ -0,0 +1,41 @@
+{{- if (include "kubeflow.pipelines.metadataEnvoy.enabled" . | eq "true") -}}
+
+kind: Service
+apiVersion: v1
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.metadataEnvoy.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.metadataEnvoy.svc.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+  - port: 9090
+    protocol: TCP
+    name: md-envoy
+  selector:
+    {{- include "kubeflow.pipelines.metadataEnvoy.selectorLabels" . | nindent 4 }}
+  sessionAffinity: None
+  type: {{ .Values.pipelines.metadataEnvoy.service.type }}
+
+---
+
+# TODO: having this SVC is a workaround... metadata-envoy service might be hardcoded...
+
+kind: Service
+apiVersion: v1
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.metadataEnvoy.labels" . | nindent 4 }}
+  name: metadata-envoy-service
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+  - port: 9090
+    protocol: TCP
+    name: md-envoy
+  selector:
+    {{- include "kubeflow.pipelines.metadataEnvoy.selectorLabels" . | nindent 4 }}
+  sessionAffinity: None
+  type: {{ .Values.pipelines.metadataEnvoy.service.type }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/authorizationpolicy.yaml
new file mode 100644
index 00000000..bb40e261
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/authorizationpolicy.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.pipelines.metadataGrpcServer.createIstioIntegrationObjects" .) -}}
+
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.metadataGrpcServer.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.metadataGrpcServer.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  action: ALLOW
+  selector:
+    matchLabels:
+      {{- include "kubeflow.pipelines.metadataGrpcServer.selectorLabels" . | nindent 6 }}
+  rules:
+  - {}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/deployment.yaml
new file mode 100644
index 00000000..2c61f12b
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/deployment.yaml
@@ -0,0 +1,103 @@
+{{- if (include "kubeflow.pipelines.metadataGrpcServer.enabled" .) -}}
+
+{{- $autoscalingEnabled := include "kubeflow.pipelines.metadataGrpcServer.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.pipelines.metadataGrpcServer.autoscaling.minReplicas" . -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.metadataGrpcServer.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.metadataGrpcServer.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.pipelines.metadataGrpcServer.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      labels:
+        {{- include "kubeflow.pipelines.metadataGrpcServer.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+      - name: metadata-grpc-server
+        image: {{ include "kubeflow.pipelines.metadataGrpcServer.image" . }}
+        imagePullPolicy: {{ include "kubeflow.pipelines.metadataGrpcServer.imagePullPolicy" . }}
+
+        env:
+        {{- include "kubeflow.pipelines.metadataGrpcServer.config.db.user.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.metadataGrpcServer.config.db.password.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.metadataGrpcServer.config.db.host.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.metadataGrpcServer.config.db.port.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.metadataGrpcServer.config.db.mlmdDatabaseName.env.spec" . | nindent 8 }}
+
+        command: ["/bin/metadata_store_server"]
+        args:
+        - --grpc_port={{ .Values.pipelines.metadataGrpcServer.service.port }}
+        - --mysql_config_user=$({{ include "kubeflow.pipelines.metadataGrpcServer.config.db.user.env.name" . }})
+        - --mysql_config_password=$({{ include "kubeflow.pipelines.metadataGrpcServer.config.db.password.env.name" . }})
+        - --mysql_config_host=$({{ include "kubeflow.pipelines.metadataGrpcServer.config.db.host.env.name" . }})
+        - --mysql_config_port=$({{ include "kubeflow.pipelines.metadataGrpcServer.config.db.port.env.name" . }})
+        - --mysql_config_database=$({{ include "kubeflow.pipelines.metadataGrpcServer.config.db.mlmdDatabaseName.env.name" .}})
+        - --enable_database_upgrade=true
+
+        ports:
+        - name: grpc-api
+          containerPort: {{ .Values.pipelines.metadataGrpcServer.service.port }}
+
+        livenessProbe:
+          tcpSocket:
+            port: grpc-api
+          initialDelaySeconds: 3
+          periodSeconds: 5
+          timeoutSeconds: 2
+        readinessProbe:
+          tcpSocket:
+            port: grpc-api
+          initialDelaySeconds: 3
+          periodSeconds: 5
+          timeoutSeconds: 2
+
+        {{- with .Values.pipelines.metadataGrpcServer.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        {{- with include "kubeflow.pipelines.metadataGrpcServer.containerSecurityContext" . }}
+        securityContext:
+          {{- . | nindent 10 }}
+        {{- end }}
+
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      serviceAccountName: {{ include "kubeflow.pipelines.metadataGrpcServer.serviceAccountName" . }}
+
+      {{- with include "kubeflow.pipelines.metadataGrpcServer.nodeSelector" . }}
+      nodeSelector:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.metadataGrpcServer.tolerations" . }}
+      tolerations:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.metadataGrpcServer.affinity" . }}
+      affinity:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.metadataGrpcServer.topologySpreadConstraints" . }}
+      topologySpreadConstraints:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/destinationrule.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/destinationrule.yaml
new file mode 100644
index 00000000..81691043
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/destinationrule.yaml
@@ -0,0 +1,16 @@
+{{- if (include "kubeflow.pipelines.metadataGrpcServer.createIstioIntegrationObjects" .) -}}
+
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.metadataGrpcServer.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.metadataGrpcServer.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  host: {{ include "kubeflow.pipelines.metadataGrpcServer.svc.fqdn" . }}
+  trafficPolicy:
+    tls:
+      mode: ISTIO_MUTUAL
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/sa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/sa.yaml
new file mode 100644
index 00000000..da5c3ed2
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/sa.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.pipelines.metadataGrpcServer.createServiceAccount" . | eq "true") -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.pipelines.metadataGrpcServer.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.pipelines.metadataGrpcServer.labels" . | nindent 4 }}
+  name:  {{ include "kubeflow.pipelines.metadataGrpcServer.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/service.yaml
new file mode 100644
index 00000000..aef9c67a
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/service.yaml
@@ -0,0 +1,55 @@
+{{- if (include "kubeflow.pipelines.metadataGrpcServer.enabled" . | eq "true") -}}
+
+kind: Service
+apiVersion: v1
+metadata:
+  {{- with .Values.pipelines.metadataGrpcServer.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.pipelines.metadataGrpcServer.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.metadataGrpcServer.svc.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+  - port: {{ .Values.pipelines.metadataGrpcServer.service.port }}
+    protocol: TCP
+    name: grpc-api
+  selector:
+    {{- include "kubeflow.pipelines.metadataGrpcServer.selectorLabels" . | nindent 4 }}
+  sessionAffinity: None
+  type: {{ .Values.pipelines.metadataGrpcServer.service.type }}
+
+---
+
+# TODO: having this SVC is a workaround... metadata-grpc service might be hardcoded...
+# Consider adding following snipper:
+#        env:
+#        - name: METADATA_GRPC_SERVICE_SERVICE_HOST
+#          value: {{ include "kubeflow.pipelines.metadataGrpcServer.svc.name" . }}
+#        - name: METADATA_GRPC_SERVICE_SERVICE_PORT
+#          value: "8080"
+
+kind: Service
+apiVersion: v1
+metadata:
+  {{- with .Values.pipelines.metadataGrpcServer.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.pipelines.metadataGrpcServer.labels" . | nindent 4 }}
+  name: metadata-grpc-service
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+  - port: {{ .Values.pipelines.metadataGrpcServer.service.port }}
+    protocol: TCP
+    name: grpc-api
+  selector:
+    {{- include "kubeflow.pipelines.metadataGrpcServer.selectorLabels" . | nindent 4 }}
+  sessionAffinity: None
+  type: {{ .Values.pipelines.metadataGrpcServer.service.type }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/virtualservice.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/virtualservice.yaml
new file mode 100644
index 00000000..8d74abb9
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-grpc-server/virtualservice.yaml
@@ -0,0 +1,28 @@
+{{- if (include "kubeflow.pipelines.metadataGrpcServer.createIstioIntegrationObjects" . ) -}}
+
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.metadataGrpcServer.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.metadataGrpcServer.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  gateways:
+  - {{ .Values.istioIntegration.gateway.name }}
+  hosts:
+  # TODO: parameterize all VS Hosts.
+  - '*'
+  http:
+  - match:
+    - uri:
+        prefix: {{ .Values.pipelines.metadataGrpcServer.config.urlPrefix }}
+    rewrite:
+      uri: {{ .Values.pipelines.metadataGrpcServer.config.urlPrefix }}
+    route:
+    - destination:
+        host: {{ include "kubeflow.pipelines.metadataEnvoy.svc.fqdn" . }}
+        port:
+          number: 9090
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/deployment.yaml
new file mode 100644
index 00000000..d25d2037
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/deployment.yaml
@@ -0,0 +1,84 @@
+{{- if (include "kubeflow.pipelines.metadataWriter.enabled" . | eq "true") -}}
+
+{{- $autoscalingEnabled := include "kubeflow.pipelines.metadataWriter.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.pipelines.metadataWriter.autoscaling.minReplicas" . -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.metadataWriter.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.metadataWriter.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.pipelines.metadataWriter.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      labels:
+        {{- include "kubeflow.pipelines.metadataWriter.selectorLabels" . | nindent 8 }}
+
+    spec:
+      containers:
+      - name: main
+        image: {{ include "kubeflow.pipelines.metadataWriter.image" . }}
+        imagePullPolicy: {{ include "kubeflow.pipelines.metadataWriter.imagePullPolicy" . }}
+
+        env:
+        - name: METADATA_GRPC_SERVICE_SERVICE_HOST
+          value: {{ include "kubeflow.pipelines.metadataGrpcServer.svc.name" . }}
+        - name: METADATA_GRPC_SERVICE_SERVICE_PORT
+          value: "8080"
+        - name: NAMESPACE_TO_WATCH
+          {{- if (include "kubeflow.deploymentMode.namespace" .) }}
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+          {{- else }}
+          value: ""
+          {{- end }}
+
+        {{- with .Values.pipelines.metadataWriter.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        {{- with include "kubeflow.pipelines.metadataWriter.containerSecurityContext" . }}
+        securityContext:
+          {{- . | nindent 10 }}
+        {{- end }}
+
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      serviceAccountName: {{ include "kubeflow.pipelines.metadataWriter.serviceAccountName" . }}
+
+      {{- with include "kubeflow.pipelines.metadataWriter.nodeSelector" . }}
+      nodeSelector:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.metadataWriter.tolerations" . }}
+      tolerations:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.metadataWriter.affinity" . }}
+      affinity:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.metadataWriter.topologySpreadConstraints" . }}
+      topologySpreadConstraints:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/role-or-clusterrole.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/role-or-clusterrole.yaml
new file mode 100644
index 00000000..f3020959
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/role-or-clusterrole.yaml
@@ -0,0 +1,38 @@
+{{- if (include "kubeflow.pipelines.metadataWriter.rbac.createRoles" .) -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }}
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.metadataWriter.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.metadataWriter.roleName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+- apiGroups:
+  - argoproj.io
+  resources:
+  - workflows
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+  - patch
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/rolebinding-or-clusterrolebinding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/rolebinding-or-clusterrolebinding.yaml
new file mode 100644
index 00000000..b4dee83c
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/rolebinding-or-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- if (include "kubeflow.pipelines.metadataWriter.rbac.createRoles" .) -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: {{ include "kubeflow.deploymentMode.scopedRoleBindingKind" . }}
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.metadataWriter.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.metadataWriter.roleBindingName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }}
+  name: {{ include "kubeflow.pipelines.metadataWriter.roleName" . }}
+subjects:
+- kind: ServiceAccount
+  name:  {{ include "kubeflow.pipelines.metadataWriter.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/sa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/sa.yaml
new file mode 100644
index 00000000..0aff38a1
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/metadata-writer/sa.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.pipelines.metadataWriter.createServiceAccount" . | eq "true") -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.pipelines.metadataWriter.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.pipelines.metadataWriter.labels" . | nindent 4 }}
+  name:  {{ include "kubeflow.pipelines.metadataWriter.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/deployment.yaml
new file mode 100644
index 00000000..65245f20
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/deployment.yaml
@@ -0,0 +1,100 @@
+{{- if (include "kubeflow.pipelines.persistenceAgent.enabled" . | eq "true") -}}
+
+{{- $autoscalingEnabled := include "kubeflow.pipelines.persistenceAgent.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.pipelines.persistenceAgent.autoscaling.minReplicas" . -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.persistenceAgent.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.persistenceAgent.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.pipelines.persistenceAgent.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      annotations:
+        cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
+      labels:
+        {{- include "kubeflow.pipelines.persistenceAgent.selectorLabels" . | nindent 8 }}
+
+    spec:
+      containers:
+      - name: ml-pipeline-persistenceagent
+        image: {{ include "kubeflow.pipelines.persistenceAgent.image" . }}
+        imagePullPolicy: {{ include "kubeflow.pipelines.persistenceAgent.imagePullPolicy" . }}
+
+        env:
+        - name: TTL_SECONDS_AFTER_WORKFLOW_FINISH
+          value: {{ .Values.pipelines.persistenceAgent.config.ttlSecondsAfterWorkflowFinish | quote }}
+        - name: NUM_WORKERS
+          value: {{ .Values.pipelines.persistenceAgent.config.numWorkers | quote }}
+        - name: NAMESPACE
+          {{- if (include "kubeflow.deploymentMode.namespace" .) }}
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+          {{- else }}
+          value: ""
+          {{- end }}
+
+        {{- with .Values.pipelines.persistenceAgent.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        {{- with include "kubeflow.pipelines.persistenceAgent.containerSecurityContext" . }}
+        securityContext:
+          {{- . | nindent 10 }}
+        {{- end }}
+
+        volumeMounts:
+          - mountPath: /var/run/secrets/kubeflow/tokens
+            name: persistenceagent-sa-token
+
+      volumes:
+        - name: persistenceagent-sa-token
+          projected:
+            sources:
+              - serviceAccountToken:
+                  path: persistenceagent-sa-token
+                  expirationSeconds: 3600
+                  audience: pipelines.kubeflow.org
+
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      serviceAccountName: {{ include "kubeflow.pipelines.persistenceAgent.serviceAccountName" . }}
+
+      {{- with include "kubeflow.pipelines.persistenceAgent.nodeSelector" . }}
+      nodeSelector:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.persistenceAgent.tolerations" . }}
+      tolerations:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.persistenceAgent.affinity" . }}
+      affinity:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.persistenceAgent.topologySpreadConstraints" . }}
+      topologySpreadConstraints:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/role-or-clusterrole.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/role-or-clusterrole.yaml
new file mode 100644
index 00000000..cc91248e
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/role-or-clusterrole.yaml
@@ -0,0 +1,42 @@
+{{- if (include "kubeflow.pipelines.persistenceAgent.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }}
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.persistenceAgent.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.persistenceAgent.roleName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+rules:
+- apiGroups:
+  - argoproj.io
+  resources:
+  - workflows
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - scheduledworkflows
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - pipelines.kubeflow.org
+  resources:
+  - scheduledworkflows
+  - workflows
+  verbs:
+  - report
+- apiGroups:
+  - pipelines.kubeflow.org
+  resources:
+  - runs
+  verbs:
+  - reportMetrics
+  - readArtifact
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/rolebinding-or-clusterrolebinding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/rolebinding-or-clusterrolebinding.yaml
new file mode 100644
index 00000000..7b95e0b3
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/rolebinding-or-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- if (include "kubeflow.pipelines.persistenceAgent.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: {{ include "kubeflow.deploymentMode.scopedRoleBindingKind" . }}
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.persistenceAgent.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.persistenceAgent.roleBindingName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }}
+  name: {{ include "kubeflow.pipelines.persistenceAgent.roleName" . }}
+subjects:
+- kind: ServiceAccount
+  name:  {{ include "kubeflow.pipelines.persistenceAgent.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/sa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/sa.yaml
new file mode 100644
index 00000000..879d6b9f
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/persistenceagent/sa.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.pipelines.persistenceAgent.createServiceAccount" . | eq "true") -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.pipelines.persistenceAgent.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.pipelines.persistenceAgent.labels" . | nindent 4 }}
+  name:  {{ include "kubeflow.pipelines.persistenceAgent.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/deployment.yaml
new file mode 100644
index 00000000..71b3418e
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/deployment.yaml
@@ -0,0 +1,87 @@
+{{- if (include "kubeflow.pipelines.scheduledWorkflow.enabled" . | eq "true") -}}
+
+{{- $autoscalingEnabled := include "kubeflow.pipelines.scheduledWorkflow.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.pipelines.scheduledWorkflow.autoscaling.minReplicas" . -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.scheduledWorkflow.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.scheduledWorkflow.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.pipelines.scheduledWorkflow.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      annotations:
+        cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
+      labels:
+        {{- include "kubeflow.pipelines.scheduledWorkflow.selectorLabels" . | nindent 8 }}
+
+    spec:
+      containers:
+      - name: ml-pipeline-scheduledworkflow
+        image: {{ include "kubeflow.pipelines.scheduledWorkflow.image" . }}
+        imagePullPolicy: {{ include "kubeflow.pipelines.scheduledWorkflow.imagePullPolicy" . }}
+
+        env:
+        - name: LOG_LEVEL
+          value: "info"
+        - name: CRON_SCHEDULE_TIMEZONE
+          value: {{ .Values.pipelines.scheduledWorkflow.config.cronScheduleTimezone | quote }}
+
+        - name: NAMESPACE
+          {{- if (include "kubeflow.deploymentMode.namespace" .) }}
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+          {{- else }}
+          value: ""
+          {{- end }}
+
+        {{- with .Values.pipelines.scheduledWorkflow.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        {{- with include "kubeflow.pipelines.scheduledWorkflow.containerSecurityContext" . }}
+        securityContext:
+          {{- . | nindent 10 }}
+        {{- end }}
+
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      serviceAccountName: ml-pipeline-scheduledworkflow
+
+      {{- with include "kubeflow.pipelines.scheduledWorkflow.nodeSelector" . }}
+      nodeSelector:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.scheduledWorkflow.tolerations" . }}
+      tolerations:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.scheduledWorkflow.affinity" . }}
+      affinity:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.scheduledWorkflow.topologySpreadConstraints" . }}
+      topologySpreadConstraints:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/role-or-clusterrole.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/role-or-clusterrole.yaml
new file mode 100644
index 00000000..3d4603a2
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/role-or-clusterrole.yaml
@@ -0,0 +1,44 @@
+{{- if (include "kubeflow.pipelines.scheduledWorkflow.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }}
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.scheduledWorkflow.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.scheduledWorkflow.roleName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+rules:
+- apiGroups:
+  - argoproj.io
+  resources:
+  - workflows
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - scheduledworkflows
+  - scheduledworkflows/finalizers
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ''
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/rolebinding-or-clusterrolebinding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/rolebinding-or-clusterrolebinding.yaml
new file mode 100644
index 00000000..bb0353e4
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/rolebinding-or-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- if (include "kubeflow.pipelines.scheduledWorkflow.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: {{ include "kubeflow.deploymentMode.scopedRoleBindingKind" . }}
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.scheduledWorkflow.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.scheduledWorkflow.roleBindingName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }}
+  name: {{ include "kubeflow.pipelines.scheduledWorkflow.roleName" . }}
+subjects:
+- kind: ServiceAccount
+  name:  {{ include "kubeflow.pipelines.scheduledWorkflow.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/sa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/sa.yaml
new file mode 100644
index 00000000..0ced5506
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/scheduledworkflow/sa.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.pipelines.scheduledWorkflow.createServiceAccount" . | eq "true") -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.pipelines.scheduledWorkflow.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.pipelines.scheduledWorkflow.labels" . | nindent 4 }}
+  name:  {{ include "kubeflow.pipelines.scheduledWorkflow.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/secret.mlpipeline-minio-artifact.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/secret.mlpipeline-minio-artifact.yaml
new file mode 100644
index 00000000..0f9ed5f2
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/secret.mlpipeline-minio-artifact.yaml
@@ -0,0 +1,27 @@
+{{- if and
+  (include "kubeflow.pipelines.enabled" .)
+  (eq .Values.pipelines.config.objectStore.existingSecretName nil)
+  (eq .Values.pipelines.config.objectStore.accessKey.secretKeyRef.name nil)
+  (eq .Values.pipelines.config.objectStore.secretAccessKey.secretKeyRef.name nil)
+-}}
+
+{{/*
+NOTE/TODO: this secret name is hardcoded:
+* <=2.1.0:
+  https://github.com/kubeflow/pipelines/blob/2.1.0/backend/src/v2/objectstore/object_store.go#L292
+* >=2.2.0 (state as of 2nd May 2024)
+  https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L39
+*/}}
+
+kind: Secret
+apiVersion: v1
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.labels" . | nindent 4 }}
+  name: mlpipeline-minio-artifact
+  namespace: {{ include "kubeflow.namespace" . }}
+stringData:
+  accesskey: {{ .Values.pipelines.config.objectStore.accessKey.value | quote }}
+  secretkey: {{ .Values.pipelines.config.objectStore.secretAccessKey.value | quote }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/authorizationpolicy.extAuth.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/authorizationpolicy.extAuth.yaml
new file mode 100644
index 00000000..bcc63bb0
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/authorizationpolicy.extAuth.yaml
@@ -0,0 +1,27 @@
+{{- if and
+  (include "kubeflow.pipelines.ui.createIstioIntegrationObjects" . | eq "true")
+  (include "kubeflow.istioIntegration.authorizationMode.granular" . | eq "true")
+-}}
+
+# NOTE: this AuthorizationPolicy forces traffic through ext authz http extension
+# so we don't have to provide configuration to allow traffic only from
+# istio-ingressgateway.
+
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.ui.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.ui.authorizationPolicyExtAuthName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  action: CUSTOM
+  provider:
+    name: {{ .Values.istioIntegration.envoyExtAuthzHttpExtensionProviderName }}
+  rules:
+    - {}
+  selector:
+    matchLabels:
+      {{- include "kubeflow.pipelines.ui.selectorLabels" . | nindent 6 }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/authorizationpolicy.yaml
new file mode 100644
index 00000000..657bd8f6
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/authorizationpolicy.yaml
@@ -0,0 +1,30 @@
+{{- if (include "kubeflow.pipelines.ui.createIstioIntegrationObjects" .) -}}
+
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.ui.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.ui.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "kubeflow.pipelines.ui.selectorLabels" . | nindent 6 }}
+  rules:
+  # Allow all requests from the ingress gateway
+  - from:
+    - source:
+        principals:
+        - {{ include "kubeflow.istioIntegration.istioIngressGateway.serviceAccountPrincipal" . }}
+  # Allow all requests with an `authorization` header but NOT a `kubeflow-userid` header.
+  # This is needed to allow Kubernetes JWTs to be passed to the KFP API.
+  - when:
+    - key: request.headers[authorization]
+      values:
+      - "*"
+    - key: request.headers[kubeflow-userid]
+      notValues:
+      - "*"
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/configmap.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/configmap.yaml
new file mode 100644
index 00000000..89045e5d
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/configmap.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.pipelines.ui.enabled" . | eq "true") -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.ui.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.ui.configMapName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+data:
+   viewer-pod-template.json:  |-
+    {
+        "spec": {
+            "serviceAccountName": "{{ .Values.pipelines.ui.config.viewerPodServiceAccountName }}"
+        }
+    }
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/deployment.yaml
new file mode 100644
index 00000000..e5c180d7
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/deployment.yaml
@@ -0,0 +1,147 @@
+{{- if (include "kubeflow.pipelines.ui.enabled" . | eq "true") -}}
+
+{{- $autoscalingEnabled := include "kubeflow.pipelines.ui.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.pipelines.ui.autoscaling.minReplicas" . -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.ui.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.ui.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.pipelines.ui.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      annotations:
+        cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
+      labels:
+        {{- include "kubeflow.pipelines.ui.selectorLabels" . | nindent 8 }}
+
+    spec:
+      containers:
+      - name: ml-pipeline-ui
+        image: {{ include "kubeflow.pipelines.ui.image" . }}
+        imagePullPolicy: {{ include "kubeflow.pipelines.ui.imagePullPolicy" . }}
+
+        env:
+        {{- include "kubeflow.pipelines.ui.config.objectStore.host.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.ui.config.objectStore.accessKey.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.ui.config.objectStore.secretAccessKey.env.spec" . | nindent 8 }}
+
+        - name: VIEWER_TENSORBOARD_POD_TEMPLATE_SPEC_PATH
+          value: /etc/config/viewer-pod-template.json
+        - name: MINIO_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: ALLOW_CUSTOM_VISUALIZATIONS
+          value: {{ .Values.pipelines.ui.config.allowCustomVisualizations | quote }}
+
+        {{- if (include "kubeflow.deploymentMode.cluster" .) }}
+        - name: DEPLOYMENT
+          value: KUBEFLOW
+        - name: ARTIFACTS_SERVICE_PROXY_NAME
+          value: ml-pipeline-ui-artifact
+        - name: ARTIFACTS_SERVICE_PROXY_PORT
+          value: '80'
+        - name: ARTIFACTS_SERVICE_PROXY_ENABLED
+          value: 'true'
+        - name: ENABLE_AUTHZ
+          value: 'true'
+        - name: KUBEFLOW_USERID_HEADER
+          value: {{ .Values.auth.userHeaderName | quote }}
+        - name: KUBEFLOW_USERID_PREFIX
+          value: {{ .Values.auth.userIdPrefix | quote }}
+        - name: DISABLE_GKE_METADATA # https://github.com/kubeflow/pipelines/issues/11247
+          value: 'true'
+        - name: FRONTEND_SERVER_NAMESPACE
+          valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+        {{- end }}
+
+        ports:
+        - containerPort: 3000
+
+        readinessProbe:
+          exec:
+            command:
+              - wget
+              - -q # quiet
+              - -S # show server response
+              - -O
+              - "-" # Redirect output to stdout
+              - http://localhost:3000/apis/v1beta1/healthz
+          initialDelaySeconds: 3
+          periodSeconds: 5
+          timeoutSeconds: 2
+        livenessProbe:
+          exec:
+            command:
+              - wget
+              - -q # quiet
+              - -S # show server response
+              - -O
+              - "-" # Redirect output to stdout
+              - http://localhost:3000/apis/v1beta1/healthz
+          initialDelaySeconds: 3
+          periodSeconds: 5
+          timeoutSeconds: 2
+
+        {{- with .Values.pipelines.ui.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        {{- with include "kubeflow.pipelines.ui.containerSecurityContext" . }}
+        securityContext:
+          {{- . | nindent 10 }}
+        {{- end }}
+
+        volumeMounts:
+        - name: config-volume
+          mountPath: /etc/config
+          readOnly: true
+
+      volumes:
+      - name: config-volume
+        configMap:
+          name: {{ include "kubeflow.pipelines.ui.configMapName" . }}
+
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      serviceAccountName: ml-pipeline-ui
+
+      {{- with include "kubeflow.pipelines.ui.nodeSelector" . }}
+      nodeSelector:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.ui.tolerations" . }}
+      tolerations:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.ui.affinity" . }}
+      affinity:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.ui.topologySpreadConstraints" . }}
+      topologySpreadConstraints:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/destinationrule.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/destinationrule.yaml
new file mode 100644
index 00000000..7b327f63
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/destinationrule.yaml
@@ -0,0 +1,16 @@
+{{- if (include "kubeflow.pipelines.ui.createIstioIntegrationObjects" .) -}}
+
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.ui.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.ui.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  host: {{ include "kubeflow.pipelines.ui.svc.fqdn" . }}
+  trafficPolicy:
+    tls:
+      mode: ISTIO_MUTUAL
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/role-or-clusterrole.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/role-or-clusterrole.yaml
new file mode 100644
index 00000000..785a8414
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/role-or-clusterrole.yaml
@@ -0,0 +1,49 @@
+{{- if (include "kubeflow.pipelines.ui.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }}
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.ui.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.ui.roleName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/log
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - "kubeflow.org"
+  resources:
+  - viewers
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - delete
+- apiGroups:
+  - "argoproj.io"
+  resources:
+  - workflows
+  verbs:
+  - get
+  - list
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/rolebinding-or-clusterrolebinding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/rolebinding-or-clusterrolebinding.yaml
new file mode 100644
index 00000000..3c9e282a
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/rolebinding-or-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- if (include "kubeflow.pipelines.ui.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: {{ include "kubeflow.deploymentMode.scopedRoleBindingKind" . }}
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.ui.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.ui.roleBindingName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }}
+  name: {{ include "kubeflow.pipelines.ui.roleName" . }}
+subjects:
+- kind: ServiceAccount
+  name:  {{ include "kubeflow.pipelines.ui.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/sa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/sa.yaml
new file mode 100644
index 00000000..6d161b5e
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/sa.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.pipelines.ui.createServiceAccount" . | eq "true") -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.pipelines.ui.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.pipelines.ui.labels" . | nindent 4 }}
+  name:  {{ include "kubeflow.pipelines.ui.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/service.yaml
new file mode 100644
index 00000000..52246914
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/service.yaml
@@ -0,0 +1,25 @@
+{{- if (include "kubeflow.pipelines.ui.enabled" . | eq "true") -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  {{- with .Values.pipelines.ui.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.pipelines.ui.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.ui.svc.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+  - name: http
+    protocol: TCP
+    port: 80
+    targetPort: 3000
+  selector:
+    {{- include "kubeflow.pipelines.ui.selectorLabels" . | nindent 4 }}
+  sessionAffinity: None
+  type: {{ .Values.pipelines.ui.service.type }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/virtualservice.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/virtualservice.yaml
new file mode 100644
index 00000000..c6d68a63
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/ui/virtualservice.yaml
@@ -0,0 +1,28 @@
+{{- if (include "kubeflow.pipelines.ui.createIstioIntegrationObjects" .) -}}
+
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.ui.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.ui.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  gateways:
+  - {{ .Values.istioIntegration.gateway.name }}
+  hosts:
+  - '*'
+  http:
+  - match:
+    - uri:
+        prefix: {{ .Values.pipelines.ui.config.urlPrefix }}
+    rewrite:
+      uri: {{ .Values.pipelines.ui.config.urlPrefix }}
+    route:
+    - destination:
+        host: {{ include "kubeflow.pipelines.ui.svc.fqdn" . }}
+        port:
+          number: 80
+    timeout: 300s
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/deployment.yaml
new file mode 100644
index 00000000..733b6186
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/deployment.yaml
@@ -0,0 +1,85 @@
+{{- if (include "kubeflow.pipelines.viewerCrd.enabled" . | eq "true") -}}
+
+{{- $autoscalingEnabled := include "kubeflow.pipelines.viewerCrd.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.pipelines.viewerCrd.autoscaling.minReplicas" . -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.viewerCrd.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.viewerCrd.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.pipelines.viewerCrd.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      annotations:
+        cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
+      labels:
+        {{- include "kubeflow.pipelines.viewerCrd.selectorLabels" . | nindent 8 }}
+
+    spec:
+      containers:
+      - name: ml-pipeline-viewer-crd
+        image: {{ include "kubeflow.pipelines.viewerCrd.image" . }}
+        imagePullPolicy: {{ include "kubeflow.pipelines.viewerCrd.imagePullPolicy" . }}
+
+        env:
+        - name: MAX_NUM_VIEWERS
+          value: {{ .Values.pipelines.viewerCrd.config.maxNumViewers | quote }}
+        - name: NAMESPACE
+          {{- if (include "kubeflow.deploymentMode.namespace" .) }}
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+          {{- else }}
+          value: ""
+          {{- end }}
+
+        {{- with .Values.pipelines.viewerCrd.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        {{- with include "kubeflow.pipelines.viewerCrd.containerSecurityContext" . }}
+        securityContext:
+          {{- . | nindent 10 }}
+        {{- end }}
+
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      serviceAccountName: {{ include "kubeflow.pipelines.viewerCrd.serviceAccountName" . }}
+
+      {{- with include "kubeflow.pipelines.viewerCrd.nodeSelector" . }}
+      nodeSelector:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.viewerCrd.tolerations" . }}
+      tolerations:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.viewerCrd.affinity" . }}
+      affinity:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.viewerCrd.topologySpreadConstraints" . }}
+      topologySpreadConstraints:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+{{- end -}}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/role-or-clusterrole.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/role-or-clusterrole.yaml
new file mode 100644
index 00000000..a2c46c56
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/role-or-clusterrole.yaml
@@ -0,0 +1,38 @@
+{{- if (include "kubeflow.pipelines.viewerCrd.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }}
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.viewerCrd.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.viewerCrd.roleName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - deployments
+  - services
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - viewers
+  - viewers/finalizers
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - update
+  - patch
+  - delete
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/rolebinding-or-clusterrolebinding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/rolebinding-or-clusterrolebinding.yaml
new file mode 100644
index 00000000..4874a4d0
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/rolebinding-or-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- if (include "kubeflow.pipelines.viewerCrd.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: {{ include "kubeflow.deploymentMode.scopedRoleBindingKind" . }}
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.viewerCrd.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.viewerCrd.roleBindingName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: {{ include "kubeflow.deploymentMode.scopedRoleKind" . }}
+  name: {{ include "kubeflow.pipelines.viewerCrd.roleName" . }}
+subjects:
+- kind: ServiceAccount
+  name:  {{ include "kubeflow.pipelines.viewerCrd.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/sa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/sa.yaml
new file mode 100644
index 00000000..5d69675c
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/viewer-crd/sa.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.pipelines.viewerCrd.createServiceAccount" . | eq "true") -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.pipelines.viewerCrd.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.pipelines.viewerCrd.labels" . | nindent 4 }}
+  name:  {{ include "kubeflow.pipelines.viewerCrd.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/authorizationpolicy.yaml
new file mode 100644
index 00000000..c7ee24c0
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/authorizationpolicy.yaml
@@ -0,0 +1,25 @@
+{{- if (include "kubeflow.pipelines.visualization.createIstioIntegrationObjects" .) -}}
+
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.visualization.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.visualization.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "kubeflow.pipelines.visualization.selectorLabels" . | nindent 6 }}
+  rules:
+  - from:
+    - source:
+        principals:
+        - {{ include "kubeflow.pipelines.mlPipeline.serviceAccountPrincipal" . }}
+        - {{ include "kubeflow.pipelines.ui.serviceAccountPrincipal" . }}
+        - {{ include "kubeflow.pipelines.persistenceAgent.serviceAccountPrincipal" . }}
+        - {{ include "kubeflow.pipelines.scheduledWorkflow.serviceAccountPrincipal" . }}
+        - {{ include "kubeflow.pipelines.viewerCrd.serviceAccountPrincipal" . }}
+        - {{ include "kubeflow.pipelines.cache.serviceAccountPrincipal" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/deployment.yaml
new file mode 100644
index 00000000..f06c7c38
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/deployment.yaml
@@ -0,0 +1,101 @@
+{{- if (include "kubeflow.pipelines.visualization.enabled" . | eq "true") -}}
+
+{{- $autoscalingEnabled := include "kubeflow.pipelines.visualization.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.pipelines.visualization.autoscaling.minReplicas" . -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.visualization.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.visualization.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.pipelines.visualization.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      annotations:
+        cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
+      labels:
+        {{- include "kubeflow.pipelines.visualization.selectorLabels" . | nindent 8 }}
+
+    spec:
+      containers:
+      - name: ml-pipeline-visualizationserver
+        image: {{ include "kubeflow.pipelines.visualization.image" . }}
+        imagePullPolicy: {{ include "kubeflow.pipelines.visualization.imagePullPolicy" . }}
+
+        ports:
+        - name: http
+          containerPort: 8888
+
+        readinessProbe:
+          exec:
+            command:
+              - wget
+              - -q # quiet
+              - -S # show server response
+              - -O
+              - "-" # Redirect output to stdout
+              - http://localhost:8888/
+          initialDelaySeconds: 3
+          periodSeconds: 5
+          timeoutSeconds: 2
+        livenessProbe:
+          exec:
+            command:
+              - wget
+              - -q # quiet
+              - -S # show server response
+              - -O
+              - "-" # Redirect output to stdout
+              - http://localhost:8888/
+          initialDelaySeconds: 3
+          periodSeconds: 5
+          timeoutSeconds: 2
+
+        {{- with .Values.pipelines.visualization.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        {{- with include "kubeflow.pipelines.visualization.containerSecurityContext" . }}
+        securityContext:
+          {{- . | nindent 10 }}
+        {{- end }}
+
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      serviceAccountName: {{ include "kubeflow.pipelines.visualization.serviceAccountName" . }}
+
+      {{- with include "kubeflow.pipelines.visualization.nodeSelector" . }}
+      nodeSelector:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.visualization.tolerations" . }}
+      tolerations:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.visualization.affinity" . }}
+      affinity:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.visualization.topologySpreadConstraints" . }}
+      topologySpreadConstraints:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/destinationrule.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/destinationrule.yaml
new file mode 100644
index 00000000..8f441820
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/destinationrule.yaml
@@ -0,0 +1,16 @@
+{{- if (include "kubeflow.pipelines.visualization.createIstioIntegrationObjects" .) -}}
+
+apiVersion: "networking.istio.io/v1alpha3"
+kind: DestinationRule
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.visualization.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.visualization.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  host: {{ include "kubeflow.pipelines.visualization.svc.fqdn" . }}
+  trafficPolicy:
+    tls:
+      mode: ISTIO_MUTUAL
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/sa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/sa.yaml
new file mode 100644
index 00000000..31d59b68
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/sa.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.pipelines.visualization.createServiceAccount" . | eq "true") -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.pipelines.visualization.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.pipelines.visualization.labels" . | nindent 4 }}
+  name:  {{ include "kubeflow.pipelines.visualization.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/service.yaml
new file mode 100644
index 00000000..ec491e8d
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/ml-pipeline/visualization/service.yaml
@@ -0,0 +1,25 @@
+{{- if (include "kubeflow.pipelines.visualization.enabled" . | eq "true") -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  {{- with .Values.pipelines.visualization.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.pipelines.visualization.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.visualization.svc.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+  - name: http
+    port: 8888
+    protocol: TCP
+    targetPort: 8888
+  selector:
+    {{- include "kubeflow.pipelines.visualization.selectorLabels" . | nindent 4 }}
+  sessionAffinity: None
+  type: {{ .Values.pipelines.visualization.service.type }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/configmap.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/configmap.yaml
new file mode 100644
index 00000000..a7d27570
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/configmap.yaml
@@ -0,0 +1,14 @@
+{{- if (include "kubeflow.pipelines.profileController.enabled" .) -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.profileController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.profileController.configMapName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+data:
+  sync.py: |
+    {{- .Files.Get "files/pipelines-profile-controller/sync.py" | nindent 4 }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/decorator-controller.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/decorator-controller.yaml
new file mode 100644
index 00000000..921aa8ef
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/decorator-controller.yaml
@@ -0,0 +1,50 @@
+{{- if (include "kubeflow.pipelines.profileController.enabled" . | eq "true") -}}
+
+# Change resyncPeriodSeconds to 1 hour from insane 20 seconds  
+# Only  sync namespaces with pipelines.kubeflow.org/enabled = "true"
+apiVersion: metacontroller.k8s.io/v1alpha1
+kind: DecoratorController
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.profileController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.profileController.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  resyncPeriodSeconds: 3600
+  resources:
+  - apiVersion: v1
+    resource: namespaces
+    labelSelector:
+      matchLabels:
+        pipelines.kubeflow.org/enabled: "true"
+  attachments:
+  - apiVersion: v1
+    resource: secrets
+    updateStrategy:
+      method: OnDelete
+  - apiVersion: v1
+    resource: configmaps
+    updateStrategy:
+      method: OnDelete
+  - apiVersion: apps/v1
+    resource: deployments
+    updateStrategy:
+      method: InPlace
+  - apiVersion: v1
+    resource: services
+    updateStrategy:
+      method: InPlace
+  - apiVersion: networking.istio.io/v1alpha3
+    resource: destinationrules
+    updateStrategy:
+      method: InPlace
+  - apiVersion: security.istio.io/v1beta1
+    resource: authorizationpolicies
+    updateStrategy:
+      method: InPlace
+  hooks:
+    sync:
+      webhook:
+        url: {{ printf "http://%s/sync" (include "kubeflow.pipelines.profileController.svc.fqdn" .) }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/deployment.yaml
new file mode 100644
index 00000000..bd0bc517
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/deployment.yaml
@@ -0,0 +1,119 @@
+{{- if (include "kubeflow.pipelines.profileController.enabled" . | eq "true") -}}
+
+{{- $autoscalingEnabled := include "kubeflow.pipelines.profileController.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.pipelines.profileController.autoscaling.minReplicas" . -}}
+
+{{- $visualizationImageSplit := include "kubeflow.pipelines.visualization.image" . | split ":" -}}
+{{- $visualizationImageName := $visualizationImageSplit._0 }}
+{{- $visualizationImageTag := $visualizationImageSplit._1 }}
+
+{{- $frontendImageSplit := include "kubeflow.pipelines.ui.image" . | split ":" -}}
+{{- $frontendImageName := $frontendImageSplit._0 }}
+{{- $frontendImageTag := $frontendImageSplit._1 }}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.profileController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.profileController.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.pipelines.profileController.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      labels:
+        {{- include "kubeflow.pipelines.profileController.selectorLabels" . | nindent 8 }}
+
+    spec:
+      containers:
+      - name: profile-controller
+        image: {{ include "kubeflow.pipelines.profileController.image" . }}
+        imagePullPolicy: {{ include "kubeflow.pipelines.profileController.imagePullPolicy" . }}
+
+        command: ["python", "/hooks/sync.py"]
+
+        env:
+        {{- include "kubeflow.pipelines.profileController.config.objectStore.host.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.profileController.config.objectStore.accessKey.env.spec" . | nindent 8 }}
+        {{- include "kubeflow.pipelines.profileController.config.objectStore.secretAccessKey.env.spec" . | nindent 8 }}
+
+        - name: DISABLE_ISTIO_SIDECAR
+          value: {{ .Values.pipelines.profileController.config.disableIstioSidecar | quote }}
+        - name: KFP_VERSION
+          value: {{ .Values.pipelines.defaults.image.tag | quote }}
+        - name: KFP_DEFAULT_PIPELINE_ROOT
+          value: {{ .Values.pipelines.config.defaultPipelineRoot | quote }}
+        - name: CONTROLLER_PORT
+          value: "8080"
+        - name: VISUALIZATION_SERVER_IMAGE
+          value: {{ $visualizationImageName }}
+        - name: VISUALIZATION_SERVER_TAG
+          value: {{ $visualizationImageTag | quote }}
+        - name: FRONTEND_IMAGE
+          value: {{ $frontendImageName }}
+        - name: FRONTEND_TAG
+          value: {{ $frontendImageTag | quote }}
+        - name: METADATA_GRPC_SERVICE_HOST
+          value: {{ include "kubeflow.pipelines.metadataGrpcServer.svc.addressWithNs" . }}
+        - name: METADATA_GRPC_SERVICE_PORT
+          value: {{ .Values.pipelines.metadataGrpcServer.service.port | quote }}
+        - name: ML_PIPELINE_SA_PRINCIPAL
+          value: {{ include "kubeflow.pipelines.mlPipeline.serviceAccountPrincipal" . }}
+
+        {{- with .Values.pipelines.profileController.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        {{- with include "kubeflow.pipelines.profileController.containerSecurityContext" . }}
+        securityContext:
+          {{- . | nindent 10 }}
+        {{- end }}
+
+        volumeMounts:
+        - name: hooks
+          mountPath: /hooks
+        ports:
+        - containerPort: 8080
+
+      volumes:
+      - name: hooks
+        configMap:
+          name: {{ include "kubeflow.pipelines.profileController.configMapName" . }}
+
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      serviceAccountName: {{ include "kubeflow.pipelines.profileController.serviceAccountName" . }}
+
+      {{- with include "kubeflow.pipelines.profileController.nodeSelector" . }}
+      nodeSelector:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.profileController.tolerations" . }}
+      tolerations:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.profileController.affinity" . }}
+      affinity:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.pipelines.profileController.topologySpreadConstraints" . }}
+      topologySpreadConstraints:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/service.yaml
new file mode 100644
index 00000000..15661b6a
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/profile-controller/service.yaml
@@ -0,0 +1,21 @@
+{{- if (include "kubeflow.pipelines.profileController.enabled" . | eq "true") -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.profileController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.profileController.svc.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    {{- include "kubeflow.pipelines.profileController.selectorLabels" . | nindent 4 }}
+  sessionAffinity: None
+  type: {{ .Values.pipelines.profileController.service.type }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/clusterrole.cache-deployer.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/clusterrole.cache-deployer.yaml
new file mode 100644
index 00000000..1a9cb96c
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/clusterrole.cache-deployer.yaml
@@ -0,0 +1,45 @@
+{{/*
+Cache Deployer is currently not supported
+*/}}
+
+{{/*
+{{- if (include "kubeflow.pipelines.cache.enabled" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app: kubeflow-pipelines-cache-deployer-clusterrole
+  name: {{ include "kubeflow.pipelines.rbac.cacheDeployer.clusterRoleName" . }}
+rules:
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - certificatesigningrequests
+  - certificatesigningrequests/approval
+  verbs:
+  - create
+  - delete
+  - get
+  - update
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - mutatingwebhookconfigurations
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - signers
+  resourceNames:
+  - kubernetes.io/*
+  verbs:
+  - approve  
+
+{{- end }}
+*/}}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/clusterrolebinding.cache-deployer.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/clusterrolebinding.cache-deployer.yaml
new file mode 100644
index 00000000..9e901a19
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/clusterrolebinding.cache-deployer.yaml
@@ -0,0 +1,24 @@
+{{/*
+Cache Deployer is currently not supported
+*/}}
+
+{{/*
+{{- if (include "kubeflow.pipelines.cache.enabled" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.rbac.cacheDeployer.clusterRoleBindingName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kubeflow.pipelines.rbac.cacheDeployer.clusterRoleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kubeflow.pipelines.rbac.cacheDeployer.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
+*/}}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/sa.cache-deployer.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/sa.cache-deployer.yaml
new file mode 100644
index 00000000..946fa49e
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/sa.cache-deployer.yaml
@@ -0,0 +1,17 @@
+{{/*
+Cache Deployer is currently not supported
+*/}}
+
+{{/*
+{{- if (include "kubeflow.pipelines.cache.enabled" . | eq "true") -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    {{- include "kubeflow.pipelines.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.pipelines.rbac.cacheDeployer.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
+*/}}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/sa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/sa.yaml
new file mode 100644
index 00000000..f8cdfe4e
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/pipelines/rbac/sa.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name:  default-editor
+  namespace: {{ include "kubeflow.namespace" . }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/authorizationpolicy.yaml
new file mode 100644
index 00000000..be47b75d
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/authorizationpolicy.yaml
@@ -0,0 +1,25 @@
+{{- if (include "kubeflow.profilesController.createIstioIntegrationObjects" . | eq "true") -}}
+
+{{ $namespace := include "kubeflow.namespace" . }}
+{{ $centraldashboardSaName := include "kubeflow.centraldashboard.serviceAccountName" . }}
+
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.profilesController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.profilesController.kfam.name" . }}
+  namespace: {{ $namespace }}
+spec:
+  action: ALLOW
+  rules:
+    - from:
+        - source:
+            principals:
+              # TODO: change me
+              - cluster.local/ns/{{ $namespace }}/sa/{{ $centraldashboardSaName }}
+  selector:
+    matchLabels:
+      {{- include "kubeflow.profilesController.selectorLabels" . | nindent 6 }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/configmap.namespace-labels.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/configmap.namespace-labels.yaml
new file mode 100644
index 00000000..bfdae81e
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/configmap.namespace-labels.yaml
@@ -0,0 +1,20 @@
+{{- if (include "kubeflow.profilesController.enabled" . | eq "true") -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    {{- include "kubeflow.profilesController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.profilesController.namespaceLabelsConfigMapName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+data:
+  namespace-labels.yaml: |
+    {{- with .Values.profilesController.config.defaultNamespaceLabels }}
+        {{- toYaml . | nindent 4 }}
+    {{- end }}
+  
+    {{- with .Values.profilesController.config.extraNamespaceLabels }}
+        {{- toYaml . | nindent 4 }}
+    {{- end }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/deployment.yaml
new file mode 100644
index 00000000..7d9938f5
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/deployment.yaml
@@ -0,0 +1,134 @@
+{{- if (include "kubeflow.profilesController.enabled" . | eq "true") -}}
+
+{{- $autoscalingEnabled := include "kubeflow.profilesController.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.profilesController.autoscaling.minReplicas" . -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.profilesController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.profilesController.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.profilesController.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      labels:
+        {{- include "kubeflow.profilesController.selectorLabels" . | nindent 8 }}
+
+    spec:
+      containers:
+      - name: manager
+        image: {{ include "kubeflow.profilesController.manager.image" . }}
+        imagePullPolicy: {{ include "kubeflow.profilesController.manager.imagePullPolicy" . }}
+
+        command:
+        - /manager
+        - "-userid-header"
+        - {{ .Values.auth.userHeaderName | quote }}
+        - "-userid-prefix"
+        - {{ default "" .Values.auth.userIdPrefix | quote }}
+        - "-workload-identity"
+        - {{ default "" .Values.profilesController.config.workloadIdentity | quote }}
+
+        env:
+        - name: ADMIN
+          value: {{ default "" .Values.profilesController.config.admin | quote }}
+        - name: WORKLOAD_IDENTITY
+          value: {{ default "" .Values.profilesController.config.workloadIdentity | quote }}
+        - name: USERID_HEADER
+          value: {{ .Values.auth.userHeaderName | quote }}
+        - name: USERID_PREFIX
+          value: {{ default "" .Values.auth.userIdPrefix | quote }}
+        - name: NOTEBOOK_CONTROLLER_PRINCIPAL
+          value: {{ include "kubeflow.notebooks.controller.serviceAccountPrincipal" . }}
+        - name: KFP_UI_PRINCIPAL
+          value: {{ include "kubeflow.pipelines.ui.serviceAccountPrincipal" . }}
+        {{- if (include "kubeflow.istioIntegration.enabled" . ) }}
+        - name: ISTIO_INGRESS_GATEWAY_PRINCIPAL
+          value: {{ include "kubeflow.istioIntegration.istioIngressGateway.serviceAccountPrincipal" . }}
+        {{- end }}
+
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 9876
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 9876
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        ports:
+        - containerPort: 9876
+
+        volumeMounts:
+        - mountPath: /etc/profile-controller
+          name: namespace-labels
+          readOnly: true
+
+      - name: kfam
+        image: {{ include "kubeflow.profilesController.kfam.image" . }}
+        imagePullPolicy: {{ include "kubeflow.profilesController.kfam.imagePullPolicy" . }}
+
+        command:
+        - /access-management
+        - "-cluster-admin"
+        - {{ default "" .Values.profilesController.config.admin | quote }}
+        - "-userid-header"
+        - {{ .Values.auth.userHeaderName | quote }}
+        - "-userid-prefix"
+        - {{ default "" .Values.auth.userIdPrefix | quote }}
+
+        env:
+        - name: ADMIN
+          value: {{ default "" .Values.profilesController.config.admin | quote }}
+        - name: WORKLOAD_IDENTITY
+          value: {{ default "" .Values.profilesController.config.workloadIdentity | quote }}
+        - name: USERID_HEADER
+          value: {{ .Values.auth.userHeaderName | quote }}
+        - name: USERID_PREFIX
+          value: {{ default "" .Values.auth.userIdPrefix | quote }}
+        - name: NOTEBOOK_CONTROLLER_PRINCIPAL
+          value: {{ include "kubeflow.notebooks.controller.serviceAccountPrincipal" . }}
+        - name: KFP_UI_PRINCIPAL
+          value: {{ include "kubeflow.pipelines.ui.serviceAccountPrincipal" . }}
+        {{- if (include "kubeflow.istioIntegration.enabled" . ) }}
+        - name: ISTIO_INGRESS_GATEWAY_PRINCIPAL
+          value: {{ include "kubeflow.istioIntegration.istioIngressGateway.serviceAccountPrincipal" . }}
+        {{- end }}
+
+        livenessProbe:
+          httpGet:
+            path: /metrics
+            port: 8081
+          initialDelaySeconds: 30
+          periodSeconds: 30
+        ports:
+        - containerPort: 8081
+          name: kfam-http
+          protocol: TCP
+
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      serviceAccountName: {{ include "kubeflow.profilesController.serviceAccountName" . }}
+
+      volumes:
+      - name: namespace-labels
+        configMap:
+          name: {{ include "kubeflow.profilesController.namespaceLabelsConfigMapName" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/clusterrolebinding.main.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/clusterrolebinding.main.yaml
new file mode 100644
index 00000000..3d6cf5b3
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/clusterrolebinding.main.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.profilesController.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.profilesController.mainClusterRoleBindingName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kubeflow.profilesController.mainClusterRoleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kubeflow.profilesController.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/profile_editor_role.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/profile_editor_role.yaml
new file mode 100644
index 00000000..212436ab
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/profile_editor_role.yaml
@@ -0,0 +1,29 @@
+{{/*
+# Permissions for end users to edit profiles.
+# Currently not used anywhere.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: profile-editor-role
+rules:
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - profiles
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - profiles/status
+  verbs:
+  - get
+
+*/}}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/profile_viewer_role.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/profile_viewer_role.yaml
new file mode 100644
index 00000000..b17525f1
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/profile_viewer_role.yaml
@@ -0,0 +1,25 @@
+{{/*
+# Permissions for end users to view profiles.
+# Currently not used anywhere.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: profile-viewer-role
+rules:
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - profiles
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - profiles/status
+  verbs:
+  - get
+
+*/}}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/role.leader-election.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/role.leader-election.yaml
new file mode 100644
index 00000000..414708b7
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/role.leader-election.yaml
@@ -0,0 +1,37 @@
+{{- if (include "kubeflow.profilesController.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.profilesController.leaderElectionRoleName" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - configmaps/status
+  verbs:
+  - get
+  - update
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/role.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/role.yaml
new file mode 100644
index 00000000..4486c8eb
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/role.yaml
@@ -0,0 +1,44 @@
+{{/*
+# This role is defined in kubeflow/manifests but it seems it's not used anywhere.
+# https://github.com/kubeflow/manifests/blob/6cb9ff2fa2b25755eca5ce41c03d125aa8c8653b/apps/profiles/upstream/rbac/role.yaml
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: manager-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  verbs:
+  - '*'
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - profiles
+  - profiles/finalizers
+  - profiles/status
+  verbs:
+  - '*'
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  verbs:
+  - '*'
+- apiGroups:
+  - security.istio.io
+  resources:
+  - authorizationpolicies
+  verbs:
+  - '*'
+
+*/}}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/rolebinding.leader-election.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/rolebinding.leader-election.yaml
new file mode 100644
index 00000000..99e2d3a0
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/rolebinding.leader-election.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.profilesController.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    {{- include "kubeflow.notebooks.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.profilesController.leaderElectionRoleBindingName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "kubeflow.profilesController.leaderElectionRoleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kubeflow.profilesController.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/serviceaccount.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/serviceaccount.yaml
new file mode 100644
index 00000000..9dac3682
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/rbac/serviceaccount.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.profilesController.createServiceAccount" . | eq "true") -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.profilesController.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4}}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.profilesController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.profilesController.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/service.yaml
new file mode 100644
index 00000000..077cf38d
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/service.yaml
@@ -0,0 +1,22 @@
+{{- if (include "kubeflow.profilesController.enabled" . | eq "true") -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  {{- with .Values.profilesController.kfam.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.profilesController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.profilesController.kfam.svc.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+    - port: 8081
+  selector:
+    {{- include "kubeflow.profilesController.selectorLabels" . | nindent 4 }}
+  sessionAffinity: None
+  type: {{ .Values.profilesController.kfam.service.type }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/virtualservice.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/virtualservice.yaml
new file mode 100644
index 00000000..efaa7f77
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/profiles-controller/virtualservice.yaml
@@ -0,0 +1,31 @@
+{{- if (include "kubeflow.profilesController.createIstioIntegrationObjects" . | eq "true") -}}
+
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  labels:
+    {{- include "kubeflow.profilesController.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.profilesController.kfam.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  gateways:
+  - {{ .Values.istioIntegration.gateway.name }}
+  hosts:
+  - '*'
+  http:
+  - match:
+    - uri:
+        prefix: {{ .Values.profilesController.kfam.config.urlPrefix }}/
+    rewrite:
+      uri: {{ .Values.profilesController.kfam.config.urlPrefix }}/
+    route:
+    - destination:
+        host: {{ include "kubeflow.profilesController.kfam.svc.fqdn" . }}
+        port:
+          number: 8081
+    headers:
+      request:
+        add:
+          x-forwarded-prefix: {{ .Values.profilesController.kfam.config.urlPrefix }}
+    
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/deployment.yaml
new file mode 100644
index 00000000..f8ec3f27
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/deployment.yaml
@@ -0,0 +1,139 @@
+{{- if (include "kubeflow.tensorboard.controller.enabled" . | eq "true") -}}
+
+{{- $autoscalingEnabled := include "kubeflow.tensorboard.controller.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.tensorboard.controller.autoscaling.minReplicas" . -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.tensorboard.controller.labels" . | nindent 4 }}
+    control-plane: controller-manager
+  name: {{ include "kubeflow.tensorboard.controller.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.tensorboard.controller.selectorLabels" . | nindent 6 }}
+      control-plane: controller-manager
+
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: manager
+      labels:
+        {{- include "kubeflow.tensorboard.controller.selectorLabels" . | nindent 8 }}
+        control-plane: controller-manager
+
+    spec:
+      containers:
+      - name: manager
+        image: {{ include "kubeflow.tensorboard.controller.manager.image" . }}
+        imagePullPolicy: {{ include "kubeflow.tensorboard.controller.manager.imagePullPolicy" . }}
+
+        args:
+        - --health-probe-bind-address=:8081
+        - --metrics-bind-address=127.0.0.1:8080
+        command:
+        - /manager
+
+        env:
+        - name: ISTIO_GATEWAY
+          value: {{ include "kubeflow.namespace" . }}/{{ .Values.istioIntegration.gateway.name }}
+        - name: ISTIO_HOST
+          value: "*"
+        - name: RWO_PVC_SCHEDULING
+          value: {{ .Values.tensorboard.controller.manager.config.rwoPvcScheduling | quote }}
+        - name: TENSORBOARD_IMAGE
+          value: {{ include "kubeflow.tensorboard.controller.manager.tensorboardImage" . }}
+
+        {{- with .Values.tensorboard.controller.manager.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 8081
+          initialDelaySeconds: 5
+          periodSeconds: 10
+
+        {{- with include "kubeflow.tensorboard.controller.manager.containerSecurityContext" . }}
+        securityContext:
+          {{- . | nindent 10 }}
+        {{- end }}
+
+      - name: kube-rbac-proxy
+        image: {{ include "kubeflow.tensorboard.controller.kubeRbacProxy.image" . }}
+        imagePullPolicy: {{ include "kubeflow.tensorboard.controller.kubeRbacProxy.imagePullPolicy" . }}
+
+        args:
+        - --secure-listen-address=0.0.0.0:{{ .Values.tensorboard.controller.kubeRbacProxy.service.targetPort }}
+        - --upstream=http://127.0.0.1:8080/
+        - --logtostderr=true
+        - --v=0
+
+        ports:
+        - containerPort: {{ .Values.tensorboard.controller.kubeRbacProxy.service.targetPort }}
+          name: https
+          protocol: TCP
+
+        {{- with .Values.tensorboard.controller.kubeRbacProxy.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        {{- with include "kubeflow.tensorboard.controller.kubeRbacProxy.containerSecurityContext" . }}
+        securityContext:
+          {{- . | nindent 10 }}
+        {{- end }}
+
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      serviceAccountName: {{ include "kubeflow.tensorboard.controller.serviceAccountName" . }}
+
+      {{- with include "kubeflow.tensorboard.controller.nodeSelector" . }}
+      nodeSelector:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.tensorboard.controller.tolerations" . }}
+      tolerations:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.tensorboard.controller.affinity" . }}
+      affinity:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.tensorboard.controller.topologySpreadConstraints" . }}
+      topologySpreadConstraints:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.tensorboard.controller.terminationGracePeriodSeconds" . }}
+      terminationGracePeriodSeconds:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.tensorboard.controller.securityContext" . }}
+      securityContext:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrole.manager.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrole.manager.yaml
new file mode 100644
index 00000000..dc50e605
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrole.manager.yaml
@@ -0,0 +1,83 @@
+{{- if (include "kubeflow.tensorboard.controller.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.tensorboard.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.tensorboard.controller.mainClusterRoleName" . }}
+rules:
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  verbs:
+  - create
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - create
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - networking.istio.io
+  resources:
+  - virtualservices
+  verbs:
+  - create
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - tensorboard.kubeflow.org
+  resources:
+  - tensorboards
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - tensorboard.kubeflow.org
+  resources:
+  - tensorboards/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - tensorboard.kubeflow.org
+  resources:
+  - tensorboards/status
+  verbs:
+  - get
+  - patch
+  - update
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrole.metrics-reader.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrole.metrics-reader.yaml
new file mode 100644
index 00000000..17c6f0e2
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrole.metrics-reader.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.tensorboard.controller.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.tensorboard.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.tensorboard.controller.metricsReaderClusterRoleName" . }}
+rules:
+- nonResourceURLs:
+  - /metrics
+  verbs:
+  - get
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrole.proxy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrole.proxy.yaml
new file mode 100644
index 00000000..5f7c8129
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrole.proxy.yaml
@@ -0,0 +1,23 @@
+{{- if (include "kubeflow.tensorboard.controller.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.tensorboard.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.tensorboard.controller.proxyClusterRoleName" . }}
+rules:
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrolebinding.manager.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrolebinding.manager.yaml
new file mode 100644
index 00000000..beecb8ff
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrolebinding.manager.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.tensorboard.controller.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    {{- include "kubeflow.tensorboard.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.tensorboard.controller.mainClusterRoleBindingName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kubeflow.tensorboard.controller.mainClusterRoleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kubeflow.tensorboard.controller.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrolebinding.proxy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrolebinding.proxy.yaml
new file mode 100644
index 00000000..936c02c4
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/clusterrolebinding.proxy.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.tensorboard.controller.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    {{- include "kubeflow.tensorboard.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.tensorboard.controller.proxyClusterRoleBindingName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kubeflow.tensorboard.controller.proxyClusterRoleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kubeflow.tensorboard.controller.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/role.leader-election.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/role.leader-election.yaml
new file mode 100644
index 00000000..006a90da
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/role.leader-election.yaml
@@ -0,0 +1,43 @@
+{{- if (include "kubeflow.tensorboard.controller.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    {{- include "kubeflow.tensorboard.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.tensorboard.controller.leaderElectionRoleName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/rolebinding.leader-election.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/rolebinding.leader-election.yaml
new file mode 100644
index 00000000..bfeb64ab
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/rbac/rolebinding.leader-election.yaml
@@ -0,0 +1,19 @@
+{{- if (include "kubeflow.tensorboard.controller.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    {{- include "kubeflow.tensorboard.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.tensorboard.controller.leaderElectionRoleBindingName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "kubeflow.tensorboard.controller.leaderElectionRoleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kubeflow.tensorboard.controller.serviceAccountName" .}}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/service.controller-manager-metrics-service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/service.controller-manager-metrics-service.yaml
new file mode 100644
index 00000000..561d85d8
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/service.controller-manager-metrics-service.yaml
@@ -0,0 +1,28 @@
+{{- if (include "kubeflow.tensorboard.controller.enabled" . | eq "true") -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  {{- with .Values.tensorboard.controller.kubeRbacProxy.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.tensorboard.controller.labels" . | nindent 4 }}
+    control-plane: controller-manager
+  name: {{ include "kubeflow.tensorboard.controller.metricsService.svc.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+  - name: https
+    # port: 8443
+    port: {{ .Values.tensorboard.controller.kubeRbacProxy.service.port }}
+    protocol: TCP
+    targetPort: https
+  selector:
+    {{- include "kubeflow.tensorboard.controller.selectorLabels" . | nindent 4 }}
+    control-plane: controller-manager
+  sessionAffinity: None
+  type: {{ .Values.tensorboard.controller.kubeRbacProxy.service.type }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/serviceaccount.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/serviceaccount.yaml
new file mode 100644
index 00000000..26d97cb5
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/controller/serviceaccount.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.tensorboard.controller.createServiceAccount" . | eq "true") -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.tensorboard.controller.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4}}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.tensorboard.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.tensorboard.controller.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/authorizationpolicy.extAuth.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/authorizationpolicy.extAuth.yaml
new file mode 100644
index 00000000..47846b5d
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/authorizationpolicy.extAuth.yaml
@@ -0,0 +1,29 @@
+{{- if and
+  (include "kubeflow.tensorboard.tensorboardsWebApp.createIstioIntegrationObjects" . | eq "true")
+  (include "kubeflow.istioIntegration.authorizationMode.granular" . | eq "true")
+-}}
+
+# NOTE: this AuthorizationPolicy forces traffic through ext authz http extension
+# so we don't have to provide configuration to allow traffic only from
+# istio-ingressgateway. The .spec.rules.to.operations.notPaths is configured for
+# CloudFlare integration and allows only static, non-secret assets to be
+# accessible without the Istio Auth.
+
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.authorizationPolicyExtAuthName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  action: CUSTOM
+  provider:
+    name: {{ .Values.istioIntegration.envoyExtAuthzHttpExtensionProviderName }}
+  rules:
+    - {}
+  selector:
+    matchLabels:
+      {{- include "kubeflow.tensorboard.tensorboardsWebApp.selectorLabels" . | nindent 6 }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/authorizationpolicy.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/authorizationpolicy.yaml
new file mode 100644
index 00000000..4df42532
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/authorizationpolicy.yaml
@@ -0,0 +1,20 @@
+{{- if (include "kubeflow.tensorboard.tensorboardsWebApp.createIstioIntegrationObjects" .) -}}
+
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  labels:
+    {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "kubeflow.tensorboard.tensorboardsWebApp.selectorLabels" . | nindent 6 }}
+  rules:
+  - from:
+    - source:
+        namespaces:
+        - {{ .Values.istioIntegration.ingressGatewayNamespace }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/cluster-role-binding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/cluster-role-binding.yaml
new file mode 100644
index 00000000..8d27d69b
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/cluster-role-binding.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.tensorboard.tensorboardsWebApp.rbac.createRoles" . | eq "true" ) -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.mainClusterRoleBindingName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.mainClusterRoleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/cluster-role.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/cluster-role.yaml
new file mode 100644
index 00000000..54ab26fc
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/cluster-role.yaml
@@ -0,0 +1,134 @@
+{{- if (include "kubeflow.tensorboard.tensorboardsWebApp.rbac.createRoles" . | eq "true" ) -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.mainClusterRoleName" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+- apiGroups:
+  - tensorboard.kubeflow.org
+  resources:
+  - tensorboards
+  - tensorboards/finalizers
+  verbs:
+  - get
+  - list
+  - create
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - poddefaults
+  verbs:
+  - get
+  - list
+  - watch
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.kfTenUiAdminClusterRoleName" . }}
+rules: []
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.kfTenUiEditClusterRoleName" . }}
+rules:
+- apiGroups:
+  - tensorboard.kubeflow.org
+  resources:
+  - tensorboards
+  - tensorboards/finalizers
+  verbs:
+  - get
+  - list
+  - create
+  - delete
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - poddefaults
+  verbs:
+  - get
+  - list
+  - watch
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowViewRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.kfTenUiViewClusterRoleName" . }}
+rules:
+- apiGroups:
+  - tensorboard.kubeflow.org
+  resources:
+  - tensorboards
+  - tensorboards/finalizers
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - poddefaults
+  verbs:
+  - get
+  - list
+  - watch
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/deployment.yaml
new file mode 100644
index 00000000..690b5a3a
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/deployment.yaml
@@ -0,0 +1,84 @@
+{{- if (include "kubeflow.tensorboard.tensorboardsWebApp.enabled" . | eq "true") -}}
+
+{{- $autoscalingEnabled := include "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.minReplicas" . -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.tensorboard.tensorboardsWebApp.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      labels:
+        {{- include "kubeflow.tensorboard.tensorboardsWebApp.selectorLabels" . | nindent 8 }}
+
+    spec:
+      containers:
+      - name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.baseName" . }}
+        image: {{ include "kubeflow.tensorboard.tensorboardsWebApp.image" . }}
+        imagePullPolicy: {{ include "kubeflow.tensorboard.tensorboardsWebApp.imagePullPolicy" . }}
+
+        ports:
+        - containerPort: {{ .Values.tensorboard.tensorboardsWebApp.service.targetPort }}
+          protocol: TCP
+
+        {{- with .Values.tensorboard.tensorboardsWebApp.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        env:
+        - name: APP_PREFIX
+          value: {{ .Values.tensorboard.tensorboardsWebApp.config.urlPrefix }}
+        - name: USERID_HEADER
+          value: {{ .Values.auth.userHeaderName | quote }}
+        - name: USERID_PREFIX
+          value: {{ .Values.auth.userIdPrefix | quote }}
+        - name: APP_SECURE_COOKIES
+          value: {{ .Values.tensorboard.tensorboardsWebApp.config.secureCookies | quote }}
+
+        {{- with include "kubeflow.tensorboard.tensorboardsWebApp.containerSecurityContext" . }}
+        securityContext:
+          {{- . | nindent 10 }}
+        {{- end }}
+
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      serviceAccountName: {{ include "kubeflow.tensorboard.tensorboardsWebApp.serviceAccountName" . }}
+
+      {{- with include "kubeflow.tensorboard.tensorboardsWebApp.nodeSelector" . }}
+      nodeSelector:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.tensorboard.tensorboardsWebApp.tolerations" . }}
+      tolerations:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.tensorboard.tensorboardsWebApp.affinity" . }}
+      affinity:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.tensorboard.tensorboardsWebApp.topologySpreadConstraints" . }}
+      topologySpreadConstraints:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/destination-rule.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/destination-rule.yaml
new file mode 100644
index 00000000..774da109
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/destination-rule.yaml
@@ -0,0 +1,16 @@
+{{- if (include "kubeflow.tensorboard.tensorboardsWebApp.createIstioIntegrationObjects" . | eq "true") -}}
+
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  labels:
+    {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  host: {{ include "kubeflow.tensorboard.tensorboardsWebApp.svc.fqdn" . }}
+  trafficPolicy:
+    tls:
+      mode: ISTIO_MUTUAL
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/hpa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/hpa.yaml
new file mode 100644
index 00000000..49676b27
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/hpa.yaml
@@ -0,0 +1,36 @@
+{{- if (include "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.enabled" . | eq "true") -}}
+
+{{- $componentName := include "kubeflow.tensorboard.tensorboardsWebApp.name" . -}}
+{{- $minReplicas := include "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.minReplicas" . -}}
+{{- $maxReplicas := include "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.maxReplicas" . -}}
+{{- $targetCPUUtilizationPercentage := include "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.targetCPUUtilizationPercentage" . -}}
+{{- $targetMemoryUtilizationPercentage := include "kubeflow.tensorboard.tensorboardsWebApp.autoscaling.targetMemoryUtilizationPercentage" . -}}
+
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  labels:
+    {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }}
+  name: {{ $componentName }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ $componentName }}
+  minReplicas: {{ $minReplicas }}
+  maxReplicas: {{ $maxReplicas }}
+  metrics:
+    {{- if $targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ $targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if $targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ $targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/poddisruptionbudget.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/poddisruptionbudget.yaml
new file mode 100644
index 00000000..34df185f
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/poddisruptionbudget.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.tensorboard.tensorboardsWebApp.pdb.create" . | eq "true") -}}
+
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "kubeflow.tensorboard.tensorboardsWebApp.selectorLabels" . | nindent 6 }}
+  {{- with (include "kubeflow.tensorboard.tensorboardsWebApp.pdb.values" .) }}
+    {{- . | nindent 2 }}
+  {{- end }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/service-account.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/service-account.yaml
new file mode 100644
index 00000000..b1fa20e1
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/service-account.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.tensorboard.tensorboardsWebApp.createServiceAccount" . | eq "true") -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.tensorboard.tensorboardsWebApp.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4}}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/service.yaml
new file mode 100644
index 00000000..a1ef5864
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/service.yaml
@@ -0,0 +1,25 @@
+{{- if (include "kubeflow.tensorboard.tensorboardsWebApp.enabled" . | eq "true") -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  {{- with .Values.tensorboard.tensorboardsWebApp.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.svc.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+  - name: http
+    port: {{ .Values.tensorboard.tensorboardsWebApp.service.port }}
+    protocol: TCP
+    targetPort: {{ .Values.tensorboard.tensorboardsWebApp.service.targetPort }}
+  selector:
+    {{- include "kubeflow.tensorboard.tensorboardsWebApp.selectorLabels" . | nindent 4 }}
+  sessionAffinity: None
+  type: {{ .Values.tensorboard.tensorboardsWebApp.service.type }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/virtual-service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/virtual-service.yaml
new file mode 100644
index 00000000..1360f74c
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tensorboard/tensorboards-web-app/virtual-service.yaml
@@ -0,0 +1,31 @@
+{{- if (include "kubeflow.tensorboard.tensorboardsWebApp.createIstioIntegrationObjects" . | eq "true") -}}
+
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  labels:
+    {{- include "kubeflow.tensorboard.tensorboardsWebApp.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.tensorboard.tensorboardsWebApp.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  gateways:
+  - {{ .Values.istioIntegration.gateway.name }}
+  hosts:
+  - '*'
+  http:
+  - match:
+    - uri:
+        prefix: {{ .Values.tensorboard.tensorboardsWebApp.config.urlPrefix }}/
+    rewrite:
+      uri: /
+    route:
+    - destination:
+        host: {{ include "kubeflow.tensorboard.tensorboardsWebApp.svc.fqdn" . }}
+        port:
+          number: {{ .Values.tensorboard.tensorboardsWebApp.service.port }}
+    headers:
+      request:
+        add:
+          x-forwarded-prefix: {{ .Values.tensorboard.tensorboardsWebApp.config.urlPrefix }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/tests/_test-connection.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tests/_test-connection.yaml
new file mode 100644
index 00000000..789ac15e
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/tests/_test-connection.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "kubeflow.fullname" . }}-test-connection"
+  labels:
+    {{- include "kubeflow.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "kubeflow.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/cluster-role-binding.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/cluster-role-binding.yaml
new file mode 100644
index 00000000..19f7b523
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/cluster-role-binding.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.trainingOperator.rbac.createRoles" . | eq "true" ) -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    {{- include "kubeflow.trainingOperator.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.trainingOperator.mainClusterRoleBindingName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kubeflow.trainingOperator.mainClusterRoleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kubeflow.trainingOperator.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/clusterrole.main.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/clusterrole.main.yaml
new file mode 100644
index 00000000..6947a7b1
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/clusterrole.main.yaml
@@ -0,0 +1,297 @@
+{{- if (include "kubeflow.trainingOperator.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.trainingOperator.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.trainingOperator.mainClusterRoleName" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
+  - list
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods/exec
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - watch
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - validatingwebhookconfigurations
+  verbs:
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - autoscaling
+  resources:
+  - horizontalpodautoscalers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - mpijobs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - mpijobs/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - mpijobs/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - mxjobs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - mxjobs/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - mxjobs/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - paddlejobs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - paddlejobs/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - paddlejobs/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - pytorchjobs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - pytorchjobs/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - pytorchjobs/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - tfjobs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - tfjobs/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - tfjobs/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - xgboostjobs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - xgboostjobs/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - xgboostjobs/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  verbs:
+  - create
+  - list
+  - update
+  - watch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - roles
+  verbs:
+  - create
+  - list
+  - update
+  - watch
+- apiGroups:
+  - scheduling.volcano.sh
+  resources:
+  - podgroups
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - scheduling.x-k8s.io
+  resources:
+  - podgroups
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/clusterroles.user.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/clusterroles.user.yaml
new file mode 100644
index 00000000..317121f3
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/clusterroles.user.yaml
@@ -0,0 +1,109 @@
+{{- if (include "kubeflow.trainingOperator.rbac.createRoles" . | eq "true") -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.trainingOperator.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowAdminRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.trainingOperator.kfTrAdminClusterRoleName" . }}
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      {{- include "kubeflow.trainingOperator.kfTrAdminClusterRoleLabel" . | nindent 6 }}
+rules: []
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.trainingOperator.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowEditRoleLabel" . | nindent 4 }}
+    {{- include "kubeflow.trainingOperator.kfTrAdminClusterRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.trainingOperator.kfTrEditClusterRoleName" . }}
+rules:
+- apiGroups:
+    - kubeflow.org
+  resources:
+    - mpijobs
+    - tfjobs
+    - pytorchjobs
+    - mxjobs
+    - xgboostjobs
+    - paddlejobs
+  verbs:
+    - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch
+- apiGroups:
+    - kubeflow.org
+  resources:
+    - mpijobs/status
+    - tfjobs/status
+    - pytorchjobs/status
+    - mxjobs/status
+    - xgboostjobs/status
+    - paddlejobs/status
+  verbs:
+    - get
+- apiGroups:
+    - ""
+  resources:
+    - persistentvolumeclaims
+  verbs:
+    - create
+    - delete
+    - get
+    - list
+    - watch
+- apiGroups:
+    - ""
+  resources:
+    - events
+  verbs:
+    - get
+    - list
+    - watch
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "kubeflow.trainingOperator.labels" . | nindent 4 }}
+    {{- include "kubeflow.kubeflowRoles.kubeflowViewRoleLabel" . | nindent 4 }}
+  name: {{ include "kubeflow.trainingOperator.kfTrViewClusterRoleName" . }}
+rules:
+- apiGroups:
+    - kubeflow.org
+  resources:
+    - mpijobs
+    - tfjobs
+    - pytorchjobs
+    - mxjobs
+    - xgboostjobs
+    - paddlejobs
+  verbs:
+    - get
+    - list
+    - watch
+- apiGroups:
+    - kubeflow.org
+  resources:
+    - mpijobs/status
+    - tfjobs/status
+    - pytorchjobs/status
+    - mxjobs/status
+    - xgboostjobs/status
+    - paddlejobs/status
+  verbs:
+    - get
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/deployment.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/deployment.yaml
new file mode 100644
index 00000000..ebb73047
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/deployment.yaml
@@ -0,0 +1,122 @@
+{{- if (include "kubeflow.trainingOperator.enabled" . | eq "true") -}}
+
+{{- $autoscalingEnabled := include "kubeflow.trainingOperator.autoscaling.enabled" . -}}
+{{- $replicas := include "kubeflow.trainingOperator.autoscaling.minReplicas" . -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "kubeflow.trainingOperator.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.trainingOperator.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  {{- if (eq $autoscalingEnabled "false") }}
+  replicas: {{ $replicas }}
+  {{- end }}
+
+  selector:
+    matchLabels:
+      {{- include "kubeflow.trainingOperator.selectorLabels" . | nindent 6 }}
+
+  template:
+    metadata:
+      labels:
+        {{- include "kubeflow.trainingOperator.selectorLabels" . | nindent 8 }}
+      annotations:
+        sidecar.istio.io/inject: "false"
+
+    spec:
+      containers:
+      - name: {{ include "kubeflow.trainingOperator.baseName" . }}
+        image: {{ include "kubeflow.trainingOperator.image" . }}
+        imagePullPolicy: {{ include "kubeflow.trainingOperator.imagePullPolicy" . }}
+
+        command:
+        - /manager
+
+        ports:
+          - containerPort: {{ .Values.trainingOperator.service.monitoring.targetPort }}
+          - containerPort: {{ .Values.trainingOperator.service.webhookServer.targetPort }}
+            name: webhook-server
+            protocol: TCP
+
+        {{- with .Values.trainingOperator.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+
+        volumeMounts:
+          - mountPath: /tmp/k8s-webhook-server/serving-certs
+            name: cert
+            readOnly: true
+
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+          initialDelaySeconds: 15
+          periodSeconds: 20
+          timeoutSeconds: 3
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 8081
+          initialDelaySeconds: 10
+          periodSeconds: 15
+          timeoutSeconds: 3
+
+        env:
+        - name: MY_POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: MY_POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+
+        {{- with include "kubeflow.trainingOperator.containerSecurityContext" . }}
+        securityContext:
+          {{- . | nindent 10 }}
+        {{- end }}
+
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      serviceAccountName: {{ include "kubeflow.trainingOperator.serviceAccountName" . }}
+
+      {{- with include "kubeflow.trainingOperator.nodeSelector" . }}
+      nodeSelector:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.trainingOperator.tolerations" . }}
+      tolerations:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.trainingOperator.affinity" . }}
+      affinity:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.trainingOperator.topologySpreadConstraints" . }}
+      topologySpreadConstraints:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      {{- with include "kubeflow.trainingOperator.terminationGracePeriodSeconds" . }}
+      terminationGracePeriodSeconds:
+        {{- . | nindent 8 }}
+      {{- end }}
+
+      volumes:
+        - name: cert
+          secret:
+            defaultMode: 420
+            secretName: {{ include "kubeflow.trainingOperator.tlsCertSecretName" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/hpa.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/hpa.yaml
new file mode 100644
index 00000000..290fd3b3
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/hpa.yaml
@@ -0,0 +1,36 @@
+{{- if (include "kubeflow.trainingOperator.autoscaling.enabled" . | eq "true") -}}
+
+{{- $componentName := include "kubeflow.trainingOperator.name" . -}}
+{{- $minReplicas := include "kubeflow.trainingOperator.autoscaling.minReplicas" . -}}
+{{- $maxReplicas := include "kubeflow.trainingOperator.autoscaling.maxReplicas" . -}}
+{{- $targetCPUUtilizationPercentage := include "kubeflow.trainingOperator.autoscaling.targetCPUUtilizationPercentage" . -}}
+{{- $targetMemoryUtilizationPercentage := include "kubeflow.trainingOperator.autoscaling.targetMemoryUtilizationPercentage" . -}}
+
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  labels:
+    {{- include "kubeflow.trainingOperator.labels" . | nindent 4 }}
+  name: {{ $componentName }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ $componentName }}
+  minReplicas: {{ $minReplicas }}
+  maxReplicas: {{ $maxReplicas }}
+  metrics:
+    {{- if $targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ $targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if $targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ $targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/poddisruptionbudget.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/poddisruptionbudget.yaml
new file mode 100644
index 00000000..c0dc2e2c
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/poddisruptionbudget.yaml
@@ -0,0 +1,18 @@
+{{- if (include "kubeflow.trainingOperator.pdb.create" . | eq "true") -}}
+
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    {{- include "kubeflow.trainingOperator.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.trainingOperator.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "kubeflow.trainingOperator.selectorLabels" . | nindent 6 }}
+  {{- with (include "kubeflow.trainingOperator.pdb.values" .) }}
+    {{- . | nindent 2 }}
+  {{- end }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/secret.webhook-cert.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/secret.webhook-cert.yaml
new file mode 100644
index 00000000..4232f1b2
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/secret.webhook-cert.yaml
@@ -0,0 +1,13 @@
+{{- if (include "kubeflow.trainingOperator.enabled" . | eq "true") -}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    {{- include "kubeflow.trainingOperator.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.trainingOperator.tlsCertSecretName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+data: {}
+type: Opaque
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/service-account.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/service-account.yaml
new file mode 100644
index 00000000..1330d850
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/service-account.yaml
@@ -0,0 +1,15 @@
+{{- if (include "kubeflow.trainingOperator.createServiceAccount" . | eq "true") -}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.trainingOperator.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.trainingOperator.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.trainingOperator.serviceAccountName" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/service.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/service.yaml
new file mode 100644
index 00000000..670f47aa
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/service.yaml
@@ -0,0 +1,28 @@
+{{- if (include "kubeflow.trainingOperator.enabled" . | eq "true") -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  {{- with .Values.trainingOperator.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeflow.trainingOperator.labels" . | nindent 4 }}
+  name: {{ include "kubeflow.trainingOperator.svc.name" . }}
+  namespace: {{ include "kubeflow.namespace" . }}
+spec:
+  ports:
+    - name: monitoring-port
+      port: {{ .Values.trainingOperator.service.monitoring.port }}
+      targetPort: {{ .Values.trainingOperator.service.monitoring.targetPort }}
+    - name: webhook-server
+      port: {{ .Values.trainingOperator.service.webhookServer.port }}
+      protocol: TCP
+      targetPort: {{ .Values.trainingOperator.service.webhookServer.targetPort }}
+  selector:
+    {{- include "kubeflow.trainingOperator.selectorLabels" . | nindent 4 }}
+  sessionAffinity: None
+  type: {{ .Values.trainingOperator.service.type }}
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/validatingwebhookconfiguration.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/validatingwebhookconfiguration.yaml
new file mode 100644
index 00000000..16dba1bd
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/templates/training-operator/validatingwebhookconfiguration.yaml
@@ -0,0 +1,110 @@
+{{- if (include "kubeflow.trainingOperator.enabled" . | eq "true") -}}
+
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: validator.training-operator.kubeflow.org
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: {{ include "kubeflow.trainingOperator.svc.name" . }}
+      namespace: {{ include "kubeflow.namespace" . }}
+      path: /validate-kubeflow-org-v1-mxjob
+  failurePolicy: Fail
+  name: validator.mxjob.training-operator.kubeflow.org
+  rules:
+  - apiGroups:
+    - kubeflow.org
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    - UPDATE
+    - DELETE
+    resources:
+    - mxjobs
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: {{ include "kubeflow.trainingOperator.svc.name" . }}
+      namespace: {{ include "kubeflow.namespace" . }}
+      path: /validate-kubeflow-org-v1-paddlejob
+  failurePolicy: Fail
+  name: validator.paddlejob.training-operator.kubeflow.org
+  rules:
+  - apiGroups:
+    - kubeflow.org
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - paddlejobs
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: {{ include "kubeflow.trainingOperator.svc.name" . }}
+      namespace: {{ include "kubeflow.namespace" . }}
+      path: /validate-kubeflow-org-v1-pytorchjob
+  failurePolicy: Fail
+  name: validator.pytorchjob.training-operator.kubeflow.org
+  rules:
+  - apiGroups:
+    - kubeflow.org
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - pytorchjobs
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: {{ include "kubeflow.trainingOperator.svc.name" . }}
+      namespace: {{ include "kubeflow.namespace" . }}
+      path: /validate-kubeflow-org-v1-tfjob
+  failurePolicy: Fail
+  name: validator.tfjob.training-operator.kubeflow.org
+  rules:
+  - apiGroups:
+    - kubeflow.org
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - tfjobs
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: {{ include "kubeflow.trainingOperator.svc.name" . }}
+      namespace: {{ include "kubeflow.namespace" . }}
+      path: /validate-kubeflow-org-v1-xgboostjob
+  failurePolicy: Fail
+  name: validator.xgboostjob.training-operator.kubeflow.org
+  rules:
+  - apiGroups:
+    - kubeflow.org
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - xgboostjobs
+  sideEffects: None
+
+{{- end }}
diff --git a/packs/kubeflow-1.9.1/charts/kubeflow/values_lint.yaml b/packs/kubeflow-1.9.1/charts/kubeflow/values_lint.yaml
new file mode 100644
index 00000000..a4b2aeb6
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/kubeflow/values_lint.yaml
@@ -0,0 +1,2057 @@
+# NOTE: try disabling cache in the ml-pipeline
+# or, try using newer version
+
+# This namespace allows you to define where the services will be installed into
+# if not set then they will use the namespace of the release
+# This is helpful when installing Kubeflow as a chart dependency (sub chart).
+namespace: ""
+
+# one of ['cluster', 'namespace']
+# 'namespace' is not yet fully supported.
+# Maybe rename to 'deploymentScope'?
+deploymentMode: cluster
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+auth:
+  userHeaderName: kubeflow-userid
+  groupsHeaderName: kubeflow-groups
+  authHeader:
+    name: Authorization
+    prefix: "Bearer "
+  userIdPrefix: ""
+
+clusterDomain: cluster.local
+
+defaults:
+  image:
+    registry: docker.io
+    pullPolicy: IfNotPresent
+  autoscaling:
+    # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+    enabled: false
+    minReplicas: 1
+    maxReplicas: 3
+    targetCPUUtilizationPercentage: 80
+    targetMemoryUtilizationPercentage: 80
+  podDisruptionBudget: {}
+  nodeSelector: {}
+  tolerations: []
+  affinity: {}
+  topologySpreadConstraints:
+  terminationGracePeriodSeconds:
+  containerSecurityContext:
+
+admissionWebhook:
+  enabled: true
+  image:
+    repository: kubeflownotebookswg/poddefaults-webhook
+    tag: v1.9.2
+    registryOverwrite:
+    pullPolicyOverwrite:
+  resources:
+    {}
+    # limits:
+    #   cpu: 100m
+    #   memory: 128Mi
+    # requests:
+    #   cpu: 100m
+    #   memory: 128Mi
+  service:
+    create: true
+    annotations:
+    type: ClusterIP
+    port: 443
+    targetPort: 4443
+  autoscaling:
+    # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+    enabled:
+    minReplicas:
+    maxReplicas:
+    targetCPUUtilizationPercentage:
+    targetMemoryUtilizationPercentage:
+  podDisruptionBudget: {}
+  rbac:
+    create: true
+  serviceAccount:
+    create: true
+    name:
+    annotations:
+  nodeSelector:
+  tolerations:
+  affinity:
+  topologySpreadConstraints:
+  containerSecurityContext:
+
+centraldashboard:
+  enabled: true
+  image:
+    repository: kubeflownotebookswg/centraldashboard
+    tag: v1.9.2
+    registryOverwrite:
+    pullPolicyOverwrite:
+  resources:
+    {}
+    # limits:
+    #   cpu: 100m
+    #   memory: 128Mi
+    # requests:
+    #   cpu: 100m
+    #   memory: 128Mi
+  service:
+    create: true
+    annotations:
+    type: ClusterIP
+  autoscaling:
+    # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+    enabled:
+    minReplicas:
+    maxReplicas:
+    targetCPUUtilizationPercentage:
+    targetMemoryUtilizationPercentage:
+  podDisruptionBudget: {}
+  rbac:
+    create: true
+  serviceAccount:
+    create: true
+    name:
+    annotations:
+  nodeSelector:
+  tolerations:
+  affinity:
+  topologySpreadConstraints:
+  containerSecurityContext:
+  config:
+    # This enables the automatic profile creation.
+    enableRegistrationFlow: false
+    logoutURL: "/oauth2/sign_out"
+    forceIFrame: true
+    links:
+      externalLinks:
+      menuLinks:
+        - type: item
+          link: /jupyter/
+          text: Notebooks
+          icon: book
+
+        - type: item
+          link: /tensorboards/
+          text: Tensorboards
+          icon: assessment
+
+        - type: item
+          link: /volumes/
+          text: Volumes
+          icon: device:storage
+
+        - type: item
+          link: /katib/
+          text: Katib Experiments
+          icon: kubeflow:katib
+
+        - type: item
+          link: /kserve-endpoints/
+          text: KServe Endpoints
+          icon: kubeflow:models
+
+        - icon: kubeflow:pipeline-centered
+          items:
+            - type: item
+              text: Pipelines
+              link: /pipeline/#/pipelines
+
+            - type: item
+              text: Experiments
+              link: /pipeline/#/experiments
+
+            - type: item
+              text: Runs
+              link: /pipeline/#/runs
+
+            - type: item
+              text: Recurring Runs
+              link: /pipeline/#/recurringruns
+
+            - type: item
+              text: Artifacts
+              link: /pipeline/#/artifacts
+
+            - type: item
+              text: Executions
+              link: /pipeline/#/executions
+          text: Pipelines
+          type: section
+      quickLinks:
+        - text: Create a new Notebook
+          desc: Kubeflow Notebooks
+          link: /jupyter/new
+        - text: Upload a Pipeline
+          desc: Kubeflow Pipelines
+          link: /pipeline/#/pipelines
+        - text: View Pipeline Runs
+          desc: Notebook Servers
+          link: /pipeline/#/runs
+      documentationItems:
+        - text: Kubeflow Website
+          desc: The Kubeflow website
+          link: https://www.kubeflow.org/
+        - text: Kubeflow Pipelines Documentation
+          desc: Documentation for Kubeflow Pipelines
+          link: https://www.kubeflow.org/docs/components/pipelines/
+        - text: Kubeflow Notebooks Documentation
+          desc: Documentation for Kubeflow Notebooks
+          link: https://www.kubeflow.org/docs/components/notebooks/
+        - text: Kubeflow Training Operator Documentation
+          desc: Documentation for Kubeflow Training Operator
+          link: https://www.kubeflow.org/docs/components/training/"
+        - text: Katib Documentation
+          desc: Documentation for Katib
+          link: https://www.kubeflow.org/docs/components/katib/
+
+notebooks:
+  enabled: true
+  jupyterWebApp:
+    enabled: true
+    image:
+      repository: kubeflownotebookswg/jupyter-web-app
+      tag: v1.9.2
+      registryOverwrite:
+      pullPolicyOverwrite:
+    resources:
+      {}
+      # limits:
+      #   cpu: 100m
+      #   memory: 128Mi
+      # requests:
+      #   cpu: 100m
+      #   memory: 128Mi
+    service:
+      create: true
+      annotations:
+      type: ClusterIP
+    autoscaling:
+      # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+      enabled:
+      minReplicas:
+      maxReplicas:
+      targetCPUUtilizationPercentage:
+      targetMemoryUtilizationPercentage:
+    podDisruptionBudget: {}
+    rbac:
+      create: true
+    serviceAccount:
+      create: true
+      name:
+      annotations:
+    nodeSelector:
+    tolerations:
+    affinity:
+    topologySpreadConstraints:
+    containerSecurityContext:
+    # TODO: embed into config
+    urlPrefix: /jupyter
+    uiFlavor: default
+    secureCookies: true
+    logos:
+      # if this is defined, the configmap with logos will not be created but
+      # the one provided with customConfigMap will be used.
+      customConfigMap:
+      # if below values are defined, those will be used for the icons
+      # instead of defaults
+      icons:
+        jupyterIconSvg:
+        jupyterLabLogoSvg:
+        groupOneIconSvg:
+        groupOneLogoSvg:
+        groupTwoIconSvg:
+        groupTwoLogoSvg:
+    spawnerFormDefaults:
+      # --------------------------------------------------------------
+      # Configuration file for the Kubeflow Notebooks UI.
+      #
+      # About the `readOnly` configs:
+      #  - when `readOnly` is set to "true", the respective option
+      #    will be disabled for users and only set by the admin
+      #  - when 'readOnly' is missing, it defaults to 'false'
+      # --------------------------------------------------------------
+
+      ################################################################
+      # Container Images
+      ################################################################
+      # if users can input custom images, or only select from dropdowns
+      allowCustomImage: true
+
+      # if the registry of the container image is hidden from display
+      hideRegistry: true
+
+      # if the tag of the container image is hidden from display
+      hideTag: false
+
+      # configs for the ImagePullPolicy
+      imagePullPolicy:
+        readOnly: false
+
+        # the default ImagePullPolicy
+        # (possible values: "Always", "IfNotPresent", "Never")
+        value: IfNotPresent
+
+      ################################################################
+      # Jupyter-like Container Images
+      #
+      # NOTES:
+      #  - the `image` section is used for "Jupyter-like" apps whose
+      #    HTTP path is configured by the "NB_PREFIX" environment variable
+      ################################################################
+      image:
+        # the default container image
+        value: kubeflownotebookswg/jupyter-scipy:v1.9.2
+
+        # the list of available container images in the dropdown
+        options:
+          - kubeflownotebookswg/jupyter-scipy:v1.9.2
+          - kubeflownotebookswg/jupyter-pytorch-full:v1.9.2
+          - kubeflownotebookswg/jupyter-pytorch-cuda-full:v1.9.2
+          - kubeflownotebookswg/jupyter-tensorflow-full:v1.9.2
+          - kubeflownotebookswg/jupyter-tensorflow-cuda-full:v1.9.2
+
+      ################################################################
+      # VSCode-like Container Images (Group 1)
+      #
+      # NOTES:
+      #  - the `imageGroupOne` section is used for "VSCode-like" apps that
+      #    expose themselves under the HTTP root path "/" and support path
+      #    rewriting without breaking
+      #  - the annotation `notebooks.kubeflow.org/http-rewrite-uri: "/"` is
+      #    set on Notebooks spawned by this group, to make Istio rewrite
+      #    the path of HTTP requests to the HTTP root
+      ################################################################
+      imageGroupOne:
+        # the default container image
+        value: kubeflownotebookswg/codeserver-python:v1.9.2
+
+        # the list of available container images in the dropdown
+        options:
+          - kubeflownotebookswg/codeserver-python:v1.9.2
+
+      ################################################################
+      # RStudio-like Container Images (Group 2)
+      #
+      # NOTES:
+      #  - the `imageGroupTwo` section is used for "RStudio-like" apps whose
+      #    HTTP path is configured by the "X-RStudio-Root-Path" header
+      #  - the annotation `notebooks.kubeflow.org/http-rewrite-uri: "/"` is
+      #    set on Notebooks spawned by this group, to make Istio rewrite
+      #    the path of HTTP requests to the HTTP root
+      #  - the annotation `notebooks.kubeflow.org/http-headers-request-set` is
+      #    set on Notebooks spawned by this group, such that Istio injects the
+      #    "X-RStudio-Root-Path" header to all request
+      ################################################################
+      imageGroupTwo:
+        # the default container image
+        value: kubeflownotebookswg/rstudio-tidyverse:v1.9.2
+
+        # the list of available container images in the dropdown
+        options:
+          - kubeflownotebookswg/rstudio-tidyverse:v1.9.2
+
+      ################################################################
+      # CPU Resources
+      ################################################################
+      cpu:
+        readOnly: false
+
+        # the default cpu request for the container
+        value: "0.5"
+
+        # a factor by which to multiply the CPU request calculate the cpu limit
+        # (to disable cpu limits, set as "none")
+        limitFactor: "1.2"
+
+      ################################################################
+      # Memory Resources
+      ################################################################
+      memory:
+        readOnly: false
+
+        # the default memory request for the container
+        value: "1.0Gi"
+
+        # a factor by which to multiply the memory request calculate the memory limit
+        # (to disable memory limits, set as "none")
+        limitFactor: "1.2"
+
+      ################################################################
+      # GPU/Device-Plugin Resources
+      ################################################################
+      gpus:
+        readOnly: false
+
+        # configs for gpu/device-plugin limits of the container
+        # https://kubernetes.io/docs/tasks/manage-gpus/scheduling-gpus/#using-device-plugins
+        value:
+          # the `limitKey` of the default vendor
+          # (to have no default, set as "")
+          vendor: ""
+
+          # the list of available vendors in the dropdown
+          #  `limitsKey` - what will be set as the actual limit
+          #  `uiName` - what will be displayed in the dropdown UI
+          vendors:
+            - limitsKey: "nvidia.com/gpu"
+              uiName: "NVIDIA"
+            - limitsKey: "amd.com/gpu"
+              uiName: "AMD"
+
+          # the default value of the limit
+          # (possible values: "none", "1", "2", "4", "8")
+          num: "none"
+
+      ################################################################
+      # Workspace Volumes
+      ################################################################
+      workspaceVolume:
+        readOnly: false
+
+        # the default workspace volume to be created and mounted
+        # (to have no default, set `value: null`)
+        value:
+          mount: /home/jovyan
+
+          # pvc configs for creating new workspace volumes
+          # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#persistentvolumeclaim-v1-core
+          newPvc:
+            metadata:
+              # "{notebook-name}" is replaced with the Notebook name
+              name: "{notebook-name}-workspace"
+            spec:
+              # storageClassName: my-storage-class
+              resources:
+                requests:
+                  storage: 5Gi
+              accessModes:
+                - ReadWriteOnce
+
+      ################################################################
+      # Data Volumes
+      ################################################################
+      dataVolumes:
+        readOnly: false
+
+        # a list of additional data volumes to be created and/or mounted
+        value: []
+        # value:
+        #  - mount: /home/jovyan/datavol-1
+        #    newPvc:
+        #      metadata:
+        #        name: "{notebook-name}-datavol-1"
+        #      spec:
+        #        resources:
+        #          requests:
+        #            storage: 5Gi
+        #        accessModes:
+        #          - ReadWriteOnce
+        #
+        #  - mount: /home/jovyan/datavol-1
+        #    existingSource:
+        #      persistentVolumeClaim:
+        #        claimName: "test-pvc"
+
+      ################################################################
+      # Affinity
+      ################################################################
+      affinityConfig:
+        readOnly: false
+
+        # the `configKey` of the default affinity config
+        # (to have no default, set as "")
+        # (if `readOnly`, the default `value` will be the only accessible option)
+        value: ""
+
+        # the list of available affinity configs in the dropdown
+        options: []
+        # options:
+        #  - configKey: "dedicated_node_per_notebook"
+        #    displayName: "Dedicated Node Per Notebook"
+        #    affinity:
+        #      # Require a Node with label `lifecycle=kubeflow-notebook`
+        #      nodeAffinity:
+        #        requiredDuringSchedulingIgnoredDuringExecution:
+        #          nodeSelectorTerms:
+        #            - matchExpressions:
+        #                - key: "lifecycle"
+        #                  operator: "In"
+        #                  values:
+        #                    - "kubeflow-notebook"
+        #
+        #      # Require a Node WITHOUT an existing Pod having `notebook-name` label
+        #      podAntiAffinity:
+        #        requiredDuringSchedulingIgnoredDuringExecution:
+        #          - labelSelector:
+        #              matchExpressions:
+        #                - key: "notebook-name"
+        #                  operator: "Exists"
+        #            topologyKey: "kubernetes.io/hostname"
+        #            # WARNING: `namespaceSelector` is Beta in 1.22 and Stable in 1.24,
+        #            #          setting to {} is required for affinity to work across Namespaces
+        #            namespaceSelector: {}
+
+      ################################################################
+      # Tolerations
+      ################################################################
+      tolerationGroup:
+        readOnly: false
+
+        # the `groupKey` of the default toleration group
+        # (to have no default, set as "")
+        # (if `readOnly`, the default `value` will be the only accessible option)
+        value: ""
+
+        # the list of available toleration groups in the dropdown
+        options: []
+        # options:
+        #  - groupKey: "group_1"
+        #    displayName: "4 CPU 8Gb Mem at ~$X.XXX USD per day"
+        #    tolerations:
+        #      - key: "dedicated"
+        #        operator: "Equal"
+        #        value: "kubeflow-c5.xlarge"
+        #        effect: "NoSchedule"
+        #
+        #  - groupKey: "group_2"
+        #    displayName: "8 CPU 16Gb Mem at ~$X.XXX USD per day"
+        #    tolerations:
+        #      - key: "dedicated"
+        #        operator: "Equal"
+        #        value: "kubeflow-c5.2xlarge"
+        #        effect: "NoSchedule"
+        #
+        #  - groupKey: "group_3"
+        #    displayName: "16 CPU 32Gb Mem at ~$X.XXX USD per day"
+        #    tolerations:
+        #      - key: "dedicated"
+        #        operator: "Equal"
+        #        value: "kubeflow-c5.4xlarge"
+        #        effect: "NoSchedule"
+        #
+        #  - groupKey: "group_4"
+        #    displayName: "32 CPU 256Gb Mem at ~$X.XXX USD per day"
+        #    tolerations:
+        #      - key: "dedicated"
+        #        operator: "Equal"
+        #        value: "kubeflow-r5.8xlarge"
+        #        effect: "NoSchedule"
+
+      ################################################################
+      # Shared Memory
+      ################################################################
+      shm:
+        readOnly: false
+
+        # the default state of the "Enable Shared Memory" toggle
+        value: true
+
+      ################################################################
+      # PodDefaults
+      ################################################################
+      configurations:
+        readOnly: false
+
+        # the list of PodDefault names that are selected by default
+        # (take care to ensure these PodDefaults exist in Profile Namespaces)
+        value: []
+        # value:
+        #  - my-pod-default
+
+      ################################################################
+      # Environment
+      #
+      # NOTE:
+      #  - these configs are only used by the ROK "flavor" of the UI
+      ################################################################
+      environment:
+        readOnly: false
+        value: {}
+  controller:
+    enabled: true
+    image:
+      repository: kubeflownotebookswg/notebook-controller
+      tag: v1.9.2
+      registryOverwrite:
+      pullPolicyOverwrite:
+    resources:
+      {}
+      # limits:
+      #   cpu: 100m
+      #   memory: 128Mi
+      # requests:
+      #   cpu: 100m
+      #   memory: 128Mi
+    service:
+      create: true
+      annotations:
+      type: ClusterIP
+    autoscaling:
+      # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+      enabled:
+      minReplicas:
+      maxReplicas:
+      targetCPUUtilizationPercentage:
+      targetMemoryUtilizationPercentage:
+    podDisruptionBudget: {}
+    rbac:
+      create: true
+    serviceAccount:
+      create: true
+      name:
+      annotations:
+    nodeSelector:
+    tolerations:
+    affinity:
+    topologySpreadConstraints:
+    containerSecurityContext:
+    config:
+      culling:
+        enabled: false
+        idleTimeMinutes: 1440
+        idleCheckPeriodMinutes: 1
+  volumesWebApp:
+    enabled: true
+    image:
+      repository: kubeflownotebookswg/volumes-web-app
+      tag: v1.9.2
+      registryOverwrite:
+      pullPolicyOverwrite:
+    resources:
+      {}
+      # limits:
+      #   cpu: 100m
+      #   memory: 128Mi
+      # requests:
+      #   cpu: 100m
+      #   memory: 128Mi
+    service:
+      create: true
+      annotations:
+      type: ClusterIP
+    autoscaling:
+      # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+      enabled:
+      minReplicas:
+      maxReplicas:
+      targetCPUUtilizationPercentage:
+      targetMemoryUtilizationPercentage:
+    podDisruptionBudget: {}
+    rbac:
+      create: true
+    serviceAccount:
+      create: true
+      name:
+      annotations:
+    nodeSelector:
+    tolerations:
+    affinity:
+    topologySpreadConstraints:
+    containerSecurityContext:
+    config:
+      urlPrefix: /volumes
+      secureCookies: true
+      viewer:
+        image:
+          repository: filebrowser/filebrowser
+          tag: v2.25.0
+          registryOverwrite: 
+          pullPolicyOverwrite: 
+        serviceAccountName: default-editor
+  pvcviewerController:
+    enabled: true
+    manager:
+      image:
+        repository: kubeflownotebookswg/pvcviewer-controller
+        tag: v1.9.2
+        registryOverwrite:
+        pullPolicyOverwrite:
+      service:
+        create: true
+        annotations:
+        type: ClusterIP
+      webhook:
+        port: 9443
+      resources:
+        {}
+        # limits:
+        #   cpu: 500m
+        #   memory: 128Mi
+        # requests:
+        #   cpu: 10m
+        #   memory: 64Mi
+      containerSecurityContext:
+        allowPrivilegeEscalation: false
+        capabilities:
+          drop:
+            - ALL
+    kubeRbacProxy:
+      image:
+        repository: kubebuilder/kube-rbac-proxy
+        tag: v0.13.1
+        registryOverwrite: gcr.io
+        pullPolicyOverwrite:
+      service:
+        create: true
+        annotations:
+        type: ClusterIP
+      resources:
+        {}
+        # limits:
+        #   cpu: 500m
+        #   memory: 128Mi
+        # requests:
+        #   cpu: 5m
+        #   memory: 64Mi
+      containerSecurityContext:
+        allowPrivilegeEscalation: false
+        capabilities:
+          drop:
+            - ALL
+    autoscaling:
+      # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+      enabled:
+      minReplicas:
+      maxReplicas:
+      targetCPUUtilizationPercentage:
+      targetMemoryUtilizationPercentage:
+    podDisruptionBudget: {}
+    rbac:
+      create: true
+    serviceAccount:
+      create: true
+      name:
+      annotations:
+    nodeSelector:
+    tolerations:
+    affinity:
+      nodeAffinity:
+        requiredDuringSchedulingIgnoredDuringExecution:
+          nodeSelectorTerms:
+            - matchExpressions:
+                - key: kubernetes.io/arch
+                  operator: In
+                  values:
+                    - amd64
+                    - arm64
+                    - ppc64le
+                    - s390x
+                - key: kubernetes.io/os
+                  operator: In
+                  values:
+                    - linux
+    topologySpreadConstraints:
+    terminationGracePeriodSeconds: 10
+    securityContext:
+      runAsNonRoot: true
+      seccompProfile:
+        type: RuntimeDefault
+
+kserveModelsWebApp:
+  enabled: true
+  image:
+    repository: kserve/models-web-app
+    tag: v0.13.0
+    registryOverwrite:
+    pullPolicyOverwrite:
+  resources:
+    {}
+    # limits:
+    #   cpu: 100m
+    #   memory: 128Mi
+    # requests:
+    #   cpu: 100m
+    #   memory: 128Mi
+  serviceAccount:
+    create: true
+    name:
+    annotations:
+  service:
+    create: true
+    annotations:
+    type: ClusterIP
+  rbac:
+    create: true
+  config:
+    urlPrefix: /kserve-endpoints
+  nodeSelector:
+  tolerations:
+  affinity:
+  topologySpreadConstraints:
+  autoscaling:
+    # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+    enabled:
+    minReplicas:
+    maxReplicas:
+    targetCPUUtilizationPercentage:
+    targetMemoryUtilizationPercentage:
+
+profilesController:
+  enabled: true
+  kfam:
+    image:
+      repository: kubeflownotebookswg/kfam
+      tag: v1.9.2
+      registryOverwrite:
+      pullPolicyOverwrite:
+    service:
+      create: true
+      annotations:
+      type: ClusterIP
+    config:
+      urlPrefix: /kfam
+  manager:
+    image:
+      repository: kubeflownotebookswg/profile-controller
+      tag: v1.9.2
+      registryOverwrite:
+      pullPolicyOverwrite:
+    resources:
+      {}
+      # limits:
+      #   cpu: 100m
+      #   memory: 128Mi
+      # requests:
+      #   cpu: 100m
+      #   memory: 128Mi
+  autoscaling:
+    # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+    enabled:
+    minReplicas:
+    maxReplicas:
+    targetCPUUtilizationPercentage:
+    targetMemoryUtilizationPercentage:
+  podDisruptionBudget: {}
+  rbac:
+    create: true
+  serviceAccount:
+    create: true
+    name:
+    annotations:
+  nodeSelector:
+  tolerations:
+  affinity:
+  topologySpreadConstraints:
+  containerSecurityContext:
+  config:
+    admin:
+    workloadIdentity:
+    defaultNamespaceLabels:
+      # Below is a list of labels to be set by default.
+      #
+      # To add a namespace label, use `key: 'value'`, for example:
+      # istio.io/rev: 'asm-191-1'
+      #
+      # To remove a namespace label, use `key: ''`. For example:
+      # istio-injection: ''
+      #
+      # Profile controller will not replace a namespace label if its key already
+      # exists. If you want to override the value of a previously applied label, you
+      # need to:
+      # 1. Remove the label by using `key: ''` and deploy.
+      # 2. Add the label by using `key: 'value'` and deploy.
+      #
+      katib.kubeflow.org/metrics-collector-injection: "enabled"
+      serving.kubeflow.org/inferenceservice: "enabled"
+      pipelines.kubeflow.org/enabled: "true"
+      app.kubernetes.io/part-of: "kubeflow-profile"
+    extraNamespaceLabels:
+
+katib:
+  urlPrefix: /katib
+  enabled: true
+  controller:
+    enabled: true
+    name: katib-controller
+    image:
+      repository: kubeflowkatib/katib-controller
+      tag: v0.17.0
+      registryOverwrite:
+      pullPolicyOverwrite:
+    autoscaling:
+      # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+      enabled:
+      minReplicas:
+      maxReplicas:
+      targetCPUUtilizationPercentage:
+      targetMemoryUtilizationPercentage:
+    service:
+      create: true
+      annotations:
+        prometheus.io/port: "8080"
+        prometheus.io/scheme: http
+        prometheus.io/scrape: "true"
+
+      webhook:
+        port: 443
+        targetPort: 8443
+      metrics:
+        port: 8080
+        targetPort: 8080
+      healthz:
+        port: 18080
+        targetPort: 18080
+
+    serviceAccount:
+      create: true
+      name:
+      annotations:
+  dbmanager:
+    enabled: true
+    name: katib-db-manager
+    image:
+      repository: kubeflowkatib/katib-db-manager
+      tag: v0.17.0
+      registryOverwrite:
+      pullPolicyOverwrite:
+    autoscaling:
+      # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+      enabled:
+      minReplicas:
+      maxReplicas:
+      targetCPUUtilizationPercentage:
+      targetMemoryUtilizationPercentage:
+    annotations:
+      sidecar.istio.io/inject: "false"
+    service:
+      create: true
+      annotations:
+      type: ClusterIP
+    config:
+      db:
+        existingSecretName:
+        driver:
+          value: mysql
+          secretKeyRef:
+            name:
+            key: driver
+        host:
+          value: mysql.kubeflow.svc.cluster.local
+          secretKeyRef:
+            name:
+            key: host
+        port:
+          value: 3306
+          secretKeyRef:
+            name:
+            key: port
+        databaseName:
+          value: katib
+          secretKeyRef:
+            name:
+            key: databaseName
+        user:
+          value: katib
+          secretKeyRef:
+            name:
+            key: username
+        password:
+          value: katib1234
+          secretKeyRef:
+            name:
+            key: password
+  ui:
+    enabled: true
+    name: katib-ui
+    urlPrefix: /katib
+    image:
+      repository: kubeflowkatib/katib-ui
+      tag: v0.17.0
+      registryOverwrite:
+      pullPolicyOverwrite:
+    serviceAccount:
+      create: true
+      name:
+      annotations:
+    service:
+      create: true
+      annotations:
+  istioIntegration:
+    create: true
+    enabled: true
+    authorizationMode: ingressgateway
+    gateway:
+      name: kubeflow-gateway
+  config:
+    init:
+        trialResources:
+          - Job.v1.batch
+          - TFJob.v1.kubeflow.org
+          - PyTorchJob.v1.kubeflow.org
+          - MPIJob.v1.kubeflow.org
+          - XGBoostJob.v1.kubeflow.org
+          - MXJob.v1.kubeflow.org
+    runtime:
+      metricsCollectors:
+        - kind: StdOut
+          image: docker.io/kubeflowkatib/file-metrics-collector:v0.17.0
+        - kind: File
+          image: docker.io/kubeflowkatib/file-metrics-collector:v0.17.0
+        - kind: TensorFlowEvent
+          image: docker.io/kubeflowkatib/tfevent-metrics-collector:v0.17.0
+          resources:
+            limits:
+              memory: 1Gi
+      suggestions:
+        - algorithmName: random
+          image: docker.io/kubeflowkatib/suggestion-hyperopt:v0.17.0
+        - algorithmName: tpe
+          image: docker.io/kubeflowkatib/suggestion-hyperopt:v0.17.0
+        - algorithmName: grid
+          image: docker.io/kubeflowkatib/suggestion-optuna:v0.17.0
+        - algorithmName: hyperband
+          image: docker.io/kubeflowkatib/suggestion-hyperband:v0.17.0
+        - algorithmName: bayesianoptimization
+          image: docker.io/kubeflowkatib/suggestion-skopt:v0.17.0
+        - algorithmName: cmaes
+          image: docker.io/kubeflowkatib/suggestion-goptuna:v0.17.0
+        - algorithmName: sobol
+          image: docker.io/kubeflowkatib/suggestion-goptuna:v0.17.0
+        - algorithmName: multivariate-tpe
+          image: docker.io/kubeflowkatib/suggestion-optuna:v0.17.0
+        - algorithmName: enas
+          image: docker.io/kubeflowkatib/suggestion-enas:v0.17.0
+          resources:
+            limits:
+              memory: 200Mi
+        - algorithmName: darts
+          image: docker.io/kubeflowkatib/suggestion-darts:v0.17.0
+        - algorithmName: pbt
+          image: docker.io/kubeflowkatib/suggestion-pbt:v0.17.0
+          persistentVolumeClaimSpec:
+            accessModes:
+              - ReadWriteMany
+            resources:
+              requests:
+                storage: 5Gi
+      earlyStoppings:
+        - algorithmName: medianstop
+          image: docker.io/kubeflowkatib/earlystopping-medianstop:v0.17.0
+
+# TODO: verify patches in apps/pipeline/upstream/base/installs/multi-user
+pipelines:
+  enabled: true
+  # NOTE: The Kubeflow Pipelines subcomponents contains special handling. It
+  # will first apply the global .Values.defaults.image, then look for
+  # .Values.pipelines.defaults.image and lastly for .Values.pipelines.<component>.image.
+  # This is primarily useful for setting global registry or Pipelines Container Tag.
+  defaults:
+    image:
+      registry: gcr.io
+      tag: 2.3.0
+      pullPolicy: IfNotPresent
+  config:
+    # If this is empty, the kfp backend will automatically configure that with:
+    # "minio://mlpipeline/v2/artifacts"
+    # Please see the following links for referece:
+    # * <=2.1.0: https://github.com/kubeflow/pipelines/blob/2.1.0/backend/src/v2/config/env.go#L33
+    # * >=2.2.0: https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L36
+    #
+    # If we want to use s3, we should configure this with something similar to:
+    #   s3://mlpipeline/v2/artifacts
+    #
+    # In 2.2.0 it's also possible to define bucket 'providers', which can be minio, s3 or gcs:
+    # * https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L45
+    # * https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L151
+    # * https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/s3.go#L24
+    defaultPipelineRoot: ""
+
+    objectStore:
+      # The Secret Name 'mlpipeline-minio-artifact' is currently hardcoded:
+      # * <=2.1.0:
+      #   https://github.com/kubeflow/pipelines/blob/2.1.0/backend/src/v2/objectstore/object_store.go#L292
+      # * >=2.2.0 (state as of 2nd May 2024)
+      #   https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L39
+      #
+      # It's only possible to use either nil or 'mlpipeline-minio-artifact' for
+      # * .Values.pipelines.config.objectStore.existingSecretName
+      # * .Values.pipelines.config.objectStore.accessKey.secretKeyRef.name
+      # * .Values.pipelines.config.objectStore.secretAccessKey.secretKeyRef.name
+      #
+      # If the Secret Name is not provided in neither of the following, it will
+      # be created with plaintext values for compatibility:
+      # * .Values.pipelines.config.objectStore.existingSecretName
+      # * .Values.pipelines.config.objectStore.accessKey.secretKeyRef.name
+      # * .Values.pipelines.config.objectStore.secretAccessKey.secretKeyRef.name
+      existingSecretName:
+      accessKey:
+        value: minio
+        secretKeyRef:
+          name:
+          # The Secret Key 'accesskey' is currently hardcoded:
+          # https://github.com/kubeflow/pipelines/blob/2.1.0/backend/src/v2/objectstore/object_store.go#L324
+          # https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L42
+          key: accesskey
+      secretAccessKey:
+        value: minio123
+        secretKeyRef:
+          name:
+          # The Secret Key 'secretkey' is currently hardcoded:
+          # https://github.com/kubeflow/pipelines/blob/2.1.0/backend/src/v2/objectstore/object_store.go#L325
+          # https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L41
+          key: secretkey
+      host:
+        value: minio
+        secretKeyRef:
+          name:
+          key: host
+      port:
+        value: 9000
+        secretKeyRef:
+          name:
+          key: port
+      region:
+        value:
+        secretKeyRef:
+          name:
+          key: region
+      secure:
+        value: false
+        secretKeyRef:
+          name:
+          key: secure
+      bucketName:
+        value: mlpipeline
+        secretKeyRef:
+          name:
+          key: bucketName
+
+    db:
+      existingSecretName:
+      user:
+        value: root
+        secretKeyRef:
+          name:
+          key: username
+      password:
+        value: mysql1234
+        secretKeyRef:
+          name:
+          key: password
+      host:
+        value: mysql
+        secretKeyRef:
+          name:
+          key: host
+      port:
+        value: 3306
+        secretKeyRef:
+          name:
+          key: port
+      mlmdDatabaseName:
+        value: metadb
+        secretKeyRef:
+          name:
+          key: mlmdDatabaseName
+      pipelineDatabaseName:
+        value: mlpipeline
+        secretKeyRef:
+          name:
+          key: pipelineDatabaseName
+      cacheDatabaseName:
+        value: cachedb
+        secretKeyRef:
+          name:
+          key: cacheDatabaseName
+      driver:
+        value: mysql
+        secretKeyRef:
+          name:
+          key: driver
+      conMaxLifetime:
+        value: 120s
+        secretKeyRef:
+          name:
+          key: conMaxLifetime
+
+  cache:
+    enabled: true
+    image:
+      repository: ml-pipeline/cache-server
+      registryOverwrite:
+      tagOverwrite:
+      pullPolicyOverwrite:
+    resources:
+      # requests:
+      #   cpu:
+      #   memory:
+      # limits:
+      #   cpu:
+      #   memory:
+    service:
+      create: true
+      annotations:
+      type: ClusterIP
+      port: 443
+      targetPort: 8443
+    autoscaling:
+      # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+      enabled:
+      minReplicas:
+      maxReplicas:
+      targetCPUUtilizationPercentage:
+      targetMemoryUtilizationPercentage:
+    podDisruptionBudget: {}
+    rbac:
+      create: true
+    serviceAccount:
+      create: true
+      name:
+      annotations:
+    nodeSelector:
+    tolerations:
+    affinity:
+    topologySpreadConstraints:
+    containerSecurityContext:
+    config:
+      ## defaultCacheStaleness and maximumCacheStaleness configures caching according to
+      ## https://www.kubeflow.org/docs/components/pipelines/overview/caching/ and
+      ## https://www.kubeflow.org/docs/components/pipelines/overview/caching-v2/.
+      ## This value is used if the user did not set a value in the pipeline.
+      ## defaultCacheStaleness: "P7D"
+      ## maximumCacheStaleness: "P30D"
+      defaultCacheStaleness: ""
+      maximumCacheStaleness: ""
+      ## ConMaxLifeTime will set the connection max lifetime for MySQL
+      ## this is very important to setup when using external databases.
+      ## See this issue for more details: https://github.com/kubeflow/pipelines/issues/5329
+      ## Note: this value should be a string that can be parsed by `time.ParseDuration`.
+      ## If this value doesn't include a unit abbreviation, the units will be assumed
+      ## to be nanoseconds.
+      conMaxLifeTime: "120s"
+      ## cacheImage is the image that the mutating webhook will use to patch
+      ## cached steps with. Will be used to echo a message announcing that
+      ## the cached step result will be used. If not set it will default to
+      ## 'gcr.io/google-containers/busybox'
+      cacheImage: gcr.io/google-containers/busybox
+      ## cacheNodeRestrictions the dummy container running if output is cached
+      ## will run with the same affinity and node selector as the default pipeline
+      ## step. This is defaulted to 'false' to allow the pod to be scheduled on
+      ## any node and avoid defaulting to specific nodes. Allowed values are:
+      ## 'false' and 'true'.
+      cacheNodeRestrictions: "false"
+
+  # ---
+
+  mlPipeline:
+     # aka api-server
+    enabled: true
+    image:
+      repository: ml-pipeline/api-server
+      registryOverwrite:
+      tagOverwrite:
+      pullPolicyOverwrite:
+    resources:
+      requests:
+        cpu: 250m
+        memory: 500Mi
+      # limits:
+      #   cpu: 500m
+      #   memory: 1024Mi
+    service:
+      create: true
+      annotations:
+      type: ClusterIP
+    autoscaling:
+      # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+      enabled:
+      minReplicas:
+      maxReplicas:
+      targetCPUUtilizationPercentage:
+      targetMemoryUtilizationPercentage:
+    podDisruptionBudget: {}
+    rbac:
+      create: true
+    serviceAccount:
+      create: true
+      name:
+      annotations:
+    nodeSelector:
+    tolerations:
+    affinity:
+    topologySpreadConstraints:
+    containerSecurityContext:
+    config:
+      # always use KF Pipeline latest version?
+      autoUpdatePipelineDefaultVersion: true
+
+  persistenceAgent:
+    enabled: true
+    image:
+      repository: ml-pipeline/persistenceagent
+      registryOverwrite:
+      tagOverwrite:
+      pullPolicyOverwrite:
+    resources:
+      requests:
+        cpu: 120m
+        memory: 500Mi
+      # limits:
+      #   cpu: 500m
+      #   memory: 1024Mi
+    service:
+      create: true
+      annotations:
+      type: ClusterIP
+    autoscaling:
+      # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+      enabled:
+      minReplicas:
+      maxReplicas:
+      targetCPUUtilizationPercentage:
+      targetMemoryUtilizationPercentage:
+    podDisruptionBudget: {}
+    rbac:
+      create: true
+    serviceAccount:
+      create: true
+      name:
+      annotations:
+    nodeSelector:
+    tolerations:
+    affinity:
+    topologySpreadConstraints:
+    containerSecurityContext:
+    config:
+      ttlSecondsAfterWorkflowFinish: 86400
+      numWorkers: 2
+
+  scheduledWorkflow:
+    enabled: true
+    image:
+      repository: ml-pipeline/scheduledworkflow
+      registryOverwrite:
+      tagOverwrite:
+      pullPolicyOverwrite:
+    resources:
+      # requests:
+      #   cpu: 250m
+      #   memory: 500Mi
+      # limits:
+      #   cpu: 500m
+      #   memory: 1024Mi
+    service:
+      create: true
+      annotations:
+      type: ClusterIP
+    autoscaling:
+      # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+      enabled:
+      minReplicas:
+      maxReplicas:
+      targetCPUUtilizationPercentage:
+      targetMemoryUtilizationPercentage:
+    podDisruptionBudget: {}
+    rbac:
+      create: true
+    serviceAccount:
+      create: true
+      name:
+      annotations:
+    nodeSelector:
+    tolerations:
+    affinity:
+    topologySpreadConstraints:
+    containerSecurityContext:
+    config:
+      cronScheduleTimezone: "UTC"
+
+  ui:
+    enabled: true
+    image:
+      repository: ml-pipeline/frontend
+      registryOverwrite:
+      tagOverwrite:
+      pullPolicyOverwrite:
+    resources:
+      requests:
+        cpu: 10m
+        memory: 70Mi
+      # limits:
+      #   cpu: 500m
+      #   memory: 1024Mi
+    service:
+      create: true
+      annotations:
+      type: ClusterIP
+    autoscaling:
+      # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+      enabled:
+      minReplicas:
+      maxReplicas:
+      targetCPUUtilizationPercentage:
+      targetMemoryUtilizationPercentage:
+    podDisruptionBudget: {}
+    rbac:
+      create: true
+    serviceAccount:
+      create: true
+      name:
+      annotations:
+    nodeSelector:
+    tolerations:
+    affinity:
+    topologySpreadConstraints:
+    containerSecurityContext:
+    config:
+      # Note from apps/pipeline/upstream/base/installs/multi-user/pipelines-ui/configmap-patch.yaml
+      # Temporary workarounds:
+      # 1. Using default-editor because default-viewer isn't bound to workload identity
+      viewerPodServiceAccountName: default-editor
+      allowCustomVisualizations: true
+      urlPrefix: /pipeline
+
+  viewerCrd:
+    enabled: true
+    image:
+      repository: ml-pipeline/viewer-crd-controller
+      registryOverwrite:
+      tagOverwrite:
+      pullPolicyOverwrite:
+    resources:
+      # requests:
+      #   cpu:
+      #   memory:
+      # limits:
+      #   cpu:
+      #   memory:
+    service:
+      create: true
+      annotations:
+      type: ClusterIP
+    autoscaling:
+      # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+      enabled:
+      minReplicas:
+      maxReplicas:
+      targetCPUUtilizationPercentage:
+      targetMemoryUtilizationPercentage:
+    podDisruptionBudget: {}
+    rbac:
+      create: true
+    serviceAccount:
+      create: true
+      name:
+      annotations:
+    nodeSelector:
+    tolerations:
+    affinity:
+    topologySpreadConstraints:
+    containerSecurityContext:
+    config:
+      maxNumViewers: 50
+
+  metadataWriter:
+    enabled: true
+    image:
+      repository: ml-pipeline/metadata-writer
+      registryOverwrite:
+      tagOverwrite:
+      pullPolicyOverwrite:
+    resources:
+      # requests:
+      #   cpu:
+      #   memory:
+      # limits:
+      #   cpu:
+      #   memory:
+    service:
+      create: true
+      annotations:
+      type: ClusterIP
+    autoscaling:
+      # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+      enabled:
+      minReplicas:
+      maxReplicas:
+      targetCPUUtilizationPercentage:
+      targetMemoryUtilizationPercentage:
+    podDisruptionBudget: {}
+    rbac:
+      create: true
+    serviceAccount:
+      create: true
+      name:
+      annotations:
+    nodeSelector:
+    tolerations:
+    affinity:
+    topologySpreadConstraints:
+    containerSecurityContext:
+    config:
+
+  # NOTE: defines istio sidecar injection but it doesn't work
+  # because it's in an annotation, not pod label.
+  metadataEnvoy:
+    enabled: true
+    image:
+      repository: ml-pipeline/metadata-envoy
+      registryOverwrite:
+      tagOverwrite:
+      pullPolicyOverwrite:
+    resources:
+      # requests:
+      #   cpu:
+      #   memory:
+      # limits:
+      #   cpu:
+      #   memory:
+    service:
+      create: true
+      annotations:
+      type: ClusterIP
+    autoscaling:
+      # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+      enabled:
+      minReplicas:
+      maxReplicas:
+      targetCPUUtilizationPercentage:
+      targetMemoryUtilizationPercentage:
+    podDisruptionBudget: {}
+    serviceAccount:
+      create: false
+      name:
+      annotations:
+    nodeSelector:
+    tolerations:
+    affinity:
+    topologySpreadConstraints:
+    containerSecurityContext:
+    config:
+
+  metadataGrpcServer:
+    enabled: true
+    image:
+      repository: tfx-oss-public/ml_metadata_store_server
+      registryOverwrite:
+      tagOverwrite: 1.14.0
+      pullPolicyOverwrite:
+    resources:
+      # requests:
+      #   cpu:
+      #   memory:
+      # limits:
+      #   cpu:
+      #   memory:
+    service:
+      create: true
+      annotations:
+      type: ClusterIP
+      # TODO: investigate if exposing port config to all services makes sense.
+      port: 8080
+    autoscaling:
+      # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+      enabled:
+      minReplicas:
+      maxReplicas:
+      targetCPUUtilizationPercentage:
+      targetMemoryUtilizationPercentage:
+    podDisruptionBudget: {}
+    serviceAccount:
+      create: true
+      name:
+      annotations:
+    nodeSelector:
+    tolerations:
+    affinity:
+    topologySpreadConstraints:
+    containerSecurityContext:
+    config:
+      urlPrefix: /ml_metadata
+
+  visualization:
+    enabled: true
+    image:
+      repository: ml-pipeline/visualization-server
+      registryOverwrite:
+      tagOverwrite:
+      pullPolicyOverwrite:
+    resources:
+      requests:
+        cpu: 30m
+        memory: 500Mi
+      # limits:
+      #   cpu:
+      #   memory:
+    service:
+      create: true
+      annotations:
+      type: ClusterIP
+    autoscaling:
+      # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+      enabled:
+      minReplicas:
+      maxReplicas:
+      targetCPUUtilizationPercentage:
+      targetMemoryUtilizationPercentage:
+    podDisruptionBudget: {}
+    rbac:
+      create: true
+    serviceAccount:
+      create: true
+      name:
+      annotations:
+    nodeSelector:
+    tolerations:
+    affinity:
+    topologySpreadConstraints:
+    containerSecurityContext:
+    config:
+
+  # This is metacontroller based implementation that creates instances of
+  # * Secret/mlpipeline-minio-artifact
+  # * Deployment/ml-pipeline-ui-artifact
+  # * Service/ml-pipeline-ui-artifact
+  # * Deployment/ml-pipeline-visualizationserver
+  # * Service/ml-pipeline-visualizationserver
+  # * ConfigMap/kfp-launcher
+  # * ConfigMap/metadata-grpc-configmap
+  # * AuthorizationPolicy/ml-pipeline-visualizationserver
+  # * DestinationRule/ml-pipeline-visualizationserver
+  profileController:
+    enabled: true
+    image:
+      repository: python
+      registryOverwrite: docker.io
+      tagOverwrite: "3.7"
+      pullPolicyOverwrite:
+    resources:
+      # requests:
+      #   cpu:
+      #   memory:
+      # limits:
+      #   cpu:
+      #   memory:
+    service:
+      create: true
+      annotations:
+      type: ClusterIP
+    autoscaling:
+      # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+      enabled:
+      minReplicas:
+      maxReplicas:
+      targetCPUUtilizationPercentage:
+      targetMemoryUtilizationPercentage:
+    podDisruptionBudget: {}
+    rbac:
+      create: false
+    serviceAccount:
+      create: false
+      name:
+      annotations:
+    nodeSelector:
+    tolerations:
+    affinity:
+    topologySpreadConstraints:
+    containerSecurityContext:
+    config:
+      disableIstioSidecar: false
+
+
+tensorboard:
+  enabled: true
+  controller:
+    enabled: true
+    manager:
+      image:
+        repository: kubeflownotebookswg/tensorboard-controller
+        tag: v1.9.2
+        registryOverwrite:
+        pullPolicyOverwrite:
+      resources:
+        {}
+        # limits:
+        #   cpu: 500m
+        #   memory: 128Mi
+        # requests:
+        #   cpu: 10m
+        #   memory: 64Mi
+      containerSecurityContext:
+        allowPrivilegeEscalation: false
+      config:
+        rwoPvcScheduling: "True"
+        tensorboard:
+          image:
+            repository: tensorflow/tensorflow
+            registryOverwrite:
+            tag: "2.5.1"
+    kubeRbacProxy:
+      image:
+        repository: kubebuilder/kube-rbac-proxy
+        tag: v0.8.0
+        registryOverwrite: gcr.io
+        pullPolicyOverwrite:
+      service:
+        create: true
+        annotations:
+        type: ClusterIP
+        port: 8443
+        targetPort: 8443
+      resources:
+        {}
+        # limits:
+        #   cpu: 500m
+        #   memory: 128Mi
+        # requests:
+        #   cpu: 5m
+        #   memory: 64Mi
+      containerSecurityContext:
+    autoscaling:
+      # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+      enabled:
+      minReplicas:
+      maxReplicas:
+      targetCPUUtilizationPercentage:
+      targetMemoryUtilizationPercentage:
+    podDisruptionBudget: {}
+    rbac:
+      create: true
+    serviceAccount:
+      create: true
+      name:
+      annotations:
+    nodeSelector:
+    tolerations:
+    affinity:
+    topologySpreadConstraints:
+    terminationGracePeriodSeconds: 10
+    securityContext:
+      runAsNonRoot: true
+      runAsUser: 999
+  tensorboardsWebApp:
+    enabled: true
+    image:
+      repository: kubeflownotebookswg/tensorboards-web-app
+      tag: v1.9.2
+      registryOverwrite:
+      pullPolicyOverwrite:
+    resources:
+      {}
+    service:
+      create: true
+      annotations:
+      type: ClusterIP
+      port: 80
+      targetPort: 5000
+    autoscaling:
+      # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+      enabled:
+      minReplicas:
+      maxReplicas:
+      targetCPUUtilizationPercentage:
+      targetMemoryUtilizationPercentage:
+    podDisruptionBudget: {}
+    rbac:
+      create: true
+    serviceAccount:
+      create: true
+      name:
+      annotations:
+    nodeSelector:
+    tolerations:
+    affinity:
+    topologySpreadConstraints:
+    containerSecurityContext:
+    config:
+      urlPrefix: /tensorboards
+      secureCookies: true
+
+trainingOperator:
+  enabled: true
+  image:
+    repository: kubeflow/training-operator
+    tag: v1-04f9f13
+    registryOverwrite:
+    pullPolicyOverwrite:
+  resources:
+    {}
+  service:
+    create: true
+    annotations:
+    type: ClusterIP
+    webhookServer:
+      port: 443
+      targetPort: 9443
+    monitoring:
+      port: 8080
+      targetPort: 8080
+  autoscaling:
+    # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+    enabled:
+    minReplicas:
+    maxReplicas:
+    targetCPUUtilizationPercentage:
+    targetMemoryUtilizationPercentage:
+  podDisruptionBudget: {}
+  rbac:
+    create: true
+  serviceAccount:
+    create: true
+    name:
+    annotations:
+  nodeSelector:
+  tolerations:
+  affinity:
+  topologySpreadConstraints:
+  terminationGracePeriodSeconds: 10
+  containerSecurityContext:
+    allowPrivilegeEscalation: false
+
+modelRegistry:
+  enabled: true
+  rest:
+    image:
+      repository: kubeflow/model-registry
+      tag: v0.2.9
+      pullPolicy: IfNotPresent
+    resources:
+      {}
+      # limits:
+      #   cpu: 100m
+      #   memory: 128Mi
+      # requests:
+      #   cpu: 100m
+      #   memory: 128Mi
+
+    containerSecurityContext:
+  grpc:
+    image:
+      registry: gcr.io
+      repository: tfx-oss-public/ml_metadata_store_server
+      tag: 1.14.0
+      pullPolicy: IfNotPresent
+    resources:
+      {}
+      # limits:
+      #   cpu: 100m
+      #   memory: 128Mi
+      # requests:
+      #   cpu: 100m
+      #   memory: 128Mi
+    containerSecurityContext:
+  service:
+    annotations:
+    type: ClusterIP
+    restPort: 8080
+    grpcPort: 9090
+  autoscaling:
+    # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+    enabled:
+    minReplicas:
+    maxReplicas:
+    targetCPUUtilizationPercentage:
+    targetMemoryUtilizationPercentage:
+  podDisruptionBudget: {}
+  podAnnotations:
+    # If Database in use is MySQL running incluster and MySQL has Istio Sidecar
+    # Disabled, the connection to MySQL Server must also run without sidecar.
+    # Related resources:
+    # https://istio.io/latest/about/faq/#mysql-with-mtls
+    # https://github.com/istio/istio/issues/10062
+    traffic.sidecar.istio.io/excludeOutboundPorts: "3306"
+  serviceAccount:
+    create: true
+    name:
+    annotations:
+  nodeSelector:
+  tolerations:
+  affinity:
+  topologySpreadConstraints:
+  config:
+    rest:
+      urlPrefix: /api/model_registry/
+    grpc:
+      urlPrefix: /ml_metadata.MetadataStoreService/
+    db:
+      existingSecretName:
+      user:
+        value: root
+        secretKeyRef:
+          name:
+          key: username
+      password:
+        value: mysql1234
+        secretKeyRef:
+          name:
+          key: password
+      host:
+        value: mysql
+        secretKeyRef:
+          name:
+          key: host
+      port:
+        value: 3306
+        secretKeyRef:
+          name:
+          key: port
+      dbName:
+        value: metadb_model_registry
+        secretKeyRef:
+          name:
+          key: dbName
+
+networkPolicies:
+  enabled: true
+
+# if cert manager is not enabled, we have to use cache-deployer.
+# We currently don't support deployments without cert-manager.
+certManagerIntegration:
+  enabled: true
+
+istioIntegration:
+  enabled: true
+  envoyExtAuthzHttpExtensionProviderName: oauth2-proxy
+  rootNamespace: istio-system
+  ingressGatewayNamespace: istio-ingress
+  # Required for KF Profiles Controller to configure
+  # correct AuthorizationPolicy principal.
+  ingressGatewayServiceAccountName: istio-ingressgateway
+  # one of ['ingressgateway', 'granular']
+  # * 'ingressgateway' will deploy one AuthorizationPolicy in the namespace where
+  #    istio ingress gateway Pod is being deployed.
+  # * 'granular' will deploy multiple AuthorizationPolicies with CUSTOM action using auth provider,
+  #   each for component that requires user id. This is an alternative way of setting authentication
+  #   with istio. 'granular' is more secure but more complex.
+  #   NOTE: this is ultimately not supported and should be cleaned up.
+  authorizationMode: ingressgateway
+  m2m:
+    enabled: true
+    userClaim: sub
+    groupsClaim: groups
+    issuer: https://kubernetes.default.svc.cluster.local
+  userAuth:
+    userClaim: email
+    issuer: http://dex.dex.svc.cluster.local:5556/dex
+  gateway:
+    name: kubeflow-gateway
+    selector:
+      istio: ingressgateway
+    # TODO: check if this is used
+    servers:
+      - hosts:
+          - "*"
+        port:
+          number: 80
+          name: http
+          protocol: HTTP
+  kubeflowJwksProxy:
+    enabled: true
+
+# Both .Values.dexIntegration.enabled and .Values.istioIntegration.enabled has
+# to be set to a boolean 'true' in order to create required dex integration
+# resources.
+
+# Automatically creates Istio VirtualService or Ingress objects.
+dexIntegration:
+  enabled: true
+  svc:
+    name: dex
+    port: 5556
+    namespace: dex
+
+  # one of: 'internal', 'external'
+  # * internal - the in-kubernetes svc address will be used as the dex IdP
+  #              Issuer address.
+  #   example: dex.dex.svc.cluster.local
+  # * external - the .Values.dexIntegration.host will be used as the dex IdP
+  #              Issuer address.
+  #   example: dex.example.com
+  # Currently only 'internal' is supported.
+  integrationType: internal
+
+  # One of: 'istio', 'ingress'.
+  # Currently only 'istio' is supported.
+  integrationMode: istio
+
+  # 'host' must be set if .Values.dexIntegration.integrationType: external
+  host:
+
+  # If .Values.dexIntegration.integrationType: internal, dex IdP will be
+  # available under this relative URL Prefix.
+  urlPrefix: /dex
+
+  integrationModeConfig:
+    istio:
+    ingress:
+      class:
+      annotations:
+
+# Automatically creates Istio VirtualService.
+oauth2ProxyIntegration:
+  enabled: true
+  urlPrefix: /oauth2
+  host: "*"
+  svc:
+    name: oauth2-proxy
+    port: 80
+    namespace: oauth2-proxy
+
+knativeIntegration:
+  enabled: true
+  knativeServing:
+    enabled: true
+    name: knative-serving
+    namespace: knative-serving
+    # Whatever is under .knativeIntegration.knativeServing.operatorSpec will be
+    # put directly to the KnativeServing CRD under .spec.
+    operatorSpec:
+      version: 1.12.4
+      ingress:
+        istio:
+          enabled: true
+          knative-ingress-gateway:
+            selector:
+              istio: ingressgateway
+            servers:
+              - port:
+                  number: 80
+                  name: http
+                  protocol: HTTP
+                hosts:
+                - "*"
+          knative-local-gateway:
+            selector:
+              istio: cluster-local-gateway
+            servers:
+              - port:
+                  number: 80
+                  name: http
+                  protocol: HTTP
+                hosts:
+                - "*"
+      config:
+        # Note: The configuration options may be copied out of
+        # the example blocks, found in each of the supported KNative ConfigMaps.
+        # For more information, visit official knative operator documentation:
+        # https://knative.dev/docs/install/operator/configuring-with-operator/
+        istio:
+          gateway.knative-serving.knative-ingress-gateway: "istio-ingressgateway.istio-ingress.svc.cluster.local"
+          local-gateway.knative-serving.knative-local-gateway: "cluster-local-gateway.istio-ingress.svc.cluster.local"
+          external-gateways: |
+            - name: knative-ingress-gateway
+              namespace: knative-serving
+              service: istio-ingressgateway.istio-ingress.svc.cluster.local
+
+          local-gateways: |
+            - name: knative-local-gateway
+              namespace: knative-serving
+              service: cluster-local-gateway.istio-ingress.svc.cluster.local
+        domain: {}
+          # example.com: ""
+
+  # Eventing config
+  knativeEventing:
+    enabled: false
+    name: knative-eventing
+    namespace: knative-eventing
+    # Whatever is under .knativeIntegration.knativeEventing.operatorSpec will be
+    # put directly to the KnativeEventing CRD under .spec.
+    operatorSpec:
+      version: 1.10.2
diff --git a/packs/kubeflow-1.9.1/charts/metacontroller-4.11.22.tgz b/packs/kubeflow-1.9.1/charts/metacontroller-4.11.22.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..a6f6632d81d4080c437f2e7cfb40e648579aeb3b
GIT binary patch
literal 4115
zcmV+u5bW<CiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI~)bKAI*_nDsps~o&LWm1%4J5#E92d|Tzm)c3jWoNR7saLNc
zvL#{+0(<}{N12-a>{|dRiKO^XwwymZ=tFFi%?8luM*je^J1Hm}ai#>P6vX&C!9oRV
zoYIryQ5c5d<@ve!8HQo~XE>dNCzFft;^J}=PAAioaB@DKOioaE#6GlAE)^Ch;gj2{
z5AHi5oRN<pB;jm^R#OjW+4j%#U@{4&Q!fS?36d#u@e2JNXo@0jCuqS1dRH+ZkKq(%
zsA^T7T4yjrILj!Bu$JSk>WzGDJ^WRv=Kl)PjA8|H9MN1V5Q0;9>Uz-Q|I_KkwC4Y>
zE~d`^zX+B6U(9h7;9MnKkk7_XgZm$4K=^ny@$LzWXXx5m#Vx1cY14_Z!ZQyc>-P8g
z92S&6_%;6*IR!cMe1tRdli+zKXXv-l=pP<J0wm8x1m=pCA~PI;H1}2@=H~hm)aVS2
zD3Rvp16EO@f622LD;WLb5Xobyu*wf>;0%p2b7??J5+VUg>SrR(7G#;?Y+!4VfTFc}
zyJu(=1BIrs;;ax~=|v0~<?9rfdd{|+MlV)m@ccchQ3mRPi+jSB0g;OEfbgdAOGTKm
zVPkyH*dGZ|E{Ixp^rqrd8K)#7&)TJ``xQ>S->rzJ8J9%Cj(20X#h(IJM6V6fwia=L
z6&Gdp{y_||8d&Wc>TckL>wWE&^8Y6diT`uLV(o5^g#mr||01l#|LG*W2wnXD67=}^
z|DV<>8eo9F;_r;gFHFhTw&WMa<mo?dVWFSetPUML@DSPuAbqey=JVenQU-b0r|)cd
zx{4y6Gu7JRB8nCF4Q`mBKmI_$El|J`g7=%t=+8gD_6$CaTK&J!0k*1o(iWi4|0k1+
zn*WEB%U90-zXVnG{~Ir_xk<l=7sm3n2jl2qYWIJI6)bWp;mPNLef$5*aI&}mpE&>j
zB2@N&y_MXB`n$pa?x4B?P&@}J^=~?IXM2Zz<u#%lj5CO42Kbv(KsiGb4<QK@BE^Lj
zmujT{b4h+%3&nc#-ZV5Cc?fL`w-8k7uO?cN*(TMJBr!x-Y`1e`!ZeDQq0s_U2_wU}
z8I2|_0}}?K)PP^w;A}6No{*HN+BJltET5s%$!YC!3Mm)s8Jhe=Dt83@D+k#kW)g;J
zi=64j<-4+^h^HymbN$<BoJ%pD6E?1D#q7zpS`*7klRonO&p7ibU-}eQK>v1LyBiZ3
z@fC=*PnZI+!t`%1FT+rJWreJOfs{9b&!IY?M5*j2Q1ww}T&NlPG5m2-zkyXUL*oQ6
zRmo?stS=ms<2Is2uFGv~jsdPYQ}C%KPeP<O+c$zQ2!(oE_IUg@XNsio8WuRGs=^ZC
z49^KAiqy>sp;+*&e$7W$KmS~_7##n?==zp(^<RX7TuTM%3@MRAl`&^m@;zsovF-M+
z5`?j{uyQXGWJM?}A)X=QDwVsKQvPtWVR<7XOtF2XQ0Hx2K6bZBikC1$r^_S~+C6I#
ztor9{RlH!>xR$IyoA*8N{{{LVF7C15Ig8EP4s9)RHXbjDO7eLS@pP<rAA*4b=}WSd
z<NI7Ho|4ZnCQ{}g$Cs~Oc?hjI%~QChn4}*zL3W0I``X7EHSGln(3C707e@qhz5D-{
z7xnjl=P%v<|BKKIbc2-w!6Z@~*_lTV2{1Iz3DrAwl;P+eFF^+03-lo&63IN%%cDdx
z0ZP%5^0^J&ge}jI0PWZ-Fe_#0I%cu=0x?(`w@3e;30RO%5Tgg867+BX5g@%lA<oQ`
zx=Sbnfhb`Rc){ztf8HrBz<YtNd75&DK3?CUm<Z_wOQOc+U)y~zn12>y^Y7+DvK;Gw
zHh;<$8}9_oade+&NUzM&`yr4InfF65$M@b3flBr7T#%*r!~c3O&_^r?&n0^M`i=C0
zOmK}1ynw`j$Ch32-@RZZBOb%}dw8i?^Z!W1a$Gv!J<6v5o&G-wr<c>0HUGanzdU#T
z|0T%xeXqI)An-{6GpGLh$A2ca-4@XHH7p1t=6!w{aAU@}GETnTB@iEHncypkgI%}`
z2%n*xZSI_HU@c-?p*1KZ^La{?g4jqY1?VL(BgZUJU{JvJgMw8UOkM`zb{o?4k|St*
zL9*SVEbU=rGgEOUXh&9PWz)oU6|Ybt)ql5f{7j?;c^S<Grp+C-dyRw(gH(z}eH2C8
zUlg@Gge`N5MWYzKVT!oMn8oR-ea|8{GvpVlT1_y`5^NE#j1ow<8z`OuySjP%@#S6R
zGD4M)L)sK!(IL-3)DdjS^eSkvBKB0bY`IXZZ4M+-32epyanV`C7f9&<B_I<Zfmti8
zfn&Zvm?3VCh68id1ww~1p3_(x*$RY00wTU-<nvax36Hu_1Kd<irrF&vOwkI{989c3
zDPAK1x)qeOl03sA1N2TuTEZ55Rz{T@m(yFboDsFQt1+49iVHc8^)_oP$<oInO7twN
zT)<d+nCUt*ZWpBSi|ziix~a5#4XFfS%hC;F$Q?7F%@`4haPg=e#ZJ-slGe`co4XI&
zt*@Dky7rCUcMr<l6ljGJwg6!#aUpnWWCDvbPM9)(M3exltKTjZa=R}^iU;W0tV3uH
z$i6v^1N4@mYn%eT#uA==0<@;3uN6CN3hHMTWoE0j@@}(q{?O%Lnxcfz__p~t!WgfD
zwBd4>NK0+b+dI@9ZA|6S0_@!0DS;I%*KK0@MuM#V6CStUM+jJ+cHQ^UFYL8>CEv+(
z3-;Z1C(~PYLvhq2h*L_~a*(`&w_j|p#x>b*Xs#28?mIL(Oz+6X_L!6qLp!w^>*E@>
zBmm2HBd*dQ{p`qU>RCh^_TvlIizpG$=?Rv6Be<8XWeIC%#X{h9uZeaF>|yB|qhDIr
z8gFmbtcIJN&9)D22@LcCc2_wK-+y+_IR#wrRl<3b7k0Zqv^k|}p5}i4S#_`c8bFwX
zO!Hc?ji-A>^}8PR(Q4XybAZ7=z+5Y?z4c*B2q?Vl_LSjEQG}xeuJsJ(*`3Dk@qmS6
z!9|MIOheF@?F!kDRg8wK%gUi@Yj-}76nL(_f$jjqb2?;M>hhH)&fb;D9Qh9r)Vsh6
zkQrwZer4~lkO`*r9glm~@CpvU17){9ze~<g&eB2*N_h+c`h|hr1NAM+r<8LEr-%!5
zs(T%&Q-h8-e;9cP$2KTqiXs#0d!%9kC<CEQ0Ajsgib2`!&pqQ0%<PKd+$I4)j1~lF
zEQ3y=eUMA917<8eJa$~in8V`bz_EPZ?7Rn>^q>H~`(o*sQqAkIuju@l;EG3_9&u2^
zaE?728Ngz6evH*d*%i0DTN_QsxoA4$Xll4uCAsKP?;tt7qwHZ=5QeG4B@UN#cgNup
zhf5qTDUrh^?c{Jtf6p8)>1N2dRKJ?T=Ieyemf3Oe#K98>PYQDI#KDs-Ie5}e4xaS)
z%)yf$cp|`|6NgS5I&tX4p_3gsbkac%o%FFdbW&z|JUWqU7CB7PLJpHSOk&Al5{F5)
z<S<D)IZV>uGlxm~KgMmmnPCA;-L_^Xbo*RiQbf<#Or?tU?|@N#p}w+DYzt}FBprM0
zUpa_1;wumcBMC|`+1s?Bw&n0c0-7nOhP_mgqeyB}QS#<fCP13>F|!n3y?+gHfUeq%
z1JX>b>-{v6Kq4Jf>@>&#T_KiJT4QaIx)H$m_W4I5%=)0Zpk_(+d%CcyC(>wc&=}Be
zc}Q(ClvV%kN=d=3GJ10&x-F*ET#@3{-)V$Yg4L$<i7b-Z&JafTu(tVcm?5orteY^*
zCNUhkW4neN_pmksibT0CyfiTS-9u|;P@{@;4~Q(%{j{$11v3VHX^?u5tujLim~6Bj
z-odeCqtSzgvz>-r)}5WGQ(0u|b0!m#^@lvZTSzu(j2|&2@wN$TuW#8Ide7BccGfHM
z%_kz2U0Ysrkng!NSB|DI+s%X2WgjuFz-+pP9&b7CQ3mMkqF-AH>{L&rhP_-Ada?Pd
zwjtX@n(t+m?$aC)<IFb;s_w&H8-+T#sA#i)8XCK!n=6_!bsy{<n_o+DRODrM>NPh?
zGg+fp!IDHM1+g?09-^dgk_YB`9e^%}<rfVBY`*rN&ik8b=|W&bfLec_8_H(w({7J-
zGicQuq}Ba+SYQPcM^c<=&-p`#1Y=x(q6`zE<9ye?hp;7u%2R|H11&e8WfO_?Osz28
zPYJFJg=<d+YD3%x)s!Ol8G1;#w2{Yb7PaWnJ*-Dvo>TX|(OWjMp>NNdwsDd(+GRB(
z^VH~ZFyN_&bO?R&OT~;*ocV?ADV~z3;fe0--5v|t)Rz7`k&26!0No$q&3xTpm2_Bh
z??Q6GhNImPJJs91rgY{Tc4QlNG$%l=S#$$}@VNCrt$PpMzGrS8iC^0`c>}uIlpEW~
zy5FR~O_wiSk{Rr*bWe~3v4Xf%(@dM4DJ8bMlF#?b_7$B(fBfnF1!|@26@EW@sgw=V
zZP9|cS+0~)XJ{ytve!#Hd!-sEb&g#Llx^we`1z`!G>#FuA}HT@5foD>LqKg78iPky
zT-ug1Z-^3|fo8u5%YcVUE>@e4_Mq1j?%D%gTNK;<4-b1c^q}@GnofI7tv1B7=I*$P
zHQ!go8Ve6@H1ZzAUqhot`C<ir@s7v0FLi1qN(TakQePZiK##`@P5&dzkpaW&O%tuP
z)fzbVAVX6}?F{bKR*NCp{bnDk!;1!KU#!Ghn?8_37vDI#Z~^Q43Rs7fSi?%;C^08B
z`-sccS2N`5s~H+_)bxE7uX5$5_Q-t|*h22Bz<o~lRiOJS(0vuy&Fa1i>|=3X1(umy
z`Kd;7xTJ*~F4^aFxWwTShfBIy9WLo(ak!++<T5Dt$YGKea+qYF(_s>aNgO8WW_6gP
zkHuk<GSf3;P`3Qv*XT(vL$_bPbZ18nd>M&Vlw8$6rfH@_GbaYm;vg#<o}4%+Vdgnf
z0iP=w@X&O?Ll*M^DS^+E6nIEl;6dyD(A2=^N)CLM^uR|a2p*)mVM&6IND~||zJ?^e
z&P2fhA~(5v15*VDNUS6i4oVgr;s^C~!Y8H+4o(<6$To&14Gu>s-HC$(QwN7*l-}O=
z3Od4fNCV0mJgu-ns|I!j4-PDC&?>P~^5Br-2CWhsiXIFuZ*TzK8HggDqsYNA${aX+
z<M55cH@n_AeB<y<3pspKp+N-_o^hl9$TA6?O<z4jp@c`4O6Zhm%P2giSVE^*&glAS
z<q`&2*Z`J8izYnzqx^5|`|qz(Y+#G(y#XWm&gu-Dd`YS%;*G5%{*w}>f;CR*QQ8Q@
zFuXiJH$THLtp7B>PcFiXi_1wkolH-{$;J7r=?Myt(s~c&QekltKDn*>;2b$}<melx
R{|f*B|Nknoomv2{000|E;8Oqq

literal 0
HcmV?d00001

diff --git a/packs/kubeflow-1.9.1/charts/metacontroller/.helmignore b/packs/kubeflow-1.9.1/charts/metacontroller/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/metacontroller/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/packs/kubeflow-1.9.1/charts/metacontroller/Chart.yaml b/packs/kubeflow-1.9.1/charts/metacontroller/Chart.yaml
new file mode 100644
index 00000000..b1c1d902
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/metacontroller/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: metacontroller
+description: A Helm chart for Metacontroller
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 4.11.22
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "4.11.22"
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/metacontroller/crds/controllers.yaml b/packs/kubeflow-1.9.1/charts/metacontroller/crds/controllers.yaml
new file mode 100644
index 00000000..a5444664
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/metacontroller/crds/controllers.yaml
@@ -0,0 +1,827 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    api-approved.kubernetes.io: unapproved, request not yet submitted
+    controller-gen.kubebuilder.io/version: v0.13.0
+  name: compositecontrollers.metacontroller.k8s.io
+spec:
+  group: metacontroller.k8s.io
+  names:
+    kind: CompositeController
+    listKind: CompositeControllerList
+    plural: compositecontrollers
+    shortNames:
+    - cc
+    - cctl
+    singular: compositecontroller
+  scope: Cluster
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: CompositeController
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              childResources:
+                items:
+                  properties:
+                    apiVersion:
+                      type: string
+                    resource:
+                      type: string
+                    updateStrategy:
+                      properties:
+                        method:
+                          enum:
+                          - OnDelete
+                          - Recreate
+                          - InPlace
+                          - RollingRecreate
+                          - RollingInPlace
+                          type: string
+                        statusChecks:
+                          properties:
+                            conditions:
+                              items:
+                                properties:
+                                  reason:
+                                    type: string
+                                  status:
+                                    type: string
+                                  type:
+                                    type: string
+                                required:
+                                - type
+                                type: object
+                              type: array
+                          type: object
+                      type: object
+                  required:
+                  - apiVersion
+                  - resource
+                  type: object
+                type: array
+              generateSelector:
+                type: boolean
+              hooks:
+                properties:
+                  customize:
+                    properties:
+                      version:
+                        default: v1
+                        enum:
+                        - v1
+                        - v2
+                        type: string
+                      webhook:
+                        properties:
+                          etag:
+                            properties:
+                              cacheCleanupSeconds:
+                                format: int32
+                                type: integer
+                              cacheTimeoutSeconds:
+                                format: int32
+                                type: integer
+                              enabled:
+                                type: boolean
+                            type: object
+                          path:
+                            type: string
+                          responseUnMarshallMode:
+                            description: Sets the json unmarshall mode. One of the
+                              'loose' or 'strict'. In 'strict' mode additional checks
+                              are performed to detect unknown and duplicated fields.
+                            enum:
+                            - loose
+                            - strict
+                            type: string
+                          service:
+                            properties:
+                              name:
+                                type: string
+                              namespace:
+                                type: string
+                              port:
+                                format: int32
+                                type: integer
+                              protocol:
+                                type: string
+                            required:
+                            - name
+                            - namespace
+                            type: object
+                          timeout:
+                            format: duration
+                            type: string
+                          url:
+                            type: string
+                        type: object
+                    type: object
+                  finalize:
+                    properties:
+                      version:
+                        default: v1
+                        enum:
+                        - v1
+                        - v2
+                        type: string
+                      webhook:
+                        properties:
+                          etag:
+                            properties:
+                              cacheCleanupSeconds:
+                                format: int32
+                                type: integer
+                              cacheTimeoutSeconds:
+                                format: int32
+                                type: integer
+                              enabled:
+                                type: boolean
+                            type: object
+                          path:
+                            type: string
+                          responseUnMarshallMode:
+                            description: Sets the json unmarshall mode. One of the
+                              'loose' or 'strict'. In 'strict' mode additional checks
+                              are performed to detect unknown and duplicated fields.
+                            enum:
+                            - loose
+                            - strict
+                            type: string
+                          service:
+                            properties:
+                              name:
+                                type: string
+                              namespace:
+                                type: string
+                              port:
+                                format: int32
+                                type: integer
+                              protocol:
+                                type: string
+                            required:
+                            - name
+                            - namespace
+                            type: object
+                          timeout:
+                            format: duration
+                            type: string
+                          url:
+                            type: string
+                        type: object
+                    type: object
+                  postUpdateChild:
+                    properties:
+                      version:
+                        default: v1
+                        enum:
+                        - v1
+                        - v2
+                        type: string
+                      webhook:
+                        properties:
+                          etag:
+                            properties:
+                              cacheCleanupSeconds:
+                                format: int32
+                                type: integer
+                              cacheTimeoutSeconds:
+                                format: int32
+                                type: integer
+                              enabled:
+                                type: boolean
+                            type: object
+                          path:
+                            type: string
+                          responseUnMarshallMode:
+                            description: Sets the json unmarshall mode. One of the
+                              'loose' or 'strict'. In 'strict' mode additional checks
+                              are performed to detect unknown and duplicated fields.
+                            enum:
+                            - loose
+                            - strict
+                            type: string
+                          service:
+                            properties:
+                              name:
+                                type: string
+                              namespace:
+                                type: string
+                              port:
+                                format: int32
+                                type: integer
+                              protocol:
+                                type: string
+                            required:
+                            - name
+                            - namespace
+                            type: object
+                          timeout:
+                            format: duration
+                            type: string
+                          url:
+                            type: string
+                        type: object
+                    type: object
+                  preUpdateChild:
+                    properties:
+                      version:
+                        default: v1
+                        enum:
+                        - v1
+                        - v2
+                        type: string
+                      webhook:
+                        properties:
+                          etag:
+                            properties:
+                              cacheCleanupSeconds:
+                                format: int32
+                                type: integer
+                              cacheTimeoutSeconds:
+                                format: int32
+                                type: integer
+                              enabled:
+                                type: boolean
+                            type: object
+                          path:
+                            type: string
+                          responseUnMarshallMode:
+                            description: Sets the json unmarshall mode. One of the
+                              'loose' or 'strict'. In 'strict' mode additional checks
+                              are performed to detect unknown and duplicated fields.
+                            enum:
+                            - loose
+                            - strict
+                            type: string
+                          service:
+                            properties:
+                              name:
+                                type: string
+                              namespace:
+                                type: string
+                              port:
+                                format: int32
+                                type: integer
+                              protocol:
+                                type: string
+                            required:
+                            - name
+                            - namespace
+                            type: object
+                          timeout:
+                            format: duration
+                            type: string
+                          url:
+                            type: string
+                        type: object
+                    type: object
+                  sync:
+                    properties:
+                      version:
+                        default: v1
+                        enum:
+                        - v1
+                        - v2
+                        type: string
+                      webhook:
+                        properties:
+                          etag:
+                            properties:
+                              cacheCleanupSeconds:
+                                format: int32
+                                type: integer
+                              cacheTimeoutSeconds:
+                                format: int32
+                                type: integer
+                              enabled:
+                                type: boolean
+                            type: object
+                          path:
+                            type: string
+                          responseUnMarshallMode:
+                            description: Sets the json unmarshall mode. One of the
+                              'loose' or 'strict'. In 'strict' mode additional checks
+                              are performed to detect unknown and duplicated fields.
+                            enum:
+                            - loose
+                            - strict
+                            type: string
+                          service:
+                            properties:
+                              name:
+                                type: string
+                              namespace:
+                                type: string
+                              port:
+                                format: int32
+                                type: integer
+                              protocol:
+                                type: string
+                            required:
+                            - name
+                            - namespace
+                            type: object
+                          timeout:
+                            format: duration
+                            type: string
+                          url:
+                            type: string
+                        type: object
+                    type: object
+                type: object
+              parentResource:
+                properties:
+                  apiVersion:
+                    type: string
+                  labelSelector:
+                    description: A label selector is a label query over a set of resources.
+                      The result of matchLabels and matchExpressions are ANDed. An
+                      empty label selector matches all objects. A null label selector
+                      matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector
+                          requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector
+                            that contains values, a key, and an operator that relates
+                            the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector
+                                applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship
+                                to a set of values. Valid operators are In, NotIn,
+                                Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If
+                                the operator is In or NotIn, the values array must
+                                be non-empty. If the operator is Exists or DoesNotExist,
+                                the values array must be empty. This array is replaced
+                                during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A
+                          single {key,value} in the matchLabels map is equivalent
+                          to an element of matchExpressions, whose key field is "key",
+                          the operator is "In", and the values array contains only
+                          "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                    x-kubernetes-map-type: atomic
+                  resource:
+                    type: string
+                  revisionHistory:
+                    properties:
+                      fieldPaths:
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                required:
+                - apiVersion
+                - resource
+                type: object
+              resyncPeriodSeconds:
+                format: int32
+                type: integer
+            required:
+            - parentResource
+            type: object
+          status:
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    api-approved.kubernetes.io: unapproved, request not yet submitted
+    controller-gen.kubebuilder.io/version: v0.13.0
+  name: controllerrevisions.metacontroller.k8s.io
+spec:
+  group: metacontroller.k8s.io
+  names:
+    kind: ControllerRevision
+    listKind: ControllerRevisionList
+    plural: controllerrevisions
+    singular: controllerrevision
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: ControllerRevision
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          children:
+            items:
+              properties:
+                apiGroup:
+                  type: string
+                kind:
+                  type: string
+                names:
+                  items:
+                    type: string
+                  type: array
+              required:
+              - apiGroup
+              - kind
+              - names
+              type: object
+            type: array
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          parentPatch:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+        required:
+        - metadata
+        - parentPatch
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    api-approved.kubernetes.io: unapproved, request not yet submitted
+    controller-gen.kubebuilder.io/version: v0.13.0
+  name: decoratorcontrollers.metacontroller.k8s.io
+spec:
+  group: metacontroller.k8s.io
+  names:
+    kind: DecoratorController
+    listKind: DecoratorControllerList
+    plural: decoratorcontrollers
+    shortNames:
+    - dec
+    - decorators
+    singular: decoratorcontroller
+  scope: Cluster
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: DecoratorController
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              attachments:
+                items:
+                  properties:
+                    apiVersion:
+                      type: string
+                    resource:
+                      type: string
+                    updateStrategy:
+                      properties:
+                        method:
+                          enum:
+                          - OnDelete
+                          - Recreate
+                          - InPlace
+                          - RollingRecreate
+                          - RollingInPlace
+                          type: string
+                      type: object
+                  required:
+                  - apiVersion
+                  - resource
+                  type: object
+                type: array
+              hooks:
+                properties:
+                  customize:
+                    properties:
+                      version:
+                        default: v1
+                        enum:
+                        - v1
+                        - v2
+                        type: string
+                      webhook:
+                        properties:
+                          etag:
+                            properties:
+                              cacheCleanupSeconds:
+                                format: int32
+                                type: integer
+                              cacheTimeoutSeconds:
+                                format: int32
+                                type: integer
+                              enabled:
+                                type: boolean
+                            type: object
+                          path:
+                            type: string
+                          responseUnMarshallMode:
+                            description: Sets the json unmarshall mode. One of the
+                              'loose' or 'strict'. In 'strict' mode additional checks
+                              are performed to detect unknown and duplicated fields.
+                            enum:
+                            - loose
+                            - strict
+                            type: string
+                          service:
+                            properties:
+                              name:
+                                type: string
+                              namespace:
+                                type: string
+                              port:
+                                format: int32
+                                type: integer
+                              protocol:
+                                type: string
+                            required:
+                            - name
+                            - namespace
+                            type: object
+                          timeout:
+                            format: duration
+                            type: string
+                          url:
+                            type: string
+                        type: object
+                    type: object
+                  finalize:
+                    properties:
+                      version:
+                        default: v1
+                        enum:
+                        - v1
+                        - v2
+                        type: string
+                      webhook:
+                        properties:
+                          etag:
+                            properties:
+                              cacheCleanupSeconds:
+                                format: int32
+                                type: integer
+                              cacheTimeoutSeconds:
+                                format: int32
+                                type: integer
+                              enabled:
+                                type: boolean
+                            type: object
+                          path:
+                            type: string
+                          responseUnMarshallMode:
+                            description: Sets the json unmarshall mode. One of the
+                              'loose' or 'strict'. In 'strict' mode additional checks
+                              are performed to detect unknown and duplicated fields.
+                            enum:
+                            - loose
+                            - strict
+                            type: string
+                          service:
+                            properties:
+                              name:
+                                type: string
+                              namespace:
+                                type: string
+                              port:
+                                format: int32
+                                type: integer
+                              protocol:
+                                type: string
+                            required:
+                            - name
+                            - namespace
+                            type: object
+                          timeout:
+                            format: duration
+                            type: string
+                          url:
+                            type: string
+                        type: object
+                    type: object
+                  sync:
+                    properties:
+                      version:
+                        default: v1
+                        enum:
+                        - v1
+                        - v2
+                        type: string
+                      webhook:
+                        properties:
+                          etag:
+                            properties:
+                              cacheCleanupSeconds:
+                                format: int32
+                                type: integer
+                              cacheTimeoutSeconds:
+                                format: int32
+                                type: integer
+                              enabled:
+                                type: boolean
+                            type: object
+                          path:
+                            type: string
+                          responseUnMarshallMode:
+                            description: Sets the json unmarshall mode. One of the
+                              'loose' or 'strict'. In 'strict' mode additional checks
+                              are performed to detect unknown and duplicated fields.
+                            enum:
+                            - loose
+                            - strict
+                            type: string
+                          service:
+                            properties:
+                              name:
+                                type: string
+                              namespace:
+                                type: string
+                              port:
+                                format: int32
+                                type: integer
+                              protocol:
+                                type: string
+                            required:
+                            - name
+                            - namespace
+                            type: object
+                          timeout:
+                            format: duration
+                            type: string
+                          url:
+                            type: string
+                        type: object
+                    type: object
+                type: object
+              resources:
+                items:
+                  properties:
+                    annotationSelector:
+                      properties:
+                        matchAnnotations:
+                          additionalProperties:
+                            type: string
+                          type: object
+                        matchExpressions:
+                          items:
+                            description: A label selector requirement is a selector
+                              that contains values, a key, and an operator that relates
+                              the key and values.
+                            properties:
+                              key:
+                                description: key is the label key that the selector
+                                  applies to.
+                                type: string
+                              operator:
+                                description: operator represents a key's relationship
+                                  to a set of values. Valid operators are In, NotIn,
+                                  Exists and DoesNotExist.
+                                type: string
+                              values:
+                                description: values is an array of string values.
+                                  If the operator is In or NotIn, the values array
+                                  must be non-empty. If the operator is Exists or
+                                  DoesNotExist, the values array must be empty. This
+                                  array is replaced during a strategic merge patch.
+                                items:
+                                  type: string
+                                type: array
+                            required:
+                            - key
+                            - operator
+                            type: object
+                          type: array
+                      type: object
+                    apiVersion:
+                      type: string
+                    labelSelector:
+                      description: A label selector is a label query over a set of
+                        resources. The result of matchLabels and matchExpressions
+                        are ANDed. An empty label selector matches all objects. A
+                        null label selector matches no objects.
+                      properties:
+                        matchExpressions:
+                          description: matchExpressions is a list of label selector
+                            requirements. The requirements are ANDed.
+                          items:
+                            description: A label selector requirement is a selector
+                              that contains values, a key, and an operator that relates
+                              the key and values.
+                            properties:
+                              key:
+                                description: key is the label key that the selector
+                                  applies to.
+                                type: string
+                              operator:
+                                description: operator represents a key's relationship
+                                  to a set of values. Valid operators are In, NotIn,
+                                  Exists and DoesNotExist.
+                                type: string
+                              values:
+                                description: values is an array of string values.
+                                  If the operator is In or NotIn, the values array
+                                  must be non-empty. If the operator is Exists or
+                                  DoesNotExist, the values array must be empty. This
+                                  array is replaced during a strategic merge patch.
+                                items:
+                                  type: string
+                                type: array
+                            required:
+                            - key
+                            - operator
+                            type: object
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: matchLabels is a map of {key,value} pairs.
+                            A single {key,value} in the matchLabels map is equivalent
+                            to an element of matchExpressions, whose key field is
+                            "key", the operator is "In", and the values array contains
+                            only "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                      x-kubernetes-map-type: atomic
+                    resource:
+                      type: string
+                  required:
+                  - apiVersion
+                  - resource
+                  type: object
+                type: array
+              resyncPeriodSeconds:
+                format: int32
+                type: integer
+            required:
+            - resources
+            type: object
+          status:
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/metacontroller/templates/clusterrole.yaml b/packs/kubeflow-1.9.1/charts/metacontroller/templates/clusterrole.yaml
new file mode 100644
index 00000000..1dd5e4e1
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/metacontroller/templates/clusterrole.yaml
@@ -0,0 +1,32 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kubeflow-metacontroller
+rules:
+- apiGroups: [""]
+  resources: ["namespaces"]
+  verbs: ["get", "list", "watch", "update"]
+- apiGroups: [""]
+  resources: ["namespaces/status"]
+  verbs: ["get", "list", "watch", "update", "patch"]
+- apiGroups: [""]
+  resources: ["secrets", "configmaps"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+- apiGroups: ["apps"]
+  resources: ["deployments"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+- apiGroups: [""]
+  resources: ["services"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+- apiGroups: ["networking.istio.io"]
+  resources: ["destinationrules"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+- apiGroups: ["security.istio.io"]
+  resources: ["authorizationpolicies"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+- apiGroups: ["metacontroller.k8s.io"]
+  resources: ["compositecontrollers", "controllerrevisions", "decoratorcontrollers"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+  resources: ["events"]
+  verbs: ["create", "patch"]
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/metacontroller/templates/clusterrolebinding.yaml b/packs/kubeflow-1.9.1/charts/metacontroller/templates/clusterrolebinding.yaml
new file mode 100644
index 00000000..1f7ee8dc
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/metacontroller/templates/clusterrolebinding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: meta-controller-cluster-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kubeflow-metacontroller
+subjects:
+- kind: ServiceAccount
+  name: meta-controller-service
+  namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/metacontroller/templates/serviceaccount.yaml b/packs/kubeflow-1.9.1/charts/metacontroller/templates/serviceaccount.yaml
new file mode 100644
index 00000000..57aff05c
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/metacontroller/templates/serviceaccount.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: meta-controller-service
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/metacontroller/templates/statefulset.yaml b/packs/kubeflow-1.9.1/charts/metacontroller/templates/statefulset.yaml
new file mode 100644
index 00000000..78a7839f
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/metacontroller/templates/statefulset.yaml
@@ -0,0 +1,54 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app: metacontroller
+  name: metacontroller
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: metacontroller
+  serviceName: ""
+  template:
+    metadata:
+      labels:
+        app: metacontroller
+        sidecar.istio.io/inject: "false"
+    spec:
+      containers:
+        - resources:
+            limits:
+              cpu: '1'
+              memory: 1Gi
+            requests:
+              cpu: 100m
+              memory: 256Mi
+          command: ["/usr/bin/metacontroller"]
+          args:
+          - --zap-log-level=4
+          - --discovery-interval=3600s
+          livenessProbe:
+            httpGet:
+              port: 8081
+              path: /healthz
+          readinessProbe:
+            httpGet:
+              port: 8081
+              path: /readyz
+          securityContext:
+            seccompProfile:
+              type: RuntimeDefault
+            capabilities:
+              drop:
+              - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            privileged: false
+            allowPrivilegeEscalation: false
+          name: metacontroller
+          image: 'ghcr.io/metacontroller/metacontroller:v4.11.22'
+      serviceAccountName: meta-controller-service
+  # Workaround for https://github.com/kubernetes-sigs/kustomize/issues/677
+  volumeClaimTemplates: []
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/metacontroller/values_lint.yaml b/packs/kubeflow-1.9.1/charts/metacontroller/values_lint.yaml
new file mode 100644
index 00000000..e69de29b
diff --git a/packs/kubeflow-1.9.1/charts/profile-0.1.0.tgz b/packs/kubeflow-1.9.1/charts/profile-0.1.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..96412641b1bd99ac37a22280233eda75f87c0ba0
GIT binary patch
literal 2043
zcmV<X2L$*ZiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI?AZ`(NX?`wXF`8!#l&3{G9j*}b=9I(D@?poYKd+~08!(tK8
z(%9mLBDExC$4z>l{XkOkgY3lFHk)2?o)->9k;561^P2~y&}z&Dw$C%BEuFJmym)eo
z<2XL;_59yBj+=ku&RO?G=OjKkIqk&V&e@B&(>*;tegW~*i?T_ju}r^+KYOjFa$gCt
zg1<*?xRQOCb_pwr#bbwdPH9Y1G>PVg^?d_)jUtD{-4+-t4Sy|1s3lr7M6w+FP+cfu
z=LPnG6@}mlbCb!mW*pNFjmekRd{2&Q`?r`Ef>|`}s|-bf+E80O5f<#Q|8B2$(y;%N
z?%w{Nhi-4%N95wBU@`@pAvhxjHTG?9<&+$?KYk>)w-KZ`<`SV*-5Kh}wjf%*Wu>q{
zgDd%mV?^IGQKIo9-%e3$o+8|V)ul|}^w>9fJ}k#$egmzj1r;xpscRB1-ML0)D`|p!
zPS^@ffEg$arZAc>Wd^}UC?1g9k6MaeXfEv-THl!H8`E0XAhat`ggek!2$mqU{=WsS
ztJZJVM&-GZK|*uCgyDS<F+-74leN9neYm{^E)!9vn+nme<mP*W0u!tB-zv7WmW_{V
z6$cCGckftH(CY=ZQ?A+z_`bc}GUX0_EtSQF%9~trCfNkjXfzLuE>R#eNQbDWJZa8f
z+p=1RoqN|*Hrgsla97(lE8J_kT>&nQWir8a@%>%dCi^8CRq6!6jW7>fNmklSY5u|c
z%0daA%o_&QxTP(;v5}kAT9_F(ma8|?;zWBk6y;RSFK+ChwAqK())p5x7Nt9|cUnz(
ziuzu`-!W~_nU)638Gp!{3ODpegZjb^Tnc>XCqn;^%j<SnFl$ju*V+1ses}fr!b%P+
z%gRw&|9WXahq+4mm}7cTGt@Z2o69g^AjFbywdNYLd-l)i)`FKp%}_U%c(uMIUmB!;
zN80rN+b&|Fq}6;>TBScBN7&*2JEz^Vb^qV(c2Cdt{{K0s_5t@J2pb7Zy-kzVWWiuk
zYHsIYigys55n9$E*IcH37_45Scm5iY94$+kWqkq_h`Sbm7ov&6V&SUpKysNnOYS+l
z1PIW*aw$#KX$p29GMfSux0)^m`eh@SWhjFH5nSWE4;p_h(O8-xOHrGj9G_}qoK;YV
z7_a@iitEpQHo(*m>Q_%r9nItf;gEj|hg0Su>t)SqRc^Rj#7%-5`zq)cC~|uE*^AB<
zl&(A4M^*E@)EcD~Ar9KI{UA-GW)gM8k_3&3{K-M$!z&*^Ra<W&FQO6xb;aE6o`XjN
zHe)upg@j2^Qp`cC(jwSQt8$V71J5_&a-z|g39~q3^T-4T@77kOv@jgdiuVs0H!vK8
z(2g5OvCx<}nP_;oO_$(<4CG29Of-|FU>bsAE<UVyXUu?AmH6}ey-Qr(Ci&fP5#$Vo
zfDtCFG>hnWIDnj+oY^F+CG{R~c@i^jv*ob{X3O(Td17CA7rt?*bn`@`;CP?i<2(-k
z>rms<3Pii=KWDw;2L5+?C*3{%KL=I#A1r2<7kFq$fRQTJbfM-p2k>9$MYbgX_s8ON
zIrR~~h9#kDcK+k=hqr$x-~iS~-9g}m08bFVuQ|5c$79K+{nwlDbhY4J_J7*6|9$=E
z*=W@mU7|Y{YDSfww5PQRzN-qlPi}Vin$5zuuDe!0+c%dBTlFuNi}hvvxYc}i3rAh0
z<^L>|Wy1oK%7&WVpTANe$_bYy@UI>o<l2P>+u!y4H|<|5fg>(cE+?Ov_tms3|LdIf
z8vZ}-_2Rw#KL@!KW8uwwsb;gJ1&8iV_?ir++_vi8M3ly&zElGJU^k$~kZ3WIG}57!
zJLT8gmK8O_1U+KOx>u&xe+X5{8m62Se+t+3)1c~b6RMb$%KGIh25uibc7+|OqIj1L
zh2B-&cElLXqS^Mj%OGRrls<kWZuv_b`yiv>f6=Ne9@r%U5H{(2d19-=ZJeY7<8t&1
zCf4*x^qZD&Dy{Qg*Xw_ytoGGVjsG-5k@JaE8lQZPUGd+^ar67%aopR-f6qb(@Gex&
zeVrs+0ACn`QOSivQz%$+%_e9lISBO_Qx=8N)_}=S2$%>p0$(TLa`G)`6wLA|Lcwgd
z((h8t1CTiJumLX%jbna;X$Y78?-hl&Qp`a~KhqcU3)CREL`vxQ!>gfH8p#1vpM&0?
z4<Y5+5IW(u?SF&#gpNMww*Rd=vPs+h)Q@H=+e=0xmRy$w_{tYKqGnc*BRXQ&<cQkb
zwUy=*a`bO<0PmURsx<KC`wK&8p_PM3LV1d;9foW53!zh!s1(~@!@oGx_8%&kSAxr@
z|1Y3j@n0M_^S@rF)7jhqbI|IS`98E-ge-ED1Bfc0KA4#|EdR68)mPd<sNs@>sxsX7
zEdb`nUHTx2Y1wBp)8{Pj_p73B#M8cuT-xS1(!P#P$ReRTSPvi$su04Wv5||gzFSRC
z3E7&ek!A(ObymfzK3HA4u;($As>R^PRbcv{Tu{`F3axJDgt!N{^!f*bWrpn);wf<;
zv?$w4<qPW$CF^nL>v5S08|^~t6<+Sq_fI*_R{Gr|A**q9I8(owc*F8SAWc;MrLW+g
Z_Oz!x?dc29e*ypi|Np4q?$`h>0039;2XX)a

literal 0
HcmV?d00001

diff --git a/packs/kubeflow-1.9.1/charts/profile/.helmignore b/packs/kubeflow-1.9.1/charts/profile/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/profile/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/packs/kubeflow-1.9.1/charts/profile/Chart.yaml b/packs/kubeflow-1.9.1/charts/profile/Chart.yaml
new file mode 100644
index 00000000..633fac13
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/profile/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: profile
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
diff --git a/packs/kubeflow-1.9.1/charts/profile/templates/_helpers.tpl b/packs/kubeflow-1.9.1/charts/profile/templates/_helpers.tpl
new file mode 100644
index 00000000..c6f57c0c
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/profile/templates/_helpers.tpl
@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "profile.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "profile.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "profile.labels" -}}
+helm.sh/chart: {{ include "profile.chart" . }}
+{{ include "profile.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Common selector labels
+*/}}
+{{- define "profile.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "profile.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Resource Names.
+*/}}
+{{- define "profile.authorizationpolicy.name" -}}
+{{- printf "%s-%s" "ext-auth" .Values.istioIntegration.envoyExtAuthzHttpExtensionProviderName }}
+{{- end }}
+
+{{/*
+Parse user email.
+*/}}
+{{- define "profile.parseUserEmail" -}}
+{{- $email := . }}
+{{- $pattern := "[.@_]" }}
+{{- $replacement := "-" }}
+{{- $modifiedEmail := regexReplaceAll $pattern $email $replacement }}
+{{- printf "%s-%s" "user" (lower $modifiedEmail) }}
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/profile/templates/authorizationpolicy.contributor.yaml b/packs/kubeflow-1.9.1/charts/profile/templates/authorizationpolicy.contributor.yaml
new file mode 100644
index 00000000..26f90356
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/profile/templates/authorizationpolicy.contributor.yaml
@@ -0,0 +1,28 @@
+{{- if .Values.istioIntegration.enabled -}}
+
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  labels:
+    {{- include "profile.labels" . | nindent 4 }}
+  name: contributors
+  namespace: {{ .Release.Name }}
+spec:
+  rules:
+  - when:
+    - key: request.headers[{{ .Values.auth.userHeaderName }}]
+      values:
+      {{- range $i, $val := (.Values.contributors | default list) }}
+        - {{ $val }}
+      {{- end }}
+      {{/*
+      Currently the AuthorizationPolicy ns-owner-access-istio created by profiles-controller
+      specifies that user can only route through a istio-ingressgateway-service-account SA.
+      This SA name is deprecated. This AuthorizationPolicy defines more granular access and
+      has to specify access for the owner as well because of the SA mismatch.
+      */}}
+      {{- with (.Values.owner | default dict).name }}
+        - {{ . }}
+      {{- end -}}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/profile/templates/authorizationpolicy.ext-auth.yaml b/packs/kubeflow-1.9.1/charts/profile/templates/authorizationpolicy.ext-auth.yaml
new file mode 100644
index 00000000..e3b688cf
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/profile/templates/authorizationpolicy.ext-auth.yaml
@@ -0,0 +1,20 @@
+{{- if and
+  .Values.istioIntegration.enabled
+  .Values.istioIntegration.createExtAuthHttpAuthorizationPolicy
+-}}
+
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  labels:
+    {{- include "profile.labels" . | nindent 4 }}
+  name: {{ include "profile.authorizationpolicy.name" . }}
+  namespace: {{ .Release.Name }}
+spec:
+  action: CUSTOM
+  provider:
+    name: {{ .Values.istioIntegration.envoyExtAuthzHttpExtensionProviderName }}
+  rules:
+  - {}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/profile/templates/profile.yaml b/packs/kubeflow-1.9.1/charts/profile/templates/profile.yaml
new file mode 100644
index 00000000..19540213
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/profile/templates/profile.yaml
@@ -0,0 +1,21 @@
+apiVersion: kubeflow.org/v1
+kind: Profile
+metadata:
+  labels:
+    {{- include "profile.labels" . | nindent 4 }}
+  name: {{ .Release.Name }}
+spec:
+  {{- with .Values.owner }}
+  owner:
+    {{- toYaml . | nindent 4}}
+  {{- end }}
+
+  {{- with .Values.resourceQuotaSpec }}
+  resourceQuotaSpec:
+    {{- toYaml . | nindent 4}}
+  {{- end }}
+
+  {{- with .Values.plugins }}
+  plugins:
+    {{- toYaml . | nindent 2 }}
+  {{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/profile/templates/rolebinding.contributor.yaml b/packs/kubeflow-1.9.1/charts/profile/templates/rolebinding.contributor.yaml
new file mode 100644
index 00000000..892fe532
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/profile/templates/rolebinding.contributor.yaml
@@ -0,0 +1,26 @@
+{{ $namespace := .Release.Name }}
+{{ $role := "edit" }}
+{{ $clusterRoleName := "kubeflow-edit" }}
+
+{{- range $i, $contributor := .Values.contributors }}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    {{- include "profile.labels" $ | nindent 4 }}
+  annotations:
+    role: {{ $role }}
+    user: {{ $contributor }}
+  name: {{ include "profile.parseUserEmail" $contributor }}
+  namespace: {{ $namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ $clusterRoleName }}
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: User
+  name: {{ $contributor }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/charts/profile/values_lint.yaml b/packs/kubeflow-1.9.1/charts/profile/values_lint.yaml
new file mode 100644
index 00000000..426cb137
--- /dev/null
+++ b/packs/kubeflow-1.9.1/charts/profile/values_lint.yaml
@@ -0,0 +1,28 @@
+nameOverride: ""
+
+plugins:
+# - kind: AwsIamForServiceAccount
+#   spec:
+#     awsIamRole: arn:aws:iam::account-id:role/s3-reader
+
+owner:
+  # kind: User
+  # name: test-user@kubeflow.org
+
+resourceQuotaSpec:
+  
+istioIntegration:
+  enabled: true
+  createExtAuthHttpAuthorizationPolicy: true
+  envoyExtAuthzHttpExtensionProviderName: oauth2-proxy
+
+auth:
+  userHeaderName: kubeflow-userid
+
+# Currently not used
+# kubeflowClusterRoleNames:
+#   edit: kubeflow-edit
+#   view: kubeflow-view
+
+contributors:
+# - user@example.com
\ No newline at end of file
diff --git a/packs/kubeflow-1.9.1/logo.png b/packs/kubeflow-1.9.1/logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..f29aa94be98bf28c23b6fd4d91416b6723daaf1b
GIT binary patch
literal 54864
zcmd?R_dnJD|3CgfW+5w)?N|v}3E>EF>=Cld-t!<UqhVzoD|;OzD|>~KQ1-D!!#-xo
zD8lD{cs^gR*Zcb~eCyILob$Nf@3-6acD>!Mx7+<uq_(CqIT<4v1VQ8o6-8YLB3Qxw
zBOwAm(I^;QfFQi54hjm|2n7W;cTYE42WJ}y;!OxjkXCuGP5bPmUNz`0(>mK+e4doi
zOUh22Qtc;Xc?R}l?-q)L>@o4^#+zgngv6}T`o#2hX3VC9@;~tAR_D+w99-EMw8ote
zzj?|X2OQ@F3=;m`718UDy`1ZqlAzl8RNY6Pq%EI*_6PejkI1xxOkVEqMi%>{2ygmD
zqc1_h2018EhHo?xc4@BnI<It&WTXuE<=pIxLfsD3yk$E?7|Gfs*z&il>D%iZyJs;-
z$LyQx*J!8jxmp>B-JRo`i^z9O+8S&ubN@0|mQq^gr*+(+t!ZMkBvt+Z_Bw(q;v!o?
z6!oXq7YofeKPW~G%(EP`cMGA^xD834Go614f4cDd-O0Co=l;J7Pcmqu2(pCgkA(5h
z`G(%<uWyfYY4N~6mmSJqzF0XLnx=(u5)kk_x8p`YKOvy;g+S0Z<Q<Qh2uzu5XnXnB
z+e3yRy-SxH3H`@sn#2b^4j{CH!N)7#zFoX5puN}J-O@6>yyvFn^+@i8qG$cxJjGJr
z7a~hFWku)&_cyn-I1&7W)Lq5M3xWhWasTih7Rvd69}*)G8cM{==SlG?gbp*L8^Mnl
zkV^NE3T`egHm*oW!PDje(#D$2*8yqIri{?gHVmbphaffxp(ua%;q>~fU*O%{spFq(
zvWal~MypvzIuuD*`T5-I=iI5w+OO{Uv83LzJWnEctFFR@u+F%^K%my!!AZb{4&Rc_
zNg{bXN)ZLud8}qa%k^!1+}M;#g-vw%_z185DjtDkV&Ask$;d?MGwUTOyMaunfy^xd
zJg~w4AO7iq#L2T?=q(>6oP(fYVGdvdX-l70)_F|6z%tc7k+7MxpsNOq0D=gaAqa_T
zNj;D)FLzAZ!BQT5Ek|vVS~WkgoH2-}h9Fub1jXMGWo&)@(kM=au`Y&{l&fE2M0~!t
zJfRbUCWY~+ASh&S<x5#cgWiDL&C1L36+BL>M+s@<vPq*5WG`2dO8|vviM4#`ZW0UN
zImTKh7R9hWpo|B*!aaNlPdxgs3Ze0}l174d+epM$2Ez*C{yqd91d&OB1rj`u8@CEI
z{B?D6A|5T~m>oQdn-Fh!^+^|Y;cWYXVbjJ!56j_kjYwz4M@Lsvi&&FJvm&2xA+G%M
zh-c~k?MfIW2U!|FqY9G_w5_`Oz4Ijm5HH{*h*hNYUAuKfi`3dy)6O%5L<8+wcp~v<
zqIz(wFbW9T{*vi0cPlAHWp$V^_*etc@DwpCBK%;hTKpg5q&{lv++R<@Bns|s%!O~a
zAw<uUdB0~+*dVXJ@XsT<-uSUNebJ&sNXb5C8TU`z{PChlE8_FlDb=$b_V|hK9tR;T
zdWXUr5SUhZ^@-SM6B?8A5L})Zf+QUbTI0mAo7Wz`{I73bFaEQ<sN?EiFA;%+QPF4?
zA6|zxwK2Qc*EY^dXU4Iv%Mto1b6(H?wk{$?mN0ck+rIgcWs`tSH2&%F+1Bp15C<{t
z<f4TZdi0E)F||KA*YWBFA+{@oiV)OuSIzv_+_b)I*X$p-BsqoaP>kf=0WOC|wf54I
z{by6VkEjpHA-2yyx(K13n{~adsZq$37D0DIeVa5HrK`iQO7>3@kioGz=WnfHG-S*t
zW?o%Ys~W>Q_58HMvFg{ln?r`TMrqUb#2lRSM>pBi?EB3Z!u@j#Q9k{N#cyT`vBX^7
zz8nt_d%#x!tsyQiO|StCsutoSN+_SN+eEvqiX~>MQp4#cTLCaLt)9E-;dU}Yz20gs
zMxRHLIz4cMAnhSMXfl6~>#KzNs->tITS<5L@kqg5`Z24abb<Z`%TCDzfk;;Tpk(9!
z0$}e9U-1o>%74g~;G12;nj(}~4+kr08=pPDRwE9hE1&Xy^f*J1Co<TC6Wjejw?SQf
zvZWIb$_0qu?&?UE)h;SQb*WyppI0`9B^xG9i(sP0Go?<phIaVB9Dc4fz-*KYYsg8v
zy3r7yBBf{6vTd5u@MWc%l!C6aw3{joP2r8`&U|sN$bCv(f73rTyfXvFc9^X4A_u$V
z&vFq2rwCcl6n5MGzS-QT&huz4AQrn6MSaLvqO=xE^tJHqZX;R&Q80T$HGMg>Lei_T
zoCAOw7&5-j(a_KDvg50?uG(KYV(SMLSBWU=4KUG~bpb=g^6kmft;|1kaDY>vh~sad
z|7R_0Lf?j`8jMz<ZG02L(m%8;oRW!HEgVlcKG=_q{;3l&Q=(?Rq?*p!SivHJ$^Lh(
zgjchVsWha9)eY4cYagGy;S!5sGPBe|S=ZW%|EBNXbwc1dD0XqlSYsNx<6d`1o}J73
zN!J}A)0UR5Pu@-HN50!;D`ipCEs0_U;>GU{n|2yod^lrjjjomWcaWICX-`8bSFO)v
zbJpK?0*k6Z-JK4#*nJ<R+Y+x>;H~_4i`q*-+yQbxYU)ThOgDPU*xPC{oqmgLgXPh9
zfX`ZC&8&9`nn3FJTFRRyoyb?A^^w*E^P4y9sy4kQ_|U`HY;SB4OQn;mesbYI_E4;N
z@N^4f{PI^l?XOmj-^rCciHv{$9QUQg8f&x~sx_y>nnyiPDQOl^(mw}7-rG3;Mfw7=
zElm(r8=%<kQ$WmUG&PaU_T9d}Vn5OJAm$#epxzr8cKmt?0}aji?Xzv(4;Q$%ad=NP
z^#v9mA;S?g;*pieTa%OMS?joZbP*B9-%P1{G0Tu^c2u`4M}x)r%0GJy%%4vEdtVDn
zjaXK_s`_4fAdX*ky%fe=?pODvv<a@pMGlL3UVjG@XJU-}wJ^UfGj|p<CVt4m)E5p>
zXatH3vt#?KSp16jwdf9|-dPu)$D7GWMhEMdI+UwhjKjf{M?l8SQ$`B8RJJ!rnAgUR
zy@03^J1z<KSAEQXIQ11FV_dU(q?%a48Ch04fR;AV7#X-~_YRN@0OK~MK!YW9%~LdM
zl5~rp{6X%g;h^&D1)QVf&YQIx`pcQhAGnB>a5JoaPP{Ya1cD6Y4mit8v&F>+FH3A0
zM<RoLJe5k0l6DHjYsM)lEFF`SMD{4s^7Jt>q1XeD#XWqFGuUT*2&`?XNEEA0JV9zG
zm1KRq6fvHn^!*ryy^iTY<e~qBuC01-Ztwvcfc(SOtKUM*nU2g)YvXcor@!^2P@uv}
zi?=4mIcCM#h<1|&p^r{D%rL<yc$!H(K+DK8okpZ}+W#WAW#z$}2NmxkMGmi+z>I4c
z|9X1O!m0i2s#+>!z0fkMv}fOG^y_Uk+1ivc!|0<_TYlu#`oA1b4!_52!euPJD{G8l
z?aX)gGaJ=NzfoaInVtqX14nEO3*YTp?HbIbKAWYgO68Wa#$^nYUaR^%B{H0Dv_?!!
z2r{P|CIoF~+WcqHb5`Hw67|^^&0d}%7qQu_j%j1qe!X-zY5HNkX6=%|&pC2F@fS#1
zhi_KLs~BHO)zwYK4%9zJ=Xn+ME+9N~Kw{)6YOg1$dl578VOIRsqg?Tt<b3hcFToEm
zSXk)BLj<OLtF<!6^dbIvQT$WJF*t8<D4T-ey0jA5<ZnCq-b$xYtfb_ZnoYVUwS6(b
z?Omo3t<t%`dqk(+MYEV~5F5R$L`W&?dJxHWqD>3<KRHvG@B<*d!Keqv--R<y%AcT+
z0cz2%*@2m@%4fz$qF+?*P>X6Li18(!PgkQiNSUUbvK&rtnWR*G=C6zSf)1s41OJM`
zDwhi%eOqsA)nGeyz<P*M>ED`?e*Ws5ybG+wi$yJ0)ts431dM;BJoNBV-9-^45OGuk
z==Ses0fcy;A>@9*hrmKs2BPK}vtrv1RZ}~C2bSb=4#A(_jz^D|5#=~kh$8SEUJs+w
ztzWunG1^p8otd9ix8+msdu_dbG45!VJ(DW*v*)XBLREwX`g&Uyi910kc)AM;S&4Sj
zy8J-s%w=p}qyN}9Rd_qxOOe^J<_&s;EE%h&;}l#b&yHV<v(&kX%+|&n2^;RFDo=Zz
zd8_Bj*yg(k?ySo%Dm)!jZpac#nCTi>HoO)u5N~-WH(zn5ikGQ*rBDEycYUaiCj4{a
zKVRFmd=#ZV@d9aoDW~JBnU1Z6W%L~<+j9C3man{e2Pj?Qy)K!&bc<oNIUjjiNW_aS
z3GBPJwyYsjE5u5!mF7HOo7$D3v(sr@85=!hp1!3?*;AG;sBuNEgN2O@mm%Tf{=bd3
zrpi+Xd?qAdK~ifu@oO7H;?_It_37nT%8hm(<slkS=R_t&xo59en6`_F@=%<9&%plP
z_m<jAj;NL*)oCH+Y=ci|;Yi&>0+XA@UYGoCUAW6%a>aq|{NJ&{t-Xh4UZt<DDV^dX
z<azBkzpuSy$j~&wq*`S`8HrTE@@sWlRms4D-fb54#zixK*ogml%{5LJvcB1Gd*u0@
zv_3)cG&3`N|IU4KH+1cmsM$4#2ByHMcGaYnyKUo)<!N>1w6yjK=mG?R(K;PMg1&oa
z<W-~iS#;*A-D;kutk$+jM8=}$n1a%SUCk<g{|x`^U;nVycI<FaLn;~;&w0#+-AlPN
zd+X25fVi8d>t$KKi~b@(f=obvL^Ut}&<pA|Q@GmeOlJaEbnU2A@F)Tn?`7)tai;(u
zJ1!LS+Lz=UuAYm(6m9UwPOn0ZD~p{kWnN1H>7Z^?a+EE=TAuzvRy~h}Cc1;Yq16qe
z?iFM=qY{vHwpzl=py4=eb;HKB(LhP_X6*JS>O%?>Ib%_$ps%^`Uf6~fV-L+0jaQ_o
z=FMKx!z*W0>QnKea(nyw=v~p6kHyOy7`LmcND+`8obD9RUlMo9LwjQ2EYmQoIpS;f
z^$v5`nfqFzn_4Oo?k4zZeW}Y=l3IEqV$z#^u{_=Xq~wMWFUdj;fbgZ&)t?3HerEyZ
zJgYYA@*uJ6Tv4ehBdS>VjTL4%QrF2cE}}70;<t6vqubPPm7@;+{vQBq*9Bb9M-;y(
zF~)?vku|yzRF&V!Vp$n6-bcjB*vO*iTKSt2*@;hhF#hEG9#1}w>qBmdxi$H&&6*Xf
z9TcGz9?}dYN9wj@%WxX|3hf3No7Aae@X&aH`5(CdMR8^Z9-QSxJEny`ja#Kz7ZVEO
zKpeQ_E1ta1cOOn4UU{k{V9Yk5f`NQi%61&QW^V!*FEpOR$qLDrK27_&2?L%JcM*pP
zJ?*XWBFtW<k*&(K!|D3V4H?)I75vGMiFzXzw<q@f-&8c|>!)x~;b^hP^L+MxYZ;vW
z1u|4U0M(=XhPC-wtYFP@1jn4G`PRI~D|S*gRO0AZo|ubOm8~X=b2$tjx1`b1|3FxR
zdMc_H>8KQW6vdk_UOW&-ra_L1LJ&lZ@}pb@W3k2h9!}g8r|Y@Lm2D4pnp#XO`Hj$`
zU6^+?#v-X(p270#Y;+p$Aac0L*<5e{zL)2Eu&r&P#&inA2me;h4%L_Kb`gtzLzRMd
zzmD0mJ1E+n;$w{pQJ_MwLhGj5Tn=yERpVS|p2N{_h@ipeh43aZCCohpA#6L+Ts<w;
z_LN5cP})f4z(O?lfyB~7%-$4!Z~`y|OtP|Wd7RJsJ+zG*tA@g-cKC`YGkt&cle46b
zqWM7kwGk#1)I17Q7YXWMGnHmf;%prx{V#oUmS^dXMKqE=8y6)E_4E54A%OjxCgVtM
z3#5!b77Ka)8pyE+FW0zZtCKtNa8`8SUD|w=au>lUtvBfHqLgN)adG&S-^@OSTZXTM
z(g9-NNkX<iZTA1m8<2eym!NYwvoN!lZa6$g7=A*EMXv8q9ml!tjgjix@^wULx|Gwu
zG00Uml}Z7N39bI>NA~~rbUHiMB;FZ!+ZQ<^loNUeyc}#Ujtoc2?g=_5mKJ?+OF&W~
zAS0Vl{2-?e_d^;T96P@C5xe34eR@{h07Hj5NKgqc7j?LoKYFYR&NcSULS(`WhG$*=
zUkC&1{f_^`-x`qM5QgUGVpicuaBtGA<gM{jq$-!(ee{r5fGWBJugRV0Z*7w+lVODg
zC_G4T(eg&WWhS6R#jeRI3Vnot=}Lg=K_ZgfSk7WDz();>NIgIi#p@lfWA+11;afI=
zvmaYrp9Qw%67fM)csj>OHjMfw-t2Bqx^7UY()WCEx9slp{SgIJEDt%GUAd>jfjnY1
zP30cy)Q}5h&B<-Pr91kfW-td|YD9FZKp}hNqdjgNMJI#S;6Zd{;<<QwyDpse^H7&7
zk1`Pr#hIjsp-$*e+XG$t3@pCKS63<VmeM!Xec2pQJ-vVKC2n$)vbFyo-A9cFP#9nL
zFMe^V4~F{kOC_<3TXn-cKf*vGD_FCL3*`^a*YG6?X%dQDOT9BGeTok@r)#EI0-N-!
z4rOS3YAo#tzpBesVa2s&wZOrSr0n>+w;3TA;NQNxx)Pe|lX5^15HiD;F8vyN)Ob6{
z48wr3gkc<5f@&1IYj{m-fozf`_t(bIs}Q{HE|b7g#5o*1X*>e74UlF1U)kq*3yZA0
zr~254R?xp@H7FgSr-J|1#~FomyEsxeKR2#;8kEiI8&`!W6*R<0E@M`x`%!m*%S3Po
zYCVZVANmEK8`Au5gW)1E&dZwLH|t*`tga17EJ{67Y~FbrWSc+gsKQ}fL;oj_#l8e>
zh9G!LLH3`P(CNm|N~i40la6&nJXS$FHSHXI(mf<XC_1^eZY3aP*!B1vpp{(0JnXB;
z#rh;(++h^+tA@`{Y*tixnhEL!Q-35mzah??1ANb$ulKJ)hciMPwUcOvdF4q0MI4&$
z7ypmiYfOJ3Z!X|Y&SGTi6v1IEPX4IX)G+>Bh?tQj#<weZO<vUNH1K~!{vWZY0xPI}
z;h>oR<dBh5XxaPNLgXlYUjfScHYga>-o2J?qW|HcI*w&r&gzcUHv%65g{VK?a!tQ$
zWGRZ^F!o}6W3l3Y`x+T>uGc@H{V1S@V?h|APUzv*^`Squ%_^8p7%Fekw7IT&RFFH;
zes=g<3vDAyDv}qNBERNG>S8mOx?@-8le&wz@QM!yGAig=p;{j@6wLxd4PR<+(xKBQ
zaG}vrES{EG8Oi;s%Ba8yHK(h&y+C@YRXw`t_u7Sx3KwFOqiqYs0jjAgQii%zk=Ab}
zj0@j&r%t!yjN<*MT-`9?T*!rAMd;5RXxFqCuYDs4a8V*3S8-M}BXsd1t)He0iFqO;
zWpI25ctdQWl8X?H$EJXTZrJTv_b%;#$2V~RVS0VPE?AIcmmFcI5|yBGiTQ<@9nYtA
z3RJ{+CehY1W`1)zMhvnJ-Q}MBF07Grv7w!Y7#CkpSzNXoO;a<listi1e%i-6`J;kt
zXJ+X%RnuSuzOL@$M*Q2W?8L(XK6LtwvAa49jhsJbTuHvK(`et+(r;9DIO9#`0QFe@
zFMe^$r2V7zlEkW~*FK_&g4^1U9`ojd8rx9q6*nm)$&n=XwQyBbc~WE!=dtE{|3cRU
zMU<#A?j)|Kl;6n+Ojon^_o0LgZ2SQfA7F}6$ip7suzP9)&GE^Vr%t{T_nHJ#OXMOK
z`WVKWk_-1lfereU%rBkuzm3@h#_JZi;V}K1Y7f%E!O7vqKh;JHvJhbdL+KHJ&w;6K
z@WZHnIu(rvh|`1M3I*T#8g=k*s{$~^lm8EPm#?{aFbCXDbAd&zG`94+4z;2*Imscv
zRijkb)t}8v2Kq)(r+cLMPt`1#SSu8{fIidZ!k=$A{v*ptp`rh6Q~*p&;{6A{+86-B
z8sqoy<bp$E8Nj%jk6G!P9|>K0N)SSs^RxZhgunw`QEu+Cr*Ir9HXb&9l+*tvHK?Ad
zGM%jGdHnV;I8rx5p88Ca3X6ZLrFVedj+^?wM`xHs?Y{r`*o7bxXBO7&6-T+A+d&!_
zNl=f#g!(FY>qt8<mJ39893e0d(0EXeeGHm4{HzH}jl<G*%fEV0N0&Wvp`U91XNq<K
z=%5&zTzcA~tV;)0qA=pe?v1}F%3*G3IK{i4&G6L|XUAVr>vj<V*1!6%EHP&C*0fV8
z)!It@w%Ke>fI;_*%SEvR1|zjKpEg)=01TZGT;f0KxjwYGDV027X6~50))*yXqDYJD
za}J}9*<^p<hwwTli478%c`dn{0Np{z+{0H_`sUUJ@iBEP70x)y+KOK^Ha=GX7j9b0
z@iM&90pc7AQK?gH=DBVrS21JGMgd~jIzX6JV4_ZtoHOQ)L~;IT7mdRI%5n%k{RFi{
zTv6H`Q(GK?3tyvxX_?EzXc~eMeL-?|s>U6phc9^?t9?J33P`Er^NE@~q|i!PgV=vt
zY~WjI=6zZTSjI#OE-L4r2G>g13l2W3fyAFK)qb}K3&VrVEUVC~q@2!pILNYD{mZt3
zW)8Xxk>3<hOHzV5wsAP4jrkR(9kZ2$h(Wnd(angFe+id&1)lowe}!JU;?T3`tEwBs
zXHJ#jbHEwk`Oh*niQWImHA3bUT5|rt)bZOIXB9HZ^g_A`kfGcW_WfnM`MGd%oEnF$
z(Tjo_a=axiG^A>$Sio4m`_-08w}LNf#_K>y{mv)$<zSi6_>aWB2J$Ds6y&largo@v
zkoB8X*eoNrxRqsx@u>k5{)1S0wdoke*Jc$BR(#~3@Dxk>CDq=kE&)a<*2(|rt@RO4
z0N+j`;wttYUmKl(WpS3gP#mJ*Ytk&^tqG3=baCa)jM;fEIuzJsp*ZT%3?@H=ht+P2
z3WwNfoBvUFi6qngySq^$^JH#2i+@EoL5HGPg#fDlVvJ~L=n^}^H7IaEve$D-WL?70
zo)RsI&yWx>;sr}UF~&ksAMP#}v4hx<w8=vF)~6R`>ARks0?Ao$N$7wo3QOjj^~niO
z8ar6NMkjadZlZOHS!tLC2PxEJ1f(6}*})!KXOGbXIC{ZJ*y5kQngZjbLq&s`RC9Ho
z0o5IxWPQp#t4a;U(;IWm(!8i(HFOoaNDQ3JLg(dc##s_3HYA^?W_49<V;@&QM&Du~
zdX+p1G5}lq7Za|2N>jtQD-K#zxNlH+`kG9lg}Kf6MuuTw5$ff<b=b~}9+H*6j&6^L
z098Z;Eo@;k(BTWst{o}?VK;%{JmLS<br7}u6XJdgR+D_azCHw}l-!H0S>Mk}-qftX
z5XUb6X|Ca-!~Tos)_6;cX6lXxB0QcXe*t5GS`&W`YEHwEZ*qxi&L{|~)&Hlpwv8tV
zws-0O2)i(`hu!D`n!<5KTB_7v{&HFv7Z4u5&kZ&rfAualmrh@UQ2>Itp!aW4{HoE7
z4omY1sjC#(&l45V`^S>CNINc4={p2%>>H-G1!(K~@=&LoeoOF1aN(9Q(+WR}V-%2d
zB$!X$N=j+7Di?8Vc}PU)m;}-V1o?ERp<IKuf{qqCXq-7c08JpP|5FlQbC95xKWJ%s
zq^Fag*t9HQd^WN>&y}1=1m!+9Pe$tfQxxOAh@Rps{VOUwF~M~PT*OA8QZ%xU)TTb=
zIxacN&2IY>L2Ot5Pjd|zlFFpE;}A`TtU`Nn(It>b4Ifr%cR!cv%;t##o$Fs-Gdp^~
zlIQ|-OYL==g9D?*J<2%%-3a(U(6!>CizksXvM)MOO`3cR5CW!zV(v2BCDP!0QfxLD
zenA-?hcrYl3bT#ibQT|G%g_moH~R2bNv?w+sJ~DML8fxf44v-D(t0+tJm6Ynf?hu!
zS3QVE^qTn(sQ0Ev?~E?Is}HpYaKY&Goy|BhG-<!C!zT{R%pxmzp4s=??{th`>Zjqa
zCxGg=yb-;%h0l9yojcrRx-HAWF|+RW&FXJds1~FYtN~>nQ+eY&2<Z<3&0}Vq2z==E
z2kz8#XD<c|Zil93ES9u;(uDQoo#;n0zbC3sG?)LkVvcA3LTRR;oI2$N4m-6gJ5V?U
zaO1ZI*3|G9OiKA!Th=XCn-9jBiUit2!%F|oNybpI98}g9Q?a#R;*kRimYSZpySX1M
zZ*f2ij}1}{(rZmIUfcrwyrVRB7wRM;i0oP0=3;A|oOe3vTAa!Zuw-cm2_zyFSuGXi
z*9tS0U3&A~+Y2%Y;F|u18I@5&=L;7@u}ybN8F@g;wg)L&Waw}5m)0J!2j$2@Gy&pV
zT8}#AX!43Ns9~Pp5ps4JZ$-&!FhcQTm+gqOhZ6c7Qv-zPu-AMw5^Cil*&esP3{m=y
z$+Lg#igKVuKyZTxnG8c88i|<`(%Lb;0u(!Rl;Q!V4d7D9*<ApoA{oRv2G=Z81<=w3
zI=!^$AE6%dyngIvO=|d>pKL7=?@EuSH-FHU0k-t4f)2a(ZS&ykCy|yo(6#WYVx@Wl
z=ElSh5d4n){!LNHEUvQAs`#HF2~30jGS7Su2e+Apykwkd|9o5O4Xk037qlYsT$BJj
zS|ZxuVb0x9L4%iGHdleQ^(B2}s*CQ9!Klh{6J_tj&BW1gz+4+B!PcIeq9I|ix9Z&s
zDU%!=RT+ER9$(w_yjoJF-<AC2Wh?cFuZC*;IY=?q!xql+odp@_DQvM3&OZtQjGgZe
zN008BI%5iNT|4z@eZjDqu0{<Fv4efU<-2{N{1PdBCv0q`5`qYg1{S4S^ZS-SPF)&3
z{GL~<IO9tJruXIO<b&Mj87U5}*(||t%6S;s+JB1MI2ZaPr-tVhsWMuPdM-d-8fw}D
zocq7H+KP+s(NaLNc=LTgTvb`koOU46D%>Zuqa;0h!o&-kQJ2s3wqEn+!ZyH|sOigg
z1}{cM?O^K~`9K0Iw}8non0#1nTs3nkl81#c{i-emMHTan^<oEZW-V%HdsKS5+FuGR
zp%}S__Ivez1e`pDqmQ8<ZVC((#OybombKJ3;ZP63>5-KW{;ec%Q#w_Sp6`!8Pb!wo
zDo}$;>et}MT18zg3>0q#u$J5VlWzak&mT2kYD|Q(Hb7^S8P3t;@fBd&4W}lP9w|u@
z$1hGZ+1;oz6-rB^p#)&Y6#Zwk(PwsuBH4Zmro9zx&+Nf4=Oa;nGERk8_Z*_k?@D*2
zX>jm^oQGCB8_6AWk0^O=Xma$>fH`khtU6ABjup#Gs2t!Upq~3+`|-Pt#4;06f7IIC
zUSMpvvp8*OINQa#P2VdgPmO>m2c1k-#Qv{rpq6TzYf&DykSCSlke7z8UO$pbp6%-k
zB+KG0f6>&3!G&Vco)o#!*9R^Djx?IpeMW=7?cUxlsbg6~0%YY{P@J_cWlt@?1Ef+@
z-j!B}^7pjtI7Wy8q0*y@8_cJ~NM*v}?HGN6l=VRCWo%Qv+T8c!<!%x-Pm>r?ezMxK
ztFHZu1OU02!<hU6o7FqiJ)D)78Z}vNO&SA63%ax>m8Qu?3Ni1z>u>>QgUI~9d|%t>
z;StEgjwTe=Kf_6-<rA)nMHt?FV%$b~SALV|WnPR|K0Gv3PMu6V2eLf*7a?T-CD10C
zywR102hQ?&e$${uwLAXYb|>Xk)pbo!r7)AXsjVE;fe{u26Fz;;q@*|hm_?|6;<@d&
zC<%#GUCRiAx&ZB=+!iioRYth^!OBfh2fsL(-BjEh)*iIQW0`5UcYPMZClV1^U8Gh!
z6y{~6Trr^CxqS9S6$yGmW=XdK;)AWh{f6L+Al7ixWp6G7BpD9;06?93-N0Qrc5ANU
z7yrRD4TyBG`N6^|K_G6e>nP(yO<2;iGp?Hs;vQICKF+=-@bJq%8Cl)4jYuY0-J{0*
z&NkJH!_5Wnd?TAu(#1l=Ldu3W!J|Xg-_z}wt_TuF=?x^b%$f!pkL0VVa2Rj8dR=lV
z(i;d>?*jako6Gt6oNne;CA;#GsCpHzsZ^iqPy;OMHZ}atq+_Phr`>gQLjAMTvtFAI
zoy*VTB-Xn39<E=Ywy~v1g{zI`&6=ZNA%gF~(;z|_LvhgUGoHAQf>(H8OL5W+2#X~S
zA+He`lqDJuO$UM#qTLCs@iAoPDj`O&b@#ozR+mEs)Wn#7<r2I-r50q~Vd0U0%>(|k
z&%Tl4zke+0Ie@t|q11U%z_($Fyjc$e$3Rlnr5?8P40fQL$W@pQJdrFu*Te4iP_;OF
zXz&K$wI#6?GDLC0xgpmL7CRqqBRqhWc$gPCC*eYb0j0kFR2(R`gq9zft~5V`g}7K|
zGT>YqTN3n<axaO3jdTHD!tAbJ#8`r2t?l^1y9X~VdH{zFDR-v{NMM`LPJE~PLn2LI
zet#0eBwSqG>55C`rMu?+g#K`hIXd)KEl3@8TWgi{*>45Ja6Ns@+Yk62J&{Mhv2&a0
z>eN)r&3-zK(lF*bj6EJ8LPQPc8x!`VhQam2l@)bbq;-n~{sjFzu}BoJBk<cR^i>pG
z@XyfAnnghwyCNH0fGms#FjH9<Kcj2wEy8c*^swNoHqfmYrn9M!IBhEwa2<ut6I9O_
z%=dBQ;w65*F)X{#xY@z}qUUzZ`XYuaIq6qVzu7u5m%>q)XY93Vu;+XO8NKA!-e*Mw
z4yN2uO>?HV;o~V@BWB55dz>H(zu_`}!(M2SHku(8p9hE$=YHbz6#F@xCTZDI+I{)%
z*w^fZ(i&1xuz0+GelG_o+_=z61>b0;{9dW1Y)R*hv!IaZ^Oi#7p2uwvg#7W<U_>}#
zItCVRgUUl1D+LEcg7g}Y0Omn=Q1E7p_qc-tU&RSexa-2}Jw^%()XGxM1^@v!vpF&Q
z47j+*<qVG#$?CGKwarhuEl=6<!6-f&mA9E%E8&n!P|s+0BO8PYNJzu7OTgIrlEFSf
zT3HGg9d2HtUG-@qN;o$i2|f_dsVUuWwY6j98$rL~?kjDIi9YYPE}m!&oMep~A(M@z
z!s59W|85L<ZzB#tpLEoA><`z{4zKgb8pufgyaHALT-KFBciZcn)YNp+@L4Z65;Zvw
znHUE@v6k7**^(Ml%g<egIK$Sf-IH^!O&q~Ouf>ZvsDn;9{4`%JZW{BJ#EWgS0MN08
zGfCJS9hclD*ZoA?Bc_dELmY7t=KRny*<1bM)o}RAg@(^oq9WIh!S}<TyM#tnm8z-w
zAP@U4bI1)z1gj`Z4$1)whA?>;*ZBt2_?e|y-r#j7Co9CWmEu_ZVv^^xB;q)nKE6}{
z6W}r<lafk^q?<{gd!(<EzXf!^?YO^AAF^F7ha)C4MGUKd^3B`>m>X`u-@ZO86LstI
zO4a>%H*;y*A(JZ;`!#PZJwM8=%rl#&i(Y!>K_*4WoMnHkx+REJLBXFLdae1#*b%O*
z5E3@`7qY_=q;W`TnxAwOdcEX*)F%cHCHmwNf1}-Pi^jP7{6pz4cjr*9mTJIdh$sSb
z4?|xRoG75%jE6P2u^iO=;K~mniaSBk0B7(8b%tQO{jjCU2Q24_5VCJ&F29UfBj$U}
zQ9|?S;gy-zOo7Cs#w^L`YtGwzsG@{(B6n9XFF<1$*G?MXhzk#O<nrc>DSNGnIq%pF
z_zi9=y&)FYs#pCp_j(E=FD0={+tp11SZ_~>YAAiuwcnb<j`gN{b7cNL4~`{8Qqn43
z^5$hKn-8o7whtj$7jIeNNZhmY2cMG<_R`Kx>opJC)e`N4!Mgsw)-J5Ph+t%xro8gB
zg)=T$y;s3!Fd8VdVEt@30(!bQF{v=(hMRnvxdPrJ+xh+b`<_rfUdVdQhKDUn;A?l2
z)IhD)_gU}eP@9(L^@b8`<0=e{-hS%u>G8!cw@(>Zkey!Hs4sm4n;3=-V{vwt<RG8#
z6FKU99;sy%8!%L(=#rR&#i*m;MRW{_v6@N7pt%bMJA;YHD~MC-W(%(sA5hnoLsZ?0
zV!zO#5g_=YemP*BYATX{#i*m{go)ud5!*<kBI)9-ZO^vJaK6!g7*$q%SDH9IwglHw
z!$NSMsjizf?@)UiNglRo0wm?1g;B>n*|+7D{dI;CjGihV7=XzrM<lMT5=2+cYf5}-
zwW8;CUvAd)Rj#lU=Yq4{0V9;nY)l?3^uqRMD>Wp6up(~CYh1I0kO~o-wn<de*pp}Y
zI&iZFs31t>OFO;m;g6d&G2=WJtTUo-rgndRKif!|6&73D)^qy<7a@4g&)c8GLQ4~d
z`CZ53Oc~{=PZPpI1lT;{k)mq0IIvXO$7d`i8-#KCCMYr96%}Q9-w%?v*cHIQQ&YBL
z^xi|5r8v3lJF{ifIb4*cF09_Hx!^|GTI+E10F}*t9?(Bq{2Wt#JgIU(+5nT8;~=h4
zb>p{olkLKHJv$s?BjlI;zgGm5NyCD>(roG{mpq(kkz`W&1}1BSppQn1l+^Ra%}Cku
zz4vv$7T4+TBUZEDYk2`gARPXnsp`{ZAgEgF^L*d<e&V&gclsWQjn}_Coe>c1s?!}x
zAj%o0^4#ShK~{Yo+Z}5FB^pkZ*D3u1_Z`Bs$BhxeKqf)fa$s$7ZaDA<#pavFp+zwA
z?5eqJxD#c9EN!`C`%@3p22<y7F`tt1^G0_XbK%=4iJT;qPKxC3NxmzxN0U1&!JK4Z
z-%9ezhW-}U$WkxWtOaGZw4t~t_c`bLU;=J2*piz0y}j<>AL=&*AnRLQX^Y`(D&&bs
zR)qGDyu7ljyO)M)(v&9{2laEvVUnw&J6yyE{uQUrl2DJ}bJ1Qe+fzoN^4}qpgM)c@
zXhq3#GiU*}!y@cmz;!5JR8-6FJX~7wB$@9UA`;xu8KNp=E23h$Gt8wP99W|`L9JNp
z=+ydc%wV>3z=9SRTiK)AxQm*l0IR?pK5r9v^aJ9EUm3kj4vST36njoPM0hy+iEZe_
zfWg8ccDnRwGonJr;V;c8r(yuQ@h}I2s^c*pw)Wv2-d85b6KW%Pc~>I3+&SPpCiE&i
zJO`64xWZiOq}r5T@i#xNhLH^OuvN+E|24$7LW@L>z9010LWC!tllpa0aKZ@O)Zz!E
zv}7rF`$71nr~i-}K#Wuz!+xIK><!MazS`W6G@-Teu%SrTm%Mdu)C#qZEc>ms2rbps
zkyzHRj+tryv<6_L(9|+;0_}zPLpUPblOk4gXP{?OCcx0pM1^)Llz)Zc({F!iDX(BJ
zoc#O>VsUKT|6OSY^6QOHk~m~5*Scjgq;?H+?b%PhuE;?zM}~#PQjnl;hI=4Usd|VQ
zFo<6{)u31R1^8b^<8tWkWxHq2G(_**aT$R5+or*1wAJrz8q7egEO$`VoOau7<~oKL
z^OZI4<t~<V5x>`UC=$pz6`%_dUc3+>I&fjiyKUJ6A;&{PCgr2+l1S83%Y$I+pE0$I
zxmwqLQE8_>$+Ma;<k}D@f8hq%KdZEvz(UR%QNOrDYPakvuyi&)LI`kwnsB}^K2<&Z
zdE?)s)-|^o8}bK0k$U}3I*;93F)6hC-~+)27-e=hX3=4TA_EuV>3A=5V|^9n<+}$S
z5c;A=_){=gFk6Fq=v-n%&&yr5TcR#~$+>mqVCnGGdFwBy>EAS{6~aQr98!>~`8ll!
zS}4T%{Y}yPJRYpz^wNK(NySXd6vD)WvHX#`CU>Zz5Ot7X*mM;%OZQy&^*?jx=jK{<
zGt%a`vJ03VJW?td16rOfG4Nq#8iHVfkr#Uz1Yg2c<B{pWBy=HeYq5E`oXnSqDzPG#
z-~xRi&`#3o)tjalh%x;CWL@d|AnR827s!V2wi<tv3bO7%DdIsZ7XWHS;*Cr(8s|XN
zNqZ;8qV6hEM`%Z<X)+i&_O+ga(7<3J>)$pP(V#a#5s^0cCY&8ZP=$RHMePKz1g8b5
z#JVo%j>R~}_nmK)0SzG`^9G;ZOmHko+FDAKZUzFJkNE>QpYq|I_~)R|(Hk1pd>;W(
z8NIPhETSfWz9oVP?I{S`yp)Qh2jTyd^wOJ^Ag&E%>WH^a<(QB91ZiHR&~Hj`==i{!
z4AwU&J}}G;C(90~*C6njN2$~A#0pmNMB+o+hJg8yFVLH4f`z*4BoZ4<_ouVBsFZ9$
zQhr8qkBx%r`oy0CHNIsiUTB)p&KAR#x(9+Oq~1~4el|8?M;T{#Y4AB_!DUPwwT%xk
z0)o39+y_d?k^ui#sNj{+@tdMjk|7(0$T&UV?aA0b{6U5Y0<ewO*8O*avMxhx63%X!
zX&;Rm$=_;vNo*<%-k*7#jd!VHXWr(30CAtEHCx^B$MPY#ER7FUtKs(BxX`LX3{SuM
zt@(98oD558J<Q0O1(a`4>a(8+QXk#Yv{$@f$A4losviYY28IwbHrjm0DchB(y<xSC
zaaL|DLv?O$0lDp*6Zd3OP`9^v{wSjgJ|xoZ)15Z_4$nH|-$WwonjN5CiWEcK4{vhS
zN}3uZ#fO?Tap{7U+sHTSX2^4y7-Y0sa|{gV>KCnst2He4hN!o(*Rfjt7%tE$%z6xh
z+4BMons;UL&dA)_#-z^41wE;aCy(kAcp)}_fTnn23R#~|&$Q%jw03`u0L(xM${`<Z
zr^_!LktIi2yio2uKn$A&p}gY@^q~sw1EL_Lt$l|HPX#0NHdeC!z@oLR(5^i$PE_q<
z0N;$~6L7z|r<6u58fW$2@p2VEj<}fB!7a@x+!*fy^g75TR`m1BV-aAMx8d%2@jx9s
zv3U6)lQlOhrM_{1i|7nL@NgzS-MamUxzjf;0-R=4!I`G#bFwidAfnlFaHR%^VWaDO
zGdt=M75F`h*0J&V<=1Ao-&Qh#+)pTQMUJLRmtgTb8(0a>=#m|-DPNpx_0h?Erdmfi
z{#<=HXsIt$<ETO7!--L2j3&6FBRygLZdLu(iL&9t9VJ!=yc~lEEw<qP{W(i0{yYF;
zk-&VP3Nh5&C(YTiziwvc!meXYRFUhO{9?|O`t6N07B^BOS_=5yX?9MQVZ2ec#)I_(
zU|p_*M|t^&xjcM-JIntz188~lIOEdL`f?Q;ZePp$(QjuR4IOw9x#Z=ZM{fCj$9HHU
zkq-bp%vq@5C<<^5>x;(1d#+h|YTBJQyOX`EJPvLs_!Z@zX#P*n>qsFaPD;VQWCd4i
zn-V>EkRtfnJy{F&i;u2e<a7>55Hj$()x#D|0R7P)Hd#Cz{o2^en7`t0D!;`TsQNUH
zg|4tTy2VKZ0jY%JSV=@|_dc%Dk>S_Au8!FP_{h$&>7!dNJ^wpCm`>${PHreY5+ANy
zCq8g(Mr5FG;o1xlG})Y&(G3#g&YQa@QCq{)uO7id1yD-|Uv+Hu7<HgYs$%_s28oP`
zWIo%+xWabjB8a=orac?hb)|vNTUgjgojr8GZS0WCkh50Cd>{H4g^$656mxAVH)VWV
zDyMHyDNO*5;PKj&>kjsL)<kCm`m!gurUsmz@4qxV*r0nyKHS>hHi$Ay?IQdb*E3*C
z?CiLHYU^a&9czAa_Q+ey{?aL<A9<1|i8>%p3lmWAu(BC_jsM(<2c>mf6U1_d0oTR&
z?hjFgmJ%Zt>XOi+cXk_6Bk+4<Hkj?YsIP;BFn>z8gZ$j&JWm7Vwy~Hfk$@L$A?v3~
zBzDSf$3`HCKCswcTt|E8*KM{BlKQ=Co{xONoJRfPY2gB~xoH|cwl<|E%nHlqk$&TJ
znQy`6Ux^F1b#ls_!U?p7xA;wsS1F*LpKX>N2;YQrgfh!A;F75BORYpj^ORo=3KJiB
zHU{(E;YB#dK`z;io@%c2R>|p_IIYS)VT$UJ&O`8k%Se=pc*vOg?lkOm#4G~5K@ykU
zLiD{zhF<;iFPZ!mMgR%e5@Q!(+8ZRpBGU>J04kLGK5VF&nG+ialGva_o>*oj|3a1p
zm+Fp;C6vGabhW|9#YONh6R0|%i01r&OrVek9Vq42WHb)0Ar>f8k5Q(TKW)3jrE?#H
zII8z3pwNGdYejL$#d*)m?g(}kKGg(>HT+Z;0^9DA=4Q^~t>eyzrnlzj`))ggAe2?7
zqrppGE45LLg6m(b;<{f6ATDLa@vme(*2>#f<{e3;;Y#wlA5bqmP?ke@=@6J8hm8Ol
zqI;8iqg+lMBWexyJsf1}al0o`!{xx%229sT?~8(%f#QQKGrG%l0ADqM8!|&znKh{W
zv<C{m-rX4!L&4h|12U%$LQ!-&02Dp>zl<9i(VqbsW_wYWieKm2kf)aXI$-FW#QmC=
zY5Sc+vEO<YD&|xRg=Bt^2x%c{_+4n^lBnf_<$)!PjCb88XZDVe(W31U2Sk|2%2z^+
z1ux3Abli3SW;GJ<HwGp}Z#Xp4_h*N1InGQZOI}i0@YJ2Z;TO@*5Y2Ib@SC2|&3L^~
zGc-(@RDgv#SC@O(^8GO<E9|$Z$Omt3#833i0WspQ=?CsoaFslPd5*jBt0HBD*%EQQ
z39ZB0NY&*Bo7|iHvs=tn02#4+Ia_5;#U}-_B22;cEl7H`C-GHlH^EqaD5!@e+2iLj
zX_nFZ0ASt8(*cU16+gav*rF)iDT!3qPLB#HzI31M@>YNeaFBt8?}s)r&6X8Kg6^Ya
zKD@aORH6IPpc915`eS^G4ANhQ{=VRDqN1zth&Z?unghF72LxPe;ciBE+EKvwddd?a
z2wYYe3~KtOB0os3RP+uNrNU86p-p*hwRBAdpLur+9GaDF1dcc*5=dm|$EqXct5N|N
z*g*aKNYTu;r7okP3sdIMqnw)q&!fTol&xlC`1J!bIm93+ePl|TXqRWC?aIK-=I=D8
z4Xp+1%1A<-PLWwl6HB7?oPS|m5g93BqDdQ%BP(co!+CNZwaG?8=0E<*Wm`9Ok1I0s
z$A)6s5$f{xNYzPBYXD`<tFjZ><3ANL#P_!tXvHXvO0GNFq>)91eS)%W;pdfp#iw%>
z!hLpzD&JS+3|uJ6T1OXU-h#ml_7tyrT_23<c>c2&Q(aq4Ek^e&G_AF5kd;8{aR}3R
zwvp4;{#tYPnt#Q?hxMZ=r}CiSz2>a|8;hwDYmHSn3vPo^^*L$<h|sWXBva?px5&Y$
zpk4AX-oT8Y%qio~5*Ipg(Fqrhi`<u9-JbAmZEu_7>d4LIp&pbIiWvNn#x{g4PFqwd
zc>MzxnISHvD_mr;@jLt=fAP=}%1jv$Vis0|*4q^moHP6~r|`&V&puf0yt1UM3*sko
z^l#?Yf@EtPjJkL6K+!w-D4Q4cxEsV6wBY@ukGw~=<F&YD%-}&J_t7&Lb*bx&`ys1k
zM5TtzfI8+Fr3;c1xFEo+&^z*&-r9v(XMx^#h|?BBg^nK@9Pr*!d%r7=ia6gunpzj!
z(=WGD@z`2Q1rzSM%|3e~P6`&;Nx&2Gu8>s3Z~~UnV)Sv>Dr&zvn&wPK&q^a0R47tg
z&BG-;0RWzxQ`qrC1vD@T6)$G}+2linCn(O9c}(z)9eyUukBBogpK8hiFNQ&u9nZZ%
zI<satD5F3nu}3O;B+AOReaePKJ@lLNUrQPVH8TVWUlwbLV<#l@uf9C;nP$ag?EQw1
zWrV<HJ~&V3dsiC4waL`Wyep)u%gz^5ugC0#O;*W#S*FFkL(9f}YsE5Mnovfk@o_d&
za80JHv6+jRBGtSQ-jt&*cy`3c$vz`cyJ$rOWbesvwPwJm^As%g8lMD`yA$IcAZsP+
zs-ioTm<Qv!p`k*OD99u+lg$=+F3>;|_Y!DC0s)Wd!S;R2+}!T$j2D{;PX-aqMgEQb
z+>z)^Lv;__NA!X(l&`y=exmC57HN7IJ(58fR+3kP0Pl~%-!P)RtWaSrphNPFfQwm?
zx@s>lvWCxe?x0Bryhj9CipzS<cfkl{zKr{<xFZT-R3^-}Qj05BK{punw7U#^q|+tP
zwxG+l^$B3Fszu8qzcM-25v8&B&ZG#~Hh+jX?tR*yjAnMVuDhWNaQQfoaIo9GZT29y
zzt=OAs1ZkhCqLlM>Z*IoH71PZGyZp1PiA@Qs-172>YATiM)l5|zLHzD2Ja$QCG)=}
zE?c_)N$d&Ca`~yI!?wd#gSTSBx9H%v%piq?T*e8TdA<+t7?hb=Rz~N;KL<x}VCi{r
zZw<pQY{=}P_F5xC!&s!9FVf2`rOQ6D2zU-7`}Wr|N*a9NR<w1zRhkf?Osq?M7)xcG
zg51lB>MMwRI9an~OC!$Vp5OYV0R8rfoecXX)UqNvyA*`V$LJ&SLIky0&U}{53qbYo
zCtO)o1Qqd=zNK00sm6D*b*5kO;HEfqQHxmX(*YaKAH}zRl<Jrw)3LSl6t9D+l^&4l
z@tyATR&s@Liz7@}duX19Wo^*vU7^F+`*l1N?=3DfcBfOfNME#L23*FSa_y&XDg{^M
zu?<G6i?ZR0O8)hyg=RCS;8?qtc_oE*r}1IAZn%nNztV}nb<A2#r*@;%d)?D@0%Hbj
zvosO%ad;#4w^s~Lwlg)$ORDP>bs9x%n9tBtnZ;^vQ70#?Sp0;f{>q5tftKCnm0HsG
z8?1^tljHU(0c=v>eK@&!Qp8F8PBq%ldawGaEU#EH@n+hPvqa(-0Y0U>Z<qY8-qgjg
zg2eizUA=%LuRVX_IqBi_5lrW|arL<P=C=MCEE(MFxk9CT6#(J%{{^^D`~;Pv+HAO~
zmG1B-*w8i`7m_oWla-+ob7SF!y8RcaZ@%`$iTtsbkiM(Smw>-^zB#ZKeFXs)aoY@-
z-v5Z$f<-<OZt!n3Q@)^NBMt)cbyne<VRbJrr}tm$P4${AO-@3036H0CPqtD~V&5^T
z!~xoS4}7x(N6vkcvR~=D7K@^KSMT(wYtU!p7HZ{J!R~OZcK2)0jeFh_IQI1er6m+n
zzF*x}N$$xdA&@Qk<4@pm-cJkjx{QU9nGFtvLL|!v<Kg$--=*u9m9M{{%jk3&q`JI9
zqPyaCQXjAJJ?hsJ8tEo**`(q{Z=11sn@>(rbCh#iZxc*>+~#=pp5f0r)WA*vEU4m8
z98&5I!{a;9QG7AiCUZN+c2hoQHEC^U_3ELt4(&Ww4uIAqM=H{*QSfhI@a(&mWk(YM
zY>SoP;Z~+6|Hoz|)x0z9gwaX?*R0Y-+8x>bw<G3N14uT+&I38Gpo->Co1BsPt=}qB
zenwx0?k8qbbo>bWAj;1g@!@9GgJMINnQ73}YLo4wQuNX92yLc$@$o$6r+k~AUlynr
zbk5&6z`OxFVHc(qt`UC%Ue8zL{H=7c;tE}==NCOMg@Z_OW-MjePLM1QZDfL8^*~V@
z)i;WRdY`9EBcBh~oeYhoUYq7{MCQv;8`R`*LAl|AqCr(v6>|X|j}j<@yT?_UAO2k|
z%|>E*P((k5^FqiUmU#8EqgdFZnBOz+xKKXFUJ0_YL8NL*Zkx@>Jgp)Eu6`%wdtz^8
zwiJNydl$2tCK>uU0d?Hf9ez87Ou?U;u+`0GmOz5}4z=HeO@&^Z<lAgcvdg#-Z?0>>
zqL-dUNu%~U=q1pp&(=DqQ0c!f0}8)U0J!CFe0UH`0ImTmehJEJ{$w11hgz^LMc_eE
z=EbJ04i&vKS)&p|o*Ii$hK5C2*K1gRdgNaxcEM?r{axYioxQ)|WhPzZ5;yL?%jj!*
zOaWcEDCp|gGn2UE`?GU*eCl3mwrx=y!jgfN%=vPq47cfcl@RF098wd?R4S?W8Wf8s
zvkkT6)POTa1qNQPDQTPQe!7#wxF#ae66T0F`9^R@K6xiMx=m4jt9OeyhWlw?R=>aG
zSjor4J@oSj^9qlpS0L?9#&Frh<DA=pR{gt=SvHbb*LBacijvvRER`vMjV62u{yDoa
z9S+;(;K8cjc>2CbXa`)w<<%VwU+ahyym!CpcF^Pf3BxxFi&!h0^pD*!_zX=R3W;G~
zl;xYc;%~PNSec1beA?tDagHMFdj*AXj8YN#sP>8{^OGIL)LWOAmI!*KWeg;bzEh5S
zBJJK$C{$B&gRoWWx*4aO>lH(ruiQk=1}p1x6p&Jv^@vG@x)5K{{)}mAS}7Zo8z!0w
zPsOwSpR~5jD&4rOV6yCJ2EQ;lS3-XdkY7kXqvs#*m|g6Z=%1|;W=4Os<7=pvj!Bg9
zQJ=5-%`g(m46^vYBUY7q0^>N^3z{-ZjFXG7Go9ZM)MW=e5!G!)U|=ICxCCvsUOgJD
z9!skdIpGT@pqA|OwZhSE`?R$9ZCwV0A~$kmYQA)RP%*SY?w&5rL=-~d*-}Bnb@la=
zkMAMN%UxcTHol#e<#J#SCqi{v|C=cN5-t4$Mg_0P&0L})sDEY>Yjg?H{(V~_YYKDy
zN2TJ=qNQg$yA|%4=->n*YBB#_``J~3kD&N#S9l)AQuuW2JyKlwzEkp(LfmP?Se>!G
z{oV}OE7c_^bBjN@VfUY)l|e%+VGfKgcK#-NNg$Nt6=}b=`oHq38xR)dA$KmXFa`G_
zAhH)}C)FkFL39Xb^O5Ao$2x6SgPu3Ja*)Fc6c{9K@~!+C{!Oosm`;ZIO!9|L(o%eO
zz3(r8`{D$ckor}0#_hY=;Z9q{{ws2K4I_;>C#;O?d4wa>2PZx9)a?u@8|)(SKVPj0
zB#~Q%;16P}4g6LT=?9s%uNpbG;*KeQIW}>}4FiAv-}Edqo}--b-LQ+i=Ih0C_1$5F
zDT%cyFevx+9b(t-Jn41@*Lb2_8Xnp%5<C#R%#Ibtz@4LQLF&FvDC6I?^PG8o=|E}M
zT|EAr&&81$yxiBOBc_JJIhX4#di5V4v!oQqC5T0fT^!{2fJ^3`={di$V9app&$9zL
z=4(=^8sEV+L1^c4o!sx$Pdlj}*~3uTb+JVUeSgZ-l+|%!l4`$KTNyR%6CkjdZmI`f
z-zDUDD+RoN;bc`z17xZK^*b+{*n?Vc=dg_za+*_QC+*62g4(Adx8^u7;HgNKU*DrW
z;(R#mb6hl%NIkxu=^1Qxpp+kBKGGNUwcH~0_@)CJx2j>enK%kmmpUo<KJH&B1cQQR
zt{(=&LVIHQd_f9_ofsca;dq)Y@~=_5;E{dmQasU|$6O6XRv1gdlC4mJSQxB+N~oKB
zB)K!hzH;LZKnu*GyU-;4%GF1T)Ir*qn(<-N97(sM<{d$5`Ct*NJ0gTKSGUH)VKyX|
z8GnWCoXNs(nZE2Z0!;OBEQL=?i|bk2*i3xemqi-bQMlMp+#S0b&1H11ve$L0cQ^cG
zkQ%Z+FIrV;BhsaPhw#|)%ynKlZJQZY%pd7u*7!I1NyDg6*=*!HiT@N9+C!YY=cK}D
z>tzMgWM%U{9mny;=MX&Cn1k3tZ>MI>B0p#bb4ML}4JJP}C+Qurg7tHf@ATdjq`Te^
z&PYmuE|<ZYer1yA+XR<Ie%}5->kFyOK=0b7OmmLO<#*aQmkWyrlh;HLlGO67sf7M?
zghAaihjzgYXy1g+&!Qt{`;-$B2z<ZR3NKJ`Q%htr9xTfnUQ{T%<ML%RJ`G!BjHrw!
zK5%F1#ylW9h~@kKXW3*;iwvnbehmh$xBfq>&cl)F_x=AQJ2O$r$d*}F_8!Nc*_4@`
ztdNlslF>0v2q!aTWUq{jWFJS4O_}GI;Rwh2-KY2G{rP@=e}LEVx?lHwjmP!8uKVrc
zYKltI&1g?5egY+jlR<`@%KOiJizQ!XuHOj~7?UtYZbOK|#FMADKlIzrr?K;)rw23U
zS|#rFN;HPB9gE<b5fzt_u3CAk(b={$gzPtEoFp47TOV^9b(xP|kv)|b^ifo)%1t4`
zIdGXXU(5%=Yb)p5mzB=m<w;4Os+RErpxotr8(dC-xEuEF&zTHhG~=!Uw^h`H1wyO{
zp~;|9_m6D;Q@8-kz)Q7OQa`K!1@2E{^Vld<L5tqnUp?STTZ6{tf_0b_4b~5`3^epw
z!#k`=tAvpgNo~%Go*(-Mc;eK;IzvoUU5W;Hv>ono?FK))|MCuT*l}t>KtlmNbi&i5
z$+cTF>^YEk?8}G@2DrBt1eKpB@uB4_FnAO7c3dvP3AU@8%Nyt9{!vGSLSD+4zMAum
z2xqZV%WJU1r=QygN!kzPQjTK=MqlgM=iR$kzO5tE)Dr<5nI%H#K9vkX*La)X1NXkD
z(lX9hOYUx0PdqK=6tt_Nfyn3TZ{yWWRs7<}KQlx~d8IY#Xa2Tx9EHUWzTI5?j>RO%
z9{*VXlIq`7D7Qon9%TaSH}Gk6N6g3N5om`TG+|9FVToT}uXZHos4LG)Zh3D372O<j
zf=%uRR&TjPPKVKzqnqBiUY9eEt-K1RBD}GWy_q8HRbJ7M#6_`YvKemI<O#KaC2G+K
z;RA(wz5d+&@QjzqUDmB(*T0!fK8=b+b=Tv(8P{M?67Q;PnmoAAPh07t1|p@CkeO`Y
zt+r{^9=Mkqob#mhvG9OqU!pg!S7&;XFA#@KQ!^LU`}8ebIbQn&S|s+fI%b94Dh5yI
zmmV`<skC);8o>G7VHQ8F{Ngzq43&PsP##)w^<-dbCe!FnTZ%aCv)R9q1V}0BiHTe4
z+pP3mKl9sQ`$*8!(8S4w2>^DlFLi)o9l^q4fLQJqK3S|p9^X?MyV~`2y?_i8@LqgR
z5bE>bf9@nyRo-?>Xx1;8o4*H?Lq)?o)!cd!(~Gyk!ol-BsK7%U?%3QpI!f5Tq8loF
zYZgrT2?V)8FVS=up)cw^SR3O#wlJoYmnmH@MeM_#K25{7lr=p}kI+H}Snr$h6+%j<
zbA~rnz{Yv<cGALr$IpRJA1si4=q)*$BE@8qx@wo#JVX>Y6vRz8h&QUh$Bd?a8dTCp
zR}K;E2o<m8tqon@h*7-X_@N9$wH28!6|&AKZZp)c2;4fiu&WD9%{YgOe`cY6_XyMf
zJnmW4*&pXv%;t6RDM}om7We8Vb-09*YlbCnq%vUV8se!5PNnoi-kY3_>?^*_`!3W+
z9adH;yhn#BbPUD0K6I8tWk$7{@u89Pg2hSq%&nO~rFeNBE0prF9<y`_WQ1V1MAtr>
z=Ep}(Y79?I4x0Rl|2%+rUXAs-x+K#QAJyvI7W}QBo5gDBw!fAq1&n5N6_??S+o(I+
zRzblJRu(ML1PDcSPYp*^obTiIB5~V{Rsqu|4F$yzB5Mhd#e={ktiP{7m5YjRt-=n|
z;oG@Mo(QyXZ&yis13Ck<-|70!AF?ll&5vyf)&sFoETJ{h*#5}hE!exJAXJOUN3o#V
z$g$c^1ymsh*|>^E)Wg%CHUpZlq7{o;4PR58sSh`4NND6kUuXFMUI;z<>sfjkMl0eK
z*Jp{XA?om8bTx)K!zGZ$F>)~Rv6xjoPU$fm?!*5g&zAIoakYGfjx<G{gmY_gQ=fml
z&GA;dt5`BusO<nhc(Wio{X*juwzI^tn-rd9#FT>Lrm)6=nc-xM%$I{YI}H*PIL4S$
zB%L}Am21$b?`i^y+xfO)vjH8{tguq$?QAl8ECE7F#V<Qx_zF=jCxvIyx0kP`2Z4t7
zhUx_N!%#xP0v|f7F;Z@^lWWuNg-;8ocy@??S|z7Pm&?F@uM6&k+P(o~S9JITnQP<a
zZ13gy{Un|1v#R4pldd)VQ9(f{geXf11UEh_Iv=#gbDJ@F<ejfsEI9*z-8hFguV`1X
zC`e9nc`qvAhb|ltMs2y5vY8st#ugNeo0s3fdE&Z2g!C-u4{Ipo*bamP5$kW;$cpQm
zu`N5Do{TXOUCSqo^U~ZxrluyN2~l&+xp<efE2s2?=LRA;(aH07^!G27!m}rr;&`jz
znsii;HGyq76;in}%Yr2}FCXK+fg9;_k=F{qFhV*xPF(rXEzB}mgJ2|18M#w&y;IPc
zh!Hy*^ZKoD#!QWBVHTgnO$$Ju=D+*o>}aRVnXCC6bwla(q&H9N5>*wg1P+X{3odh>
zxlVGG$A~)dJ|OtcBo!9os~W-&Vb8T%yVH-V(DC7-ip5j31S)jST+S_M{q(PA3Qw_f
ze>h^oYKjJTk{WjJ2t1QT%ZuFmCcH(E%scN@-ao)if{p%$>q~nOjJt>`R7HMGsTz6$
zi<;9JIdOL^$1EPy_S^-7e!|k(?jt?bKl9%JTl*a#Ny$l{);j@0gh7dL#yY5`%(XkP
zMvP#kaLe2OGLz666bC=Li0z*FWWtTDk*42_^On!Hpr#qcipt8{(l0LIaTCX%3RB^`
z0m|uxK4`YVfDCJ*dLV()VD6S_|9g;H{({3R;ZozB0y2Ro88c|1tbO*hQ8`HG-l40-
z^SM2TW&D{oEasQnocn}4=c2$CcT-^se>FXNQNV-bQ*gm&QWf>n)j0TW(5jfQ-Npv8
z1klQsE1~OIkH=Pyh98l(kk;e*813YTi8h3VeXyc3JGE7Li47fyP+e_9jF>^{rgVwH
zKRUYY?8~TbF-uV7PXCiGu&gQ0xW{ZKB~_l)u;fEr)YeUWu*F<2F=l3?b1BvgV&5h_
ztIL+sm16y>XNabzVk#H-*xd^vXkooitS&T<Vl~$nf?L}%R`?XNI$FB>A|5fFCd8+a
zf_IwmHAwR>5@9FlG6VUuOGd&QtQ=_H5YZvl^(%(!+({6gsV~ZX&E_rj=!xb!^m+>i
zY*eL@<X~)mAix+gFZWp$oS^o^V0kdxQQrLexJj3li7l>I|A-7`rImk`xyb|(-vXcC
ztJ&tq$P?rKuv#wS1Y-i1n5aEOMm#g-#_J=}qgs`R{`xdoY}&$V?GJMWJqE3)<8=YM
z-Cb;Dsg6igd<w<EH-6$UfkI>AP}-AzKbhL1KGfrfnjSbC&@#WIpm;AKdq#?HeJu|^
z0O8J_K<2stBlIHFsk6x+vZ}Sl{zj!m$*nD4I3mnEif<u`m0<<9HzbO1TLdccM;4kk
zL$1dVXzLVP#I(tb^89^U7rbMuTWwael3U6ckkYyU88gkzaHaT`f#q;xa8VbbiZbdl
z>>_TVm5TKnb>-RckQ3$xVZ&iKg?N42P#S~D%)IEm=DMKVR>0qXf2p7xw)ousSnU~?
zM=2Zj(LWig8-s(gUr{5IhjIj(n2m2VhGN5OkVSDIyyMr6G97O$h2QKX41BSDE8uL|
zvuX`>eTX8xM*hvNV=qMi#P3Ey>+EX+d$~}J_gDNYjch6zv5C|yJSC;~=aMla)Z?bq
z%ipsq%Y;Yt!dm!etnD<El;_DnqI7?~t*@xoCIh$tKCbxk+FHGUD@+a3#av~aZ=!BL
z)<*TmzQ0@Cz=W(2`%AEPA56)GjTM+29|ydh;3^-#p8`0P^%3!cqMNtYyc#W^=^zzm
z-S*dA$T>$sl<3dGA&D4TRXRrO1*?cT{&CEh*`FZlMc|?~dotEND(~85EVPb1`TLMx
zmAm6&a*wY>+k>=$&6M_aGM3Mc%l_7-j1@ai;@R0jUE)erc%y<8zzmDDi6~c>;Iu4n
zSn8`DWgX@1u%8|hHwoGq%Pz?W;PN~&Y-1J>{>$)))Cz4d?=qp_4c0fu2oYZfuRk$6
z)|o0KnCtsXuwr~_gfq7@L=h?w+3sbDN|LaAxdD7^l?6*#A4q@sEP|VYAw_+BYH9^H
zz&l={v(5G9MdBU^(o`z-e7B7k>bHa3Fp-bLUa3m$3Pcs6&>9fZZ)+EqsY66o0J4u9
zwB;-mk&<xQx*12Nmyv6{Stast!;grJ^DOf^a-8(RU43L5g!4^c)+5WFRtBuY+WlVp
zh}NnCo#Gou!q%Nf*UPT?1vKgucmIA{2tV*f14<jIXUjSmF=>%|#t2c9Gqh{5&+aX+
z8}OhhS?N7U);bZ&u{=_GOR1q1@>-mJVmzumFBdFfRu}gX(e|D3lAas)hke&HJf`Fn
zQH4I=_HL;wZ(oTK12$6fmqGfvocSHzS7c)~*&8nQR_9?)KU=!Txx>sZ>z>rwNT9cY
z0lx~V*5dSal&1)({4&xV@%#Oq&D<a3K1Cw;%q=O4y=oL>`wys9W<NG~QXHhy<V4NM
zQsWJThWR%$R@_pzSj-n~Mx*pS=i`i{8xYi@;%v9m!H2p{;|tnKkYOuLldzSis6yWI
zyd>d27he^@i~Ib$G?*qYvJ^KJhP(|+x-4mxo3%~UtQ+*?ixl;eG`eMocneOXH2f*g
z`Y>)K<4S)Vhl)wM>wxF`g0ESJK03N{v_I+wM^j@+=<l6KNEK9=qc3+gVGHi!F%(S^
zoT*dF!WejED|5iw{3LKU^;Ve&p_t^iZN^*hgSFLC@EKXl-O4|`HMleqK6-Jp@j7=)
zM1QB4;`G!g%|qmFP>SV=#9-;+EXcT$QZ!DE-5xr}0Hde6Tcp!qM{S$JyV+~o`9Uu?
zUj!l}e-=YP+`?<pP7+6eD3ca6u-Cst_sQ!xs=q#PbV5~d!zwRMr-$C=1TcZ{8XZ3^
z&Mm63_z;#5BL*zD&KJ{iI`Ys-X^5--#PC^%C3Bfub=VhObDsQUV?^izi1oC1S|;2A
z?*U(_#i?=`mMBpYe*N6MIg|9DN?86Tx4Z|-;C{xQ1&noXC&${TLRI8d)Y%#>OKHIs
zmT~UIj~m|lBcM-J=q#rlD+b{v5AJ2a<}eAOzycRX|8hGRFSO@+MaI(RM6>s!Y+72u
zqD?q#G9a_+%WKia3OoVnPfEkGA!FH65}330p$=i^>P845SOaFWKH*c9k6(z!y5C+H
zJfIsNSyn=9Xof(L&_HkZ1<!VtXy2>CQmr7Er@aRgmD_w-?wi?zGU2_fFES$m=km3O
z;LXBCx2`Q2*hteDsWF1G5l$+@p)68g=2t8Hv+K3pD)XrY@;z9h8RhNZ#y~KIfTNW}
zyIy?E{Nybc2kWJ6JDfbkk%Kva)s4GQ$KPR{51P;xT7CnoVv)nj>Bj2TrSmbCt^OVZ
z@vQt!;@SPGW*)YP<jNsQ2eB0#6IXUtJ4|1BJK*cW41r<I)SYFwoHhE|I4{>m{|8;?
zYdMS`)FsMtxqcq5huekVY#N144p<Fi)g!9&X8Fp0QikmLwbmE3(Em18mCBZH?K>Ob
zzgC9v10r2!dfaY*@xTE??!wD>3E<or3e8j3GM}2Khu!4}K$@_LAFS`~pL!Kt2f&zN
zMUN^Y!~0_zmLeF8uWGqZihbaqFw@^dQ?LFmex&J1d7E|42fbf&4!Prv@vX`h^rCl(
z4gFyX|L~QQNVdYMx@;jPVbdJfj{(4_xf>7e&XUWY{SU;*pZ|x>z1m4&>SQ>WVDeAd
zDrGJ5@nzLm|6-}YzS^XUEQf@%eYzm|YMTAZOAtt?cRS5L1nKNcE{@dw_9ZDDW|U@x
zZ;j<R{a6jF{^8Czp6yWgPbVdBtQL$6t4n-mF-qNTCYy6CmAd)}L*rqynvvnhtRZk2
ztqIlOIt^>^BRx$JjG_m-k1yx(7A`_FjixCIe8v-nGtg8yhTX{xE6&(5@ml9Sytq)o
zeVk~fxBpz<x=mP~>&;mc8RM!9HcA*h*e}m%{;nP!!JVxCv7~DJE)j?{6YT{ti_yRB
zv~@sw<Np$0LNgRRyG1!X=#uc5wlLHAvh7(~IBtEJ=T!WIZD2OFt#Mxr-Eklqzw~#q
z_)vuhOcWtsufdI8ZBH#47FB<WnXY~p3i`q)!IVa`=-u#!=VwLFvaf+H=zzFcZNj`R
zU{0_8Lf@jPK4Wled#9qmXlkplRL39|fSWvoUkt=bpE+#nC&W^u$@h^mlYi1)g>ZSr
z>+3G1{P7d6t4FMNgpy4~Ws5?zl;?lud>Wezb0<<F6tkT$g@r@eImDOWKTD_BN){LA
zsd)GrEV`ae;8iyLlUngh;gW(rY}}J7NVG}eCsa8zL|LTtWw?`^eR{Z&yj*3{>8r9m
zm!rsX!?xraP2~iDV-`XRenC;mM3EO-hfd)o!eUuBI9Pwz(cs<`s5<<qnsf7R8|`vt
zTfGcy_O=}?{MI`1xasbdd9dC>Xv+g7<cF(ud&T2TL(U*?bJkT%Hht8l7TV5&opUt5
zJ;<W;z;14a?V6PWnv#pIa>`lECeTjT-nOxE78vHGcZK*h7S7_rv@MO0#%1xLqa6nP
zWDJo%-?o&Fo0RwBqiQ$5uuNUzMzLES2r23pQPgnu(`l0ulfO~}HFOush^JZR%-&0K
zEKtPj2gG3WTMT2w;67%)z__uK>y*uHX%_8?dhQU?Nqp=g6h1nwD)tYf9jXTA?}lQB
z&AjkW6>a711n_8tf8z<ZNPrX!jp6V|nlxL&a|NW2kvE(hAI0$qvGm3;MI6}OKFp|X
zl*o4q=XF~e`zHj)>!xBn_eGB-RxLoBvD}<RzrWnP*;8flyp=8|ni>vozyLwrt79z=
z6~`={Qh_hFNZHGO`VOi@53}8;h89&{w~<y%?e7;g4e*!h4DU(Yxxz3eexQ;gOj}H|
zYu<LfNI<&fFM-n|wqkc1j%wutA&et_FW(*5_AJ+lfU$G1{wxY=)h==b7KZfgks$D`
zt6ZQ0H6T9O3$^1;dV1+4kgEB|pD#2+m>E-Gdp++k?@F(=eN->?j0^|OIUQ{q9_+b+
zNpc{|rEo!%D5k^8WPMIA-=a;6>(>vOT!ltFnJ}Gh@vltu2qR^4KaoHcM|e@tq{J<k
zzR9Iz)>AgXW$jKpjjf0&@9m)$3)hREz&4(_L6{i2)q5MB&&kphg9CoCg7kfalTjew
z^&Sm3<7vW`ulvN<#Kby!A)`SP&cjD3hDd>P(|<`0htt$Qgf%K>iSVf$Dz{meE!WU_
zW9w?=wd$v-HtJ$52s}oiX9o3iuJ8{IyL(LbW?!@G__DDey=pbw?YkhryM2dpd%O$f
zcbL5BV-$$?NC?PC`YbFzRSg#>)40-~MMZ(t+YeO^8kg#!s+PT*n-?%5I6vDQ<Rm1L
zqeCBr2<@f=8UUq^3df?C-*B&TQ`8DLMXDcd3PQGp5K?#BZTzC9oX6cf{m65JHijSj
zfK@lW&z9aLn8Ej=yPCS?Cj}0q;*Vj}m{pOv<}J2zpT|7v9%})1%x_l&f@Q0=?kj@o
z9CH+2o55u{n(T_S=YAPGR%a_b&QE;K0vsgf{lQunZ_u);L3?kwGp^k5*Dq)ePXfz5
z@pS}cIh;l`!SH;}_B7>!WORQ_)#EVxqWo7C_*mh#>nqvF7wG~m2>x?4;AWf&WO|+~
zKDUalb1I;sesq3xJ0@TYKf$MBwpKaUg)pqhiJN$MTY7cw;Z1$t?O}WKf1&oOVU5ec
zA3rCYzb~UPMTp3Q&o5~SxDZqAo2mE|j^h=Xp4FMR-z*QmnbY>uw;75BQ+50|F75;c
z1^(_=&D9(KE^ab*{Z0PAS^#<juL%VryEPj>t=nHlR0PqdwF+Nn1I`+5Sq~juE_2&E
zp_Mu<h~>PW(vZXZ_XF=PIFDYxj!e3&_Co(@(aht<T%B7e%-pq<dDb7o9*EQ<e(KmK
z)*$-=Y_osh^b%x%WQMv#RPa>*I@$tp>>Q(*QhvkUneuKxUcgRSYgRO_(DcXfg;nYh
z15lJ?4_=XwD2UL$L`UObvZ<JS^qnK=t4&}@?e@9HSl#A;5nV(A)fF(WQ45yCncyWq
zl@OI9esDVZiE9%@WBx7Fp1DZSRj;PVZndyc9}jXll7MPqFRvR&SRl*>+Wjd10!4Lt
zx~z%7XUz%_TA#aL85D}9P(*PYgxoE{ql|nv_%U|KiI6RYmr*&Q?+-e0exrVk!r8u=
zmA`a;`~!7wl2e3i@4W+~zi$7F)+&QEQr*+Tzt6O3()wIWrIx}x7^}%qVI=3n?57FD
zC}b)4o;LY=X8*&AiRG1TWb%^Emu~rGi~nk=gYI!#jjkR}LW@#faG~Hn;%E24mQf=c
z3_!`7UvgshNKLd?=n}N}uwaL)<Gv;)MCJ~Y;9Dp3?V7&6jvO3L?xKn<!-OiEe>LzE
zskvM)vJG$kOV`_0P2*7N)hDV@Fa}yG)gWWr^Q`Ju-ttZR`veP$vHoF&ptxuajWt9O
z31FJckP0s<)d5q6)tp+f*)?7E?Xq{Y?H*PceF*ZG!P+rCG-L!w)wnP%VL=#^&W2lA
z!*29tZhlW6(ms6u7B$<iP?6F@^1c|DF9(IFAGRPxC5eiCf@oSQ0kaMb=&i$U<UGv&
z>X=!xary$(PXaQW*T)N`px+p2Hb$b)s40u!G14p}G25;?K!azdpZw4{t3?fYVW<Dl
zx|9VtWA-bLfe|Rx84-I{as1XvZvC!yZ5eOlapA?v!H<G9F=ox4cZ|S49k$%}SuX6t
zI<g+!P7Z68dmEMWS_)}C%5vr|jX$1OhS%LwK0+4C9@{ctr7XyS<?0$+6aC#A?@Aq<
z#>XM<>y`%b<G%L56GoA8`Yr&|i-6Xa1K;56Eu&MaGw-xX36x(HAs3#^GhijQWC}wf
ztiLwWm0hbo6@)OQbh#vMCj-!8Zq93ek6<CVOw#s;vH90Iaih#CIY-tRemBtv8_8QB
zhf&-Y0A51X&vpgX?)AE$4f^dH6^at%Aj%Bbm93JInB~(xo@_-Rom(me^H+!Wp3nHp
zLp*<}Nd!Kghv(%*flc^w(`Fv1BL=u*W82QB{G_xUr~>>+-OB<<l7PXQ*JRwOZ@Aea
zZo`zA`a_LbKGC5*$}Yx^mUwo)@Hv<B?ul!wnfy%nH-5UZ;nN>64b}WJ)2xd#$`PHm
zmf+5bDSZN8W+4S}e<j?VsMv`v=iHzpw~KU*r-EAYc@Qr)o>zw+jYW^uEpimVw0566
zlOHNAMc%`EjzVvrk4|6TBo50My=i5#68f>)w7#!a#O=%A?VLRLL4#m(fy5FJ@|~qo
zJm;sZs!QbKFg^b9X62jy;gQLM_aaWVAu8H9km$MKt~#<qc3-2)6o7Qh=SUD8A>f;B
z1oVFIE{%j}HoLs)DfFC;TLYx@v(b&nyJ+#~;@MC$T&^13dwe9&K@8O<=d6&F6FG%t
zetscwMvkz6HCnnja>?6oSQbzm`g#x>A@usjNq^kLq~?Fx;1(ty$-F(zn}ylqs!Rhx
zE8v!qcYkDwh@;Hs3~1?O{2?Wl<4+->^cuMdw|S-_k(y@5KSId?X;?!V1omk*{4o9z
zQ)d0un*nwhHFu~PQCtwTTykiC*SkUfYazQ8)6fo0(_TZW7u_qp1xXocK<RPQUVsRV
z)2nt7jmm4ca$@*^EDGA%*2`w3H{A;k%fFhC_@}l&CQ;|ZUU)nB7QuWut9NzdMKzlt
zpPg(Iq>9nq`pvsEz|*f|{Q(L<oBsnGfhViU#(0mC<;`1#6lTo#HesD6J`39-rPp%y
ztv&z2<_y@ocG|nY*W)0Af4&GW|46zgxvu<Cr(TO$gL(SNJF)JTAXX6XAR^ALhj{M-
z{;0^Hfhj0fc(@`(tJbz|2RpNv7V%%;OzWbH(A&=l26}pk2;+1pP1Fn>knO!{f-B}e
z&K@dyG-BPDw8oXKML!)KHCGLn1#|Y!ZNitn9tlxB&*cV4q;Au*F<G<x+s7ggC@~S+
zSV0{g<1nw2%HLS>e9@?AY}4cRpj_3!U%3rmYo&hmJ9mRjueb`7-TrcMe{zWDYAoVv
z4VG2vDtLNC&EC0}`&EBlh#KGeGss@oM$=uHb`|-Lab+p79B2O{MRB8R@uCQsDL~5T
z8Yx6|ihFg4hQ2eAvl?|hBIFrl%<AwukLzPNNQmjx6(UCTEZf8f1xxPfL1QNzz3kJz
zq_aDOE}3Vp>x01Imh@u7TkHSTso2teS$@vz-176=_g-Q2$eH`@sc+{7kN)OE+b8kc
zrAk2%2bR%9s!O1_u=@yr7PL;pUcj$wl#CYmv$6N1(gk-*xhvwk*X~Pr(WWHJcppz2
zIRdX3xB_Gz6&E5t{U_&0GIxvn2v@9eC~NJ)+$aOlx2gUf7Zq;;i^2pyTK+9SP)fO&
zNA)InBCgB;5E1XZBjX$ozxq}3Yp>qw*VD^`xFHO}34CJft}^jgGDs5R;WNueqcfMS
z5wo*P%vZiD?mL*nir)PRx9%yqQTCU--}Vw>K5>|Bevf}XTY{9Q6;P;=Lt_yWt0Zp=
zLB5nK3jK5Xi6-;JcT6ro@IjaTe|0fBQj8ln-SXf)>WkGO6}qZ{zjHCamDm)v2#$G+
zAK|MV0L$NjsQrol&Vse`z38DusB|VGd6u&BQoMgYkM${a$i5~Ns5QHo9T<hz>|luv
zf0w>|_~~OHz!<vlG(NxDl7<39#r<dSts6EmV%r^e7`Ay^fA*oR-0*>vTloZour>ph
z)#5odoJQ{6S;$It7j5MfDt=~T@#32&z$<!K`-~QFzc!+W1Nst1%ed5p{YPm*EYBL~
zDf1i?GiDaZS?p0G+&Cie`27|`R)@Nc7O4Jaw*!`#Y#^X&kll*5vesdslc@|yh0OEB
zMlt6;{m}u95ibb<B&Q9pHvyQZ1@3Jaa*OYS+g5MO^Hw6_*@75zfArqFB76zzp~y%X
zbWVr)4cj*0MZtFgz*y4LFBh|BCOHG1%im^QRuFLkvi!p6(R?2m=ig&CE%{7v0WU+z
z=N`QE?&TH(_6&8RIj?R!7I-#%J~mlsGRYtuB5;5j=howj`+^Vk#vc#^%5c=!`c@c3
z(le^`bj;H>4uyfu1ubOx_o*a~d@Nx(m;PdGfVe1~ZJRuLU<xLPAgn5xe?gs3m|t;5
z5xxpuH2f!J273ki{W<`AO(ZYCQ{RZ~*-MTWR`A5dl4fCUQbCir<D%*x*y74ShW-+-
zTA~PxDv01cUMM?FY&zMu<wu`N-<==AZ2qUfA_Iu(jd_D-E4L;?nY(5q`S-G2yS=Xx
zE`cnBD0V8huMd^YnQ>YD1y60*M0Zt(!vgXeW4gkJ%jsKs%sb=a)eAv?rA<3r=2#^A
zRWrU^2nXd@;MULZ*~4FfM8yyOe!zi%Vw>j>&bGib5~xbOXc{1Xk$jqrpX9K;@l~q!
zobhDYh^DsaOwOD&<JSsKB|m+$Cu9=&7AlrMDo4=tk7_oH^EN*3?68c<X^3idii5dN
z=Vl*i#jHE%x5YM2uhGwPjUJQb)0E4y==w$MF~7?P|NO?ZE^E%bT(tuj(e<!z_jRG?
z`z5)t!Y7*!&$e9f{xAe3lesRo%KgMP<ZG#_fsJxR*k|gox>?8xY}Mag?@E$(+*D04
z?jxiasy5H}AiqH>m6#jsK3Z}=+u0w6m62R|OD>zX)m*EjPgDIXbnFAGi{!d=+b=%!
z*0SH;b>u$feIOFHlv)ZiLL4t=`DcZ*U@j45ONK`rlNMX!bC1OV&`p5u{G|^LBGuyu
zpw)m-?GEE0l~zQ?RgQb3Ati@|Z1O##Rn?w)IOQ?9BUYqVdvs;%LMs&Lg%sbwVe)@#
z6+m~ncrl2ja_qdmXjpe*d}~!a{@+SNSCMmA=!OYm+++I#m<~5_^M64rZ(X8T^*J}0
zXI>$jXS!A1l=B$gJK9L2qd&{ZYaqWAd|5HQ%Gf1?<(gBTpZd9)$mXK>3;PPCz9)Z~
z#EQ?27l~es*MAk&`n7Z3D5fBpi@>vZ$nY1)pO7MWY81X^%ZPS`YLgLVRmS&jJ+KYA
zQ{z;YU!vfbn4uuR&vc&ikOA9TcWBUBQ6OKpaE|RIT*iqPn{~|y)oMs-%Os29IKwGI
zk_0~MSgBHjd3RCn;8Kc;r^)Ob{tIHuC`=F-(JJ~|5?|rX>H&`UVQK%<VZB<YUEG1i
zWDi&v3-|S{obzcLUbZ7)$KR}#|I{Vks41EmOU6xKz1~eYkx2K>+uL1BtW$W6&>0b4
zHlPW;Sa)WMtuB*4jpPxEkaFv?2SKHGVUvb7F6_1a%0Jx{QFFz-yVHzVeK2#pysFKQ
zS^Yo738-3I4gmnU2?1z=Ix~+DC7cPcewof}ewYhU?SXf@I?A~-8~g=9aQ#2hsh+@w
z8~)tknW0D&ob5=G_-qegZ3X?@hhc%~+g|UzFK2b^?-9oUI79lG$d3Gr6OgMdPSLqZ
z+v9GEH7BxvCJL0G*)r2xcLiS9s%qO}%v2FA4p8o;1ER-L6e0FUgJO34(<f7|QnPa5
z4X2T#JXZGa)-mO&;oNR~ZrB6x?7yml39I)5Lsm1QKSe;yw+N%TP06V3z;Zj#G%ll+
z>4$K$zDYWaPID#$l!sjUJo6mtg=aN+<!8GXu#eqRCH+Xp3kx@ix>IY>*WU*;c&Dxt
zy`X!p1Ns4^zS)WrSRV(ZdjVk;M;w{6{AXynHP@!<)z}T2G`-qCLoRqg4@~!e$s%h$
zEa2x09eY+?<?ZWPS>>Pc6(-%O6n+n*EJ<@PBs!bRVHDA*I&y6N&X2Vnb+~_<h{P5G
z5?*#TpJRInFPP#b`coRItqsGoH7AfJfvAY8e_9h#Cn^jpM)XkwP%%h3YpVR;8dC^}
z|6Grsq+CUGeM-L5-Lg6!)SmR1U=C%k_bYg^G#V@lh;(e4-mxcZhFZZH$7;f%eDsFM
z=JCQ@=BxnBGhUE!a8Tf$9;9YbhxQZ9V!PLFdHkvY8OQv>Ho2}M_>kRH#4W`LAXdDu
zBjXgP4N@%ayx6LDB4u~RZ6F#~zgIsNn{5ZR9<&{7s|o@=o6fE1nx$`{mZu{Q8+XML
zLR!Y@8@x+cUFH{^faYc8SZN)}BD|@>T-nKt&4ER>1I6}zN=Nm7A*;U)*qRpLxOOPz
zhRydES%sRXxTkOH0}BrHhkCctWOb3}`}5258VQ3T<izs1yhUE(Ewf`yGG!(2E{v?(
z<g@9>q;feNQFXImbA0cb%n*78J_+<Pv2~G@R+D=uIFeK_sAxp`J%7Z-R>yQS<gQWI
ze2e*|a2GG{LB5RnNrU_@kaFm6)ZXIvKqPG#8RP3qcu)CHc|wQYm&FIrou01%Eo3!F
zHYnbyd5U0ya5&VK<pzvOUwjsh)fbyBo^oEjtbQW@WURbGYRp+5QxSkExv1zZr1kyN
zj3L4gI`r;y?#_+TSiRi!#hEcBdSBrJ;MYN6^#0|u&5|D_|71qum78QKF7y{2;4@BA
zB(?qJqwjUJ<2e81o8w8>U%t4x=<DDh^(sD0*(ZD`2o|L1I9j07V>UT^W8<GXMR_jd
z*3E>wOn@6z#GAJ}q6o0a<=xRNP?Dj^i!}swiNVuV=tKeK&b7<Ecw(+6gDIKS!Ux`?
zZIaP3z1SFqlWHJ(4x4o!z@5)~fqpG!>Yaz#QvIY$Hh8Nh?r`Sp<Vim+kc0qA5G4b9
zcf5q}Du+KBYFu4@1pUKxsS9znKUzoJck+SSn-@^KqvGAF+WdhNSQwV~;IDWGOi#Pi
z(Og_#A5e}WzA-h@e-V&yIxe~hyvAy(o!OsYy@C|E2@;HLs9M+auG#+bH~tI|_HTdg
z)E|TA_QY|VF*?VzqAXxXTJ~i+|70I0PuE+=|7y{josF^-dPLH@h=st|S$PpVP;^9W
zVhEQ#f~$0XxLXZBI=U34bm5X{eHOm{1LD3b6EWN^>GO(d0|DqtVe}p>G^5cav7$=R
zPxP;p;UNS}cqf)GnE^Xkse)AcKN3H1IO@aNb){%8(n|<~Q_=bsj}iR;C5J<cx$ohc
zn>7d1P5840>g?)LN6k)Fe3DNgnS>x;esvWUL1+EFlo|eAglOw*r`z1@<QX3a_E({7
zMl>b&A9-aC7O#J>ID}zm{Qu-;yI5YlD!Oa-C&gXySN*}&PnABZ1!;wlx^X3L-lF1q
z>CJE8OUlBx5-42Z<NcxGITwfCSgBY*ic@Fr1@byr^w(|E=@4OX9A+oKiqM2f+H#KS
zLRfbc?VH>;KX#p3s49!xxi(5O(_Qh3{7RtcVAyjTNMaN<L&Z1SoWZ9FAPktsUFlU+
zq2(hW(#;$ME)K88_?HKc3?=LS+yhE)b*FDPa)n2EwK%@cOG;DVu8&U#;A53nJ2Nml
zbZRb;`z~v7_C21H{OV-SOU8iO?<kt`E<9LkxaX3{qvWXCz3C!jyxXR>?-O_)%HZFH
za9ufiBfN9t=tX~;F+z%u?ME+*Km4$iYDT{i-?WL}<SE;?kG!B0s~4kt{9mU%jB}r+
z=6-!K6$^A|Zo#0Hs)g<}1!M{armKZ;rf0)Ld-5HIlwC!S;#O}GpC%YJ-Qq_pjo4oF
z3c+gyqyC%P)KETvN9y33b<ZMs>T*=C?$n3d;^F|@+WzpL9D$|sHeS9PohjmGfaH6z
z%@jB`3+MJ=fxca!U@(wvdtY+%)Z}sO6ZW^^r!mlm>R1QS|AE^7C4DujQqFQ$xZFYS
zV@rD)6@tc=S(Tpnj$8nUuU$O86Yxce*;>^Var)hcsCh0_88n|fjZ!j7D0DIrl3yDC
z=rx@ozEDwFzTo=atwv{fvz;I_D)Gr%g>gk8%mpal2cIhdZ7NOhQS&_&DK;+YrHP1P
zTjDSq4QXf$gRvVHBuX7E;(0ZQ19WU%Eb-F4Z=2T@Jj97vPQAYgvT-xne~G@Q3G|~H
zOg5<ZMA1Ux<CX_Dw|`6L#UgymwnayWxzjF_yqXXdi_p4kZNLraQE7$Ewe(_xiE?n+
z-@g$*T8atSBl(~4^|Zu5B7_dnQ6{CxXl_MLBp(SuKx}-Hnl>Q^38f=}ziwP1t?g$P
zcUCaC9ov{*8Xz&|EbKRGIaPNXo<{N&^e5uFfj(JWbP$HsNAk(t1kGZv!EW`IKR5GJ
zZF&aEZHHx(ZFVa?Z!Z3J3HF;TM71ieBQNJQ3j2Bdl+-}l*N4+)zr!o>E|>u2bU&~*
z4CwY(vgnqWZF&#Hvktk&T=I?~KQ6zHSVI77ws0KE1X=!3{7-dj%Sh?fPlUX+M5xB2
zIk_dgme09vuY<i$?DWl3QL_k)AoxY0M+Et$2lhP$^8W~Ap5SW#AF<JyEgjy-!PkN>
zv#_7ttqg9)|ChCe3yc>gy@T%G0k1bu(-_{6Rn8k1B~qa43-p@AEPQfIbwA8ba;|cS
zI|qLgY%tl??jV@E_f3})lu4-iWNi7jxWfRE77Nowrsw>*eZPB3f)vcH;T3Kj3lako
zP>!z*2dwWv7b<a}{`xc?=Wx-vePpZ&n&mn={(fP?9T-M7pJtu^V&Z?~Y$q%6K5t{)
zK#ut$D<m7XA`{R&kx;Ak(vksdH=hIO5e53fD$S;GPU|~%4#}Mokw)=o_Q*|R$Nx}a
zHGqx+FubzMoHp*0*!B_nN~0UZ^1u4}_gNr4$!c#H@DcD6B?IuF&Nkx*qRz@F6rK7D
zAe+fLPP<6Bk$j7C^MRhtAG*BQwtqEkSyr&EEk`iJ^^=?5siSwM2E97qPR~Jx3n%c;
z>=?!49|N#GcXa-U64z_px_Rk-jM>|17JNENwT{G(?9T6rsGWY%FY~7m&MD$Du=9K{
zfCa)}dDA(i!4BURz|bCdas*VD$K)I;F~a<{P$V&QTluPzf9GdFc@0jrFQ;GPNj&uU
zI6NRmyr>(plTh&vF7Rh`h96BX?v+RrfT51l^u98GHy!M%UD_bTvlq>^CGQu&(EgpD
z-Un44X>ixG3*^_sepm%#96yGwwSc%V0rZzqKbBP4jcM*dYA9>gR1MlW6y@qn#fZP6
z1)JQTkP>)dt@2{zGKMntrbBK2P~cH9*@f?)PIZ6fXa4x}04!2yh4y*%Q?nwg-RoRQ
zr%5pI;VgH)l&5<LLKuW7LTH9~e3gt(rLZ$g%~gUXaX-4|*_`gAw-JWrcc|EZ$D8)Q
zgsbAMdlehYj&#z#pwr@_b|M~xOU>%iclQ@u8PD-(hN{)C>6qtwK0A-%id6Frexz;E
z36}-(p;|B5tfz4WVdO;UJ;JGqmi#?WA=aH+5AJL3co-P>9my$v*Beh!t4wkSQrU50
zK~TtHf3|rN!M{q^A98=C-f-wyc=Kny8p6UPcTmcFK}ZoocQ|7Z7Te7D3Nx5Y;*_DW
zzjE+C8hCl=@*LhjrCjA;9T0LmeQCoBy@;sb4vV1N|KL8Q&vVHTK{=6nl(Qx{R`xjj
zN(@);z0Llu)9Wwr-N#yqZPDu;VoZXcZy2e4aG6vKI=-V!Q27v(<`V8|*j%doIGz4^
zlwIuHNO=ahPl?>~b6tD}!}S8W0yt4G;+J=E4QPvv0(_<e*)r%UxhTzkuPGO1H~oh)
z`%sG;%!s#B0?D=50G1f4Wbi<m82Hq3P;2MvR0l;A-q@QeCala4xxcDFRLO~A3sVHI
z9)8e&IGf9-q%1=47bjy#pzYTBR<8LCR83I<;B_5_!)JhsQk|MEf~lrBLU8;m7h%^F
zVLDP3lwa=VfpMn2{}Dwq$ObxI2E7|Nk}ID`fiOC@UbEkv3U}kST4~X~m@s}649BHP
zM0oyGosK1p8k9Ypt62-0{NoG2{U8*$bfG2`O5356pFQX7@=BD+cy4iQUsoOH09Gi9
zfS%j=zqFF-t|21DseA4t?1?EwogpF{ByXVEe<ww3bW#ZXpsbM^x}Z2v?0^{BM@FRe
z^Xia)QyTiFp8IT!xRSC#q?_Lf=bf-PuFu>h48&oarK+S0t5x5c23opk-&YQDr&F%#
zga9cuxeE>+9bzM4z@l>%^ny>Q`<=G%45oKYF?bq%pSyV77ob&N=Fm*gou?2+1%!R~
zuZu5%E5A}M8q&VZjE-*_FC=2XPBa2_v-G1=ZTeyDuIbzw5Pmk`uN-K2bXr;JIV%l1
zLDW9f?dN+pfvGi7$QI$2x_wDKtBwh3&=+pe#y>L%eVIa1=YFE2JP#OjEU~roN(vJQ
zOf?wkGJga{LdGv&G=wk8VDbT*`rhPkh;Upe48yiT-L)=EKSF`b!jVdbHs*Fw%&HX1
z{DkfA+6V|@qoKFRi1;3|RT(CEIIKSb-?4>FFKdxE%U>FDKTG2)NaDNS$)c6c>;1w$
zmArQ#gs5eHwDjKegluzD!uc*qj01KDzM*2{lbmfIq)jFNjk^5;pm=2MAOX7uXITv^
zK99l2aDSX3DdZRUZgKPYknz;bbu@uVjW`6iREWCpk8B5%yPoDZ!JqYYPIj}P>-P*o
z-WQB2PC;vhk+Fy_)D92mSc-IDnMUjGAxZJO9`YOvbnpKMU^?_M*F~s-3^|xi47?^n
zQKs<s>(KJ@LmI%nfXpvz-4$y5f{<bV$@YC6;-vL1l<x~LzKykP#@Zex{)X!_(G%*B
z;cXG{B~Lq?#DM;ojVq2UA<R26+7=`t(V_%eQ{5M42l4;%t`p8vu~*OjCiw<C2$BTR
zK(&1OXkm87BDXaWXf{#{?T?><41*9J18j9|zc&i6UnC`Fq05l$IWU1YIwg{kd;?^7
zV3La(?O28(#2C=2cDYZ3l%G6`;4|h|ZnpC#hSYR#DO3x*Ba44;g5861*=1&3=7}8*
zAZ!V{vPdn1i1`ly3BMZuBd(uX@+gS>Li_aHF2Vf<yy_E7<C^ZDy$3_{WXx$^jU^*)
zA>E72BfusYy0{8?U;WL5_fY*Y7Wad+9M*0{mQ{YjvneocZ`$o2r7+|Ioda-3RPs(t
zL2w`aI*@J_GQClKQN?Nj883tWxp|3T`hMpga<xhr3<mWQ4J&8!DL0jM7X4QXQ1Rv>
z2MdQEX$veF>>vBX{gLJ8Yq2*MlqVL;0`NACV7k+mt@;m^D6{5dwg61!n?4*6te_vh
zt*#&p7Rb(6&V}lGeOqS7UX>-dz(GaAi??}$9xTyw>dMa^aXi8-It&c{p5OkGI56Z|
zAKzWZ7sUC}+ndm2=Glqm<pw=(5Dh}`6^VaDt2X_FY7fl!etM79>2ZUJn{!CUnJ9@S
z2=bVmDA>WI!d2`&Rfi~OJ4>#JPw@Y>@Dghb>J6#O*Tk&(cAS_9-rN#93Q*pxS_fg!
zHD53YaSj`dt195<diL~|h%>O2+S-2LrX9uQlj8)?%Fac{T@RNJ%0HxIQ)(^0Q&obR
zn=D;~Z74G{VDqHBa@YjMfja$&F}<2P?D;#GG2$6I<_QfAzd=OY4g85AhUIF|672RT
z)<BWm0P-_f8X^GJbUm75T$2PR4d;LcoY#joz1$fb?y?90Ej`QR+5o_3fPPdmF8enj
zHcej0Fy7rt5yAj|a<98FXG<Gn4t)tF!Kpw%1^mAGW*2aQGPc5sEto##b9PWJ145ao
z9~U5nF9_i@X;~N&R3VVW#y9_mWIa=m-7p5NY^eF=bq;cN`u{&ECx%wDGANzDzV2*N
z*76A=(I3Q11;lp$qACRJv8^Y4J>E>qZn@%<ZhVEZY*wd@*X<I70PUJT*p&XEX#Y_j
z9M0q|ox8cH*97H4j2q8@W*(xEkPxq}^Xj10XJ)AfXFZDZ(&Re&Dgx-uR&zprh+$1&
zV_6_mvOBFQ?S-j@GM$5a&BbL<rP>dXj7_o4O9Z!W#&OVE1$Fo3m07PNo6NpO3njlh
zIy;Lz)G=mChdf>xINl#VU7Qn;&dm_pdpaaGEH?cl!uy9tS=LXa6xju(#3xA^XQgjE
z^lyUcMrUbzpH7LMVPwE}2#Eyg6Q^VT-TT{K6jgS<$FGUNh_n|P6(SM`!56{RVOYsY
zw&!m=R@M+>8}VQS7R`Lgek<yux-b|}jLvuogsBW<V(50e@Zg!SzTIow5kSeEU{jy#
z+}TY(?oQAslUh^qXQ(5Mx#f%noRp-Nbgw2;{5)UQ<_{#7a5C@VM4_EetxWWKIig|>
z(@1&Rw2_)*L`sRrHO`%5%(W}{1?@punjao;nL#gx`0ENu#;w25oOvc+@6ev#-Nybh
zmh|31`FS+na<TKwd3Z;lK1i6vMu7n=u6Dn2{miK#@Sf;39WoZt=hPb+#T_ia;xb-4
zgJa2wiWpf|yh%oId$ecftP9x4kkY5?6cKGU<B(hIR7>qrFijAcw$Hgs)-RgdBDO*A
zG{SuA9B%ofY(kDvNq5r<)(SKc4A^&4M|ZYU0)(L8z8rSV-?5=RvJ~K!COsZmKXpBv
z9XN?^k`5|OKZ7e-I|yj~aw|O>ta@f5u7Z(ne)oLgI-n#;zGQgQnWQD`#y1aC<m^e^
zNw|6dE@_E&=l-qJzCtMVO>%<Zg%(DVh>`EL8_nv<!}6{+zvk1sipal9Fkt^M-C33J
zX!mZ2u=d-j2Qh9wDjQSP3%=km_O_eCI+7nPy*zMq#_y*Geu-I(A|#X*`0)DAmF#KE
zeyh6E8lV;zvPriRPN+=qefoB~=f{@(-;7~yo9D?S#4VcHXS@-)y7Aom98^m)-B8UL
zSy3qpncv@3q!R1{z2^aIQpq20>%1W3^p1f2oYV?edgWoQM!9UNC_qaNyUugGW^i@r
zVIf%~DD+SHvig$F4H#q=U76RtL?=^K(r(pB44qTGN<eRnoOj)w7I)v|>VU(8njJ<x
zgDU-QKE5V~-lS~00DclTpU5rnX;g6RRmktuIiHuhx!mLg<fA<{Fw%UKT|s5-7h`DD
zocvJJ%y25k6bhm{eWt2p+nHzQYbzn*WY#>8l^1mHjXV<lChN&BC^`6ul>1Dfp6xR?
zdMhHqPnP)DVRHTB2JJvA{d59H_azy`8?V5F#dL%1a|%l}w15X`Cg~nf#1LpTh-97E
zC0IzMf+1(N3)AMf<_^Pam6Mcw=p6wx2q9#`c?IQa-9mbwbJ4vYp-HpQ9@m*m5+zWA
zV(G-%RP#}+2Eevy>1D4+Pa4)j=k%Ck^^}8LNs2dBRtDfi6={B$dc9F?cL)d4bg*L+
z24U7^BtR%vHoAio>23j3;Yqp`3Ym+@V#tNt4koK5BDZS_zcTyZcTK{|+RY{_#DLV&
zeOCH$0@&kEPT#!kAF3-Og5lj>>+sN*j&lR#xbziTS#G(NIiBk-8Oo#ut00y9(;AFY
z`MVuf2lhRp2qNpTS4^HHX_TMh_v=BQCG3dqvF&%a$h&LP+R8pAR~f;*JpMvOk7k6#
zki)d<FIt<<!Whvq5V<;Xg63`ocVsqmWqNTUA3Age+kcYH`tW_h+&hxke9!c#xo=*w
zNe!Hnoj3QkOFwJ{2|(1)Xw6XTcoA@v9uTy%@=KcVTx~4UFdKrpQ{b$#WX36pOv(xl
z9#OE@+1r_9G6aTT3QylEYeH?S9jtn9IK&<@XHCgiuf%|R(>Btw*OA+{=EaWN5wgJP
z&6_@818o)&(kHQE2DhKjxr}F8qh>kcP=%qzlbYP_oG4xY@o};X1b<FnxeI-jmvI@S
z1?H!%yn5xBD@A`1!TE=HmLHuh8lPAY3@JgqYPz*JljP4A9MPCD$W2BNJMfHgDjOKB
zyWp>a9(}uV<|{S0`1yHMPQ>e|L?`lD&xJm}`7;2S5iqt5A4b9SCkfmHYNcH>jFsS{
zoMrmhE^dpun%rF)fq_oNXZ?Ub^*%UTFLJ|#{I!nv5Fxb%G;|~c{v)$GfpxRZ;c=~>
zab8_-enu$-lry<l*C-)FrI)_vs`T;rX45|)VS)JeM{33giv;~3$_qth3t$Ae!0mbp
zF4x^!D7Qzx??3P5cu(9C<TIFxwWOBXT|+X8KA+2xCT5BI?bN_|Be&Ng9jL$_Z$6X)
z_azV@yr}O)2d%#i=%H8dpuk--KU9;-{`y{HE-W~>tA$94)mL-QBe4GVCt>sf2Z&&Q
zoRVhxM{{vrB0%5cX2dxFiPr~sZa^cA7?W%zhax3Eaf=DNCw<J9pb!&1oPq;b7gW*U
z^KPgGB{_k-<7yLjY~35^pK_S6V!{W6!b0@m&m!7dfWbQjBfGvYj>Jy_YY;EO85b*(
z-{N0VkOV$E7OSM6Uuy7cR>ozP{pDfshmXCK12u*lU9X<DCW6mi+5S6IVyU7z)aw>b
z__mtokId~R4}hwahElQ57}vZLEDp>lLUMw4__IaE-@IG?z9%9=+~TP2N+q*964BxL
z=;@;1v_1nJb0d&l+|#2aNcIzI$<455du?OF8O(7&(%T#rj(VEQj<J3>^ZmFVl#peY
zzIvdNBdT0vg2!IxMSz;ThTNgP$=f$S;zbGAc{gof3Xf;0WN_u-Kzsz-6KEOG+q+x*
zCRTuHTY39!%#ozAQh4^LOlWt_f;CWX$CL|;dz7VNy*mgZ-$_kHwbr{WHPM(L9MQ57
zzt6U;1X+*ORX&rnn6Sz%B%a9R`&ir-I<*E+6|pxIHLs1chZ00iTy@_K4H(E2F+w;x
zd6pGhQ3NE|u&vzCh%!XT+6+ADVmU$%?mya|lfA_afF2??V9_>^2dvTtwjRMO{&;p0
z0_p-x#HZQQ;;KlPbkLj6%5ucOfq8?A{0OH#SFR+O5!rFalO@>MyRWqIg5yz^+UpTT
zw_ZL5L#^!J8J=Lmf`bJS-oahtsz|Pa*c8jX)109@9<^Z2smg0w@&Vx>IJwQvs_E^7
zO5v{~3_f3&eeZ}`*<7!2v_-V}Ho}_X?7QA*fl3R;VTDi(9eWH5`PP>Sy`-!rn_8Xz
zBbO`eg&>%Zx&<p_Tmz>1T%96>`e=ylON6$Spf&|GeiHtt^AQa{I<~s#vpKF9lzQpb
z!-bE0FM_+$Tq7+f8vH<J(b8jP7K||d@Tp5=L94EH_hg>WF(?|O-Yk_%$Tq7b-qMd%
z_mH5>QE{G^5f0+s<odvJ9k#|lRxH&rK0M_PmI(V3_(yJ*LFu>`l&vX7Yz`A8a0w?W
znS~GP6b4PTO-sc165{zjk;^X$e7;9;G+209NbrliJ*u#$9G>gj$i_QLbN33NTaP5G
zpU-8+x;xJk52<d=40(Rs3X%mJc!MQONXu5lEduO_F1~t1`o})UHu8`Sg-A%u_6ZvS
z#cTPiQ#CK5L3IFJlk%}B6DtP<srRc3A12y>D<}x)3&(^)Uw#xUfCp8dvW*)I_+MUS
zXLqh1fY<YHjSX;a#irC^6fmP8wBQ`i*>W)fRubB+H$RSi@M-r~byqpu+|1JAv+89h
z9B(lPeZ=isaCrS>(b)i;Q`nB;3p}s9@2+dUxWi_T9!>~sqN=wi?m|M%eD(?kg1IBP
zM-tNyizpzMypuPg05g?r4s4%OrvL8yet<`?0@Il^V1z?Xo!=f+fwYhl5ztF8+g&Fq
zGugvj?hd3oEsd+YS5)C=%+U)*E45q>uTf2`wl95`?#&fLmQbc=`QDxz(*hPXu4?3p
z=?Cv8b_wSWE&a0_kiZ08F=?qcrhtTl>jHRn6i1sMGT&B{OP-W@)Z}CjhMsGsmiG62
zY8Btk(TYEn#10>f&~VKTNWW5})&&NSlj(Z*P0dNi2ixg!X2GAEJ@utsW-En3fq;PB
zO;thBdVe{1lF-o}A+{)JJ(0HqWnDE@-(?0n%8}H8ghkrT`X_V!NB1@u2%qdNWf3a2
z!gehb1mxGZFjiwQ`{cIHV>!`1kGk8JCdH|HJ9&K1)5yjNmKKy2uJ?N&4^q@#d{eOS
z<hK?KRs^4&i)z0{*t2&#?0eMHBX*c>rNl~RpCu(lNZuz}VwOh9<c5dp0XxeV>D)fJ
zSX+yvoZPP>h*X<Ivzk7%w6qg(yR?hx9LV%EZ^k$b*>aI2H3YFXfEi$o{t9!_a06V-
z5^d$1^$0%96A%)pk;~VljNQeu9Vvbp79;&)FrVUfWmS}ZWH>{4`^7c?rPr%h3ck5~
z^dvP>vm6?~;k@eyCXhqB2g3`#A=SPViEmScj2WTU$`@@zqD-y@M^xs)gGyJ26d1mf
zmr;bx^zFUM;dw<C7I1p3Tc>19_<%quPvgnB2L>_EwLD64bohS7bn2zj$K;xX%gn)H
zjSKQ<mWFE}l3;3u&D%@2EQx@SOVymo%Hv5{0TCJ4GRxbn-r0f~z(#uCE1caf8U^Nc
zK05UpHgPc4c4lO;-1>IeA%{cklh3<DQIk*wb#T`xpGfe>`!&o-Pb7>EzC1m9<i|6a
zwvyS|m~i3+iXhY~izU~v1*8;KNPEtgu?ZGpBhFt6i3#W>Kl)Xt)H;24gdG1=ZjET)
zoCeT7V&#S=ko(rVZY(6SR`Y+yH8`(U4{#Xgv+{`n;VL0P??O?oyPKOTy<+Gb6E?Wm
zQs<)~uNF?KSZ238X&0mv@r`@2vLWanDF${5`AgthuJ<B}6Z3M-7RL7A>#NP0`5=(U
z%!2R}cJlvM-CO@f88&aAt8`09gD6XhfYKd;z>+H64bsxm0wMxZOE*YKcP%L*olAp&
zL8rnB0xq0;dEfW@Ip<F}{L1Iq-DmE(C$70>=FZWF-zV*vv8fH&0?fW%XhMJ)OA);q
zrT1IQd}XTTHE8LMNw#$7{gMmGC~+asA^C&RWY{7VZvu`9d_%3SZS)Jh@R}ZvIc|p)
zGf>rKmoKmTqsjpY@@cSRH;8R+5{kJ`gSWMz&RQ+K)Sj>mp@piKk&R9R41M&du~fm?
zs}B-Vw-4|&N30(Jq91+Z32kbS0<evo`E7A}=!srF8Y1{fh*5@DigEK1lWY!%m|F6}
zNAe2V1S3LX47}vJXfRpDoqr!&tCWBI#fHE~)^!{>%~U7|+HZ_Wj2b?k6NPDd{7s+%
zt=jJ_N+z_xJ`JM8?AD!jlmmuqDRFK%Z^*s9e|_^6B9gO}hzWSM;GTn2{$r1YW8{MZ
zA~?qNTrKAZd4^dJw$9yMq+KyN7g&V-#Yy$t$DM=~7yzWY4%x*?3aqRy{vn0&1e^UV
zRhw$Ds|O*=0rG}KYcm%<Q94+D(iXhiWO=~!jG^(w$R*?YJu@XUD<_V=SA+TUCU8N2
zI9daFC`NM2F2{z+FLTz38;8ln-b(Ji(8gGLQw%34bnQx8RMBBHfxZXf7)4KZ#sK1N
ziTTM20X0O7)(tluePub<DUl9<T2)aX?ElqyTu5WW5Rh7LbUuB~2ebgY(POH5`f1ZU
zFevrPX2pIMPAI5>6v!fdXXA*^wdEXjXK$R|({ob!v5ZTGZh(NC!q&u0cnXOl7z_&n
zk!PpV;v{_N+j1aQo(QMhUtpQghe;@7xg`qC0(1UH+Cey2p>X71U$T%r^QTxp$Wc|#
zF<anUD0r0lx9Q!?o@W!Qi(e@BNksxvp|?c1Y$qgsKJrlzkFRl3EwaY^*xD1QPhcW2
zkk5quzuiVy%nyTEyQ@6lYB9FH@*=hT0*;YT9P!rqWP%&yT;m6I2`R^3@}u*4w;^z0
zYp(^aGVb7bka782*YB#qPUEqEc(fMe`Sgf;Djd(${hBV`W+R4v5IoPP5U5Vp&%lDf
zEH^ewI|b#z$Qdc&;3y#)Y;j#=ePM`x5*WnX&j0~o!&-C^QATm{G=)N8euho+c&gw#
z5H>tZy|S@bRVu>|4egxc&3Z9D1k7+PSK)|4V;5eF)<kVJ$0Sp=liJlgkY~B?YqIIw
z!Uk9A=SthlcK)ArnD^qS=UCc@2Psnwpm{$L`$b5OfPD%y<3&B@dx6Il;n%0$X<lb`
z{h)2C;_mq;1`Kqe4y$g6hMIu2i8i)7s)YNz4jUD6{VNUxJumnEn`J5f`-8>arTaVz
zoZF+X%bGfY3s~SQ<EA&BmZ%!4Qw%JGj<FtOAK;GUSyd}hteQ%9tU3d$$a?3{D#Z|b
z9VuYPXqpH)aN6;KzEaeNX6;6j{rf^1Wvo_%`>%RC<e5Qe-r=DRz!^4Be`8_ou#YX2
zhk;<h#y2hKuN@dKbI4DlURQE+8yi+x7{d6ET5DqI(W9_fsV3fK3AC5xyZMhoSDQze
zV1Z(tfXq+>pyh;qsckLD3}f+3XuM;Z+*P%LK6v0a{CVYVFP(oilx|`&U%&D~@qzDk
zW`6O0=WUlV$dX+il^}z5tInVy#+JZUjC^iNxaqC6RhOujb8!MTF20GqxPW*Vv6PAc
zS7F(rTJo`KuNsKsP`4w>69Lvw+!TAG{zF{Q({`e^O`hOFN6QNl0y<cmgl(3LsuECg
z*ABGnpGX;BTP(Od%Pt$DOB*=!RupkAEF!$``oQ6ht&bH9%`-I<|5ci71p>*lT<Ug6
z501oWzwR3&vvYz+Pbd6GvItJBx5S@0(MM!)0t(Z~Je0KUJ51}<b9O5ybIKy}-Oin=
zLrS12yE!{@!;ywwR2}a^S3a`^)>Xzwn?=O~{9ylKSZwpegZil3Gib0mFKInsRL(Z2
z6_ZFQk4eqgI1wtzjWgAA|6za;Dc_V@0_19@A2ndk%PWDB>Z}x7tW3_Bz?%67EvCpN
zjPn!RaKCuFqq>k89hxIQ(q2<tJn+SwOzIUg2)g~b$kOHdcgdjE9=f_TW{MOE#SWil
z_wKOCq=7pi_gS-fwJhIL8Vm^a7#neGs_X`rKq`t3<=vwl6&gE7r~KC>P?#n#4th`6
za{1ImIu>)cGkPi+#@KNQ{l*Y4qonR`Lt##$Z<x=RH9JQxZhh8R$yg`%@jS_ON~2#A
z9d5#;Lseo!YE##G!bMikff>gmwK-bWuzqk(2g~EwOSPfyP`9uEG5(8cp_eii|IMO0
z+s{pkzd68gFh+iIPwrJaJ((|N=zQ(NlIKF~GjMD~M+hoEuX*sT0in356>?$NQAIaF
z;SH&Y$qSrty1~^aw2*j4mmtK>+htW?A!uW;N9zN<$_nxDv6j!Dcne24PJKnhgvK`I
z_mXgzO$iL%{jobLLCBYa;sQw&_6+0P6GOu>#d0dt-&X4^=M?(}=t^z03*}o7Is2ae
zywIAs+sb^f?5_mOA1z23H>^d_cR&FA;VW}7QIIk*D6nNn4Kj<&y{ffmM3hJW;ziAY
z!gBJo8U@TYbF}?KtwVRYH9)M$lG2@cF%KS;j{7+d>)X8DV*$Zk#b}1p@QBV6imjAT
z5MTK8Jn#$cA}xM76tx5I!a%uIOXDC$XrCpAzzY|6By~l|f>VHi&YmH;y>bePVPMhi
zJJ5OJTwMK;*Fc$=yzHoZq&fv<0WQSa%WX9to~{URAI?6HeC`x~f(&~TQYAGr4+S(Q
z829HDds82}KeFFf{^+=awFi*+kMsgce{6!GpfPX-BM$G<$H?Krkg6Vf)Ky(LKE(-B
z{N>C&88@BeM!4b|#R|Ihqg;&b+o|$Xns5Hq28MT!8+qK{Cl^qMQ^9c&Ytf)K)|)1$
znL^DaxjnlBr+EiL<<_e(TjAW=n-Hi2@t=y4$HL(Sd7E7Zi4_{iYS>MaPgsP0B?_QN
zPkhnEPFUx(EgO1I@Fcb~g^(IXFAL6_mWTPx&xW;lJ78*a@as9YQ~7!B5h$!a<=o1?
z`JMc9t);G%T?+8^m>Hea&F*jC!klzW&dAtPlQU;17!6M<z~?YY)%pre_Ms#1`GiF9
z0{DqN&r)Wc95r$kDaaXGHy)(k2N5rYr=}NLLsd0c6X;fNx?7pEN|E;6Del6MfzAQR
zA1i0P@^a(B3|ghyU$O<988DCuLNjeIAQXi2F`1rvTTfQmftRv05u9Y!9Vm8tM=G$D
zeIX{W<;$D2FgQH6e<2E<L7n@g`72%r0KKoq*89tUckct+r`fQO=p0#itb8+p%JVlf
zDwZUBu44U^z*WXfj0bFa|NkJbKq$O1Q^=zdu;Ysqb|F)BAEpYsd9k9DF6YWe?7Jrx
zJlwh?Jyr5C1C$Dh3oot|i^t*M<hD|Ff>L&dUDyb~ZlBV!x|)wVKiSaPf;Dj@*`X_!
zJ+^y4a!NSPtt@g=U^+T|M|qqv#{M5vE2OYrLzkbK=zYu&;03m2a`3&DbK+wiWxr&>
znmI81>JjN|-e!Swh~w9?GPEhk1(@nx;$iK@q!9S}!9+AzCxyf0YJNiHuN-opP0ZdL
zz!*z3sMjW6j}Ou^E?s@q&x1e^xD}!D0QCjKVTVxs^d<XJ{F2JE-3FHXLS#T&o?>1V
zAP1K{8-U8`u!;C+Z}|K6b$0aqWEe`qP6SbY5Bf2&g;LO&;KIz4TwH0%Bu~py%tzn+
z4BWvEc@3^qaO_4l)_GyDGATIpgZ^u%Re6GGW?!O=8!Z4{tTwZ(?7;~2mNhIc0r#W=
z^g&Ckynbvuas2tX6d*~(L*Br7DORG}VO<!XM=D@a`W7h$l&qf_;ThUNm7y4|{<DUI
z#$-0nr@h7(pweB`;nD{wblZR{{<vTAZ;*!x2k2LV#HWS)KwGTxl#pZNF!^u8VJAMR
z?3iaSp4*x1bwpZ}#M7bXJ<d+`H2BVl0M0tlf1xkj_7r)Ev7NP_)UA@v)`S6YX?16$
zv|)GsoCId>(@1Jgjc#<e!>N#qYj(^mQ{`oU`_A?6ww~SazlY#ftPztf_x#k+I}rt;
zDtQPxcOnid1jqJP3aL-@&or&99LejSI}c4k%|&8>13+og2CBXGa_+RjbN)UY>?OXZ
zqeD&I1jKX2Leif6aG2OHlj+M6fY2Mbv_)MO&iW{CJrnmEeVAyb43Y;%_AWyb8_5{J
z@|m^`8WpxJ0-%BZ?_$6%X%>5q=XBd&wD*9@`)o~T2F(nbzyr@dT~g2Ag8^C%gu+Ul
zwn2jp7eto>MafNL#*#;oB05iH0fen%lV4~Hf2SiOQ(cO%ek7)F_T*PLp<#6b>Mk&Y
zz4Kck_q9c`N(i{Nwp8lbml_Wcuc5yb>nut9IKHO+u=-za#PF}fu>=O%vmmnWZ^L-+
zjAPWzGx3UQ+X*I;h;2#(a_VoGY5DiRlINuTAGDf^jt4$d&g#zbowClXDzMJhXYhT!
zlSOpjFiI2I9UPbrZW6#`rEoJoclT8w@>Zik@<;AS%D+tr80V1qc(*vu%9NC=6kw>g
zYz4Y(8Ai45+Tu+{;!&YAeC`YDj{NbM-G8sMS)})0%)mC9ts@2#IQmRCS`c06Je!!b
zvQ=+r+_1D$^h5}2O-S@w^u_6m1tQMB0<0)k`QDGrb4*YGc2k0D5mS}-cz7r+4J;#5
zQa!hBGekathRo4s_Ikbh3?@6Y9c<UP{xt$<T7qNe<`D)>izG)lhVG~uT&l<^@y=hN
z&pXx1m2bkW?;eUBOi!G#iHSJlOL;xM23A4Q`%kW*fe>(Z?k&5FLP^UC6aZ6vS5{Cl
zW74nsLx(V)0Z6jl{`Wh7Qo?omuCn4oN{mFvI;Yl%*ltsRgtpI8C@Du1%(Yuf6H9LT
zRQSkpN)$v{Igv_VJr2{hl(-$EQvVwU%w{C~Gr7J4D@KAaeh$Ltg1h~Y|LzDN6nCGf
zP-!zm+CvjwRmi!<(V@QH-`o(X`lx{!I@1~1RsZWTESDW4l~hTcZp?|VAr_LolM5H1
z2`@(Se73+er}4XS`b|Y}vvXEqclB`95=```IBW6~0}=p3twg-{V%CQZoergl657iC
zf!~zySc5Tgl-cjg(Kg!bZuGmx`B8Qo4CMA{Id};39lZnXQx$AFAHjs=OhNdo$>Kbp
z2cYIO9yx{V(aJ1Nl~krOF*jI9sp&*vr)INqsj`5*K0eb7(@%x7!Gz#<>Ct^l$IM&h
z@H8nk<GVH_z+r-jf74__u(B|P7J-uVnMu{~nd5}<CE!8UiXy&d8r%n$&UiHaMX=D^
z6<Buy>IAU@VJn}{9ChX;(5&z+b`l#A-?DEnVPv;(A#0TWGXQM+{Z4N%G&Ghr6QBd}
zyFSo_!d(%Z4tY6HY8}sx@@txL`d4<}kuAoh0Z77B`xgO>2;9`8$6G_O03+zakU@OS
z`@I9TkY>vFxMGq*SAPHKV?B^6{L=ICYvmMjoZ<=D0P(`!pQ4}MfZ|So4Y8DL@VE%y
ziI_<QX3*DiuGsA-R7#yb667i`wXASEBH&lEK&URP5jhQxCVnpppdD(=kXx!EWfoh$
zAfr*rX?@Wy<(iMdPQV)G%-%*yYHTXhLDdFwhPzyqmo1WUQh#x)H1spHHd-3e8@X+<
zy3%uf?Bxbpd%TIAPbhr(yk@_wWYT(vlfMOzHdeLx_}zcBmIkU(aq$gl;NDRS`wAQ7
zuYWcJ1$ptK)<V5SV^|kQ<iA<**Zp6YUOnxmM;#phCnf5OyVv>xR6>3Nwi2XOCctfu
zN{IPL1Q=@88{UGu#EJS08RL3?bP4@3Q)-gy=B2<$>-M9s%~xTZ?hAlQY}^0NYa0?@
zuy5R@Ex&LNV{`9rWZUvAJhftzlBYi_)x)3)%|&UUD?A1NON=Zn?d`*iUbR?{j6q~I
zKyq2~Sv6Sw7Fgsn!ltz+mI|a3CU~UD&G4necHwOCe&nbQVwMN%@|h>^qu$CwGXH6<
zj@bA;KVUtxe!V+<k^b?%6&(c#$plM~2T3R<_<#%!&Pd)>@CLjoK|a;DhbkutV-GD~
z4Cbku%6Jm*B5&mNJD+qfPyrfQVWx?FY8na;KEQ`bX~hw*Mmih?hn+^Ec7hn*-J3Ow
z2a;Xxx*r*G7lP`Z7**HO)*IV>C?^+DsOMQ+=#PIdx9W%r6${2Tw-wKAGjNv_U8&si
z{g59}+IEL``w(3IWnYO#kH!Y4yRg?F{6SW@E}n$S_N(}%2p$#2;Q}+txiv|~VOyQ0
zE1Ao9R8=VR<9ib;bXl1eGQkukY(z~hg;EWLfJLOnqLVo!H-%${Gk1DH4emEDigTRr
zv<(-<d(I47EA3-7{d11|sSnQ5<lxz1vXor9+ul!5*uGrCz$PAOu)Yiej2p-|J#$XA
zcmAp+|F$wUb@Vqw#3t|Q96??WV1jB9V*hkNdF*EZup6)UwkDMPGzf4po(h3E?)F}1
z1l;4?ei@t;mi7kOc4%-TLCH`-MBC$3OULX4@(iq0Z*E|lrn5z)LM=^{FW`^c+VX&Z
z$vEEGE8c<2Br5cL)jp|-Sd!+oCjj|0^mNKWC}|Fk4Wb~P;}U%j7AC%JnL=_SU=YD9
zfV{)w7d_Qx&$4r1w+I?NOwMav&WoTNw;=OIL8|(wU*m%}s66))qS+U;@&Ud;jeN((
z?B=@4gJnB$>ii%-!vA#fkpX{{L0uQDs>nv?An3#VD{{z5A0=}`EGUM87)p;f-MV?u
zOBmK$qX{Osl}Nr1?K~Au_kChD0}&?ttU<Egm_sPdwVex2vduXYkG=r$osR+s{9H!>
zz^M6*azv&D=7V{+A!7A`{{8Af|H+PU#P#_-vzw_I*_&;^ldgd>UdI4l0y}ttgaVts
z{2_szCMZ-G-gcZ=A_{YUQ?oguUH<`LeHZr4Ygy8|pyUp{#nHB<i8!SFH+mW^Vrba;
z8VXDZ6hJAqd=s=VzIa77LUC}MBVj^Y{#G_uN>ehdxb3AQEl&DoL9v;+(Agra?p*`&
z;yY)L9)T}a9!)pbMC?KVoRV+>W@3q3(ws{DxGpl;^7pX|&r7Ke)3g*xvu(S9t2HON
z4FCiuLOc-C6c=hX-DdwyWG;!RFQ9Q^=}=O&QZE@i9K8rMN6g7o&--Wns!cH?zi1(O
z&b(F_!A>^X>MXjhA!4EKjNn(^0^^-e7Yw)^kf(60lc7IhBCjStn=Lf*f~obAR8u0_
zW<$&xz~}GYrrxG%oe$@428VG$#8_>xWTID9p>dT%Tcf!+Th!L4`lAhx#Z3(%`^P3V
z5va`;wLt%ZFrRifOtLPqEe+V>5@Lg}%h|9<p{0ze5<s|{dg@*2|CbA<c?<V7_VQD`
zw?@J_^1$E}7-2-BA`YX-GzAcZ=@ysm@0G88+V^$bHr0N5dA@5YBs2Qi;YX6%5c&`T
z?bgZ}&H1RKR9ngqzBQ=+zH_UZ3|O<K{ZwbS1E9p(v|xU${);LCkUI?@EN#)xk*$0)
z60YNAlI?W#ChPn7`<Ac)@H$d<CkpB!r72MN@nNI1C&4kdf4#e4c*1(I5S8&GQ~9Qe
z!_2cviMgUB>{{?Bv-|PX%tKEhU_4@(nU^!|E_Sqm8&q_$C*j(vwwYXfeD~Gz<eME`
zZ5ka)Y=pY}wh;4q37Zs*7II`O`oQF4(RykE5Yqrb>ihapoc!2?h7dvbEmfu(5Jkh`
z6olu&smDrKtB;=Xa}ax$_Z?kGy`bZr0<8@3crIkogaB#*91JbqEKAK--NkNVGhKvf
zAgt9Za)xt$xLQql_$z9C>Z0p0)mA#+`Y)Qm<32txn_0FU&*(h0`QzjCyAt?VAa2PL
zqui%X50ay3y}L$!>OI0%EAPAXs>k!Z%%1Ims@%APQ7Uilz$v9Hv5^0L#sV9gtGk5Y
zd+TjArv+hj@PTk@MNs{T`QeSI!Q@iCud|++1tsI1Hx!ltN>{*J192^{&j)M-;F+Zn
z$-QzdsFX6TQ~+l$JxW7Ag15^<_E2zlE#7};=yJ!xyT!U3JarIP8_={fe5p(U92Ye&
zon2<w(|(v=x}aYT*!z;_gUDp>$dgGO!tJ*!d++5wpdJ&^4h}RR0XRMPfHz)B`r3b`
z+<|4Tb^lG}uU$;}rPxjCv}l9;G#34p68+9Unv2nA_&rJ>i(tUMx`S_-1LnYf3nC_*
z@oHA<yS{KZ$TMpJdcXW&dk#7Yx+nHu!R;nSyP7{BRx7h`-o?B<;$GhKfJ>>;LfjRi
zBNl26-SK6-0smDr)f25!`~*6Qg()+Q`9d4>%-Y-y2Oo?<ddHAR38@)zV`TQ58!UKz
z<R#^9^ZU>ngyKI&N1_b{pHy{`EBe@J${o^1u+`>O^SyutXBWiH8@dk&FjF(xAP)(^
z^wF5Ro~86dm$Dei@QsMh2p2ssi{HMD+>*w4NlMrvJxV>l$8C5_#FQ`Mm80ZKe|<CI
z8JiNA<ub?X18+N8>c9wEV6IGCUwn|Nc$x?eFPv02b6|Em)E{3rO8ny%HiSu|ehjd>
zPN$9?KeRRxe|><;%8b+b8L||46DUkJ24H9%V~ccgcmdFi5MOs@H<4oxy;&-g@n=da
z_Ke<bC592ho-`JaEzAGm3z!EhZ)k3%!c*W1B1wW=>V*5%?t^J^KK8y>O3}fCH<VT|
zFPg(6jx3a+z<tfzmW#+OI_F<`4gBPhkxp{>lS+EN?Zd*!^(Qd^h#U!nQlU5kl`sga
zL9FP};+WSqnAar!nwL&MIkg-EFo1ihkcL5DaKtr`<%N?);2fdmB!2a6|EV;IEh@i1
zNBT1V-DHzeqJ`XZ*z^gvn6$?RCql9QA@Za~H4!Ri55kA-*vz@M^tL5Bb)oGG(J|#L
z#L?2%fEEyAV0BCTt<(d68)&y0fUp!(%U~bM&p91IF7@44GR)<&4U<WU4n1?9`ZkhG
zpOvma{ivqlpFLT$v=x6R9^^zfx-CY_YM~1wTIlSJxLrH`nM4IW6cMPR^d&SqP8@D`
zl>S{}{Qiz)D2wMbaXqLNcV=uRK^^A}{3kuxSLWH&90Z7Ii9#Ur^=_e^m2Z(<@xZDm
zH<aBcs^?NqLebhQ!~#&JkKxUk{)EVz9Pxa&l;51DNw~8?8auyK21@-7!i`Xqi&*#^
zxI3zwttelx>k{|%vPChsj+r+BCN@&Wpb~{o``@Ymyw|z(bYe->=5v5iSWdFzzp{)@
z&6l36s9MKWjwvtr^Xy9zrLw0!4o~-=K8})y@wLs!lcX+nyt(m>r%&}XBCr{tyqsII
z{`DpE^1SNQnSD?C4Z>DT(^S@Hh!L4V4Ryt@=#+#X-*MimoSnW0!)yQKv%?BMnCKqS
z?}-ZOs|&uEg^#BNNLxT&g}Gne(Zn&+*+>L<H|S?d6ifE*fC(ty<Hyn3^t=0L@BUWK
zXlAI(hKR7bYVP>6m~)1Do0P)OD?hHv^f!nEA8N7A6yx*sSDruh&^MC~2gbuxshnF<
zPJ|Rq1EK-a_7HF${cw8NJ^CjdX-{0IxH$&^JM>O1rmiLFOi}cyk&^A|+~v|Nb7Xv$
zg=c1>{FJqw_9I{Rri)qpw#=IwvT)-|6CS3fC=emwttbF3Ubv|qk0L|P`&8cDomjH|
zJS&+d*ZjYv@B2H&7s}49#vZ3Xu8z4KxZ0J%sxN5o_Q}d`n@Qd#PHo6|_}W@vL8pu_
z_X#inSZ&{t1SijRK}9@V@I-w+I&{U>(F69C2+<Z^BCO8m8(%<YFLqd6L9M#emU<N)
zHxwoz^x_k3&-)ODh|A$-)CCxm02;L{D+$7wt|N*XCAJRaY`Q&sUeINgo=IS<y49mN
zgDu<*eKG14G}Qn%jI~ZGyBUs9K}MYXmeGD-U<<O8`v)bhE;A7spWoIEnd~Bs2(Xot
zNSHr9_WIn6iO0H`GlT}IRRMf*vK>82k2<-n7q!b<slFh+eaC~CRrtj~^}4ut8Kv5W
zo#U@hsyadFB?1wQD*Bq6#iMRoKqBM+boZB6?YV(|52kt5@zWVGTSO%E1P)SB*j|cy
z8p<hp;SB&9)yxXl13o>1UwtI%^iV2qU1w%$e~Ev$U)E$hSBjICcU!s#aulGvc7ipN
zeC+oekYNK8=<F6knKD?WWMEc&o%1(vIucu?kh7K+q6f3~+je4}<n-;oWLr({4kEV9
zM4wu`D#5k6k1s*W7C4}_@?kt9=`JygO!_vxP|_F___z@Kk$)M^f?7|AhjrpSY$tx2
zOe}Y{2KaR?i8_({xjLKqw#XJ&1rc{B9EDe?#zorL81<YZDUH2j3m=3)e1+%@84QQ#
zFtIbs<9hZ*!}OMxgWpn-0L1w6F|W<@&rk;HP}G5(`(zbHKkHnQb+$n7`HKP&hJFx!
zFXPKTsCouBy+_8v=j4fVeV`M!Z8hs0N4)OB_CCFw0<+Y$wqu6rQH@_ZrnJN?$r-ZF
znyeH3zL_zXZltsc6`q)rJ|-4ST3!RGE}N7rt!#zOvXI=Lq6e77dh0%xbl#noX$6Wl
z17$$@_&V|P7ty(D2#xl%4qexYlKs<tjy35HysOZ#q!|<X_HX*6io_4-j?!pu2RueT
z?t%R98=ez$;It~R0D`L0_DX70q34d&v)&^GwcK~C17}DE#NOJvP~hK28I?P28%%9c
zy4B2=sw!(upnd#N0$tt0u4+FZU^7$T-{OweF&irPlas?ke9lr?y7ktHzS+n)kRV?k
zJ-V&*RsCeRc*he9@BZV6F&=G4xynMH%`uCUdZDdv41c~aHoLucUj~VCeheJN?+dA=
zy{I^*R)>!eU<^s7G5?oYW$_s3N*Mtl)P0tc_+@<g%x?SYgjYPZfU1@UJ)Vk6XZ$y;
zSekk;8!|_-!SY4c%D$k4kTem+VgV7`XFJ7UWlgt$_RETZL{<-$@r1(lxia7nSuy9-
z$F;~<5OV10(8WzE+E0WgLa%H|ufnmC2@jCnBYI-`k7__dMGoo{#4H@)%!}AUq-Z>h
zK|;l&SE~<I&IMrYcM1I@inFrhTvHa(Fa^VxZvdH~QJ(E0koXcA#NP$R(OnBHH6_-@
zL_FUAE1JXMf%CPBGGioPOy~vX3?=sME?01FF&z(lqVt>*(bZ7BN-m(x4-rXGF4GA}
zdDT#<+9h|VqwEge!%ea|;9{?V1=*?qzG^-B1y4+fHE@F_rg>AHp2wcS-V<ShDLK#}
zSmuPO8y2`rZjWycC=9AM1$Gw7J^J@E?wMS5o7Y5-9AiJNzTx6GYG&SrReY?iXJo!D
zUi_IoA)%ye@dnA>T@0Ch9i+AsOM1-{?zU639$k*IhaV2zwC@SO{H_Vr>HSMd{QTBR
zm0UWX+rytvkr7fmrKU>C-clA2sUK{bw;2mS%FPDC)DT7iJGhB`u`29?2?3zFJ=kik
zkG?q0QDMq0tz%+L#%IbpYab~;`j&`FZI=t9$>M2sGxzukm&<Gq+M)${+A^<aIOR2B
z2cm-bf+hf(K+)k)@7rLGL_d*<3rL3lmwB^N<lk*P)Z3basjLrjs0>yrVhPNZp$JpT
z*4lwpyd9eY#%M#9`TNdVuaPRC8l;&%8I6U6LK;r=b8mr<wmp!N2|FmhBdnA9Ya@g+
z@K>GmkV8Tt`ndXZ8+(7tBZAZrWkKpmJWW>abNU%nTpqsW^(xp=Eg{DOpGIsfxRTQh
z5FTgE09sJwC}oV0Lf|eJ;iykV*||gS%}PiaA%96;z9}NCJ9T)uPa`(}XyWPRyAr=(
z;{%afxD#wvnGu2hs%+N>(K}GV<(&#@3B8W9;>x}bj%3Wy5f`Wx>Ewc2wQ}iG*5X1p
zavQpgV?aX0y2(S=Fvu`;A3z)mE{S&aw+*GUilD$lxe1gYc~k98d#pIK0F7IW!F!0>
z+P^H%mGH4lRjmW0ZA5W9Z}Br*7pGkAE8t4xh^l7tz5e}8IbK{zt+M)p@MIx8I2v@2
ze51zzYE->5vCiUJRYsJ|SXgH!gdKStgow6_q;&xm{Y3hryN&4EFG31e2p$A+I1D#Q
z2-cj)XW@f*t75GFyrnP#A8S4$v$S31&w4Zrgj+0q7)UJNF{`lmAk9QuK`yv*ma56~
zg5FbLMsOzS!96sm4$jaHJ?xI!OMDyt<?>HNo!w`*utbuj_P#g8sTw|}?KU;|@OfyA
z4P;^=k}okNqoP_k#o5?4hURYDcJ6gbd>(ZfR~)Q(M9v^;ol(d~`384jpB)%%g`ecr
zeu3MyZL>x7t+#6~n1Ao{Bx>92Z9;&e@d2h=_QAO~;DvEZw07C*BnznydG~j%U!wvx
z{3&c_oWs5w<@{H7<=SoM5U3F$;7!7Snk{Q4HH1sPZf+RFx`t6g+8=Bu?mthw1WTt(
zZt;h$*uQSCWVlS&4_QhxDpxgSIm9PH9I&LD@ebk_2*|)Po0qHP=7QoMSmx!o&uV?*
zU_&Q9d@a&h)4EMHlPsf51rGIW=XN&Nc8<dG@^b)^MS7wul9$r20R*o%Z>OnMKUu<D
zS>KD8-%ovh>R`UViO-6gLTs{Gi4!sC40<T4ePH!wj`j<WL8AuKfK`2`{SwhlChqO@
z-sxv6;VX~GO3UZ+&06c&(RlD!{TIPWf^S$>keB?+BM4Mli|>G<ri@_E+7!@@yyelw
zl<+5H=qMHtUr~JPi9B(-1+|+Jr33-^dTk@o)skbAP>Ck%I*6VFG!K5_TQ=X`^D{fw
z!MNfd18(VV3pJhp7)4}Y6{>j9?f+qO-$Bk1Per5IAOQ`OA-|IXGC2g$S+%0)w|&O;
zQiKj*_cwEs+A~;A-l{*Xb(#D2<PJ+TuxOp#Jb$=gag?|ePW7t);W=T<#>0AU=M>f8
zp^G5Ue<QIrDI}ns-^%_#qL~kCmy@J4u;jXc(PzrQK3+B3jiW^Vgi+=Hh1@9r;90aO
z`PjL4;{yZ)_8)oj#~x~#x^CPCXuO=B<d1`@+^UaUospibo?BlZhYu<H(OB%&qiver
z10Udq{zhVo`lSbuay+<aa8B_#611*?Tx0$p*KC&a3@z+xaBdv5h5FFnbczxEhA7VP
zBxzN2I$q*S+MU8CPtV>(;@MRJK0YyU20k%*bFNMVYdtU4Q);%po5f=RxqA+Bo$$5Z
zPpZ!B14MhSSbVd3&~@{RiIUCgbe)rAL@j<{8+-D$8AQh53xGi!RyApX-T6P{=V+dC
zrTi2I!WD3d=0<Xyn%lT!?pz5111owjQ*M<4*R(dk?@CWuXvn>@MtkEJ|AQ*ihYDTC
zryI&2-pRx6H1+xaq35;7v0x!{c59wQ1pUIr2uc<Y@XNyCyu;1oUqEV%_4^~?xrnYh
zw*_k^CrO8&49<5;w=wSsENGWOm_rH06JleTS7ELTpc{E@m1*Ihwop<P2O%a4s2a`J
zNNo_$l}-e;r+&#$d_sid#?a0WZkT|IPKY;^DchXVz=tIiTu?8}Vbej`nGa}Id91^7
zEAKKpz~KiXE@}hbrljz(5MVwo|4gew%!ZzIJ3Qb_jkidwZvW_4U_kFOI`&2&ax>n#
z7nkI+RgD$@gOZw#t~!1DJEr5GdHE=MGV~NY2h0$fKdRYE$i0P;{0j0(;vQGJM$&W!
zjhPE57Vph1me8Rv4L!nIHWJGGkHZ|hI2SYtJ}3n~&oQa|G{+=I^=Lvrs0)whvyCB)
z_FX=Q)C&tOQSiI=Iu{b1ii~B3;=nk1*Kx`DrO*{i!v1A`Rx~k}qQMwVplp>RTM>Ri
ze}@rs1@ha-+`D_YfT*>VDH4?Kwf!#L`8wh^gJNX1X8_A}+EhhIl1UTdbcA&TjAmT;
z=xLv}CI7pJ`ZRn#P#?`k!ty?A(&(TIETmEcs+9^1SBz}@v5)yS0|t)8D5-fh)ya$q
zbeZNj?h`$VRLZ}47QiWW#n!^xPbxGg*+7TfyDUK+gUadnMIUg2)2U|bA<{hCTs^W?
z{M!LDsU{i}n3Tcs8i<^rP5kkXlNxlD@p+d@nTB<C=CPr@;L-EnaO{+Y!&%%HOOj?B
znA(5+R3OLlvI+k4P{O!Q=S>Ks(<b+49)@5*@C2V_=fOUon7^w4b6XyH6S@*>)WQ+h
z(#7c4WVvwG6ut(cusNo?%|!V3s8<Re{;S936%FUK%=;Zr6EOUi4?vD$8(iZ6J1Z+N
zjJyeK>0}aWu&Jl0r4uX{SkY*?$n0&E6t&SAU1DZ!#1FLoeKipFzHsFYIYWodi4sX!
zcDei}HHA{F|9;@MH0-%RNM3|c8=lqls{tZ~8{q!DP(6o^#y7CM4fd-pW9R#Ze~@(a
zvY8Mu9NbY?yyZs`Jpqt|`%We-fE-V*s@3S*b^Cl?=#V9f_627b(gy6Ijr$+03FOb>
zXS>qxS*Eu8^Q6S}RfYj*40ZZsMD3ZHa(JcxyIPssavWWvh)lpH-`vf+)T_iP_nPpE
zAXfwjv9ejZ#{pf2(QaK1hx1M&kA{^ouWPdL57tz~Qa%Y6?%h7r5CddddlK*V8NZ|d
zVL8aCiElXlDkmnP14M^9xBfi|bKszSLi|8%jgBljmVf*7O^A!9(O=_Xvd9~l4?O7M
zI(dU94tumH$eRh8Db)v4nmZPV{}1JX-G7Ybh&QzF4yxw91#yMLU?&Y_3_wtKhl>$=
zf-nhuY?Glse6EwU%OdUJ4}tfc;Mq`XFj71Bbvj7akPCLs5+82bB?&TiYZk}=D0#wj
zjFTH~(0?w|GXO+r)3ts+@Z;)k)OF%-@mFjxhmF`X!B#Wes-a>}=K5G%gdE{z>SZxc
z<TOEFkZ-nuXIn!lJDTG|Bx*#!#w)!Lv}9EWD&ka@3%&gQ^2583K8t4mGOrdjA9CD#
zT|2|$PnT=_VHg1}kB|I^s^)&F2}%?a+wG+2gO$waPWcDq48|AouzpGfimC{|+z0JC
zVbt0bAOi!E8>eQnN8Ta8nl!<60>quOd<O7QQk!tMCNX@SyW8u=mlD3c=q?I-nXt>;
zhYXBeyOTZ&Hs3-E*1UP;pelC;Hyoet8#68RmNR)Q{}*Yyhp1j5r!MN$Bn8)E%Z)~}
zR%z5L)ZKRqusu0ubtmfG)s2M;wpOhv^5aY{q|<rg6=15x0Bynn(a)2>ZAr3!$M76h
z;=OgLKL$Wp$#gwrQsAQoNC4Y{Uu1pHzdr1B=*plj%zY|Ocb1BeH5Q*qy!mNmsUsVc
zEN$e8!R>~s*}O&hNMMJCTs@Az!w>Ef@8$2id<SssfWWojv-s^k1nnbxjQ=gY0x#(F
z=$Ik1xM-Xs>SN-vYg3^nIkvT5ZsC$(i}yW?-fqBzl6r9d{w+FX76PGMg(=8s59-Um
zm!dPvDlJ<7SAzv^m@(t~j1nWSDC6Ma4mW<leqem|LcQ8l;y*p6Aw(J}f?$)n#+}xx
ziM){~&z+-0-Hics`uQBG<x{D;$u#?_y!H#51Lp-6#=^1KjRFj}bz3yubg)u-h}h2`
zaEo)7^@YCa049^%T=F2`|9vB=db~Q#GUK>4bCH0ta$_FbKy)0$?I9AMKipgix(R;Q
zSCJAV^CSBYg%9;E*%Qy*tuMPSHs}Q8pV9mM2_g*r@*{$!y_K)L@s}w{=Yf?1c?8_l
zyF7xPS7gOLW-Q0U1AyMZX9kR9SbM>PvblrF1h%%sbwUh@FucIJZWrVC()Y*?rn?t^
z60qXZ4`1#ZsY+WNoxKS$F*K$xDO%U0!~q`3(&hvTHZuQU<O0M5r8!#3zo~#EcxxW(
z3;&FRd9h-d<-deo-N27x6@0m1rp6wl=6pI}-zG!By}Ko2YdT#v*ji(sRU0jV=*b)5
zY(=NB)QF_ArRP?D!sD|6o&xjo&3pr>J3Y!fsk*7<ou16sa%{5Aa>#tnrGxrg>;^as
zy>F+3v=8*$uezn(m?~3x{5^m5+<iliMN$;}Tl=9g(xFG$SfY!YI9h`hANZ@@l_!+@
z7Ct&EJA-<Dpe-o-boN9?w~@ai`{AvSxckJ1$UGb?;O|@*&-qr7hr#NItcQSGmU^eU
z53Bk5#gBTjRN9_Z*-QQ9sKI5L<Z4o7BVol?@YRK-fFY`C71tP}urCPJb#D$j@*MOP
zzr^Ue%!N#T?y&Z%{FNl2r1y2>tR}U?Stf8Wy=1RmW)D?wZoe1B0E#zuk;mz(tIq)v
zcx_01OUj0NLMt><P+-1Ft>DKKO8yHHxx8q{b9|xZuLXA-@hE{APQJu^;{`tJcxTi#
zoXd4BELRiJFQ&R5t)Lx%nNtz4m*Jy4q`dQlb_*BpetDZ<%ZVs3K_KvxaW3X2U^QE8
zJs`Vq`A?Xz*0rFu2R2r9+JmLO{)Yp_Hyf#^Rs6^-@)(i_8bP%4sCGww^g9x%@*f6D
z?Mb_xkYT!}3o9lrfEE;LHZVZd5Bq}Q>OX48<Qr+mQc-lFvSjnEynz#+R8at$Ay*o^
z!>bp#?U@>vgre~6eO`{|9SSr~oeD@yISJFL1{Lz2l9?+9J)X);{!TA96k0o<+}g5W
zol!mA>fXf#{$e_Hb<g5u8ld#DngR@VCiyZQqhs-+fO=+2Bq)cJLHt}@`Xw0GYDLD>
z@G}1ECONkI`g`sBEk<E9jH)0?0*y}pC8w}5t9d8y4BI7OW3r6h|6#60<yVzXL_iAW
z-(uKQ!lT)eZ{fNtM}DQQ=apjTmlyUA+-?CGnf%Q`d&eGgyv!be>OoR<7sUnCpVPR~
zZ)(W(yX5k)FG-v6GIJ>Mf<jvm)-KY@tpyxDnR60ov@92Xl}9*3vZ{i4^Vfw2iB7eu
zn?CDZ&-4Kez=b~Ttkzq4;l^5>)wHV5ZeDm8&`^3+1}UAFEroaltR)SIfQp?V=Iban
zFB^+_4#1|R<(C%*-tPSeqN2yX=|Qkt?;=A8d)kC*yak{2cEj(+`9AxEL7v`!{e~pd
zHd|4^1W>XZ7{cD(1a|u6!tE<GRb0!@O5)PMuE$*(pcUa3E7}@iv5D{$!DLi-GXw3n
z^}*UINdc3B^E#qyuk{M+zXUa|BQJB%)R1}p%_cBu<{s>V68FcvkabWKE?>Jwk>0O{
zr(in`(7e&u1c1w-u+9DhhXQZ)is%{-z1L;$2VOpND?5kBUQ~`{CHr%~y;81(=fnpx
zpz#lQoL>@=rS7@DnXD8>+`Kkw5bwGFwEY$Qa|K&mek<b6Xe0wpqHGSQPJD-67{A%Q
zDA6R8MVw#R968)XlXm&uZWTcpADZJCu+R|yZ)eiyA%!;2(5Ik3wtDwlIA8(clAjfK
zt&sqb(+PO9?*9Xfe56uyE8o_EVlnv1^YZC#DPH#Ng)dA4AImA($va$d6Vt$URA~p~
zxmsslm~R+@hd%)rl2A$2FI*DQYdMpOPN4;Q`nm&<W`y5Z2xj)x;xaM)7l*h<wB~a-
zMX)%z=}l6xZX6eOZgExJArXfxuNsG3{#zM@IvL_T`>L0gjtz(8J3arj&Z*7wasYY{
zdy<v0Jjcq>->I>wVMZ%;$`GgWDUCwNh}z@V@z~nfIG@-!zsXS;m+4kA<i*FQrTYe>
zv7Bmc2E~03FM_0lZ4cUqJp@iW#{CaZS8g}X%BZ=wJ!~q-Fxq`Z%~nJRKvQ#ufHjo6
zN2!=q=G6d`+~y}-yH1HgRUEmvv_yEd-HWv^A6~pp_Bi|)C_t)SnM!EY*3vdR8+o>u
z_2(MZCmjn?Z>>oQcwxj`peVO_1FN7~?MPT|!s<kYM{h+YRinQx;MWSmeJpYV*=*3(
zG+bW4^ZF1|H8Yo3yx8`2RH<5i`?e}Ck(g&egpCI3_Wgn1B-&#;%!+3H+j>(Z)1l9)
z>iF+Rsh!Dp(ChmKLjK8^noLuDeJmFx<zOiEs@3a43^3F(g%C;({swTFTewoDMyAPL
z44qk@qI21zaa%0Mj>OaD6D!F3r~`lT4M$<EaA0y)rnQ3TAwHEO4w$f$uZ-S=ziC^5
z<lqB2Svb5Ewz@OI=%4VA{@ak4qoe=ld>AiHpKWVL)1iM%GzRb7Gq=mt?KDsw`-)sG
zk6a@DQ}=07MzivB=<C&by~P=0KdlP!y&Qz)$#1feBJLcr!-GYU{bU2Lc`1z8(ryA9
zC7r#-YNS8GBzL&rF72%VKgGYvjBL2rL@MzKrmkRv=jIR(Bg^4e!TW|oT&)4KK2HED
z@i1K2dBg}F;8yQr4_1*2I(p_7#<FeG;7Wc-tPlG9htBX^?U`WrP-{VBwU+|?kmzUd
z%vyG<<%tTWBB)k-JoeycAle{)tv~aO8w}MI`}_4$&026!>&=bK_3r7x89Lg)d`|jr
zM_4YElvAWIp4{7t@U^;%G_<BA_~r93=~wP&zC2=FgRUZ0ZUS2!w&<KY%7f2BU-KNj
zNiw$K?YLW&;ib16IO@jsr(=7)6$Ni>?663P?vWEg8(_u!**M<)V0cujWUzPOp~3C1
zQm#ZCo0GNnSgyNik12V4ZN*P9NU~jymgLt_CQXu|bk54f<MWk_*?a@H?)^(j+0&QU
zO!Rwub4f%F?gs@AHmFWbAJtfU!-HwCoeB&!2bo)?>lJhFz6a-ipv)7f#C{gX>^HY>
zxH~umX6MRA(5<G4lx!fB^sW2;O)hej@{0H@{6spKQJ4*MpSV9|uNM!qQi}dSz!rFA
zw1e7?fSv{LwJ&F!pBjjr5^^(xI>YBIA6q)tIbx2p!OuL$d;ZByysJ9g3!;~i(~^4B
zH75Jn)8px?uJ3H*eP)+uJNH6bQ7+!Tr0K`J+>D4sI?pW%*MHhl?a(=B`tRW2*}2?6
zj7(dT5Yyl0SK0nNkn1MZKHjbvPv1Z?{Ae*U)lrd7agiwhXzjc#8uUV1=1@eJ-;+aW
zB40J&Z-cv)%F5AGnWcuw<gabB6I-hAa}DqTe2OKuamLyCMVi!#SQS|wZk7A2iU0DV
zS7tiA+>aF28Nqwp9W&6D&WLDH*1r-gY4NcG6V6AbjgxwXaLpYUbHrQ4!wMoWf<Sj?
z?xH~CYP^hdSUj6CRlk$xYE%mhB}tvV)rvlRH~31+MD9?0{CthKG*LBCQjYdvQ4V}9
zgE+R`l!~OrX=@B|S=BdQGzSkJ7!p&hd<t&gTd~6t{*}3*m+;)naXfz`@O<0eNdgp)
z=%#lR9ZZZbtYFi2cFWVvv&Atk{Y7=!g<fNd9!G0+$l<rLJ;ceKN@dKaoX=?u2R9m~
z=UQvQlPqyN%86sp_RlqFu=hOetoh9zrmo!LwlmXS`f~;gn$OciXD_arrqzCjao++0
z_$2M=(3%f*RfjLSV|O@?7`wl4K-0*{_KWg+xqH2(277{V^@UC|8-=9#*vwvZmz(Gr
z{dr^T_pQ1TFb6_-U!K^nXH5ruCH6~wb-<>n*46<fbK{mWFY!}x*j*%!>C^ykAFxur
zgJ?5d{O+;cSlli=yt!f<4h)EAf|ro1Lu0)zg}TUM>Sg3O)HmZn9_y&`X#Yr&NblhW
zQcF`E>2})0SJWxNZ5wCsY{EYZA3|^bat{qd6UoW4o>Wz7avysv{ThEW38`*b&qI#Y
zLC3e=(`d`+`LzAi_t*qSG!gk$F;<f&b>3FK;2(59D^22U7kDet69)g(*@nqN=8i<O
zK{BA{$8}Cy8r(R3iD2fq_(J!VtixH7J88`Ebi+{*@%wgN@FqKXX0v~MI;}azi>k{9
zxsyD$oW1`-#AhldrTEjU+0(g*Uo;%oT`ao}soTXyf4C9bb~gQds1@d&-D6kTI2&#t
z<}*$BdSwG&Tvn-!Z9m|#SVYxJ#aXG#oxR}6M1@HR_ht~Hm@#=xN$XEiQPS!CO<=Jm
zO5djZvvJrUx`|L2e3qWpB!0motw2jsV|k+9=z8=EDx&eJKCrW6H=~PO{N+_Y4kX*g
zd@U{MXaPF)=7x!#6<ox6^w$~iVrR|juFE2B8tSH9VL9LN8ij(CQ^qfnYi{5$<xTAc
z|DF<<Y!)A+48LJAYV4Qz?{}qL(sX^I)42av*N>HwGQ*nz^4*vpWKSyHEVFwjSRKw9
zenaZJDqXIy%&Nq1nh!4?!>(q@*}P!SbK9kutJtfDqQs(ch$PeKJYQ?nUb@+FZ%$}k
za!#@9+L;eZ0wW!T<?=C*^7#2tvUA|a=SM;7j87+Sh|hEnaKXg1ZcSLJ<m4bbdF8F5
z!2ze<K~0IbE=?A#SuOqI)N7tw{^M<NlMG!8=^krb{UK)G=%QSg`7o~}J2mhm$f`=p
z_AxjzFOO}Riv2<PI&gM`w=kbRdV@w<`X{<PQBsLk7S3mT@A!Dx0;h@~7QK;BG-C+2
z&K=eFvr_jB(jDo9z3l$%7A4WG;i1b-iKe-~*&Wu-f^K~jR)F{J!wp@gzw3rO?NGD8
zh9{0Zu207>g47}z5$6`_C%pL=&7Qi+-uej3>NtE7qBnwuIUk;c!jB>&j0y{bSh($S
z`5t_m6#c?vZb!@L@B5rDnolJ}scfgQozHPs0{$K5CfE()fKBLj@I;rXS+MYB&sV{5
zsYA?{91op+8CN;i<ycUq?Y3><NB`v5G^*}2qEhGFZf4Yh*FrT_jtUlYvNk`w?A~x+
z!!^Gz<?K0E=vwMd>J*Y{(|+YhXV~7wNpJooYu7;nST;SQ{lp{>b5+q$(uc{o{bQOt
z_Mwob9>jE3PUB})g&Pyu=L(RAHtYXJVQ5D=h>^XY%7$I_cN34z3O?wZZUV%UMrq<k
zanHn$&(Dp_)c8$kyS?YbjFRcl9Ge@IK|I8mL}0Y>>WSu1Z$l<rQV0AWmEB;-v9`pq
z%ue|F;M+Ynhy-$SPHniifqb2D{>F)VTc8zgzXlbKtPdE5R>L|fdXTF%^jHoe;lQ0}
zJ#Q>7>+=$vO)S44f<-7A=Z0Fs?S-N%DvxathC;}iR^gu-7R}U;^erG-Td}D1H(!PS
zIX{C4#sOvAcm7t_UsxR&=}x+bePP3IHaIcx`vU~1ho3PIR~Opa;jQ(JJ!l+^C)L_~
zPioNM<PU_tm+JtsH1%y@De=ff4#M;!%4vw}?DChZ0tU`Q#im>FskE8i_8EYP4=<`U
zX%6^MukaFr*Uq~br4LjDZgp^_2O>TpRciBWcC1T{3X(nijQO?mpY~*d=fWoG)@BwE
zCI>|o>J~F`Sv!yKw_ZEX_#BGCNXfA$zN@GN8sXZRW^4xbnXp5|-Q`KTXBilM1D}sk
zVoyADM7m_hOK2FfUVq)0ZOquHHMk7r4`1UVI7&;bM?=>?K(>fA-0<cR?wxk*9^kzN
z=dBX!9>}x0s+NTbLzuezXw9RuXNJCw+=iL56XkJFzqjt|n_HiKvKxM*<`}3&O%ZOy
zN>LV;Ns+aj@V>kJiP1Tu1!Qkz^bsV})f|<~)jEAbx%J$q$lAi?&Se%Sq&SCl3zF&h
zVz85|RaOiSF`rXv;B{pz4$&IbVDH{Y3;cAj&@ikA-{T|B6Pf<95ZFAoUaa?(gXneX
zcYN{gjlcW6SH)Ra9YqgD&Phb9%~1<=m=hBJJTZ`4w5BZwk$Rz_(wUQ=Kofn_yx#+;
z0xKP(#Jy4wRqzt$MW`1~`>dVd9Nxz1julYHhQt+ixT;+0l0sl7M*L|QY2icu|M!=%
b*>$7DOZ<Z3D`^7e*TbG@C{#T*5B+}tCg7y8

literal 0
HcmV?d00001

diff --git a/packs/kubeflow-1.9.1/pack.json b/packs/kubeflow-1.9.1/pack.json
new file mode 100644
index 00000000..77f97429
--- /dev/null
+++ b/packs/kubeflow-1.9.1/pack.json
@@ -0,0 +1,20 @@
+{
+  "addonType":"ai",
+  "annotations": {
+    "docsURL": "",
+    "source": "spectrocloud"
+  },
+  "cloudTypes": [
+      "all"
+  ],
+  "displayName": "Kubeflow",
+  "charts": [
+    "charts/metacontroller-4.11.22.tgz",
+    "charts/kubeflow-0.5.1.tgz",
+    "charts/kserve-0.13.0.tgz",
+    "charts/profile-0.1.0.tgz"
+  ],
+  "layer": "addon",
+  "name": "kubeflow",
+  "version": "1.9.1"
+}
diff --git a/packs/kubeflow-1.9.1/values.yaml b/packs/kubeflow-1.9.1/values.yaml
new file mode 100644
index 00000000..714e7383
--- /dev/null
+++ b/packs/kubeflow-1.9.1/values.yaml
@@ -0,0 +1,2097 @@
+pack:
+  content:
+    images: []
+  namespace: kubeflow
+  releaseNameOverride:
+    kubeflow: kubeflow
+    profile: kubeflow-profile
+charts:
+  kserve: {}
+  metacontroller: {}
+  profile:
+    nameOverride: ""
+
+    plugins: []
+    # - kind: AwsIamForServiceAccount
+    #   spec:
+    #     awsIamRole: arn:aws:iam::account-id:role/s3-reader
+
+    owner: {} # You must specify something here
+      # kind: User
+      # name: test-user@kubeflow.org
+
+    resourceQuotaSpec: {}
+      
+    istioIntegration:
+      enabled: true
+      createExtAuthHttpAuthorizationPolicy: true
+      envoyExtAuthzHttpExtensionProviderName: oauth2-proxy
+
+    auth:
+      userHeaderName: kubeflow-userid
+
+    # Currently not used
+    # kubeflowClusterRoleNames:
+    #   edit: kubeflow-edit
+    #   view: kubeflow-view
+
+    contributors: [] # You must specify something here
+    # - user@example.com
+
+  kubeflow:
+    # NOTE: try disabling cache in the ml-pipeline
+    # or, try using newer version
+
+    # This namespace allows you to define where the services will be installed into
+    # if not set then they will use the namespace of the release
+    # This is helpful when installing Kubeflow as a chart dependency (sub chart).
+    namespace: ""
+
+    # one of ['cluster', 'namespace']
+    # 'namespace' is not yet fully supported.
+    # Maybe rename to 'deploymentScope'?
+    deploymentMode: cluster
+
+    imagePullSecrets: []
+    nameOverride: ""
+    fullnameOverride: ""
+
+    auth:
+      userHeaderName: kubeflow-userid
+      groupsHeaderName: kubeflow-groups
+      authHeader:
+        name: Authorization
+        prefix: "Bearer "
+      userIdPrefix: ""
+
+    clusterDomain: cluster.local
+
+    defaults:
+      image:
+        registry: docker.io
+        pullPolicy: IfNotPresent
+      autoscaling:
+        # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+        enabled: false
+        minReplicas: 1
+        maxReplicas: 3
+        targetCPUUtilizationPercentage: 80
+        targetMemoryUtilizationPercentage: 80
+      podDisruptionBudget: {}
+      nodeSelector: {}
+      tolerations: []
+      affinity: {}
+      topologySpreadConstraints:
+      terminationGracePeriodSeconds:
+      containerSecurityContext:
+
+    admissionWebhook:
+      enabled: true
+      image:
+        repository: kubeflownotebookswg/poddefaults-webhook
+        tag: v1.9.2
+        registryOverwrite:
+        pullPolicyOverwrite:
+      resources:
+        {}
+        # limits:
+        #   cpu: 100m
+        #   memory: 128Mi
+        # requests:
+        #   cpu: 100m
+        #   memory: 128Mi
+      service:
+        create: true
+        annotations:
+        type: ClusterIP
+        port: 443
+        targetPort: 4443
+      autoscaling:
+        # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+        enabled:
+        minReplicas:
+        maxReplicas:
+        targetCPUUtilizationPercentage:
+        targetMemoryUtilizationPercentage:
+      podDisruptionBudget: {}
+      rbac:
+        create: true
+      serviceAccount:
+        create: true
+        name:
+        annotations:
+      nodeSelector:
+      tolerations:
+      affinity:
+      topologySpreadConstraints:
+      containerSecurityContext:
+
+    centraldashboard:
+      enabled: true
+      image:
+        repository: kubeflownotebookswg/centraldashboard
+        tag: v1.9.2
+        registryOverwrite:
+        pullPolicyOverwrite:
+      resources:
+        {}
+        # limits:
+        #   cpu: 100m
+        #   memory: 128Mi
+        # requests:
+        #   cpu: 100m
+        #   memory: 128Mi
+      service:
+        create: true
+        annotations:
+        type: ClusterIP
+      autoscaling:
+        # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+        enabled:
+        minReplicas:
+        maxReplicas:
+        targetCPUUtilizationPercentage:
+        targetMemoryUtilizationPercentage:
+      podDisruptionBudget: {}
+      rbac:
+        create: true
+      serviceAccount:
+        create: true
+        name:
+        annotations:
+      nodeSelector:
+      tolerations:
+      affinity:
+      topologySpreadConstraints:
+      containerSecurityContext:
+      config:
+        # This enables the automatic profile creation.
+        enableRegistrationFlow: false
+        logoutURL: "/oauth2/sign_out"
+        forceIFrame: true
+        links:
+          externalLinks:
+          menuLinks:
+            - type: item
+              link: /jupyter/
+              text: Notebooks
+              icon: book
+
+            - type: item
+              link: /tensorboards/
+              text: Tensorboards
+              icon: assessment
+
+            - type: item
+              link: /volumes/
+              text: Volumes
+              icon: device:storage
+
+            - type: item
+              link: /katib/
+              text: Katib Experiments
+              icon: kubeflow:katib
+
+            - type: item
+              link: /kserve-endpoints/
+              text: KServe Endpoints
+              icon: kubeflow:models
+
+            - icon: kubeflow:pipeline-centered
+              items:
+                - type: item
+                  text: Pipelines
+                  link: /pipeline/#/pipelines
+
+                - type: item
+                  text: Experiments
+                  link: /pipeline/#/experiments
+
+                - type: item
+                  text: Runs
+                  link: /pipeline/#/runs
+
+                - type: item
+                  text: Recurring Runs
+                  link: /pipeline/#/recurringruns
+
+                - type: item
+                  text: Artifacts
+                  link: /pipeline/#/artifacts
+
+                - type: item
+                  text: Executions
+                  link: /pipeline/#/executions
+              text: Pipelines
+              type: section
+          quickLinks:
+            - text: Create a new Notebook
+              desc: Kubeflow Notebooks
+              link: /jupyter/new
+            - text: Upload a Pipeline
+              desc: Kubeflow Pipelines
+              link: /pipeline/#/pipelines
+            - text: View Pipeline Runs
+              desc: Notebook Servers
+              link: /pipeline/#/runs
+          documentationItems:
+            - text: Kubeflow Website
+              desc: The Kubeflow website
+              link: https://www.kubeflow.org/
+            - text: Kubeflow Pipelines Documentation
+              desc: Documentation for Kubeflow Pipelines
+              link: https://www.kubeflow.org/docs/components/pipelines/
+            - text: Kubeflow Notebooks Documentation
+              desc: Documentation for Kubeflow Notebooks
+              link: https://www.kubeflow.org/docs/components/notebooks/
+            - text: Kubeflow Training Operator Documentation
+              desc: Documentation for Kubeflow Training Operator
+              link: https://www.kubeflow.org/docs/components/training/"
+            - text: Katib Documentation
+              desc: Documentation for Katib
+              link: https://www.kubeflow.org/docs/components/katib/
+
+    notebooks:
+      enabled: true
+      jupyterWebApp:
+        enabled: true
+        image:
+          repository: kubeflownotebookswg/jupyter-web-app
+          tag: v1.9.2
+          registryOverwrite:
+          pullPolicyOverwrite:
+        resources:
+          {}
+          # limits:
+          #   cpu: 100m
+          #   memory: 128Mi
+          # requests:
+          #   cpu: 100m
+          #   memory: 128Mi
+        service:
+          create: true
+          annotations:
+          type: ClusterIP
+        autoscaling:
+          # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+          enabled:
+          minReplicas:
+          maxReplicas:
+          targetCPUUtilizationPercentage:
+          targetMemoryUtilizationPercentage:
+        podDisruptionBudget: {}
+        rbac:
+          create: true
+        serviceAccount:
+          create: true
+          name:
+          annotations:
+        nodeSelector:
+        tolerations:
+        affinity:
+        topologySpreadConstraints:
+        containerSecurityContext:
+        # TODO: embed into config
+        urlPrefix: /jupyter
+        uiFlavor: default
+        secureCookies: true
+        logos:
+          # if this is defined, the configmap with logos will not be created but
+          # the one provided with customConfigMap will be used.
+          customConfigMap:
+          # if below values are defined, those will be used for the icons
+          # instead of defaults
+          icons:
+            jupyterIconSvg:
+            jupyterLabLogoSvg:
+            groupOneIconSvg:
+            groupOneLogoSvg:
+            groupTwoIconSvg:
+            groupTwoLogoSvg:
+        spawnerFormDefaults:
+          # --------------------------------------------------------------
+          # Configuration file for the Kubeflow Notebooks UI.
+          #
+          # About the `readOnly` configs:
+          #  - when `readOnly` is set to "true", the respective option
+          #    will be disabled for users and only set by the admin
+          #  - when 'readOnly' is missing, it defaults to 'false'
+          # --------------------------------------------------------------
+
+          ################################################################
+          # Container Images
+          ################################################################
+          # if users can input custom images, or only select from dropdowns
+          allowCustomImage: true
+
+          # if the registry of the container image is hidden from display
+          hideRegistry: true
+
+          # if the tag of the container image is hidden from display
+          hideTag: false
+
+          # configs for the ImagePullPolicy
+          imagePullPolicy:
+            readOnly: false
+
+            # the default ImagePullPolicy
+            # (possible values: "Always", "IfNotPresent", "Never")
+            value: IfNotPresent
+
+          ################################################################
+          # Jupyter-like Container Images
+          #
+          # NOTES:
+          #  - the `image` section is used for "Jupyter-like" apps whose
+          #    HTTP path is configured by the "NB_PREFIX" environment variable
+          ################################################################
+          image:
+            # the default container image
+            value: kubeflownotebookswg/jupyter-scipy:v1.9.2
+
+            # the list of available container images in the dropdown
+            options:
+              - kubeflownotebookswg/jupyter-scipy:v1.9.2
+              - kubeflownotebookswg/jupyter-pytorch-full:v1.9.2
+              - kubeflownotebookswg/jupyter-pytorch-cuda-full:v1.9.2
+              - kubeflownotebookswg/jupyter-tensorflow-full:v1.9.2
+              - kubeflownotebookswg/jupyter-tensorflow-cuda-full:v1.9.2
+
+          ################################################################
+          # VSCode-like Container Images (Group 1)
+          #
+          # NOTES:
+          #  - the `imageGroupOne` section is used for "VSCode-like" apps that
+          #    expose themselves under the HTTP root path "/" and support path
+          #    rewriting without breaking
+          #  - the annotation `notebooks.kubeflow.org/http-rewrite-uri: "/"` is
+          #    set on Notebooks spawned by this group, to make Istio rewrite
+          #    the path of HTTP requests to the HTTP root
+          ################################################################
+          imageGroupOne:
+            # the default container image
+            value: kubeflownotebookswg/codeserver-python:v1.9.2
+
+            # the list of available container images in the dropdown
+            options:
+              - kubeflownotebookswg/codeserver-python:v1.9.2
+
+          ################################################################
+          # RStudio-like Container Images (Group 2)
+          #
+          # NOTES:
+          #  - the `imageGroupTwo` section is used for "RStudio-like" apps whose
+          #    HTTP path is configured by the "X-RStudio-Root-Path" header
+          #  - the annotation `notebooks.kubeflow.org/http-rewrite-uri: "/"` is
+          #    set on Notebooks spawned by this group, to make Istio rewrite
+          #    the path of HTTP requests to the HTTP root
+          #  - the annotation `notebooks.kubeflow.org/http-headers-request-set` is
+          #    set on Notebooks spawned by this group, such that Istio injects the
+          #    "X-RStudio-Root-Path" header to all request
+          ################################################################
+          imageGroupTwo:
+            # the default container image
+            value: kubeflownotebookswg/rstudio-tidyverse:v1.9.2
+
+            # the list of available container images in the dropdown
+            options:
+              - kubeflownotebookswg/rstudio-tidyverse:v1.9.2
+
+          ################################################################
+          # CPU Resources
+          ################################################################
+          cpu:
+            readOnly: false
+
+            # the default cpu request for the container
+            value: "0.5"
+
+            # a factor by which to multiply the CPU request calculate the cpu limit
+            # (to disable cpu limits, set as "none")
+            limitFactor: "1.2"
+
+          ################################################################
+          # Memory Resources
+          ################################################################
+          memory:
+            readOnly: false
+
+            # the default memory request for the container
+            value: "1.0Gi"
+
+            # a factor by which to multiply the memory request calculate the memory limit
+            # (to disable memory limits, set as "none")
+            limitFactor: "1.2"
+
+          ################################################################
+          # GPU/Device-Plugin Resources
+          ################################################################
+          gpus:
+            readOnly: false
+
+            # configs for gpu/device-plugin limits of the container
+            # https://kubernetes.io/docs/tasks/manage-gpus/scheduling-gpus/#using-device-plugins
+            value:
+              # the `limitKey` of the default vendor
+              # (to have no default, set as "")
+              vendor: ""
+
+              # the list of available vendors in the dropdown
+              #  `limitsKey` - what will be set as the actual limit
+              #  `uiName` - what will be displayed in the dropdown UI
+              vendors:
+                - limitsKey: "nvidia.com/gpu"
+                  uiName: "NVIDIA"
+                - limitsKey: "amd.com/gpu"
+                  uiName: "AMD"
+
+              # the default value of the limit
+              # (possible values: "none", "1", "2", "4", "8")
+              num: "none"
+
+          ################################################################
+          # Workspace Volumes
+          ################################################################
+          workspaceVolume:
+            readOnly: false
+
+            # the default workspace volume to be created and mounted
+            # (to have no default, set `value: null`)
+            value:
+              mount: /home/jovyan
+
+              # pvc configs for creating new workspace volumes
+              # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#persistentvolumeclaim-v1-core
+              newPvc:
+                metadata:
+                  # "{notebook-name}" is replaced with the Notebook name
+                  name: "{notebook-name}-workspace"
+                spec:
+                  # storageClassName: my-storage-class
+                  resources:
+                    requests:
+                      storage: 5Gi
+                  accessModes:
+                    - ReadWriteOnce
+
+          ################################################################
+          # Data Volumes
+          ################################################################
+          dataVolumes:
+            readOnly: false
+
+            # a list of additional data volumes to be created and/or mounted
+            value: []
+            # value:
+            #  - mount: /home/jovyan/datavol-1
+            #    newPvc:
+            #      metadata:
+            #        name: "{notebook-name}-datavol-1"
+            #      spec:
+            #        resources:
+            #          requests:
+            #            storage: 5Gi
+            #        accessModes:
+            #          - ReadWriteOnce
+            #
+            #  - mount: /home/jovyan/datavol-1
+            #    existingSource:
+            #      persistentVolumeClaim:
+            #        claimName: "test-pvc"
+
+          ################################################################
+          # Affinity
+          ################################################################
+          affinityConfig:
+            readOnly: false
+
+            # the `configKey` of the default affinity config
+            # (to have no default, set as "")
+            # (if `readOnly`, the default `value` will be the only accessible option)
+            value: ""
+
+            # the list of available affinity configs in the dropdown
+            options: []
+            # options:
+            #  - configKey: "dedicated_node_per_notebook"
+            #    displayName: "Dedicated Node Per Notebook"
+            #    affinity:
+            #      # Require a Node with label `lifecycle=kubeflow-notebook`
+            #      nodeAffinity:
+            #        requiredDuringSchedulingIgnoredDuringExecution:
+            #          nodeSelectorTerms:
+            #            - matchExpressions:
+            #                - key: "lifecycle"
+            #                  operator: "In"
+            #                  values:
+            #                    - "kubeflow-notebook"
+            #
+            #      # Require a Node WITHOUT an existing Pod having `notebook-name` label
+            #      podAntiAffinity:
+            #        requiredDuringSchedulingIgnoredDuringExecution:
+            #          - labelSelector:
+            #              matchExpressions:
+            #                - key: "notebook-name"
+            #                  operator: "Exists"
+            #            topologyKey: "kubernetes.io/hostname"
+            #            # WARNING: `namespaceSelector` is Beta in 1.22 and Stable in 1.24,
+            #            #          setting to {} is required for affinity to work across Namespaces
+            #            namespaceSelector: {}
+
+          ################################################################
+          # Tolerations
+          ################################################################
+          tolerationGroup:
+            readOnly: false
+
+            # the `groupKey` of the default toleration group
+            # (to have no default, set as "")
+            # (if `readOnly`, the default `value` will be the only accessible option)
+            value: ""
+
+            # the list of available toleration groups in the dropdown
+            options: []
+            # options:
+            #  - groupKey: "group_1"
+            #    displayName: "4 CPU 8Gb Mem at ~$X.XXX USD per day"
+            #    tolerations:
+            #      - key: "dedicated"
+            #        operator: "Equal"
+            #        value: "kubeflow-c5.xlarge"
+            #        effect: "NoSchedule"
+            #
+            #  - groupKey: "group_2"
+            #    displayName: "8 CPU 16Gb Mem at ~$X.XXX USD per day"
+            #    tolerations:
+            #      - key: "dedicated"
+            #        operator: "Equal"
+            #        value: "kubeflow-c5.2xlarge"
+            #        effect: "NoSchedule"
+            #
+            #  - groupKey: "group_3"
+            #    displayName: "16 CPU 32Gb Mem at ~$X.XXX USD per day"
+            #    tolerations:
+            #      - key: "dedicated"
+            #        operator: "Equal"
+            #        value: "kubeflow-c5.4xlarge"
+            #        effect: "NoSchedule"
+            #
+            #  - groupKey: "group_4"
+            #    displayName: "32 CPU 256Gb Mem at ~$X.XXX USD per day"
+            #    tolerations:
+            #      - key: "dedicated"
+            #        operator: "Equal"
+            #        value: "kubeflow-r5.8xlarge"
+            #        effect: "NoSchedule"
+
+          ################################################################
+          # Shared Memory
+          ################################################################
+          shm:
+            readOnly: false
+
+            # the default state of the "Enable Shared Memory" toggle
+            value: true
+
+          ################################################################
+          # PodDefaults
+          ################################################################
+          configurations:
+            readOnly: false
+
+            # the list of PodDefault names that are selected by default
+            # (take care to ensure these PodDefaults exist in Profile Namespaces)
+            value: []
+            # value:
+            #  - my-pod-default
+
+          ################################################################
+          # Environment
+          #
+          # NOTE:
+          #  - these configs are only used by the ROK "flavor" of the UI
+          ################################################################
+          environment:
+            readOnly: false
+            value: {}
+      controller:
+        enabled: true
+        image:
+          repository: kubeflownotebookswg/notebook-controller
+          tag: v1.9.2
+          registryOverwrite:
+          pullPolicyOverwrite:
+        resources:
+          {}
+          # limits:
+          #   cpu: 100m
+          #   memory: 128Mi
+          # requests:
+          #   cpu: 100m
+          #   memory: 128Mi
+        service:
+          create: true
+          annotations:
+          type: ClusterIP
+        autoscaling:
+          # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+          enabled:
+          minReplicas:
+          maxReplicas:
+          targetCPUUtilizationPercentage:
+          targetMemoryUtilizationPercentage:
+        podDisruptionBudget: {}
+        rbac:
+          create: true
+        serviceAccount:
+          create: true
+          name:
+          annotations:
+        nodeSelector:
+        tolerations:
+        affinity:
+        topologySpreadConstraints:
+        containerSecurityContext:
+        config:
+          culling:
+            enabled: false
+            idleTimeMinutes: 1440
+            idleCheckPeriodMinutes: 1
+      volumesWebApp:
+        enabled: true
+        image:
+          repository: kubeflownotebookswg/volumes-web-app
+          tag: v1.9.2
+          registryOverwrite:
+          pullPolicyOverwrite:
+        resources:
+          {}
+          # limits:
+          #   cpu: 100m
+          #   memory: 128Mi
+          # requests:
+          #   cpu: 100m
+          #   memory: 128Mi
+        service:
+          create: true
+          annotations:
+          type: ClusterIP
+        autoscaling:
+          # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+          enabled:
+          minReplicas:
+          maxReplicas:
+          targetCPUUtilizationPercentage:
+          targetMemoryUtilizationPercentage:
+        podDisruptionBudget: {}
+        rbac:
+          create: true
+        serviceAccount:
+          create: true
+          name:
+          annotations:
+        nodeSelector:
+        tolerations:
+        affinity:
+        topologySpreadConstraints:
+        containerSecurityContext:
+        config:
+          urlPrefix: /volumes
+          secureCookies: true
+          viewer:
+            image:
+              repository: filebrowser/filebrowser
+              tag: v2.25.0
+              registryOverwrite: 
+              pullPolicyOverwrite: 
+            serviceAccountName: default-editor
+      pvcviewerController:
+        enabled: true
+        manager:
+          image:
+            repository: kubeflownotebookswg/pvcviewer-controller
+            tag: v1.9.2
+            registryOverwrite:
+            pullPolicyOverwrite:
+          service:
+            create: true
+            annotations:
+            type: ClusterIP
+          webhook:
+            port: 9443
+          resources:
+            {}
+            # limits:
+            #   cpu: 500m
+            #   memory: 128Mi
+            # requests:
+            #   cpu: 10m
+            #   memory: 64Mi
+          containerSecurityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+        kubeRbacProxy:
+          image:
+            repository: kubebuilder/kube-rbac-proxy
+            tag: v0.13.1
+            registryOverwrite: gcr.io
+            pullPolicyOverwrite:
+          service:
+            create: true
+            annotations:
+            type: ClusterIP
+          resources:
+            {}
+            # limits:
+            #   cpu: 500m
+            #   memory: 128Mi
+            # requests:
+            #   cpu: 5m
+            #   memory: 64Mi
+          containerSecurityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+        autoscaling:
+          # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+          enabled:
+          minReplicas:
+          maxReplicas:
+          targetCPUUtilizationPercentage:
+          targetMemoryUtilizationPercentage:
+        podDisruptionBudget: {}
+        rbac:
+          create: true
+        serviceAccount:
+          create: true
+          name:
+          annotations:
+        nodeSelector:
+        tolerations:
+        affinity:
+          nodeAffinity:
+            requiredDuringSchedulingIgnoredDuringExecution:
+              nodeSelectorTerms:
+                - matchExpressions:
+                    - key: kubernetes.io/arch
+                      operator: In
+                      values:
+                        - amd64
+                        - arm64
+                        - ppc64le
+                        - s390x
+                    - key: kubernetes.io/os
+                      operator: In
+                      values:
+                        - linux
+        topologySpreadConstraints:
+        terminationGracePeriodSeconds: 10
+        securityContext:
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
+
+    kserveModelsWebApp:
+      enabled: true
+      image:
+        repository: kserve/models-web-app
+        tag: v0.13.0
+        registryOverwrite:
+        pullPolicyOverwrite:
+      resources:
+        {}
+        # limits:
+        #   cpu: 100m
+        #   memory: 128Mi
+        # requests:
+        #   cpu: 100m
+        #   memory: 128Mi
+      serviceAccount:
+        create: true
+        name:
+        annotations:
+      service:
+        create: true
+        annotations:
+        type: ClusterIP
+      rbac:
+        create: true
+      config:
+        urlPrefix: /kserve-endpoints
+      nodeSelector:
+      tolerations:
+      affinity:
+      topologySpreadConstraints:
+      autoscaling:
+        # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+        enabled:
+        minReplicas:
+        maxReplicas:
+        targetCPUUtilizationPercentage:
+        targetMemoryUtilizationPercentage:
+
+    profilesController:
+      enabled: true
+      kfam:
+        image:
+          repository: kubeflownotebookswg/kfam
+          tag: v1.9.2
+          registryOverwrite:
+          pullPolicyOverwrite:
+        service:
+          create: true
+          annotations:
+          type: ClusterIP
+        config:
+          urlPrefix: /kfam
+      manager:
+        image:
+          repository: kubeflownotebookswg/profile-controller
+          tag: v1.9.2
+          registryOverwrite:
+          pullPolicyOverwrite:
+        resources:
+          {}
+          # limits:
+          #   cpu: 100m
+          #   memory: 128Mi
+          # requests:
+          #   cpu: 100m
+          #   memory: 128Mi
+      autoscaling:
+        # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+        enabled:
+        minReplicas:
+        maxReplicas:
+        targetCPUUtilizationPercentage:
+        targetMemoryUtilizationPercentage:
+      podDisruptionBudget: {}
+      rbac:
+        create: true
+      serviceAccount:
+        create: true
+        name:
+        annotations:
+      nodeSelector:
+      tolerations:
+      affinity:
+      topologySpreadConstraints:
+      containerSecurityContext:
+      config:
+        admin:
+        workloadIdentity:
+        defaultNamespaceLabels:
+          # Below is a list of labels to be set by default.
+          #
+          # To add a namespace label, use `key: 'value'`, for example:
+          # istio.io/rev: 'asm-191-1'
+          #
+          # To remove a namespace label, use `key: ''`. For example:
+          # istio-injection: ''
+          #
+          # Profile controller will not replace a namespace label if its key already
+          # exists. If you want to override the value of a previously applied label, you
+          # need to:
+          # 1. Remove the label by using `key: ''` and deploy.
+          # 2. Add the label by using `key: 'value'` and deploy.
+          #
+          katib.kubeflow.org/metrics-collector-injection: "enabled"
+          serving.kubeflow.org/inferenceservice: "enabled"
+          pipelines.kubeflow.org/enabled: "true"
+          app.kubernetes.io/part-of: "kubeflow-profile"
+        extraNamespaceLabels:
+
+    katib:
+      urlPrefix: /katib
+      enabled: true
+      controller:
+        enabled: true
+        name: katib-controller
+        image:
+          repository: kubeflowkatib/katib-controller
+          tag: v0.17.0
+          registryOverwrite:
+          pullPolicyOverwrite:
+        autoscaling:
+          # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+          enabled:
+          minReplicas:
+          maxReplicas:
+          targetCPUUtilizationPercentage:
+          targetMemoryUtilizationPercentage:
+        service:
+          create: true
+          annotations:
+            prometheus.io/port: "8080"
+            prometheus.io/scheme: http
+            prometheus.io/scrape: "true"
+
+          webhook:
+            port: 443
+            targetPort: 8443
+          metrics:
+            port: 8080
+            targetPort: 8080
+          healthz:
+            port: 18080
+            targetPort: 18080
+
+        serviceAccount:
+          create: true
+          name:
+          annotations:
+      dbmanager:
+        enabled: true
+        name: katib-db-manager
+        image:
+          repository: kubeflowkatib/katib-db-manager
+          tag: v0.17.0
+          registryOverwrite:
+          pullPolicyOverwrite:
+        autoscaling:
+          # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+          enabled:
+          minReplicas:
+          maxReplicas:
+          targetCPUUtilizationPercentage:
+          targetMemoryUtilizationPercentage:
+        annotations:
+          sidecar.istio.io/inject: "false"
+        service:
+          create: true
+          annotations:
+          type: ClusterIP
+        config:
+          db:
+            existingSecretName:
+            driver:
+              value: mysql
+              secretKeyRef:
+                name:
+                key: driver
+            host:
+              value: katib-db
+              secretKeyRef:
+                name:
+                key: host
+            port:
+              value: 3306
+              secretKeyRef:
+                name:
+                key: port
+            databaseName:
+              value: katib
+              secretKeyRef:
+                name:
+                key: databaseName
+            user:
+              value: root
+              secretKeyRef:
+                name:
+                key: username
+            password:
+              value: katib1234
+              secretKeyRef:
+                name:
+                key: password
+      ui:
+        enabled: true
+        name: katib-ui
+        urlPrefix: /katib
+        image:
+          repository: kubeflowkatib/katib-ui
+          tag: v0.17.0
+          registryOverwrite:
+          pullPolicyOverwrite:
+        serviceAccount:
+          create: true
+          name:
+          annotations:
+        service:
+          create: true
+          annotations:
+      istioIntegration:
+        create: true
+        enabled: true
+        authorizationMode: ingressgateway
+        gateway:
+          name: kubeflow-gateway
+      config:
+        init:
+            trialResources:
+              - Job.v1.batch
+              - TFJob.v1.kubeflow.org
+              - PyTorchJob.v1.kubeflow.org
+              - MPIJob.v1.kubeflow.org
+              - XGBoostJob.v1.kubeflow.org
+              - MXJob.v1.kubeflow.org
+        runtime:
+          metricsCollectors:
+            - kind: StdOut
+              image: docker.io/kubeflowkatib/file-metrics-collector:v0.17.0
+            - kind: File
+              image: docker.io/kubeflowkatib/file-metrics-collector:v0.17.0
+            - kind: TensorFlowEvent
+              image: docker.io/kubeflowkatib/tfevent-metrics-collector:v0.17.0
+              resources:
+                limits:
+                  memory: 1Gi
+          suggestions:
+            - algorithmName: random
+              image: docker.io/kubeflowkatib/suggestion-hyperopt:v0.17.0
+            - algorithmName: tpe
+              image: docker.io/kubeflowkatib/suggestion-hyperopt:v0.17.0
+            - algorithmName: grid
+              image: docker.io/kubeflowkatib/suggestion-optuna:v0.17.0
+            - algorithmName: hyperband
+              image: docker.io/kubeflowkatib/suggestion-hyperband:v0.17.0
+            - algorithmName: bayesianoptimization
+              image: docker.io/kubeflowkatib/suggestion-skopt:v0.17.0
+            - algorithmName: cmaes
+              image: docker.io/kubeflowkatib/suggestion-goptuna:v0.17.0
+            - algorithmName: sobol
+              image: docker.io/kubeflowkatib/suggestion-goptuna:v0.17.0
+            - algorithmName: multivariate-tpe
+              image: docker.io/kubeflowkatib/suggestion-optuna:v0.17.0
+            - algorithmName: enas
+              image: docker.io/kubeflowkatib/suggestion-enas:v0.17.0
+              resources:
+                limits:
+                  memory: 200Mi
+            - algorithmName: darts
+              image: docker.io/kubeflowkatib/suggestion-darts:v0.17.0
+            - algorithmName: pbt
+              image: docker.io/kubeflowkatib/suggestion-pbt:v0.17.0
+              persistentVolumeClaimSpec:
+                accessModes:
+                  - ReadWriteMany
+                resources:
+                  requests:
+                    storage: 5Gi
+          earlyStoppings:
+            - algorithmName: medianstop
+              image: docker.io/kubeflowkatib/earlystopping-medianstop:v0.17.0
+
+    # TODO: verify patches in apps/pipeline/upstream/base/installs/multi-user
+    pipelines:
+      enabled: true
+      # NOTE: The Kubeflow Pipelines subcomponents contains special handling. It
+      # will first apply the global .Values.defaults.image, then look for
+      # .Values.pipelines.defaults.image and lastly for .Values.pipelines.<component>.image.
+      # This is primarily useful for setting global registry or Pipelines Container Tag.
+      defaults:
+        image:
+          registry: gcr.io
+          tag: 2.3.0
+          pullPolicy: IfNotPresent
+      config:
+        # If this is empty, the kfp backend will automatically configure that with:
+        # "minio://mlpipeline/v2/artifacts"
+        # Please see the following links for referece:
+        # * <=2.1.0: https://github.com/kubeflow/pipelines/blob/2.1.0/backend/src/v2/config/env.go#L33
+        # * >=2.2.0: https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L36
+        #
+        # If we want to use s3, we should configure this with something similar to:
+        #   s3://mlpipeline/v2/artifacts
+        #
+        # In 2.2.0 it's also possible to define bucket 'providers', which can be minio, s3 or gcs:
+        # * https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L45
+        # * https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L151
+        # * https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/s3.go#L24
+        defaultPipelineRoot: ""
+
+        objectStore:
+          # The Secret Name 'mlpipeline-minio-artifact' is currently hardcoded:
+          # * <=2.1.0:
+          #   https://github.com/kubeflow/pipelines/blob/2.1.0/backend/src/v2/objectstore/object_store.go#L292
+          # * >=2.2.0 (state as of 2nd May 2024)
+          #   https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L39
+          #
+          # It's only possible to use either nil or 'mlpipeline-minio-artifact' for
+          # * .Values.pipelines.config.objectStore.existingSecretName
+          # * .Values.pipelines.config.objectStore.accessKey.secretKeyRef.name
+          # * .Values.pipelines.config.objectStore.secretAccessKey.secretKeyRef.name
+          #
+          # If the Secret Name is not provided in neither of the following, it will
+          # be created with plaintext values for compatibility:
+          # * .Values.pipelines.config.objectStore.existingSecretName
+          # * .Values.pipelines.config.objectStore.accessKey.secretKeyRef.name
+          # * .Values.pipelines.config.objectStore.secretAccessKey.secretKeyRef.name
+          existingSecretName:
+          accessKey:
+            value: minio
+            secretKeyRef:
+              name:
+              # The Secret Key 'accesskey' is currently hardcoded:
+              # https://github.com/kubeflow/pipelines/blob/2.1.0/backend/src/v2/objectstore/object_store.go#L324
+              # https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L42
+              key: accesskey
+          secretAccessKey:
+            value: minio123
+            secretKeyRef:
+              name:
+              # The Secret Key 'secretkey' is currently hardcoded:
+              # https://github.com/kubeflow/pipelines/blob/2.1.0/backend/src/v2/objectstore/object_store.go#L325
+              # https://github.com/kubeflow/pipelines/blob/2.2.0/backend/src/v2/config/env.go#L41
+              key: secretkey
+          host:
+            value: pipelines-minio
+            secretKeyRef:
+              name:
+              key: host
+          port:
+            value: 9000
+            secretKeyRef:
+              name:
+              key: port
+          region:
+            value:
+            secretKeyRef:
+              name:
+              key: region
+          secure:
+            value: false
+            secretKeyRef:
+              name:
+              key: secure
+          bucketName:
+            value: mlpipeline
+            secretKeyRef:
+              name:
+              key: bucketName
+
+        db:
+          existingSecretName:
+          user:
+            value: root
+            secretKeyRef:
+              name:
+              key: username
+          password:
+            value: mysql1234
+            secretKeyRef:
+              name:
+              key: password
+          host:
+            value: pipelines-db
+            secretKeyRef:
+              name:
+              key: host
+          port:
+            value: 3306
+            secretKeyRef:
+              name:
+              key: port
+          mlmdDatabaseName:
+            value: metadb
+            secretKeyRef:
+              name:
+              key: mlmdDatabaseName
+          pipelineDatabaseName:
+            value: mlpipeline
+            secretKeyRef:
+              name:
+              key: pipelineDatabaseName
+          cacheDatabaseName:
+            value: cachedb
+            secretKeyRef:
+              name:
+              key: cacheDatabaseName
+          driver:
+            value: mysql
+            secretKeyRef:
+              name:
+              key: driver
+          conMaxLifetime:
+            value: 120s
+            secretKeyRef:
+              name:
+              key: conMaxLifetime
+
+      cache:
+        enabled: true
+        image:
+          repository: ml-pipeline/cache-server
+          registryOverwrite:
+          tagOverwrite:
+          pullPolicyOverwrite:
+        resources:
+          # requests:
+          #   cpu:
+          #   memory:
+          # limits:
+          #   cpu:
+          #   memory:
+        service:
+          create: true
+          annotations:
+          type: ClusterIP
+          port: 443
+          targetPort: 8443
+        autoscaling:
+          # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+          enabled:
+          minReplicas:
+          maxReplicas:
+          targetCPUUtilizationPercentage:
+          targetMemoryUtilizationPercentage:
+        podDisruptionBudget: {}
+        rbac:
+          create: true
+        serviceAccount:
+          create: true
+          name:
+          annotations:
+        nodeSelector:
+        tolerations:
+        affinity:
+        topologySpreadConstraints:
+        containerSecurityContext:
+        config:
+          ## defaultCacheStaleness and maximumCacheStaleness configures caching according to
+          ## https://www.kubeflow.org/docs/components/pipelines/overview/caching/ and
+          ## https://www.kubeflow.org/docs/components/pipelines/overview/caching-v2/.
+          ## This value is used if the user did not set a value in the pipeline.
+          ## defaultCacheStaleness: "P7D"
+          ## maximumCacheStaleness: "P30D"
+          defaultCacheStaleness: ""
+          maximumCacheStaleness: ""
+          ## ConMaxLifeTime will set the connection max lifetime for MySQL
+          ## this is very important to setup when using external databases.
+          ## See this issue for more details: https://github.com/kubeflow/pipelines/issues/5329
+          ## Note: this value should be a string that can be parsed by `time.ParseDuration`.
+          ## If this value doesn't include a unit abbreviation, the units will be assumed
+          ## to be nanoseconds.
+          conMaxLifeTime: "120s"
+          ## cacheImage is the image that the mutating webhook will use to patch
+          ## cached steps with. Will be used to echo a message announcing that
+          ## the cached step result will be used. If not set it will default to
+          ## 'gcr.io/google-containers/busybox'
+          cacheImage: gcr.io/google-containers/busybox
+          ## cacheNodeRestrictions the dummy container running if output is cached
+          ## will run with the same affinity and node selector as the default pipeline
+          ## step. This is defaulted to 'false' to allow the pod to be scheduled on
+          ## any node and avoid defaulting to specific nodes. Allowed values are:
+          ## 'false' and 'true'.
+          cacheNodeRestrictions: "false"
+
+      # ---
+
+      mlPipeline:
+        # aka api-server
+        enabled: true
+        image:
+          repository: ml-pipeline/api-server
+          registryOverwrite:
+          tagOverwrite:
+          pullPolicyOverwrite:
+        resources:
+          requests:
+            cpu: 250m
+            memory: 500Mi
+          # limits:
+          #   cpu: 500m
+          #   memory: 1024Mi
+        service:
+          create: true
+          annotations:
+          type: ClusterIP
+        autoscaling:
+          # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+          enabled:
+          minReplicas:
+          maxReplicas:
+          targetCPUUtilizationPercentage:
+          targetMemoryUtilizationPercentage:
+        podDisruptionBudget: {}
+        rbac:
+          create: true
+        serviceAccount:
+          create: true
+          name:
+          annotations:
+        nodeSelector:
+        tolerations:
+        affinity:
+        topologySpreadConstraints:
+        containerSecurityContext:
+        config:
+          # always use KF Pipeline latest version?
+          autoUpdatePipelineDefaultVersion: true
+
+      persistenceAgent:
+        enabled: true
+        image:
+          repository: ml-pipeline/persistenceagent
+          registryOverwrite:
+          tagOverwrite:
+          pullPolicyOverwrite:
+        resources:
+          requests:
+            cpu: 120m
+            memory: 500Mi
+          # limits:
+          #   cpu: 500m
+          #   memory: 1024Mi
+        service:
+          create: true
+          annotations:
+          type: ClusterIP
+        autoscaling:
+          # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+          enabled:
+          minReplicas:
+          maxReplicas:
+          targetCPUUtilizationPercentage:
+          targetMemoryUtilizationPercentage:
+        podDisruptionBudget: {}
+        rbac:
+          create: true
+        serviceAccount:
+          create: true
+          name:
+          annotations:
+        nodeSelector:
+        tolerations:
+        affinity:
+        topologySpreadConstraints:
+        containerSecurityContext:
+        config:
+          ttlSecondsAfterWorkflowFinish: 86400
+          numWorkers: 2
+
+      scheduledWorkflow:
+        enabled: true
+        image:
+          repository: ml-pipeline/scheduledworkflow
+          registryOverwrite:
+          tagOverwrite:
+          pullPolicyOverwrite:
+        resources:
+          # requests:
+          #   cpu: 250m
+          #   memory: 500Mi
+          # limits:
+          #   cpu: 500m
+          #   memory: 1024Mi
+        service:
+          create: true
+          annotations:
+          type: ClusterIP
+        autoscaling:
+          # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+          enabled:
+          minReplicas:
+          maxReplicas:
+          targetCPUUtilizationPercentage:
+          targetMemoryUtilizationPercentage:
+        podDisruptionBudget: {}
+        rbac:
+          create: true
+        serviceAccount:
+          create: true
+          name:
+          annotations:
+        nodeSelector:
+        tolerations:
+        affinity:
+        topologySpreadConstraints:
+        containerSecurityContext:
+        config:
+          cronScheduleTimezone: "UTC"
+
+      ui:
+        enabled: true
+        image:
+          repository: ml-pipeline/frontend
+          registryOverwrite:
+          tagOverwrite:
+          pullPolicyOverwrite:
+        resources:
+          requests:
+            cpu: 10m
+            memory: 70Mi
+          # limits:
+          #   cpu: 500m
+          #   memory: 1024Mi
+        service:
+          create: true
+          annotations:
+          type: ClusterIP
+        autoscaling:
+          # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+          enabled:
+          minReplicas:
+          maxReplicas:
+          targetCPUUtilizationPercentage:
+          targetMemoryUtilizationPercentage:
+        podDisruptionBudget: {}
+        rbac:
+          create: true
+        serviceAccount:
+          create: true
+          name:
+          annotations:
+        nodeSelector:
+        tolerations:
+        affinity:
+        topologySpreadConstraints:
+        containerSecurityContext:
+        config:
+          # Note from apps/pipeline/upstream/base/installs/multi-user/pipelines-ui/configmap-patch.yaml
+          # Temporary workarounds:
+          # 1. Using default-editor because default-viewer isn't bound to workload identity
+          viewerPodServiceAccountName: default-editor
+          allowCustomVisualizations: true
+          urlPrefix: /pipeline
+
+      viewerCrd:
+        enabled: true
+        image:
+          repository: ml-pipeline/viewer-crd-controller
+          registryOverwrite:
+          tagOverwrite:
+          pullPolicyOverwrite:
+        resources:
+          # requests:
+          #   cpu:
+          #   memory:
+          # limits:
+          #   cpu:
+          #   memory:
+        service:
+          create: true
+          annotations:
+          type: ClusterIP
+        autoscaling:
+          # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+          enabled:
+          minReplicas:
+          maxReplicas:
+          targetCPUUtilizationPercentage:
+          targetMemoryUtilizationPercentage:
+        podDisruptionBudget: {}
+        rbac:
+          create: true
+        serviceAccount:
+          create: true
+          name:
+          annotations:
+        nodeSelector:
+        tolerations:
+        affinity:
+        topologySpreadConstraints:
+        containerSecurityContext:
+        config:
+          maxNumViewers: 50
+
+      metadataWriter:
+        enabled: true
+        image:
+          repository: ml-pipeline/metadata-writer
+          registryOverwrite:
+          tagOverwrite:
+          pullPolicyOverwrite:
+        resources:
+          # requests:
+          #   cpu:
+          #   memory:
+          # limits:
+          #   cpu:
+          #   memory:
+        service:
+          create: true
+          annotations:
+          type: ClusterIP
+        autoscaling:
+          # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+          enabled:
+          minReplicas:
+          maxReplicas:
+          targetCPUUtilizationPercentage:
+          targetMemoryUtilizationPercentage:
+        podDisruptionBudget: {}
+        rbac:
+          create: true
+        serviceAccount:
+          create: true
+          name:
+          annotations:
+        nodeSelector:
+        tolerations:
+        affinity:
+        topologySpreadConstraints:
+        containerSecurityContext:
+        config:
+
+      # NOTE: defines istio sidecar injection but it doesn't work
+      # because it's in an annotation, not pod label.
+      metadataEnvoy:
+        enabled: true
+        image:
+          repository: ml-pipeline/metadata-envoy
+          registryOverwrite:
+          tagOverwrite:
+          pullPolicyOverwrite:
+        resources:
+          # requests:
+          #   cpu:
+          #   memory:
+          # limits:
+          #   cpu:
+          #   memory:
+        service:
+          create: true
+          annotations:
+          type: ClusterIP
+        autoscaling:
+          # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+          enabled:
+          minReplicas:
+          maxReplicas:
+          targetCPUUtilizationPercentage:
+          targetMemoryUtilizationPercentage:
+        podDisruptionBudget: {}
+        serviceAccount:
+          create: false
+          name:
+          annotations:
+        nodeSelector:
+        tolerations:
+        affinity:
+        topologySpreadConstraints:
+        containerSecurityContext:
+        config:
+
+      metadataGrpcServer:
+        enabled: true
+        image:
+          repository: tfx-oss-public/ml_metadata_store_server
+          registryOverwrite:
+          tagOverwrite: 1.14.0
+          pullPolicyOverwrite:
+        resources:
+          # requests:
+          #   cpu:
+          #   memory:
+          # limits:
+          #   cpu:
+          #   memory:
+        service:
+          create: true
+          annotations:
+          type: ClusterIP
+          # TODO: investigate if exposing port config to all services makes sense.
+          port: 8080
+        autoscaling:
+          # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+          enabled:
+          minReplicas:
+          maxReplicas:
+          targetCPUUtilizationPercentage:
+          targetMemoryUtilizationPercentage:
+        podDisruptionBudget: {}
+        serviceAccount:
+          create: true
+          name:
+          annotations:
+        nodeSelector:
+        tolerations:
+        affinity:
+        topologySpreadConstraints:
+        containerSecurityContext:
+        config:
+          urlPrefix: /ml_metadata
+
+      visualization:
+        enabled: true
+        image:
+          repository: ml-pipeline/visualization-server
+          registryOverwrite:
+          tagOverwrite:
+          pullPolicyOverwrite:
+        resources:
+          requests:
+            cpu: 30m
+            memory: 500Mi
+          # limits:
+          #   cpu:
+          #   memory:
+        service:
+          create: true
+          annotations:
+          type: ClusterIP
+        autoscaling:
+          # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+          enabled:
+          minReplicas:
+          maxReplicas:
+          targetCPUUtilizationPercentage:
+          targetMemoryUtilizationPercentage:
+        podDisruptionBudget: {}
+        rbac:
+          create: true
+        serviceAccount:
+          create: true
+          name:
+          annotations:
+        nodeSelector:
+        tolerations:
+        affinity:
+        topologySpreadConstraints:
+        containerSecurityContext:
+        config:
+
+      # This is metacontroller based implementation that creates instances of
+      # * Secret/mlpipeline-minio-artifact
+      # * Deployment/ml-pipeline-ui-artifact
+      # * Service/ml-pipeline-ui-artifact
+      # * Deployment/ml-pipeline-visualizationserver
+      # * Service/ml-pipeline-visualizationserver
+      # * ConfigMap/kfp-launcher
+      # * ConfigMap/metadata-grpc-configmap
+      # * AuthorizationPolicy/ml-pipeline-visualizationserver
+      # * DestinationRule/ml-pipeline-visualizationserver
+      profileController:
+        enabled: true
+        image:
+          repository: python
+          registryOverwrite: docker.io
+          tagOverwrite: "3.7"
+          pullPolicyOverwrite:
+        resources:
+          # requests:
+          #   cpu:
+          #   memory:
+          # limits:
+          #   cpu:
+          #   memory:
+        service:
+          create: true
+          annotations:
+          type: ClusterIP
+        autoscaling:
+          # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+          enabled:
+          minReplicas:
+          maxReplicas:
+          targetCPUUtilizationPercentage:
+          targetMemoryUtilizationPercentage:
+        podDisruptionBudget: {}
+        rbac:
+          create: false
+        serviceAccount:
+          create: false
+          name:
+          annotations:
+        nodeSelector:
+        tolerations:
+        affinity:
+        topologySpreadConstraints:
+        containerSecurityContext:
+        config:
+          disableIstioSidecar: false
+
+
+    tensorboard:
+      enabled: true
+      controller:
+        enabled: true
+        manager:
+          image:
+            repository: kubeflownotebookswg/tensorboard-controller
+            tag: v1.9.2
+            registryOverwrite:
+            pullPolicyOverwrite:
+          resources:
+            {}
+            # limits:
+            #   cpu: 500m
+            #   memory: 128Mi
+            # requests:
+            #   cpu: 10m
+            #   memory: 64Mi
+          containerSecurityContext:
+            allowPrivilegeEscalation: false
+          config:
+            rwoPvcScheduling: "True"
+            tensorboard:
+              image:
+                repository: tensorflow/tensorflow
+                registryOverwrite:
+                tag: "2.5.1"
+        kubeRbacProxy:
+          image:
+            repository: kubebuilder/kube-rbac-proxy
+            tag: v0.8.0
+            registryOverwrite: gcr.io
+            pullPolicyOverwrite:
+          service:
+            create: true
+            annotations:
+            type: ClusterIP
+            port: 8443
+            targetPort: 8443
+          resources:
+            {}
+            # limits:
+            #   cpu: 500m
+            #   memory: 128Mi
+            # requests:
+            #   cpu: 5m
+            #   memory: 64Mi
+          containerSecurityContext:
+        autoscaling:
+          # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+          enabled:
+          minReplicas:
+          maxReplicas:
+          targetCPUUtilizationPercentage:
+          targetMemoryUtilizationPercentage:
+        podDisruptionBudget: {}
+        rbac:
+          create: true
+        serviceAccount:
+          create: true
+          name:
+          annotations:
+        nodeSelector:
+        tolerations:
+        affinity:
+        topologySpreadConstraints:
+        terminationGracePeriodSeconds: 10
+        securityContext:
+          runAsNonRoot: true
+          runAsUser: 999
+      tensorboardsWebApp:
+        enabled: true
+        image:
+          repository: kubeflownotebookswg/tensorboards-web-app
+          tag: v1.9.2
+          registryOverwrite:
+          pullPolicyOverwrite:
+        resources:
+          {}
+        service:
+          create: true
+          annotations:
+          type: ClusterIP
+          port: 80
+          targetPort: 5000
+        autoscaling:
+          # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+          enabled:
+          minReplicas:
+          maxReplicas:
+          targetCPUUtilizationPercentage:
+          targetMemoryUtilizationPercentage:
+        podDisruptionBudget: {}
+        rbac:
+          create: true
+        serviceAccount:
+          create: true
+          name:
+          annotations:
+        nodeSelector:
+        tolerations:
+        affinity:
+        topologySpreadConstraints:
+        containerSecurityContext:
+        config:
+          urlPrefix: /tensorboards
+          secureCookies: true
+
+    trainingOperator:
+      enabled: true
+      image:
+        repository: kubeflow/training-operator
+        tag: v1-04f9f13
+        registryOverwrite:
+        pullPolicyOverwrite:
+      resources:
+        {}
+      service:
+        create: true
+        annotations:
+        type: ClusterIP
+        webhookServer:
+          port: 443
+          targetPort: 9443
+        monitoring:
+          port: 8080
+          targetPort: 8080
+      autoscaling:
+        # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+        enabled:
+        minReplicas:
+        maxReplicas:
+        targetCPUUtilizationPercentage:
+        targetMemoryUtilizationPercentage:
+      podDisruptionBudget: {}
+      rbac:
+        create: true
+      serviceAccount:
+        create: true
+        name:
+        annotations:
+      nodeSelector:
+      tolerations:
+      affinity:
+      topologySpreadConstraints:
+      terminationGracePeriodSeconds: 10
+      containerSecurityContext:
+        allowPrivilegeEscalation: false
+
+    modelRegistry:
+      enabled: true
+      rest:
+        image:
+          repository: kubeflow/model-registry
+          tag: v0.2.9
+          pullPolicy: IfNotPresent
+        resources:
+          {}
+          # limits:
+          #   cpu: 100m
+          #   memory: 128Mi
+          # requests:
+          #   cpu: 100m
+          #   memory: 128Mi
+
+        containerSecurityContext:
+      grpc:
+        image:
+          registry: gcr.io
+          repository: tfx-oss-public/ml_metadata_store_server
+          tag: 1.14.0
+          pullPolicy: IfNotPresent
+        resources:
+          {}
+          # limits:
+          #   cpu: 100m
+          #   memory: 128Mi
+          # requests:
+          #   cpu: 100m
+          #   memory: 128Mi
+        containerSecurityContext:
+      service:
+        annotations:
+        type: ClusterIP
+        restPort: 8080
+        grpcPort: 9090
+      autoscaling:
+        # If autoscaling is disabled, replica count for a component is equal to minReplicas.
+        enabled:
+        minReplicas:
+        maxReplicas:
+        targetCPUUtilizationPercentage:
+        targetMemoryUtilizationPercentage:
+      podDisruptionBudget: {}
+      podAnnotations:
+        # If Database in use is MySQL running incluster and MySQL has Istio Sidecar
+        # Disabled, the connection to MySQL Server must also run without sidecar.
+        # Related resources:
+        # https://istio.io/latest/about/faq/#mysql-with-mtls
+        # https://github.com/istio/istio/issues/10062
+        traffic.sidecar.istio.io/excludeOutboundPorts: "3306"
+      serviceAccount:
+        create: true
+        name:
+        annotations:
+      nodeSelector:
+      tolerations:
+      affinity:
+      topologySpreadConstraints:
+      config:
+        rest:
+          urlPrefix: /api/model_registry/
+        grpc:
+          urlPrefix: /ml_metadata.MetadataStoreService/
+        db:
+          existingSecretName:
+          user:
+            value: root
+            secretKeyRef:
+              name:
+              key: username
+          password:
+            value: mysql1234
+            secretKeyRef:
+              name:
+              key: password
+          host:
+            value: pipelines-db
+            secretKeyRef:
+              name:
+              key: host
+          port:
+            value: 3306
+            secretKeyRef:
+              name:
+              key: port
+          dbName:
+            value: metadb
+            secretKeyRef:
+              name:
+              key: dbName
+
+    networkPolicies:
+      enabled: true
+
+    # if cert manager is not enabled, we have to use cache-deployer.
+    # We currently don't support deployments without cert-manager.
+    certManagerIntegration:
+      enabled: true
+
+    istioIntegration:
+      enabled: true
+      envoyExtAuthzHttpExtensionProviderName: oauth2-proxy
+      rootNamespace: istio-system
+      ingressGatewayNamespace: istio-system
+      # Required for KF Profiles Controller to configure
+      # correct AuthorizationPolicy principal.
+      ingressGatewayServiceAccountName: istio-gateway
+      # one of ['ingressgateway', 'granular']
+      # * 'ingressgateway' will deploy one AuthorizationPolicy in the namespace where
+      #    istio ingress gateway Pod is being deployed.
+      # * 'granular' will deploy multiple AuthorizationPolicies with CUSTOM action using auth provider,
+      #   each for component that requires user id. This is an alternative way of setting authentication
+      #   with istio. 'granular' is more secure but more complex.
+      #   NOTE: this is ultimately not supported and should be cleaned up.
+      authorizationMode: ingressgateway
+      m2m:
+        enabled: true
+        userClaim: sub
+        groupsClaim: groups
+        issuer: https://kubernetes.default.svc.cluster.local
+      userAuth:
+        userClaim: email
+        issuer: http://dex.auth.svc.cluster.local:5556/dex
+      gateway:
+        name: kubeflow-gateway
+        selector:
+          istio: gateway
+        # TODO: check if this is used
+        servers:
+          - hosts:
+              - "*"
+            port:
+              number: 80
+              name: http
+              protocol: HTTP
+      kubeflowJwksProxy:
+        enabled: true
+
+    # Both .Values.dexIntegration.enabled and .Values.istioIntegration.enabled has
+    # to be set to a boolean 'true' in order to create required dex integration
+    # resources.
+
+    # Automatically creates Istio VirtualService or Ingress objects.
+    dexIntegration:
+      enabled: true
+      svc:
+        name: dex
+        port: 5556
+        namespace: auth
+
+      # one of: 'internal', 'external'
+      # * internal - the in-kubernetes svc address will be used as the dex IdP
+      #              Issuer address.
+      #   example: dex.dex.svc.cluster.local
+      # * external - the .Values.dexIntegration.host will be used as the dex IdP
+      #              Issuer address.
+      #   example: dex.example.com
+      # Currently only 'internal' is supported.
+      integrationType: internal
+
+      # One of: 'istio', 'ingress'.
+      # Currently only 'istio' is supported.
+      integrationMode: istio
+
+      # 'host' must be set if .Values.dexIntegration.integrationType: external
+      host:
+
+      # If .Values.dexIntegration.integrationType: internal, dex IdP will be
+      # available under this relative URL Prefix.
+      urlPrefix: /dex
+
+      integrationModeConfig:
+        istio:
+        ingress:
+          class:
+          annotations:
+
+    # Automatically creates Istio VirtualService.
+    oauth2ProxyIntegration:
+      enabled: true
+      urlPrefix: /oauth2
+      host: "*"
+      svc:
+        name: oauth2-proxy
+        port: 80
+        namespace: oauth2-proxy
+
+    knativeIntegration:
+      enabled: true
+      knativeServing:
+        enabled: true
+        name: knative-serving
+        namespace: knative-serving
+        # Whatever is under .knativeIntegration.knativeServing.operatorSpec will be
+        # put directly to the KnativeServing CRD under .spec.
+        operatorSpec:
+          version: "1.18"
+          ingress:
+            istio:
+              enabled: true
+              knative-ingress-gateway:
+                selector:
+                  istio: gateway
+                servers:
+                  - port:
+                      number: 80
+                      name: http
+                      protocol: HTTP
+                    hosts:
+                    - "*"
+              knative-local-gateway:
+                selector:
+                  istio: gateway
+                servers:
+                  - port:
+                      number: 80
+                      name: http
+                      protocol: HTTP
+                    hosts:
+                    - "*"
+          config:
+            # Note: The configuration options may be copied out of
+            # the example blocks, found in each of the supported KNative ConfigMaps.
+            # For more information, visit official knative operator documentation:
+            # https://knative.dev/docs/install/operator/configuring-with-operator/
+            istio:
+              #gateway.knative-serving.knative-ingress-gateway: "istio-gateway.istio-system.svc.cluster.local"
+              #local-gateway.knative-serving.knative-local-gateway: "cluster-local-gateway.istio-system.svc.cluster.local"
+              external-gateways: |
+                - name: knative-ingress-gateway
+                  namespace: knative-serving
+                  service: istio-gateway.istio-system.svc.cluster.local
+              local-gateways: |
+                - name: knative-local-gateway
+                  namespace: knative-serving
+                  service: knative-local-gateway.istio-system.svc.cluster.local
+            domain: {}
+              # example.com: ""
+
+      # Eventing config
+      knativeEventing:
+        enabled: false
+        name: knative-eventing
+        namespace: knative-eventing
+        # Whatever is under .knativeIntegration.knativeEventing.operatorSpec will be
+        # put directly to the KnativeEventing CRD under .spec.
+        operatorSpec:
+          version: 1.10.2
diff --git a/packs/kubeflow-crds-1.9.1/README.md b/packs/kubeflow-crds-1.9.1/README.md
new file mode 100644
index 00000000..43ddfea8
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/README.md
@@ -0,0 +1,10 @@
+# Description
+
+# Kubernetes versions supported:
+
+# Constraints:
+
+# Cloud types supported:
+
+# References:
+  - 
\ No newline at end of file
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds-0.4.1.tgz b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds-0.4.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..18782fcaa4e6cb6095dd2cc175594280932ce977
GIT binary patch
literal 362188
zcmb@tWl$tR(}0OA?y$h(Ebi{k;?Cmku7kU~yX)fa?(WXAxVyW{+`RAi-CbPVkNa~S
zQ#I3-72Vktl{HyUW)nrheh2%{0i*__HI!6hGM1F%koDkZH)2&|GEru?)Kcc=P*79j
zkW;s@GPE=CQ2A}oFKKFH3wGgS?X=O7Xd!T}Ue{%QzLv$?aG*ZZVMTjLy2@QM6j5`?
zMda9^jT({BA1T5FRwl9c@vKdD+`k(y$_X25R&<4OJVc5*>svVQlc9U#KvygAC-Px2
ziCX#SCUttRmTzDlbW~z9Mgj$Scq)Lv`TJuDeS%&-&)1KW!zlaM-q*8}msd{4Tt7_w
z*KAQdlQpKtrQg@}XHn}I2IVhPDOfBX1Ume@29_Nk$G5wFgoH$*I$_d9B`>FPHwuKa
zflLxf26U=7pZGq3NpYob1|y<I>5^>=wJ74k17;tO4dcS7CN#bTvN2MR=cNji1G0@#
zgNie`dNka|5nW%i*a~ScT*eVUoNOP2SEq3c2-DY-dyzFVM@URwH;`+v76o{`9o)SE
z%kLeGb@D)Ux|z18X)wA6zmL6FhnO#YK3-4ZhhC(Y)}2L_lRy=hiC=_uT&c@EZ7G@t
zCaAadlI{Th!$=sj3CQWC6xep;8ZmqrY(CTo4!T&6@8LsZL4F8BT#`j_Y@Dw!QeT3t
zrsuM0K2^|3`+G3M#xrb!=?dZ}1{3?v*~71W<3_LvvT7fpr~cEgibKk|qI_`nL8CmK
zRDM2=?sfP_E;lFh!nd<|HEl{HG=4bd4qdnV!tyY+D1inP=*$>?HzzIzDkCV!8f+Lm
z=FGh}QRT^L9;CT-QSM7*38DIu9_5@stZ#p0qZ1vbRKJ#qVcS`VGzKW5h-mVnHLE;s
z_aCk5Qn4N#7AkL~Z>($NtswtVWYKVAF)yD_Tg5PBpkc=^{pH1`juRWebNdyhOlZm+
z=bLcGA~;>b5NOZ?kI5cu;9gMN5nuJe>*y=aoDgnur#ykl+F*F<CYP=q=<;R%LKl;<
z`*sRE_&&CDCWtI|MuS230X(e4X8*iioxhzV-2<-s3j)30h+ypPl~P4zwz>=^p-B1p
zUgApqK3#5(^9n<l+?)C`FfdOCKY}FsEtY~!>*0`PWcEh8S_fx~)qWo~_orn~Br>@_
zcD*Pt^UjVKJ7DnP^1~nb+>%WI@AK35BKD?k{OKje+MjK2yhe<evG^uj`i<_wV0v#F
zt_!-yCC0D|f)EHBbiP?~?}rfohU4r?_UYHS;aUJ!<_jN|{XuxRH+!&mayx8WPf#kD
zdu;2(T%=4Wz|H3_s25(-kd%GOlyK5+K;w&HMoq(-Gs}vt^LlXHc)7J160LPv_k)qM
ziJ=b*Z~4t_tYp-4b#^-vs_TpKrM%{-Z6mTFX)x|kAZ453sQro5(Xkvo0tY7UOBeJJ
ztawyKh99jz0_qHQO(YyOv2b$U?bF4&#FCm;rt99UxHgF`F17z#R^B|j>pc$DydhWQ
zi*b59onMX%lmOntD#$u=BuR10*=Cu|Kh@c2%ezhNul~supjW%$dAXkzA~Vbuqo?Jg
zJD&SjcA<Zt9wuHvbhMAJ2C(e;;*?ou1LDan4o;Gz5y8JYTY`VRnh#Ry2X3=ky4wnJ
zcx7PHXtH&*(erBUEP0f_xLzI`A(h2cGkX8!s$77!+Z;+1!{?|iQ_M?>udOYW4!4fd
z%y@82od~9+7+XIZ3<^r3mZ9JV(!T6*$qZ~fFuZ2%?R)<emd9|w51x#3vYKBVJ_{?l
znC{>;z0dT2UB5#SoXJR%B=N<-hn864h}h*Ud0XCZA>?Sue{Z9ZHnZf;8O}o~&Scvg
z^6qZ0Lp4SVoHy#Zp&55cnC<eQg<35M5noRQ&ti64?Gf!Ak*fX^cJ8XmD}1f{sJ$Z2
zF}v!)*hw+hRllUb^Yk=YT+g3cK`b}iJf&hch_`Cc-^+OU>^SghFMNs#?`Z8{xp0j2
zW+V4b4TDz9$M-UNsbtOMl;yjNIoD7bRMFrJP<(-;*f_|{m`bEFkcy}AK)crj&`+t5
znF=P%8J0K+^BqPKvAz7bH#-EvR<qXR^>}~XU7zz<ixpBIH;m9t=6$^(<fCBA;U(`)
zUvZ39WgC8d&b{?6eQ9g!Y{EdW!qY!(-xuzuvA<srH`@37e7DD|W4PO<o8e3+0uVEP
zai*OSXLJV;V9VYUEe}2an$+bWm?qFcillK)&h#-cd^9~D4N<1TTKf*XZF{YZg(483
z7U1J^-{ZTEq?zZwja-}W+xt^!nIPMcUVd~hY07r2#E(o8!#cco28LNl!D*Gh-X*X+
zNZC)iX{^<bv%yj>GF4SE$?FaAW#izi(9wLUwm{1c$95^qo?qc$-u%~U4bvGRaX7c#
z*gi=5z(T12^Yp9oLg0AeT4zPd@YI^gktKrQ<#Hpao8&sgbN*ig$5JPj_&05s>@Rg4
z7=oHBwXPFCMtwf7o<G3uqL;YpJ|3qx0l{qp7t(MgAV++m?k8<#teV{Jf{$_hZc}gU
z<4$vL%nbC>7l-&hC$+lK2!_*EIZVykBUhp-rFkswPxmj$&AP&EH#;p7!0qLm5uOoo
zQ*jJ~Ge-u%HdwYp!E32z6sv~k)^*MH{@QD;($^=)^?t9_YfT&u%Z<o+zG!p=bK8q|
zD-`aTf3-kHKdhr(OYj&Dt%=Fl-uN#s+tWmQ)w%$eAFqW!Qp9$Y;8iYryUhAZMA^*0
zvy!4J?aI)~;PQ2nFB<nI#YGMD)#fHs{jmNte_*atSF~WJwWSkjn=OP3`BjbTU3Fm8
zXIRX)#udNW*q-uHKYm_MvD;p4@aw0%;gi9Mmp{|I@p8x7j@y0?msEvBH3lP+`?(}5
zG;YgK6z!4MtUCw5y8y@u7@GtjV{C4B#W*l+v^F>4V;j2aK8*<b_`Cv=jYP6jy3Xe6
z0KpF5hAX7Mful>It$tAWb0CJ)RRWq$;M9YzrXJiMhtx+RhM#8yRwHfgiu;VmI}3MC
ztb~cb$>D)lMMnJ|M{)6N2OCzd8HdzO!C`ZlzL})H(Q2IwO^~oebs3dWd0EsmGBloc
zaiB<CgQA(QP{O0u<;r7O3$DMVPZenIZn|LwyYc{3pFO+n-NsM&>Lsw)A2-ia2%H@T
zf98bB1Qc&lXtZ2eVz9+@AnoUSHTzTrm*h?!TRo;!BS1fUP%d!`X2w09^v(YDifXLE
z;hbb&F1H(}vc_FQZ|!~=SeAZYw|o-g!n2XneQw#X=>%im<pDs~K)W^QRB0}=6^0pa
zyEsBCIKS@D3v5sr1Ga)NSJ>J+*<pCioWsyyYu*GYp!*7dM7^F*1tma1kSj#->4!Hb
zo^F>Z(6@L^^4$8Tr4SOF;|ZR&z)caqP~J3-EdLXcKOFz2`)!2M?ZjvB7HF!~Iv9g*
zM}Xe%3G`Bl1A0F0L3IPS;Hwq~SNFVw?uTEYqaej2f*C|DvC$jdn_d7-A6K4V1Udj`
zB!O(I0D7Ej;OUv0Vz20O-=<zfz|71NC%8WB0_*%zeW5-?$CqpEH!yu0BeVf%gEjeO
zlPg7_rku5q%<4=is+Bq=@^vmr%OD=2xU+dmowXjGbiwd?-5J83Em*XU(^lu1-{2Z>
zw#VZ!@}bvO2#>#w+KZsoGm3*@!39qmZ|!S)g|<p`L-;ieL-d{0^}_rlU^VCx7^Cns
z_oYu^4kHPH0QCE6&;#zSg1o{Apgq*u$?hP^q#xHrAZBPE;+NQ5Sfq~VkX4f{Y*b0}
zWBrBtr|o!wKGKTqxN#6drud0{OY8K%RULhom33KrJ<1`zZ7%1wCaZk;s;7EfADGAZ
zfT<y#B!H3^%~+ct{2YN@89@;LiC$%d&1B!!k6Qyqk+OuhZSiU1aMHdKAVIgM+A>hD
zyWqoKI{?>bW_FqVs1;n0M+f45MBbqXi4>{q#f5%S_<H@qPNUi0iBCqw@>RHY5%BNL
zCTW<)C+oBQ%zHEHLh)5=cAbWC{S>Y2+7{U-?Mx4E-spQh^v8-YKVqZOdPL{BL{_7P
z9NNZK>Q?Bcao?$5N<maOA}Yt{b(a0vb+29zAH}CVZQYEIK=sVBDwK_If-8I7T|g4W
z3d;^)E#D=?J*KXBlD!(WthmX!`Hx7mx85T2t|Jbc-RSDG06;wiqr>n=abvN9#4twP
z&J*ONIDHn+!ZfM@kHsY7l_E;@jD?V(CZ+kEkXC2u)79AsgyNd!xLrnc-l+J}%+Ig!
zt8un2R>x)F4w}%vm%Oyc5B=FZK`*JdZI1jL4xJQ%_>yA^>DI!<KcoS;u1JhHZc6wh
zv*xvA=m%`wuuuRU#X*UncfI%z{r}71TTuASv)Aid3kQ09W#9GMKv}g3g4Sh+J}zp-
z(OBf)O!hp9_bspiibSSD<#Rp6FnGONtNCsMc!kqS^SY!asgb~x@Q)2S(zaCC`dKV%
ze@^EU4Z@+88RW&z!y)Dc7vmeeN$RZ!z9Bq6bNBsMSo^M=o#{;igNXvFqs=glmQ%NQ
zQ=%>8M$0uHl%|Wt<v(@|?vpTH)<y88sY&#Bk9=zl7=GsKZ1-DX+OB7p&Ya6#oBQm>
zG7;4dy&~+!_Q#reR@;Sa#`>jgJ!6-IJJSchq;1Rnxa|L4Qyu5HgPh8YXa2t)r9JX3
zhSR>W*e1DPoAi%{*9*rBHp36XH@Xi!ed?<|Ggq<cZ-`ou25VYd*EeY#z}W_)my-@U
zoG&(&`Ca;~U1>kexl^FW)86XjzURm2?Je4&-zxm~+%V?05uZtdzY`J6dJD?2iean?
z;TbQ5MFsN~&V5R^8I@g=%iuClz07>$z+x0eU=2!$x2KCYfI9KS1(0Y-YEIOingRc6
zDZeoQn}I*oW{Adm@hFU12igW43Z5^Ah?u#YvS;2LFzHW=QS60R7TgcdsY`_U3G(s4
zO52f`+(}KfaoD8xAScqrq6D_fQhV7x&)QtfNy~e~p(lv)G51G#KML=PdJ!}^F2~fU
z?Lt6l|D#5^Km9&{zNoO|p)zCCQ{`AVYvMdHN*6V~K>g%%i6TgcZ)!RPZg$g572*gj
zTnAgz=d6M-M%B6SNA~rc7${dtcQ7xEI)&1%v2W3Hsy<35UwYAo&!2sVL)%IWYci3<
zX?`szD5(F=4LfDK<x*})=huaE*r)=>sS~F(%&xBPolKq<(Iqc#+`li`%fR=3sQ8*!
zc!nZQ!?Am>FWrxBtp_VyfKm|0Ul6A<o=i)M)v5XmDuA|^p-c*oJW=WpWf)5YSFOHd
zt4+L6xK1bplTD!|y00u@Y>lX}jF<*1ui15u`E*7K>$6fy#Bbmx<D5yB+Etr~oYj${
zaVXo#h5XkS1>(J*PhuM1Dt^hu@vn*W#-gX?4I6_;3_PO=v}MEfzqq{n<CsQjmnVw9
zgfV0M>Z_>2Ds{lmo*#M1&29NtjtG-&eCa5NG~W1oKgUKdkqkEv0ps?acwqlp{A(`7
z+$a_ke;E>R?7Luo2l8V?auUD7i@&-$e{=^Os4H3^<jR-ET(-y|)zuC^%%o>{o}snW
zPX2zss>!q#zvjDgtl?))xcN2axqc$414o}yEttCT^|w7Tf2Ge+BjJa@F8m5E(>SqY
z2D1)%Z4l7+qqep;I@kOC<+fI$5cqL<J__Wa``Q--H62Xu5$Owh+<`>felJ&xtLxiC
zNsPS|s}~I)%W0#%cdfnPydHN4>%E#3EhR}&L(xUJDYO+-TefvVN!28;Msqz}H6CSc
zKMD2E0p{*q#Zt?3($ih4f2>X$b^q**t2Qd_R*}-XL?a&r5$7WP7LtSzMum0MKw($)
zrnAd#?o2cynv3Nws7$Yi6P(<8=~`imPGHNoyY5IAO-~9r+i{|vJ}N9$o|EpxR{2%Q
z+*S?8w&tDRZwN8ZFyIeSwMa7b{MVEq6%6x*N(OD+1#FQ@T8OFuT(J{y_M^g5g}3z_
zk6frJ7Tu;p!o@i%Rs&+_A04<`51_M=$MnY1-&Qefi@6lMUb<2lEC+7n7d^Ne2bFa*
zkJrsD82vK3(33SB7p?0j-pzsAN&)?!G+k|oza8|3On2Zbol7|WWiVFnsX|KDh4(pW
zT0)$8wyxEwZ0_Iv3D=4fJ?6!J{^Ka=1&fY_RS7Qqi4PTUvS6F0-q}zyWL3y0?(P15
z5ugD-xwY!o@PLp#t`S_Vv$m!{H^SG2wEr(dNS-rgEgP>S8fBZdw|rZ(^BHrc`kqGP
zhYDuA<9I0IV=7oV6FbFctec&O|3*dm-+x~a7kl>}UrCK+^ZSi(;jDe9Ea1}Dus7!T
zefap@;{NBv0lIs&ob)BJeLnGyxcPwII#D4C2CIFg)#(f@FpjAkGn_T5bKCpx{W8QV
zqEm>GzJ*4!J`Ow>CC4mX8<2X>V9b{ciV%P4R6jPxl2sCCj*1dj-YHUw5G2XVpQHi{
z2qei*p_QbL0D`LM)=3&Vx53svB?n@Re$jIJ0bw4258v~>MTx<q1qTD8GQwGh1?4c8
zm2un{%;=V)Ga#Dt1RIfUNc|(EyR#vJ1OKpw%?hOVuAyrq!!^f~olJpyQaRuM<im+x
zf$heSROa$=s<Y+{j^$q2q>-!*K1+u6L9dYc^&ok3B;-DzJ39WHxW}aHaLlD}`;<If
z%4gPk%$F?nS1R2XN`4|Ge*RzBlI9P`>T98az@{7C-G}FFfmR8{(8>(SNb~Y-YOFg}
z7<|9S0>P39oV1Kp7F$iXvgP}!4|koylKy&J)1A$X6#N}{x@1B}PhY<ya#WJ*GltY1
z`YRsQg)v2~J+gv3G~oHp;<zU8_fK#sYuE*O@6RB5s|^OMwP-Us0^PfHHN;Rk`=$+@
zo4!L6b2{6PUk+Gsj*#CDpv#&`IfZ=a93iIyHo%;SIs2e5>NAAx{7dS`kreI4?EH`Z
z9YDMPu=5{oEck~b950B)I)8-%iz?Meqrc*S7qkl7wKY#^%O8&P0UvJ7Gtw;}ZjCWL
zC=2K0MS?MCuSJd+e5Q#%dCp2+BRWO-QH`vr16ZwD4DBw4)0|)srL#GKnz_Kdtb!qd
zC0Qb{^h|4n6rY^=o$r)nNSQ~2;~THJQ2qwy6HfO=9bqphZMhYZey(lnZax9Cf~cC>
zHNTDd`n$D+_q*{IRgyP-uG&rGQI7r0Cxg&Ek!a%PM{>&ntS)$Rk+JV^KzS9|L%zv7
zEr+wYn23IkX{ysNXJ`_$X%PQgU?m?d@KWfbBp1QLUM7ALK&!m%m}RmiyRN$a(u*QX
zTwWt3mo>}Gp(4B;g2l?SFS@kNqB02M?0m{>a)|xjeu{FAaR==-zR4%Q6t!oX&Y~&J
z$?D9iY%9UZ`dEKrW`^v{$_mqwvFgwN^sz84ySM@p+KX|rPFJ6r9T{#+Sztt{=~rwL
z(g*;lEthXDbX8`KA(u1d+|_ZVXk9s+ml?qmm{aXLvE0b_ZAKJ4YQCZ1P2gf0udo6j
z#@CfiD9J_~+3#b;Ma)BKQ7QoNC|>en9z^z|Do-UQ6BPfn6KwN7CwP%hr><P)S3_ET
zvYsEGD4JjRyA5COHm*^}Yl}O+j~}QsF|0Lg*!~kPORcUPm`mxw!gS(%zo59mVKod;
z)H!#pwWdS~0HDf@D5LgFcpPqQ5nz@8C_5qDe=1(hGtjPzhw5r7NKDE(EERPes~e1>
z&{Gi*2N7QIMCBZ40eZDuYgSt~ncJ|?P;fBiZ#cnevge>xxcZy-y)ptb;VId`Fy$?>
z_%Y@42jKL^!{8~Cg_IDSMt0&YX|nyV8Qaw1KFa~W%u7|c{vd-2L~?O@!*_MCY6<1k
zy{Dt(;vX)5lZ)FH;v2qSGn8Cfq#Ds=gIUYdM0DFLNp<+EBwFQ>QLP22B-#<Dm>@qZ
zlh<?n8Gt*NJJr=&jomt28ZB`1aLWImf>$?s?R%oDx481aP`eemb;#aY;^u*}uS*D0
z(Ox11Lro|IqYMzJO$6Q!P6wHUXHY#zpfoa$G>3QqP0T5T<hnQo`dVB8*;p$Hr;wAi
zBP1UpC+GoJ{0V#(#6vJne!RoLEA9rHfgbj<x(x8ESs(P2`k)?w%V>B?XU>fh5Bo9z
z1n69?>px=Z&8g(e6SEQltj(#Z06ViIAx>71nz{NN8J4(Nc4lYQAYnWE<`iFa77k6e
z!DT!=Wt*F52*w#m)lA;P0XP*d!%s$*qsV41rW}m=``h%e>d2JGCf>Ukt={Go+B%tn
z!&r?b*zhBxWkMb~$4L`{*{&=EUZReaW35)g3G-@#M^9Aa{ZcTW>Z~v=bFiJPZVgH7
zw1;T}X_I@c!(FZ3m<$e*4+*-#NheZOM#c{fzlIHgfFb3HWHgS;zFJ+Rgb${6{oIB3
z#oSH<#)^g?V@rufekPH5@II@@Ln2u6Vl1!3g<qqDa6Xouxe#s-_oL6<@3+A-X$9}U
z;4s_fv4t<)o4G<~pauQBw-K(lTy#7{Zf1zOQ@Jy`cXD!BhWQ^%1Phmn*0bm+_C4i)
zDwOW)f!DESz>;>_`?hG7P56@5t19X2=wZ|QQ$k78BfB7q*iCzfF0TxDbj?jc;N_eO
zll^{YYb_&u9qHv4%k2K$lnRCQwlniV-7YtOSBa^e!RqfdczrJ1{2R5EpLJ3%#Xo|y
zUo=tZUT2_?SvUdwNt(LQ$OtR~L3Vzb-oaJ}yvbWq6&`l9F{uKpJ6t8Aaw~BvD_hcJ
zXtp6r<K*;JfYo!m<rU93xou4Lnddgn^P?Kapa?VlDDo(wOTH!}ax1$TcbqI~qFvc#
zkY~fgWzdUaxm?GXSFwG>e}dg}KC-p+UW<3H@$ZJ~hGmeBH6J?8&SvhkHQCpWV0gw!
z^hV<XZMJlOQ+v|)Q^_#bV98SN5!Fr~$o_DpR{n^Lbf3LOHnWjQ-ew$5I-}73@4jID
zR(;BJ(eB1#RCYB%Zw&l_-%01nUhwY-_+eO0Y>>XE!k;T|OlOcD6km#0svoDn(T~kA
zr>Ke#(+DF4Kxv@T*kOtY!T<aj(K_=CD^+D_RpBp&>h+dMv$IKVtv@Ii*f&oHyCEB7
zpq`T8a$`X9P2&Q=|J0#E$l?xc{@aoch$R#JE>-PoXaX%fXb5A?E#$am5Wg&)Gt}Vn
z&ueM8ewOoBEuR~R$ud~s&2?^C`*Jn=fVaW>fS+jDbwBRK_vPhtbNU`aJ%02txOb7e
zUIR*k94SaKvkoX){wXTZSiwbEIEH(zm!E^1A#Dh++)L%$&7Ccrr2$Mf&b(KQzA0p1
znp!j(S`ADy_I|X9p!qB>7reWiag-X5_M~rnGf3Wk1>;D1EtGV2$&|XcLxdtz{}^TI
zy1*vHVIFKMRlM-f7X)tb3e0ufN!^O-BiOndz4er?Y-6)o9vtqpJkR{euDdTsxKAi;
z!0tg%)#&hV*5ag3(Q-dKlU^B6>JnY5IlA!v=1_v9{<%eULnd8(;x0<mXK5F<g|+hR
z*M8#)VcE;lnk$zuRA($gEU|AYBIoA{Z$QrPDt(eGT)LZFY|p~VkI9p)jz0idl~Ho6
zo15m_@I~N>Zf#maO<ElwTeszVJ$ZOk`YbTMihABNwaGuolrm9gr$6Ir%dPZxQamKX
zM=g71r%L8yt0k%sA5R;omQzG~ex9ODd`kK3Casm`A<=pRT_d6xbL0fzpK`W@^wAR|
zc}%qSfblX@raQjqic+>TY4Cb7X$o<3eI=d&d2sEi6G2Y4$Ap$w)4Zc9;~(~yA{Q4~
z=tAFPmetAsVgF&sfiORv`+F&l=aF~m9Dv{j-vF^u82@%q=Rj5$M)LSuQQN;eVq`-E
zGVn;<zsGN6QvfA(6z{I7X^XpP=a>IFMqgAH<^`jIzhLP(r~J;%kR8-aJ=vJKTerl}
z=${?J!zIdac*dVs7Y|LfEW#2)ZthpD5at^a{NOs^EJcmqmiuNNYYDL0v4wNV-QgeU
zz@NPVP}+yqJEI|wuYXo>_4d~=>EY)+P6fMXGhsC;O>#5@iO-9IJyfeW4XGN3yc5&#
z^OZ?4j7$=C2wZS7kC3;-eUso7NzPpSvHq6LBFIMoa7C+s+>;TBiW%sDb3C9*zj{$H
z+O2PMiPYH}c>&u@6>9e|{=|e46Aoe={n4lkYl=pAe#9DxnCNbFZ`G}r(|x$JdXMx=
zua5}x9{Oluf_!^w3_8^<zVI@Z{|)Q3A}#+9;*U0PjnlXiS#xR|*aR8OYZ$8E_!Z5s
zx^Tm!ZX$me-Hbf|;U+nzC$BeZkKu~;PW4aFkK%}&{Hv>$mB<@O>x_tOwl(q4Tb{kz
zPrpFNE6Qkk=A&>Cp`o#LHMzOf!+l~++wxzv<g0Ysd3{%4j+TrbwO0t#mCnPgUX-eR
zL%~{#{JVsfwz*&NBDK1=`M`K;q!8V}`c}O`^A{gs{N>%calY0lQp=%xt2$<#N6|dX
z_&B)1H{0}as~`VXocBjb@;NJXo~IRjz9uV-u|oOSyWCMZiOR>eF!?-HK1lx)OL!F&
z$w;pCcs$=(-bS9#^I(f>rt;$h1*i5xe%~zXF9AQSfIBRmJNp`XalbH6OU-gMe+zb-
zi0kkj{x8yZpERrA{~-Z7YW2FPzJMnuWnaMA+-}durQ6BEwAnblo|mJStlHRI0)k%8
zTUEe;M|DiR<=|g+iSE$~Mmq)KQ9Wj4!YH!n#&DQ8ELevE5+4nNenTpZLKA!^moXXI
zyWfBx-f%D1{e{^Jg#2*gpui-62{#6r=C{=UKpE<jqno?yH^s41^-&n|%N&!nvDMMn
z;wNe%?AkmNM@6}DP05FySwYB?k5t%qhN%7Qt^4w?$7NyEp_D0x;R-|k)Vve~c~SJ+
zp>K?LgxC=RGK{=NvBNNvmZyqGHn!BSg+at^S~r<Nn3KK)It2QF!Pw&uK+x;bs{X4s
zJG-zQaaod1o5~^%UB~R<i*OE<y<`J$iG@1Y0HATVJc!x*;o|)9)+(ZWX+HnzG5=5E
z*|WQJ7|fm`D=990ciM+h@q$UEtBv!W%uEN5Lk3$rLzj(=C|f3ZXSNq>dVo4l)p2wp
znbLk{%g@(W?_H$wK^wtX3X?I`<$no`7*&=Yp@mYKzJ1zB55=g?$zj!tYm8B#P?SmH
zuxz`FhXAnSpXC^0o}}t;S_$x|{X;*-4*kz~6o<OwKv#)B+F$23EW13E@jnlNlh|2z
zK)ghtc7PWJP#sq04k$bhj594zBitR4^l)z*yX`1fwxFkgYngOhqZQ>#&@__Nr?&X=
zZl{fXo3PUEKBcW>AS&otpa;gF(_N9iA=Iq_8FQ;Af&2EcadA>#_K;T@AB?D}qJH2g
zVh@6{zu%}woh7KX6eBpnwH}^OO^<#2IbQQ52N{dH{wiS8BNu0W%-)$tE6tGu<Me&+
zKTb5|z68C#_FlpdfE@YSU$wD#6_5v?pY$gE=Ro)cowMj531Cg$SEsKtY7=rpykA`4
zASJ<c<`KH1=@H%Wc)x`&9_2{??lB27&@guCe`sG2_Js);c?fv~TU8>tJA40pFlE>)
z3j+(9gbrp7V`vW#&&T`jZ=Z?k^N&7s4$Vto;;^Hs*}dR&DPy9}-{@Z)xU}4~?jF7r
z=V>Xzbw9!NVWiZU%+m+{axJPAk5^2wyK?F+A7W*yQzZ>^1U_A7>dO{)RbA(B&|oXJ
z)&}WMKo8g6k5Ja{L~v6(X3!Na_d=P`I1@YHoam1i5-;+>rz2~`kI)?`XXM=ik%}@L
zUFg|Rg5mxr0Yb5BiV#C*1KMoDX^56p3Cg%U5P>043V_yla0g@<?HH2<OatTg`bCfY
zI9TR34swoUwV*N>d~@y~;KZHiU<qX~ixzG`JG0T&*Nb$x(pL)dg{j^O-&+#_qp`09
z^50YXFqBEax7x@S>IyV!8BZVGI6*oT_a2|Z*RaW6tOWD^#k&*Ph{*b*Ec4q!*%zLY
zweOcBtorILoZricj<>%H4*$x!UiSSGw%93_-rp%NbX{7>uv4nB`8PP>%C+)WUAuWn
zTo<#rTx*|YE%_ocvYW#Pt5mr~B<e?_#=d$z%g&Pxnko<ZsnkMJ5v7zuV(v6wC$~`x
zy|Qu?sZC>@h0Ng5+OVx*DxOQk`k<Gbb->|O{La(b=#!!m7Oumv0(X>A0^pq2b!FXU
zY!H@%VMs}Wj+gF(F9FTZ_!41De>E|#U5Srp`mS+yo_@k8L3T?4z5V0$5($M>n>`x6
z&qJb)TVf((fEB;Zl-+?I@S`nd(`j1q5M;V1Nm&!kCx)}ax{*ZCHBhKQzD~m>e3}6=
z4HP!QLw(g$Mmw49Gq#-YXI|=SKSbThQFp-wDF!NiLsyX=gqC$=OZ+d)$lFW~2ado8
zma_Fv(esZE9l_;(<G~4*4)1xNT5uhuRpuPuAFJiHtz~?3E~;n-lS14XC1bA0OQ=u-
zL(7E<zu_=+Q)Qn*O|J^W(*jrAzD<K*PML>%3a!S<yZ(yzRC6$H;<7^gY-hO=h}7Mg
zS=~64-J!7#?73))o4RFctGs}F8_UZFc5NOi?$AX+P<niCn=I<nWq{&$Ez92`qQU+P
z=u>aE4<u}xmx(47)Ye->w{8ZjS0h8U4)GJK!UTUG(F${w<GKo)e8tO{(2%$5CF;6>
z?l}@QwR7H|`&QV|{X|?#0L>bjL#NW=SO)1KKrfU#E4T8L0;%_TTKo2ZeqUBC?6+ql
zhW=g&Sucoy`o8|n$S-xaW$3F<=9f|L;99-;xxwmB^AJ{5z`qUR7MML~Cgwmp@KY=R
z#+Yh%b^o|(45Xu~+rXf+D#rgyxl^q8|8%V@XWoQJ#Op#nfNlkA@8=BI*h!r|!Kwo@
z^6P;ie_BQ!`bxcFS|QqmaP9l-g8Ig0l##%iL4MRV<^KG?w7F|gkDB+YhJj#Wh$#WE
z6d<Ff5(LjxLZOxnwZ{(OlplsUu^PR!IB~h~&BO7~(sAqo$3JnGocOdo{$ud*Ltbhp
zghfvTA*v|nzudW5#q63_Wv2j^XM*SD_cOj^Nim%p&XgKsFS7d*La8e^6|5N69{rA-
zww4?oSFTk(o%W}jLScLMnWL{r?j?!xLnnRCty1v1)r)=LKC{H0v_)0QSmJsfsux-^
z5B@?%_iJ@fMjDH8o3tJb@bg7q-w%iX_33tBKTaI@y1pC-bkX=2_2YYe8c!P*?D4%j
z0Ev2mH=Cu6t-TSH`o3}vtER8DjB$R4_I{AAcL(FGej;*C^t0`fQ<4?G+t-@W)loI_
zFJcofjXXt^s*nEcg%)v3IkkSU^`R)jS*=XP-i6Pjxk8J&5Dxv*I9oDc8A>9KrNftm
zP(XH95-PB)c+uEEG_p>~PMSfugPQ0)NGThRmaFQ7-Rdl8ZKR8xHKF@e$p-n17sZTX
zKe)o9jEGgNl;t$|o$3N2D)*y=KF<%>1KFlt0pE!a7Mxn6Y`k#I#bq>N8da(k^p2v#
zNvl69$Q{MQU!7IAbS~c2^TWOEZGA7iCJjI=XY-k4WQokymO|V1{j|Vg?M7vQ>k48H
z8N%(^ztO2LYg+gFr0}0FH4@@`R=mihEGGW6-9!GJ!{F8GIvJ`kt6UmiI}>RdBfR)X
zNg9&!aC#vc61WBK_(+W`l=5&eccJudP&d~mh|H0_NJ<?L%46($WB%hwmP!@>wqGNb
zTM+9#C7MnBWm(adJMp8*;)0eB-%wtKXRO?aYmQ?JhvTnDC?b<0fGNH>AAn#OW`Kf0
z+Bo;^*uah0!#}ILzWD|U2G7{Ko{_2(!djV2(AIw){Rb~Zcli&(u!XvfCR)nri72&@
zM$D(!#z@g0{d>xUjoQ|$_n3&ZZOS#l(XM7ZJP0B+kI0rFpl(-6Msk}1ag}?6q|Tba
zL~3%EWAsz-T-d2r?`0IgywAeQI{?|oi}1Uu??)O@XRW&KiAF!m%_pL4jk^epOf9#*
zryqx8zV6l|1HDU~n_+pPcqsahIP6>INuzt77iUM%Ur@ULCVOxbD+*B9m%WAv!B(6#
zHJ0JEI;8-xNJNhU$N$HXnKjkbx11~LTl;*fkX@4<F{josn3u^#0$w%JSd1E2`#iBv
zQoD>@6K*_S%!UO!F=r;!SPWJ?UNsKZ>;m|q#*QdXR7TzVVxS(}JZjU?FH2<SmVIh$
zJ|^%7T8A1qBtkY^|12v)GwJkojEo<?#wl$-?1uI<^zx`3$c+Sc?On!<pk)$cd`Jlz
zl6Av1gyyj;PwFh}`JIGOsaGbG4PeaUyhB(e*yjv)ndnqmK8PE?6(y2f!)iPzqi_2r
zFLYrrFSo7%6wkOf;8p&^S*bGu;te%&s?#UqSjLz6=A`}p;U^ngt%O*81xYq!<wfG7
z4HkVKtK(;TLCDoguQgJ0x#@W`sT||nd=T(RFq8kEoE4%a%>pt0XH?X=?#qw<*c@yY
z?rYmKUF#k!DYDu}|74yFOV<MTAq-Lt@7#fHmjVSVCn{M_!H+|+2=AZE2Aklc^FcJ~
zL;&g_s+Cacq+(|b-99_ZXlIPgZ=k{r(-Bbvxhc9R$F?cj>LbQEKgT^M*VK9ns!Z30
z)K4gIxjMakF{<Urs@zxrUfm~Gr9(BVgPm2`?=Us&SpdllSf&&<=W9;pYUaKk;w*>%
z;jMOjo70OKWk2xr$|1*VpgnN{J)-Khe&*lmnrbnk{b@_?z~iHej6@2BHocZEv4QAe
z-@??<-aIqp3G)(hab;fVnSJ;5N`kmnfG!*$_q}97)01(bP8=_<v%>;p5#yQYUX@MN
zZ_PtAVaCg)M;!R{>jdtna{Mk(h#Ww?lnK1eDVQNwS67?;9=_gR%n6H0cCZJ_#*By&
zddK)ZCXm1&T(7?fX5Dr=1HQC{U`>D!EER`*twax^WC*mmyY~>AB@%U9t(OmX-aSp8
zZ8N%sTYAs|TY9houQ+XoQ(0`>7DDNO|FQJ&z=XT>kPW%?aPgLE<q6?$<*6h$D*(xF
zVHxXNEym8j9`N559=@)7T>rB25=ziDU?ke(Vql!(YgFnY;5j_-65u&fgrKtUe}}_!
zEFFnJWr5xJGkK*cA}?iId20Eqh$^8;iP?aI>iC%em7z6nNwIHzkOLRGzqp$UQ$W{;
zhg}J#f)XX5f*L}1J?p0}_Rs&0nhart^mJa%QS5I4Ee-Ba%3AOp6|YX;`|t`bPf3XQ
z2y#oa;#7*AU%OO<oqrjmcuP}BX6}DX>k!YekR4=mXCPDL0GT5Afq2k^+z~_jyp@n0
zn`7aU|Aqw?s2wCW%g@Z++*V{Bh0oWIP?np8iG|)NQCY+Q0}YWiP3N9^QD$z=zM|YL
z1*oI05a@1M%5n;EIiTwOSJ{6?qY7+O)UBx`>%`NmBf<`<BSP;y+pgf0BGay*vQD2<
z95hK0oiThs>SvuGtuXdDJ_jps&Wmh_UJJ`9lu&GB8%SgNO9h{WsQI6TbhyYq{_@!e
zUqY~jslZ-CRAF?+d;BGg(9FoZys|wMc*@|rQ|)dbp!FO5F9xf~4*5e<$fF)1SJ^0}
zr=RPB05z=fIPYsh7JkyZoAc9GlON@#4o=<h<Qdel*lDD#LG38za&Ei`*?{8XEIFuP
z<)7tc2`ve}BR%Awhx~q2Kq>tFILi%^)YzB5QG%7dQK|wjSm%OLk51flRX!UD{@YSD
zILKQI9-dj@r}Q}M3P^rm854#%l`hUHYf5TGD{oSUQ&}5F3n^<-wiQrWg9Af>ZFGY>
zRGcn<D}|C2Bg0Hk8NwpQO!#(+FDX_v9i}1*#z#E0MV>6es|C6%d6d6gc%s<ffJ8Am
z!_wRlr3P4OEa7pIe+IpTF3JtzX89&)Zak#YSoPrV!|I@wpIY;qk-$z)@mU^7Ll+*E
zPbZ|ZH**>5iZ4w_$3o4XpPX8dprsc1K-?O1jtQCrlG`R%iFnn}2jZlhTA&r$4BW90
z3M7WE_*(r$O7W=zdrRR`1$ysTfZ0he34()$sI#Pj)>jN9=SEfq+CYGQK!NVo%&iK1
zSOHZ{jKTjM4fr`ZX9;W2qSRWNb)uG^b<#ZZ-??x~(E<PNVl2uzKP|*L4^qD)V$1(?
zkJe4$#TkQtNbZ491y}^1Lz@quV@IGIBERh}gvqlWK;z5-sd}<e2%i%X?cUl-P*>KK
z<V1Ks=ZyK;4^0x_iqV8*op~Ewd{1dMHI@OZ-IGY*6m+Y|yANJH7fX+&18$ShwP!V<
zIr?K|un|`ZFbHddcxmFC-lz)A)uQ4cKx@ZpyGCaKqfB0eu4_d%l^lS7Zd8?&Zn>HD
zNtYMsJ36HXk90huFN~B2wtT1;GO#u_C<8MbRVjzEQrtk+n)8X@hFr=wVYJTATtsPM
zL59da5`RM576vi#^LQ{<Ruh8N<_{NKH06CSiTlG3m0D===vRGs3IRmBY;fZN)JR@B
zWW@QObg8hQY7612As_=j{e)rY^$%&smEEx+Gy$<0LdU*l=7{$Q#^7GyyM`;q!E4`3
z$gY4!I#Rj4i-i$UWuLo!ek@9|14<9~D1b135bOZLe=|I2^IIL{h$z-T+#Go(YW-ym
zT5$MJ#os|cP;gk3=4xfZ*fJ#qy5R<|V4#RGo7YlcVwOLYt&)@%@IJ4AIbRm%)$c+N
z$<zXZd){_Drn<|&@);VVBxf|1Lof|;VzDEbn8DFd#Yc3Q5kzjx67N94m4CE0Oax#w
zs6p=&*nK?wL1W13ya-)k1maIYqCWw@b1z&-m2oD=FFh)_qU22qVvGvz@5b<;M=k<K
zT^X5b7V*udf`@gXmT__0;$YQ>!e|O6oOr)E3c-~u6GJ_b6tK>#24_Q1)c1$Bfyuc4
zxt_m66`D>kOi5S8S^<j4YeV)vZ3Vb}XLWV*9j`^Z*uYf^VmdtPy7!7Jxb~b#%EOqB
zo-^)exG?KcH^24f<y}`%+g!CXCLcs#Z8b@$BR9kfo>kNgwY3pBX|Vp}Fk1`1A*x4Y
zoQ+Y@(<hE$KZqplYlusxCe2498XT!ID&PVz<C9}`33jvEj~hYstgyb5Du1Y)$mIRN
zY5>qAj>F)*N;FEI$ebwuavlW*aIU+z1I8|u`Uu~D4tj_F#OLy5jK%(Ya~yZwz0l9=
zzep$oGkE)RT4b0$w$O812%oA;5b^<WG+=4(LJm9WF$4w_-Z8Fac+ZdxPN-A&fDM|G
zY7WbwoLko8?bpI;0{f%;P&8R1=s35CTD1s%&*I1>f}HDUjH;!t7{>XADP^KRgIqQ#
zvN*^uvF2489>#(bH4bAYcOT4M?~#F6Mj}w93XNswb$OBl{@n2`EgNaYhY?(T9k2Ul
zH@k)UfLxfVYS1;l4k05|UUwTEY{s$aX2K@9?XE@&k-`rH=eF^J1k2O&3-#O4oIpM2
z2$e&E3$%5u0d_4Ls(d8GqECV$S#6SaNdc$1+A+rX7yOPX5cJvr#6tV|5AHe@?<46T
zeL;r4Q%{#3x|hKLy~1{rUd<Vla^HNVH9o~|>y(7A&D3}=O=jezx!P|MAF)FzbLn#t
zU|I8p-&(r}&$kP(TMHF7IQnHG3(>KtItxFnn7emZF#l<Fc;UfrFy|E?Vcpc=9{xH`
z7(;Du{<Ecf3j-9M`bH&#nx41Q4x8zA!8Up_PPr4FD*qZy+xZ#Y-?Wg*{eMP`%;Gm@
zS?x525C?HWVWA7rEF*RQf~gfzPue0RU-=_*Ise0{6At4(pmdDIlC{%PF(mU}d{gh&
zob?w+bjLx=ds_5h>I!GXk0*&xB+7Sm=gDAFMHHpJ3l5$Zk~|3v-a$841&9f`pElC8
zb)qbL_Gg6)E3h)3nA1Ra)_hb4NhC1?hL6BBwW{HR&4SGaeM<uDD=T&;taP_@RQrWJ
zP&{Q@zx{Rb!SwvuJLyFq7i7HcpxS?%EPcXl&)H}V&OoCAcLNA~tW~`3uh^lB*l>e=
zHLHU69nwJASfP<%SE`32qgGw_A0ubDYd5ON^F(S6QT^#gm}aC?+C?v1xR2i_H>y^;
zf-D+3vfAzY%QQU`a6ic?c=cQK<FVP_G;}-UbfEm_5oaDk>K$OPkE{!@!!Sbk8{b3w
zJ_q>~7Zfgfc$fWY6nYwv8$A6EdOza&_GyP8>-(y2(_AR!$g|hdJCKAY23k0}(~nV$
zVG1u54iqn1pw)#}b$3Vg`nL6<V#TbutPX+O!!>rExwO_rV4H0@n6llP!xy2nniEwn
zpvrW;QplNp<D_eso>O=EQ(>o(Q3(rz<Ga&C5PtkEV<>9X-~CvG%U1^}F4NPjDOrUO
z<U`ES8@{rh&L4YS4{`5A2E^=zRh1TGT*TPR@7F!WefYdvl-#^mQ*@^*pYmLaO67<_
zuU2mTmO`N>+D;Y;g9FtrYT0i&^?=*XOEz(C7mall?0p$BA!PV2>Ii*)yV|B|7M~k}
zBO5R(_`+9wpPvdHO`n3bB+lJu*dAfef5r7`rq?ZHixbAbUX2TQr?3-Hu55wDEXztr
zJ6+qICX~+%D3TQ>TO$GwTRl+XqG`x)xIeNTif4%fv?XJezboWP(vEUf>Vb>2QFhV-
zyt+CAeH~KTV7ecF=d?_)vrLdPz~8O_pk{6r?dBC<+I&Z+M~f`VQJ@(SbUxvm!@{S~
zXxn=E5c9VBXWNA1l2K?+2)s_yp$FCxH}*L<6Gf}?CAcW0etv5!&D0Rq|8<_=YXsG8
zIZaJI43D1|oILkzIOfU7&tX_g7?Hg5S}qA^cS@%QDD}q9xiEs_U#aO7?>t{CA2c}p
zgtY{igbV~!&B+ndIy=?TYy3GMrV|{OiLDF3$G9*}*cn$tmxKcEm4d2Z+vPEU$K;sC
zp8a{#)o*F8qh$T33^yif3<cU<>GnVIqf71}CJn)WqvMqXJe*<5Us>RRN=OPC>YKWw
zb}&?ab#18~gEy;pi2kkWJ$3rJ?%mC}G<tR;6p(+7_gX`6PCK{x>4->+uVJYo<*luI
zP}ue00~=fJbm7Fq=#H-a)*wUKKrtj%AO!1wV@Ns*^v%lzFvJBmcF1JX)%&e*o#BQw
zY>tqVY_LJe2HDR(9N+T(vxfwh>p5g#K<@@R(X_T`7xZ+S)~j#5kdGm>xBiys{2kz5
zfzmILe<tGeqe5}c-&Ay0r!<*-!I}%WB~~v0>tfD?qjRZM`lX*7pziVCP?G&XLt3N`
z-GKHr^WWw#7(RE4xkZ2Q9gv|C;|hznP(VP(m?jBtvf@<#a>%rOn&EExsy{?oV@g`0
zD$WV~m66=;iEB}*+S`a`GS$Sbd>814ewp5-SWaU0G8X<%q@ln_V2yGZUAM}ZR%E8_
zA3@FU^XEv`O+ui>XV+;sT3!}1vgK<V!o0-22m2TGb?Yt)*pz)i2RVOE)<_4&CTv9m
znWc-+dPoe1EDmA!X&u;~aA^K2*DsT{%!uITp1^uW^Y%1dBP3#!ml!6>9C6I4@W3B(
z#tE?en`<~4aD;y)IOl^p=8P6BH(%CwFG<?vd>H_fA-`%enE1<lDCM{0gsCp;*5mkM
z#Kv&dR$>?~Ef&0W3L{zSU&G*gYd#%p6J3$a_eb|WomC>Fb7&Wr^c$jLw2+*B;(oj?
z_y3af1_gl{xpErz?<xTk=93d5EQjM+jn8>`d9|M#p(3`k_*yfbjcXDhCLJhg+p#0=
zQ0N-WS*@Dg5mD6bpP198VKIa$ct{s1Hc%}rQU~@E*2{QbCpaA$25Ra=)?{c~<2~?M
zz2(5T=6jrc<Hv=Qb5w%{S<-WoD1)D`*We&xDhtX*>F}G(M26A8q)y<<o5{Xg_@qnR
zgiGZ3C7Rh;u1D`^ehtoZPUGb>yryfEx=YN?@aQ#<**~}FZI{)Uz_&<qSy6Wc;sHos
z*<kfg#74Z6fSUGn*?t9Moh#P*){HhS7+PJ3zg;>E`P5dVyT?r$*^C58qaTjV_uhJ_
zrx@yrZ{qb3N=s)#=z|bs%p3tK&FsVj=U^mVM~tpnH~2*Q!cNn_I6a!mF~J@Q`u+wW
zDdX@P*soaKzFwh}n-7Crv||;tM!Yf-3UpBUpsfgx@c&=5EQ4j3Fr-B<RD}sQq_wM$
zW-Zp&Q~&ReE=KJ8uH%<@2}^3y`nAK<oMEU2F23rqI480kQ^mS9%H5hFlkv*<uVUIT
zp7`TMh=bRSU|W6eou$053I#^yxHa4d${97X`d%K?_eQY#UOD0?^H&?03zRN0vM1gu
z0<RY2R02meE@de5X(S^rVmmMl(v$x{W6l7brFGnFoh2?}br(uLS#|b$H3U>^F^GD#
z7xf`6v^x8$l>eY*P}eNnMS9}){&OKa075*TH^vx}-D|WRI0Et0v6rHe-=)xnJse8V
z=RCau%*L#?kPvAq4tJ8K(F`*=+GK2}a!9SxWy`a%7<-w&v6YdSCb1qV6O5<EpX_N3
z{^|_|xp+$TT#7K+Jn)(O*rMZKcPPvEyyOAc6Yfa#$>SQb0(B2wzELz9*CmJrn8Fg8
zZj3Us9e*)~%XE?92SBdT8pKvp@lsR3emT};AjR}Gcjja{!!hT<DuYsK&-wxmqZn5c
z>Hs``95=f9FXL)aP_lCHN|Zqc%w~1!>)7U$%>S=>%702cSUaW|+N9fdJ;~5n6RlKg
zS`sI)p%Icde>dpL+Dlf@(;mjNQCeQ5=0U%J(+JDCQDZ%v!16*C@Sqr3(>+=-;p|DF
zN?;+A1yI89Q4`Oz{U=o!y1rSFedMHT=Zm~n6p2P2`F|nuB)ZPlTg-5JSgYYh^Oz=0
zGdHJfzyL$t$+-R6-Rtu;ufJDuMcpL0ki{tvC|h?%PrwzNL7OiHcf)U|L-UpAYh3g1
zspV#HwI1i*<8a^L(l(Zab9XSLrO|obcNwSr{%W26-HIa~J9ipGd^d0ln1D{NzE$p>
z=_7{7!+b?QTD17r45Z<4x%Ax0n>)fA$AJsA70@1?T>(>&lZ70!9_jyMD-SMb>@bW`
z<MMl9vy=#<Lc%BlqFnGw>wx-fY*cnAV=u2H^1M7+IBKM4U=Zy{v^Xf6CKS?kKgUqh
zL!&PU5gG{@y5akGyPp@R7luYASeZNc7szBNfJV+1tezbMV;lM>C{uL<TlnKrB!D)A
zu|z&6=HR{}Zfch6VUecCd<CFoV9P-*0Tx6SCyZUK>AiXa4WZorlb|~zD`9Rp*1Yv|
z8rpRFGFg<YN2zZUqi5HO0^KZFwnv%nz?|RWY6$`OgTYM4%uK=^%-#HFB<7F(JLBia
z3IqaL4d|Y{fN@Ow6N6LsW0~t&Xt<`y&aL8N<R=EY|0L-`?B9|Im}%PR!Q{!$e9S^)
z)OCi&yB_Tdj@6Dl8vmKL7+IJn?`>B4ZueGr`122?3WM3m!VDv(c>*!#8v0nwKcoZk
zb9{riXnx1SX7KiTcw$c6B6}9M@fbA_!2nTZ5V>ds5iST2=o;M9<jKcJ$fh!8#&Gr1
znxp-R8~9I$YC2%XmG3YRhQi;Me1`o`e~>sNK>7d9)U86t9*oiWe`M-T8AvtM+ZTzX
zHXxuOP`w#p5@20cn=`<YKzU`LU+i2Y)B=vmpn2%<LyM(DiA+-cRg?}0z@vPn_txW-
zGTlgy-qi4rrTN3O111tV-+0McQCScx8!??;e^b0>!f2h&W(GORB6TWG`=Ls?-YX}N
z8l^V@KO%#i6!K41rMx(xj%T7!LeKahb9+UOsY;4GeoSb3mK<pGJ)y^dvzRzIbR!Uv
zuGHWEqB!oB>$aX=CW$y`CX832WSy4(9_McKEoxTzrBnVv$`(09>N>2qiz<Qf0Jn;F
zhs#s(@C=f{6cuWn$+RKat^i?$J|@AgAj{vbfcF@LV_fpHEIJ}U46mgY1dMq=O!<j}
zpd+G1HtPj`QxwwNZPvb^IU@K`9@?%Jd-F4Sh26_NEyW4g*KCG?OpO6vk{EjRNm0TM
zy@GART4Rzu{X#t(Q`+glgMn#0Nb5qpx+KIX!eq~^M*EGer&9KuoaB3&l3Ngr*zfxO
zx%>;=@npHa){)LY>q>2Y*<*lx*$e~p`m@J2=q2}^&v65lwxL=AiUI3#2C@HxvUiTJ
zBWT-zW7~Gp*tXlGvF$WTW7}raHfn4&wr$(CZGM|R&-?L@_xJsA=IqYQ?(EFDXV1=c
zU-z}FJeYH%U^eI`fhEI)@jP>UT7Gq4Rj_P7TbPo*+O14cN#95*CS`d`F}EqtH0~S?
z9sL2b=WDou$_fb5A@HXPG3-)!3(i)o07salOS&;=F6B|)oT(FA?g#H+%@JRo`PvcZ
z*2QQfSbp#r_=S;g4)!M_f7%tUI=x_4aymQ!f-(RgC>H<<-{BvKsDtJtrxQs6iQ@-6
zx~?QE527F|UwpV|mI=);I$2&@m~Y1SFGn*p)Kw20g=6*xKvYjRsP8K;{g9^O;W!mL
zscgxWI`h#A4StiuDR$;Bc@-L<gAk#7J4YMJN(O*d`2WRG1+*#+3YvnF=T``x=cmyn
zC*YR%0Urk_372&G2+ZbVpo|LBkeoS50+2HJU1a%+z@{=BOpjLw-&YQSqI|Psr^5Vw
zJOJcPm;+$nkE!J)W>W*OdbJ3FsR-=T0f2FA+u#c2Kd?~ppBrZsY)29vC`JGddB&&R
z)A;bz6dyizOoFV${Rc^Rku_C+i2%wS34kGi05;%(@vw9(K0K@h5(|Bpf1`m3poB4V
zfM3HF0ESBebF@tR=gydxb;7(m?h6A9)!!!j+zEh^TmOrA9#VOPr5p$p9uCd~rJ&0c
zfiZ_Gv`)Y&v?|oc6zLV(@@INvoeJNIruZKP+vMm`n`hlo?%_SBXfUt#BDY{7k9?++
z4)8Gg2GbIhURSX;3=VzkCVW0FxAY0pkly{1ki&0dhxeGVwT!#-+!Q+SIycSMjTUO%
zO2m`fhn*#KhcI!R;<rW!00adC&{lK+ZEg1_a%yERemgW|FMi{J21;%jRNo;$RNr%t
zGQ6QYCZ-5p%OZ<?>%jlzIJ>#+bATu+-^v3ukzyQ(@p%qNbc<@x<6W*e$>LpT{iXSM
zvQgq)ibq4G`9L>74euDU2#P;|R*<5wT(Vyg3t&J>k_KKBR{Izm0pkZ9wAdWvVE&m7
zIKK&M1*~FK7_UNA80E>#w8lU9m|C+3?_@s5MjC4pA&!1a&P;rejMJd~VQ3XykTOzu
z1iGbK<@Gmkg>s?AzGa{Q$ZH`xD`W|v#lu_xGz<dx4g6QktpTS2*g!NCuz1$}k0)VA
z@-J|QrU&u?D;fPjircfQeqai>qZJ%wAQK>V$o>aOH=9>+=`H^<E5z5Ib(A6dQPB@*
zjT5Lv#0MmI!3rOvp$Xa)er7JqHF<jnxDMce-+Yeezy2+C!*-jf1F9z61F9$B^0_Ae
z#~osm9oi7S76{<qS&on@S<|J)#S@44$c3W7<O?4A24KpbDp_nlQP1z{z_H?89mb4_
zlFPD%7KAA#Yy#>GW!cgzo!)w)aCy)Tht;c$ZJ3F^oAGC2E>-ph(D^a^QrD5?ImQ9^
zbW<aTwZZX^&Pt0ya;zHy=}({?GwZd^mra2@F(?jF$^IH0{D(ExSU1WUjjhzPI%8LP
z;yh_lI%{*~fv#{9eWPjRuYv}?yW3%=n|<veXtPSfPF-~d`21$vXHBc-Pa!uDh|xh=
zeK=^|koOA0JUd<sfa-%m2m{6^|4WlMb%-BCfk(3)VJz=oJ9|PqquC5(a767xd;Ljy
zgL=_E63<RuPG)6L^wnT)At&+q)l>eFOz<8n5m)}N(@EoQMjASH#KSfL{KPoz%q!6F
z)ugwjNU|r!m^kN%Gnf9XXPsR8IAh>WIDR@H75MfQDIhK#Nduw}s7>PNWOb_?0VpgG
zwBJ#-NyQ}Lp5kHsB(DbwxC|FwGeL5*)tav|FOz+xtsSI2a@Jqlr-`jwor%K$iu(TN
z)N$E@l4C8H8B-V3LEPh}3Lw1fk_?rKiUh1{Ac^jqA<UYLk{|%<djuoqg9}3%+37!m
zX%v{DEN*@`^S`g?9`K2!hF~1}-D+b(Ys}LqAdhJ_87@<!DC49@<lf!!q3&@8+2@?x
z9rdT8;qQi)82CNvX2gSngo?XOs4x<B=M7$Nhn~0-RZ~Q)at8(H0t&VPEYppE77<t>
z4{Hfp^$^&z?|_Bn#{3%JMT}9O%^1@oM?jjk*msotl~h-sbHy87dG{;F>_4a;^b5hO
zBlk!2>9%HODMQ74%hn|(ZiagaC1`aNBLNq<w8ItA)-bv*rR#k%_^5B>37fl(KZlOt
zb1Or1>>)JnezKZEux}YJB&o_^Kr@Eq^aR`&xb87%%5-3Re)~^sz#)3K=zn4Z$luMe
zV7+0zrNho1K5*iDK9ojXxCLV&lcaIxAn^Y4-pc^Ix0lOSbzV1UyCvfT18%`wAZoDJ
zUgaD=3_SSW%rAYDyFx3q_0XuQ?Sf?I(CK8>ROoj&Guj<3vSBPw(H-+O#M6@HCyn6%
zERveYbf?AJ&qyA40nWSzdXh+H1D(n?2%^XEM;DUqWZ@^ni=fW#<{l0EUp&t-E)}SZ
zSspt|EYg`jaWee|RqY9_9qQ<^E+=ed+t5qg_*D(sd``LX-7^PUFm;+UxP<~H#CZV;
z&4qM&s_0l7tV1&fOYcuKn)(_?c;}8S8M#k_ZjY$^IB`G+!P2L@J{(HMsxgC8%#*En
zs4gi*gC-`{s2yjAQI(s$ks~j%MSakg6JmIx&%(T}gyhf(5#u@*7svgO+`8psiIBb;
z3zqDOCtSmiq_fB>(kalzuBEI~?aOEmOmuyQXixDQVe3B|(D2ZCQ4QEU;x-cIjbF8I
zwp?z)m#N&O>{YtJOkLyj8S=RZn!B{Vy4r&K^X&m42ViTeIXVYG$N^bB=S(x*zmNkE
zQ&_NTbbf4+>zK4X9Dzp&g2^eG413f143;FdCDu<Y=+*LG34J37zn<Ou5F?Wexw}z1
z4cN(KD<knbBG^qEt^KD6CqP5Tc)>Xjm_uL0$0h>?Wg}^$Andf>X}OPaC&ECP0yn39
zc#%V}FN49AC{T~URgmOAq31{VQ%j`BR^Y<G>c*nzY?Z*3!N4$it3kTnZ)!2Qp|c!V
zP(i)Q^cu{^w>w{$vqF_E5RiQRtLi@yHDR?d&VFI7im9VnI-K&CmYe!q<i}xxUsGAR
zDASIsd-<-t-3ebAEqA&Stib;1Hy4HuiC|h#BDsn;%p(B}%v8#s&q$=}QL3FkaE|@)
zwRa1FKw^K2yzlrZjXe^A>La(x<ymzVv^!(lN>Rsg^_1pLso)KV3r85s{sR--&GYhw
z2+HU-K99To0uf>DZCDi}7tPGN+#EeGdybt-L^e1{LD)zuy-Ac2<hGV=)1>;_8X<{3
z88qS}%mNd?E8N$G-cJP9h+2$)lP&+iTDs_Y@G19r*B39CBnh*>KbIH|cJF326ueUL
z$orZFhm36Wqa!6lngQzQNm{rY8`@pBS}UbKCz{Q=;p(~W_a{Z#W=EFU0=PXw&l@Oo
zpR!@ZYV<mR9ayhBi6POB5Th8MSa8<2UX*}%j}`kY0U<`%0($S?e-4W#vRbxq(xGQv
zvBgpo-|XMP5puu9Ib%jcK<{jMysy?{BpLTVQ<(Lq{h=gmUWbL2rj0jb)<0$BMjVK>
zvP5EV&}gU~i%@Q7!(#NQPwS&DK(b6ZGV%(C7!dL2qP+aue;Qw>nvdMpor(w|VaT45
z!?YunSoglK8dRqKN_KvczBDjg>&_Ql#Ll`X<SXM8`bc)w*?QWpvZqxHntJb<c(Sv$
z3n~>qvb+$wwp`y4b}%KP4<5)?c7sb{2R~>Zv2}=Uv5R9iOJ@LcZ{iAR^TSnrf~gGc
zKC@o1cv`JdQWE$*Nr~{wI(UeN81UeT=g%7+lQ0-=J2y=I|LSMmq5R}Ag1k=*-JIro
zz~wsld1VOMYRp79E$o)!@A;Ci{VNRf2Bx2aCJ5wS1)c8TtGU3Gd`Tu(DNkOmhX3~O
zShOcW1kLljeyWpM@}Fq@LYOq23~9Y^XL0A*zjaG8p_iTK&0Tf*oN-E8h)EG+N))(b
zF`Hmbf^CrMAnBZ1lXgG352A9$8V9t}qwz0FgB6i%a1{y1Q|Um<WOd~~Zt*~*b8(+W
zef`dWp_*fl`q&8~PwO+j(_1QFh5~i`Y2t-|&w)JWLEM~8SfO|m_PDtDc;OUe7a40_
z$rVRXJ00}mZV3DCFMN5unpp4f=z@u#hYS#eK<<6t9J*_qdqW5+F==5vdY{$zRm5&i
zt&OhpAh!4ARo=5BmTKg}a!=nNUmA~S4_NHy-8F54h{uhN`imDizi=92v&aNX+8F$S
zGK@uwx^5c}*|-MQkY_@(bc~K&Bsz9-yK^pIXX@+e?}qT(A>2vtIgiY_Xi*eyNgrTT
zyv>osFyZhjqNr1k<Eq3x5ck)cspp`x&Jd^q|LPvkyhpNL(3U&#?na!;YTPOPjFfOY
z76@sYd-sDzM)bgA1|dLcgb*hm7?>09$gH$tE%c<yQKgov9$n)JofE2i5yAgfg_l>O
ztU&#nRb3w3y7tJGGa%{@r<t_gg?u*QZ){rC9t2|CNsljTDkGntb2YLfovlm<aOa!4
zIljN@+2=2B6PIRi5wdJKPIr<r5WA8-nG2Tp3GKdezJU5Y%Bs}o7C268xMt&vs3uU9
zBAGW=Ooq^O=Wr2Xkzh<_hR%*<AOMuMiaB-WyIuPGs;?!WJD}~Td%4qv0l11NITrM2
zSq0jB;B=jVPX|;U3fNjQyruZQd@Z^Z^@HP(HjN4c9O(JbwdXy9%``B1gf7oN3o2nW
zyWyHA^9W^=e^{z0QgOa3Y|hsTmB~((ZCbr(v}DB4Di%4KJ~=agt4x27)3w5|O!_(r
z(E5?EJhqNEjvfN=U37df<Q}aw-M{4XyF1>!U0+|<W-Qwkp8gRV*0fc7Hn&*NK`D~O
zUZJ*`iMhzHjZo(LS%a-mg^mp$-LO@VDpC2Rfx{dIiv+^Z)+#j;WqLEy4;NrJJm6dE
zU%U+^c#XtwO<E*mc*oc%Vnv!<`TQE#9k;c0OX^hG^M9?;@Rj0GmT~*@6-7J4>IKQZ
z@l3H%j-^qcOJ<er{2ph9W4q0<?p2R;*yggh47KIqLAQV8Ddw`7u~|_;|1v5Z#uilE
zt>Z`dMRA6q3%I}p2lj882aBj-Z>l>^boFC{ysv)AiNlcW64n$isaTQMc{!U&`eiQZ
z<M3qOTX53r)M~=TT7+MWH2f&~sA7xjpv2t>g@fi_dTr3tx3}rc%QO$DesI=;WwwDQ
z@m3hp=0KkyYBLC~zmndT0FP-8skBBe;Ho|1V5&Vqz7m)$s1x8^9^v*oW`kt(zcl_r
zhSie!YtX&W8I{5;aLw`7Sa#V9>5Q!psPs8FJPX9&@{XW<4a_-OIq1uRm2~zz7185E
z_=dozS?IK@0Da}9<;S0qQgKQL-SRZ8e|t!|r>GtH*0UHvai<P#<cmdeR}b6sMxS9F
z{_39?)Z-IcYdk*JStT|GXI8vX(kNnu+=FOf1hEP>#jrsY``1G|@b_Ol=$+!TpwPo&
zs=4o=Mx|d!=HT8VH0Z$YqHCuZNIt3>C>u9HQgFEu0_ZWQL!d2KV<$rf02zb!ym=u@
zpOh1Zy)tYXRtPmgp7=ex!^4>Ou#%gxejVY-r!ZQycP+k9EndCzDJg`)w3Cr7p@#3V
zgxC{Cri-h_{aX;foCkZgGc>&ud&t(|zV`D*=gZrshfe{;g(z-$R`5R;euB@qts>;{
zYMe+7*#Y(OndzZsqDMAP?XZXl4)A!S-H}pPlgw$yKWn5pk^3m{*^y^<_a%gXSz>R-
zRhxG^4<-~#6u1-rKbgq%*O|?;ti+8e?lf#6e|MZO)_=U;-X>1|wj~yNyEVVbX!i!F
z$)UZzFa5u5GrTlkwvRu_69Glf$m`y`p3f<6SG)5RDY^;oPgf7>Z+Bb<pX32q46Ye=
zTgk*lNc9g{5^*C*rRbqqwO`L&2L4ri(shxCh*Gttc?7@qC`MPWra^>+DGLu7djp6F
z4b6mA_C>6s^Yjp@#Q0&i2D<zyE_Q&JR*K~Oh#$S9Bz0KDeK={@D<5QJk>0^hPxTv@
zgkF2ifMM<SN}THp&Zt%_p09bF`yn(63y@d>kFwf=?{D7FcI7IVE<7MG47vq<x$BF=
z{fr&|KWWI^I<q?ci1L(C+l(NmBzCUI+<ee2iz^b91Q<uQlwhnv)mhw)u+xsXdTZc%
za!IRjz&gEfuV`yuGC!BB4)lLn&SzTCm$`M-GD<f+-x!PDexX++x$W1D<d-0PObX{#
zewkLW7l>yupIlIP<L*i=bc$8(wac__VWX!*hIfnY%<SwGP6+5?2qFv+kck=*MNbV}
z_1^)tx$B$j!X~haD(!8{Jb^2b-F&G5wfSmr0&|mZ<VGOf?J!-I%1+0mg*m3Sz&A#V
zW(W}}?>=HvYC5jYT(Tk8h{n3~=kS0Yp>d8ccQLc1G3{4ak2+j~XBU^wsCZXY?4WBz
z@Jk8wXsgF2ad&Uj@W=@aGRQf-cqN#zj?YP(o^zHl<Z#D58*}3pA|ZY2p4Z{)B8k6?
z`+RfFOy^o~o-`h=v;n_f&xb(Hht|WN_eBFRmwA+_G5#0m$JquS`WoC(4c?}mdbNly
zS>GCdikqOJ-Vu$Z$Gk0iv>i!pu*S(I0Ix^`Klxet`G4m@YVd!Bjx+X0H>Lm9btVt*
zK`Aaakqn>5GqD&`0LVx{OqBODQn9;D0ED<=_aqua8+j9>hiKI;qXyJSV|VZTp7^lG
zp!QkPNL+d;&bw%*0VNkwBTxzblI-s6*4q(Ckz4~N<p9D|fh){0f?46v;O+{Q!Hd8V
zv{>ng7IK40c`2`FMd@p~9-Z~?-6BQ%c617wSCYO3CQzawhR$_Hj6y>c`q#pAubPeu
zF-3;h#gE8jgEl_24&n&E?=tl5?apA?TWKxE^EX!9FFO^|%sQ@J4+whW*pbC}zK+Kc
zz%S@!vj~UKGnTn-8bk28=nd?&)EBvyK59|?Y?%XBIx@*$4BtYPk21J)hx45e7c3gh
zVm^GmNW`YR3f2j9h9>xoT&&~Wk%y3NfS)guFeU2*+MLG%e4zu3zkLD#mO*kt2Vffj
zw7J7v6&L%!mDlpcxF!=U(Dk!Y%r{QX9%XAde^#swcAVa3H)o(Ve?va6ayTPyn6v64
zH6`m%nVM)_@2Tknc@D7Zi;t?t720jQbmEdX%Qmud%R{1Q#yc>D*<<MY9_-iW8gJ1m
z9<-%&WOI>8P0NXc7uQPnrwaCA&Q0CU+WBwjA;B5q>|(FMv*7vjsVrQJ5N;G);zMn>
zxEsT4-WRHZt|rY6>j0}*=f)h?evi-a6KcYohE%`qAsu03w3o!g1!>^eYM5aATqAfB
zb#yfalu2x$6W2&oVq+u8CwiD=aE96y*x_9KNIf8b6Is=Bn9-&#xtKq@foOb-Gf(k=
zO+u4jkQmv=6!1kEH0|dloeC~c7Tk{L{iHJO2nqn9kO1OJ1t6|I-~tD<1}f9j-R3|E
z5>RriU3>@&@{ig3jBt~g$MaN+^}#v*mvek^F=h#p4e)${nuG+qf}BJXB27x2RJ02_
z*5b4aDqxsa4&tQ1MhY^f71)1C#ws6R>j(W9pq^HK5Ku*Up_NcAuSqdc|4U7sh*1O1
zPeWpW4v>tU0rK(Jg(B$ke-N?)To}hfdBIW~ST-)ePfi;PQxdl7@VSg{{^TVM>Ys${
zX7(RebQ%&su?7c#-l^p89&-Q|m|zRQ!yo`W2;Mlk1nfh`;v-IR{b~LWU<iZ-e2`Ot
zd;mR61^{&zU$I^SI>1{a$00z>4bc7ngQky{6`e%r{{+fo0G@LSz;kv11;)b~s3qV6
zB&YBIFb|9d7+`pl0O|Pn6rh@70uO|xjvp=!z^_r(<+F-2DeJ^GA$tQ{zD+jQe^Jj>
zab$b+R%i}^Kgo8E0W_*0RH((+TA;<)M{_K*@VC*>Doizmg?i>}0JdyB0}shC)7GP7
z?28Vc-~8ZTzvcgEE+M5LKZ4+&I5CYi=jpzYNrZgxx+wLWOA<wSzVq3}LFR0Ia`Ack
zEzQZ%v;&LjFLo++9$lS(D^Z4yrzp}-7_nKQL;wiY27pi-Fo0>yH4#{bEjcSB5CtUr
z9}sC9!0H77Sjqs`c3c=)D>-M~8DJ>8{3izq`Md>+<a_a()U42Qr{bA0IW%D|UA#;7
zl-!zR?vxy*g2kuL7{FfbBe3;9Bx4Q$Z2h1gfAG?^0d_iCt|JL%B`2{GD(HWC>!;>G
zt8w&ToTSoNiqHVjI4I2n@9Q8LwI&2*q(<PY$BgVCSu(&+UO9{cU}dNiZ2d;ht^yO(
zutz`FgnvBXxkG?N%>i5{Lut{I*$2h=F=WLY5kQG~0V?wU78C*i>i1kKca>lV>RT$W
z*Zw)64K)8j(@&Cz${sL*Q|@yELjns_#0DCg+f#X+Hr@x4Hk5y(K?mG@2ulG=SWCCb
z)&|@M^SlNB^>NXj%txcHigN)`6YGZnob2&mm&mm24GPz!r^4%RTBkBUS|@;uj>!vf
z(NzzC$v3fx0AR~MXq~87w^r9&I<l|i#@t85rd4mC@xvgNWG6UFEc)0I#xjyv$j!*C
z9;IDI5c|YVqo8X<`RX+6AS)!UBL32t5gHpHkAJ7=L?o|Zsrfx=IHrcXv7prZSkf?B
zV^Qr#C=(wm?Nn6BtPJH)5?Lu{l<#bNSM3G&M98L1!=8%o3(4UHrjzK231>-;%tVO6
zRK_V_kT~>f#pTX%gE#exI@0>SCpJAZ>nHOJj#zg21`!-}XezQNt10YAMer5{bNa}8
z#KxqtLMt8)%bqVy(gSmYJyaB|81-2NH?w$Xg$5arxG^;hLw%z)$Zkg24~;o!YEBEq
zb@EGMIEXQ`z`MqkM~H+!GhUR9-3Q;s4tX{(<jifG%?kG}0o!i%=M_}w6L{Do=yvx*
z0*{3UaUn-?LGM7qLDz&45=}H0?Wt>)L?H_imOwP(HyQXM(#{GxVNUdTLxs>xjNzv;
z^Ie^YUGG}HNLEhD_NMvW^(m*c{tSFlIsf4$?7HzV&RG}UAK)O6@fho3tNA(e>QQv{
zK!^+D;5zowBXp)n4fPunX_Z%WI)M}lBb?FcgB;%=kn!o9(q9m{;4C7e1$RieSItMu
zn9_f$-!Iyt=lvPZ84*4<Om2&VQw>kF+}hC~=a|HTj^&D}V`;u2NT!2ITpUI_eu^>x
zN|~e=h_MhEHYTo)>HwG21BJf@M!y-{_IX$ggyVCFs*#$e!8<aKHR8*XC-j=)$inC&
zWxHgBqvaRGuDF!zv2%flwqqK3A31h5(I1e_6)BH;X}#B{CsxXu&SuTg@d!*KE5B5`
z5`r{Q1jS5o>nahmhRbf3lPt))e0x}1__>taz5UteV(DT)h6R=Kqx>Yj5b&!b!nZnl
z?cy{p-fqTPC?jDXjK)uX$XqICF?kzl40IKJp&~ZfAs!{mV#<<-og{n*u;P0kXtMgR
zpq?k82-mnFb{h|^+<FS#8A5IM($ME1a-Il;2>qe#$e8uqF-P9u_L&!N2or1s&}xy@
zT)HxI*hE46X)&!$CuXdul3jYcqzJ5^W{JL~3+sEHLRe}}fCafs{$^}`8xWBftB`{p
z86Ma~;Bgy@7BTl0AzV99r}*j3!<Wg3EQ@?kU~!&CMl@ss2>K;)jH2)L?3uD=Mm$ug
z;c7IT*5<fEtsJB2IB*)=w?gPx+un4AIxgkMCPH*pAT5h@F`8)cI(vTw;U1psqN`Ti
z8fvCuNqUj}KXqorP?E%+d)9DrdL-s>OIibTTc(7$Y2ak;B|`p3XGSwkp5mF#FYy(S
zM1=XWUuL}XAs<PH==0hDQgA%`Shax+?-{-K>-8ItQ0|kzw8gdXZJDa%ldHDqnQ1S#
zjA%O=!6n}Z_eS&+n3d!Yw3RE565mL@l^8+$We6sk80n8N%d5Y=HzCIA8kUD=)+BcQ
zUJ1$C9nIh4;L|>niS5jVc)0cwzd*B~XVQxp_yp{enXgq&6Xbl#@FUma-DN8~xnqNx
zme$^*_-1q$K0cN7N5nyB{6n%5!3>8CCrUDx#zhfa<7Ym7J%d6MIPb=UrdbCR;a+UU
z0FM@PqlIGdPY}6deMmC_a6Fa`Q)aIv`TfodvNk*62ntbezoE@TlP(n&l)M3SG){2R
zEO@kluc@k?n4p_^<HZ|if;z{Lwq#HOqdl1!MK~u-SM^9lvV9$xDc~j+wX`V7sL6=W
zf1uh*iv#HXI=efnLPGBf9I&jSDa_xh9t6KIp4ajt#d!CtLiQ`uX6?7Ej+8+*6e>`5
zbi>ZIi?%}l4XCDYSSQ^{sib{CH5RZl{!1|XrI#u;SH&8fEU{r=Kcdm+h+_szEqKLU
zC&E7MstzJL#u0>zP&>_t4+R&`?EVQh{(nSkKBHdF&x0l4`e5h77leF>)@TfMBZB|F
z=<;vIsTQ~2u^x5h-LWJXzL+{^3l780hxS0@Jb&KLXzgDPbhT14d7c!-Psdq5S3Q4^
zJYdIzU^#nhHE(3L)u0;roGxANM5D5~DRP49cCB30E3B&zYyPlBQf{ecdF@j3p<Cm#
z?s7#TZR*OH|D@8{V*F#xpljT@(a@!<E|lMYyzPr7%!0zmB(j5WUptOyh0+f`#+v<p
z%Ky7?P4{)?)0t7&^_0+=ub=-+R8?8_&ka8vo%8nR1Te=Fw~U>W2Da*4<9ohMVW~V;
zguTD3kOiQ)zpO{IB#_|i=QQn)T>H9u&+Ddfc4rK&m35<-euD5&U*uEx+%~jM)eYTr
zx+YbFW>QD(Io<^GA5Pu9w?s_b7VGa2t|{ZYH*(q*u*6GJJ@5YrKV#Mx7i_41O&rqs
z%HenIbN(xBrJ0|k=$AYG^MvO!77nT|?}4R(U0=LlAcPGmkDMaEH(4pcc8Lch!e;tO
zS;y(+8QfE^>K4(>+-K({+W7(M#0Kgf<8Dmuez8UgvCZu#LN4Op*?EFEE%bJ`bTdR`
zte;CZ-maLvJfMZPp#+o!OEO(g@{I9dY}xF7tUG;0s|+C8Ori)z*+~Cx1nCW1`uQmw
z^Cq98AP$4h&I?URbUl>xxb<cssMUi)DPX^VjItrGTB9@VO4q3>5))v0oZ+38Sr#A#
z#^00YcK*bKgRT<g0;tHNoplDmW!Tj(6ihr_P!2K`i4p;yw53QeAzr933#WpP{b*Dc
z*!B5CJFcM$((I*5gR{T0Gm;76Y)JK<|7mHc-ACv$c!fyLF#c>~f{_7Z4Fx03!EdPR
z>`K^7nEBGVrFDeVZ8ppXvZnXg<>S10JNLcNtr0f`LE%UEI@Y(`bD#SPuc){-@=R*p
z($Yu488;f3v85qbN*uzfr1p0UWSprWT%XYw_z@MU?rt4>f!Y~8R|3DVsz#nz>e`rf
zsuQx1qKN@S`e_mbr2zZ2`$ZHlJzx#_THw)ZDu)vUKUTD|WE1{$m(Z){zMV+Iw6i8j
zcq$1ARxAiX>|cyLYFH>L0-k^x?3kvM@TGk7#S^>tiDV|N)5NaUGVRG%5lU}2Uammr
zvK4k%kJh0Q#<sOzVg8BuVk1jL9vsRKn5cf{5V(uUFgWZ9vQW<BCN*%q7Ilk!`x8(7
z2}0)GGHN+-E^u(BN_$5ZnWbv4W0J8f(|a<5@NZHz##f?w5lNfm<XXss5fP8(05Q+0
zGNu%PXIsm)L9%q6Zp_K^CFk}!pIj0MLgLQd-DVUg9^IdPC}>#^5dvXu4?jw{ak9ZX
zmUAL69Qu_z3u=wcxx{Shc9Y)?7DR@3Q?c~;`-9dt_XOA1mb$Cw63*erzrod&>V&7t
zOb%zn9xXw3<78=OK<TDH46Fx^L?fjNoVRU5>mzqK9~(Ouu;CiNb=_p%rE$A+L1xu-
z+X!8;W06{F7;-h$<VaoHN7D}V>=DzxG~M;rN-c4uMiWQgPb*T=I+w|`BlXeGU1tDX
zWFtgJntxnm>C7tTouW;NvJ&^<Y?RLz2a1<J*vBv;_uosX<vYvU3FFAG&EHzGUM>Os
zn@AJEPJLh1_iMTUXb1o@BksTQz$pGA#BuGR`D8(>L=+h$H2Xmv7|EHeRY{D@53RSt
z66@#Y<>dv$(Iqb50g<2Eci+3M-s<ugeWF$`pPQ>*uKsl|=bMwqNv?i<$j{x3twHpO
zpY#cDiT<`V2>7R7^m4n=|6(2^BjVR0=?Rax*#v{X*+fJ1`D5Hk%2eJ;1o=;KpNM~`
zaV6(d=RtWp5)!R^5m*A8kFlGQU3&L$`>_~lh8`ht+{!V<wB(rJnC1o`>{ApA2>X<l
zW2rmjW3x$)*PUdgT9N$<`$XmTv%0y_mf_)AK2)z?lVJaa`}`g_DHi7PkR4M!W2Ei=
zYrLbj@!kF{azy)wC`rouTj0buSwZg6;+KZ18BrP8JXTD5cDNg7_w76h)<L6ug3sDs
zZJg;yri^-tNL>dcFlAU*CkC7Hz?*dbX#owp2Pq3`s~!BNkzY$~eSdlJI^E~g{d>w|
z5GhxqiTO9r&~dYaGh<K^wL>lM`>C!>v0IjRRMiga&-uYZx0C{Wy@3*MPUAy!n-x4B
z^sHV_M=r-jm8<Wthg>J#LEqF~uIz3||Gu=Ny(H7sjFbn+z7cz07gN0h(n=muSHAcl
z@$Zy)sfFeRyKmnU1b1GG>(?B7X5%H=d>QfPf;=8`A}REv;o~;c!I(PK17kPz!iNb_
zSJVupsxC>z{=TR?&;!vqjCcgn9FG~j<=m>7%5TKPfMWZbSNEH*$lbeI2ig1nzBk!F
zMW$JrxBWCiAI9(NgnQJ^-00y+;X-bmOp-Z2Z87~n)N>r<2^jZz|EXP%|9{l30~GA*
z8q#M&MyKXQe)Y2GJTI)|5DoQzGb?NA|0a($yIt~<o$oo~D?v@10?u_z1cGT?{g)AO
zJC`1LqFB#>Ju>WAA)L(Iwh`KY!vD`zrWJlv9_?FWlIg|XiFdP#Gs+E?2*H9a@{@&n
zb1U=)U7V6(ILG+UT|YOJ%S`C5K)bogCG+=B848QEVGg<byA{_Gm*#CD!ZF}%n7j%t
znY+0ZflJY)1km(<*aEsYS_WuK9k<ycb5hmH8d&|evQjC6^A+w&!O0^<;G=7N{OQrU
zRlByTCeGdwHP9g0T=1#Wf1sI2<+WE~of}?=&=Q52(Cb4h8!Np&9ZrWc!zUx}S|w0+
ztq3v<sOy+W(!R29sq_03_nP#maASsqQYpXCeC;hv@=%(1-K2l2r$m1eviY|E1iMq1
zk-?ebt5s%HJNYR8c;@Bh`DXD4w2(XM=?we1?Mb0LhGd=jXH+9CvVF-;$$_KdR^G#B
z9QgE^dVMo&Hp81LdQXELLpvqru8ja_O+1$C_r>S?J#HIIMU3(FHw@~&{m)lHY;iAN
z#?(&NrR;yljar5$lTQuF@(3d3<Ff^h+GK)fhT`?Voz-6)%(vhP-y?*gsTCXjJb{{k
z*ML86Rp5u<g3#&0piGR-Nwf9qVJH65vt%vuIoOBLd(D*kyMjzqgG&2sa1aIMjHV7~
z3h=T3a?Qls#iXY;Bao-Z`2Kq6-yI0P^^L+J#>J77(H<Bh=4i*rEjX(Ok;2zt?xLT<
zNYMs=jB$+GhA}lx4N62z{D{F|YqrE7qk-D!-mA7k$RQo+jbeTIyT!eSKxmyLh4f1P
zS*8;96>@h%drONGs;va=T+4|DFaLJ{ME@5w>);I1iR52A%q%#z(iDn2nud6+5HUOV
z1Zn={w>+Pd!HGC7UD+YHQXD2`)^IV%po}88V`sFtQ?5`S^B{j%w^bSHbkE@qQKSDl
zC-0-a?z-A53581770@AQlTEry^ZClyHH0@)ZCRMv@X#Ua9gRP6Z?GVkWum~ifpEc}
z3_37c20oPhTs9WEl!w@D)Y?cr+GFH??73Vy+UWp(t83}g$_eH3bwwj#NBIN;ZEa`j
z$T=Kw5S5H_Wm_NBkG3}%oaSsJe2E9N3L*m5^pIDkCV0Pg{?{pmtu+oh{h(plulYX1
zd1(_y)`h;G8ETw=GdZU0*@n+09G1gKB$fzG8W_N_tI{&q>+LrReq9l8I;tjV`?%Bn
zzPnk_h-&Al&g7<k|5O0BR;uf}jf2G*={vaZpCkfGWdCd6HApkTz`b30nzFd*h(Mwr
z*91STD{uO4PN~Ty&!JR$lSrpXyIiSG_8YltCNrEJ1w}uT3es%>1l>@=JYm3O{tIX0
zyS;nQoWu6_yk8N<c=l2qs6!A!<0>v2?w4=EX*@n{>HOLUUvZVr6ta2Gw7%#??_(~@
zazmnsvr9ScVub&Ol?&QQfc07E`93SGqb!~52&zP#{ijQ-(-$&uGVs?lC`58aUn9st
z&JL*8HbbK0;MMsNymulg)NBB3m^p8sxc<TqjS*o<p8jnJ%*5>wLw#i^1KC^PImgUE
zrnlrFHFEhcB}Upt_?E9*09P3f`t88spS~WP!z?b?DXc-bt6R(Hg45Bbl&AbEupva1
zbr82pRLL2cU0v#Wu~+x)q|9GK(Kr>4ci&41D{F)~9Qmp14Oh`-D_2-43fGkS$4w}4
zex_$gDT;cx=PEOpNmY)eW|e~fy~I&MOZkSjEBrn6^fLlC1rPSH#n*b>raZXt{D(f{
zvP3%hK?Jia4cpIz3J1!exhPaZ9T5Gy0S!}$wgb2gd7^LoPvm<68MQGU5~%HYq5^G*
zVjYxBn%=pxWVaE~p))r+t&!gyIriuK3vPek%$7s6v<ZG8Up=&B48yX=Fq}6r5u|rE
zNvTGxG4d446|}ljvyfdX&Mu(FNm40{e_FoVG;l|BK=L-(;lCAA%qSzgjov-T^Yf&s
zK5jRs^8h2q2;{DpPE*H&!Z42@k0s-jQ0fW)X030oNz~uiBC1V;(OlyeSxT&;QnOp6
zhjw6{8;{ta(?mT7PodotE&DVWfs$P)dGvj^whTExLE&bUVK-aW+u)G%>%m-i)lK+0
zK5vAPVlW4IGE<qL+jhdjfNopFdfn++PI{+ShMz~7;e3|y>B5~e{7Eji==>6>eB#S_
zo|5b6W({JO+Z0aJ1~`)7#s>IW6=WxL3CV+>I_ZO7ATsxZAE6?aR|h2ovE2nI^ha`^
zR{{0$jSurtUk$~pqZ69Is{=0Jqw>Ea=ILoaw%i{5H^B8mQ#QbTT%5f!)J2=`f)ayG
zj&@BGu7~h_k5lROWQtt>%DjvXiHJhEUaUc%d;h-@!hn09=ca&rLAP@*;g2!_n6>AP
zRwfd+^T2yOk^k1F`<IFQQKDa6xX}u1?Lq@b650Sqn%Moj>VJvtAK=0`{@ay{E8;-p
zhM@oU8|Zu+#@xq_0r>x;KN=$c?Kd>>MY06sN6(prfKDIVp?h_VGX`pNP=8{1c)foT
zdappHb|`^HjeKkrw#YXbxwax2W$_TVQpoekm`AVjrODXnhLriu;Mn4Jxz(G|{wVo+
z-y4ZN`tEams;}qsI!mnQ^SrfOuJ83cs;~F9i_FyabjRfTxQD#aD~J;72)anD=ag>w
zxSbALn0|$BSJn2&lLZz{<Gs=CP;coyf$F~v(c9F||Afu`YsT3L4yrvR|5;xWrRC{8
zFv^gOYU9B7;`+UlQr0TDlv$t9fAcV*zmAbsR3@qKq(C15L1GgY=liEsh4gE~2w1sz
z$CLZ@du1U|7M3rh{>r*6py-3iP^bhlII^nG?&0*)32SXjUBk92jgYG+`to^g^WgR#
z2(5o0erwRStgBc*)z=KH3!YKPA6ehSr<A&AtCV4qgE8s(w`W~OO+nu-e||j=AhZ;_
zr=&#ZFJ;6nYt6gWE|`vp^d`G~d%OKv%V$4)Q5(48#TRIF2bYSUA$zGxNxMegn1o#0
zgf2WdSbP*z6tVfJcy#I@@VAy-P{&81yl{QC*aD+nzo=ld5$W~G8ogGP2Wea}5)^Mc
zIe;innQKjB8k}lzgrV57bYb&A;eaS9zc)CD{IS#jC!{164)8`ro2U_nmKk0+2d+ww
z6leW_9&%IUBpLPi@l(8O90ztI^8leTb#3i9wGbj)EPRzU&S3RM>(6oFh->qsM5_3{
z#lc*&-Oe<25$0`%z1p8vuu#OeZ^teYlKQ`F@HB}s%Q1_%exY5)m%&CKQliG_dV3j7
zsI`@(PA#N!sPuVpd56nlX<Fb7S>=ABVHb(YdXWB;M5);C9x!<GP1^kN`1l9)P;bHk
zC88P-8~v_W%PY>=yYl!0AvHBtwxTBSnel5k_)=B<aYrY=KD0KMF4OPD$B^WWuv59?
z>RTQ5&b}X$LH;Xxp#`O@`j8rrymPHa@4FEmdX}mbC}T07;Dd5DAJJpBArKpBgBLqS
zsLUgB=I)76)5kc!Xvh{yap?P+zTz$iUcgnX?uneX*?Oz^Y7HCD4Y)XJ+>_ERvT@Oz
zVNPn@hb>Oja2!Jaq_KOmIfhRa3X`crfiWA6^tba!&rBIGX=ZPZ#wl4_!*U4gEqL<I
z?Y+Q_7D8WEy3KOXcOhk<fu6cs2|oMnhh&6%vF+|tk8sgwA&d=m><PT6a%O)Iw5=Zb
zpiZq_8^&!_yyKA*%!do@qB-906DP)PYY|WCX$K{x&9YJ2{pxd<i$~rv2LhhkD=32t
zC5z|A#A_70-A@BX{#bwaj?aigVF7mSb0jO}+Q8>{9p?UcuGgpP-f~bh<5HK*ToRpE
z_r+lRfk1s%G&JzZ<EhSypU+HAx$|vDfVWkfI&~DfGX*_rYIP1fYAR-pfU7b$<;#|L
znpTcsd4h|p^PE2#f&FgXJ>jf6lj<A#qYG25z>4Lj-f>-<U3svlwf=o_ik3Hy*Q#Q)
zi$-{Bn|V3!eKCaAQ%`tDC(~N@1<6D2yl};`t-nFN{<|cwp?mVlvL4xI0}rCz4Lv~L
zi!kWf86Nn&;&1w_HZ92C`5^jSZeW))kU#VykBFkaY<2pgyg+yQPUviW+7^1S^6u_r
zB6`_ELOH8FJBGj4YM2MkGF;us)Mj6i0Byi%F6~H`ED&~n2)>lbd<5DbM+L)p9|fHc
z!`uT=iMVfc{Ijw#jwHoKzyZr_>I!1PN?3dv!^VcS=^c`k^}GQmH2X6aVP)!p>}t>J
zkB4N%NEBGEaB8L5)b*|t=o+^loGx7_tdMq?4g6<h%?u~ZprbddN4$gIkgDNqvSV74
zw&}~AI4u8WU-I$Go)VU+cN&k+nnh(Mo!Vi|3oy+)CGqLcy!y6oqbul*bFL!LU2sFN
zq#K`QcUqrPx4^jwgmAU*7lsh(5O1ko9Lco6^(yj{Y*|}3v^6CQOfh~&6(bt})g~PP
zjhP*#&#z{*t!v%Szl}<G`kd0R`WH!QXj83cU()SPeDe#6P0xlTj9e(d@)@nGnbgpY
z#k67ngvh7q>#@(bNPfBP^p#1;AX1lOh+6&^s;phj?OHV+QztqGL$=BBkkz=dWMc!m
zoiaN1Jt$@7kK?8+Cw%k;&4MF4b5tcc2xfG$XC%#FoW^W>$;R1+4rm&O)pc?l+nS`Z
zE<GJ@8#K~`1E1w?89}5<wZWpth9`{APm4u-^p4D3+~gd~3q#*AQ{y~^X4k$}o=cdi
zjn0?+xR4X$-c7$5)pQR~sDp1Cs;|A!3ckzN`@7*0yHa5-m}wgn35a$~cC)pNfPGcC
zm|?ekHSe29%Pj37G+B%;htRAObc;0&q{lZ|<mE4qq#LM$1oBJ?MG{IoKaHTJCx1&D
znP&Jw=@tXC<<)c0fNfb3U2*JCNEoyt7S>w3)(6`oH3m#DQo$UlW9TLd|0VS4IMdd%
z1cuNBQ|Z4g?kWdozk>y}V_R-{DpkC6I0x@y?8wkQOZ5AztzxF8h1zh_a`63ts!}u2
ziNh(+Mc~`*RkODjO=UQ*Opsa0Lo*A{t!6hWPbJ_l=!Sqt_)Qnr(VLcbR*~|RMGRs3
zK`OE1np!kfsM5)xw21%l^cr{SZ5pLWn7$VRPG-;*LDGCjimsHlt(&HoCcDv1)T6db
zFGaz~*<(k|W%Sk|f?_7?lAP|!0sTn#;OkXXiekCHv%^5aTgh5=FRLVEbfLtFZWI->
zd=H(SFVB%JWZh<cbYN{-!!vxZw)zQ4@Zv^Ro=M=V1N1HwH-jjXVDMsJJx%}%(l@;3
z{=h#}NfrTrz76vR{>d-E4fvBU_)TG!Q;c~Uf=!lr+AF4pc!a(8_jtEVH%fnd_8tFU
zJwyfx&U#%~umZXO_yO_feeM{mzX$U|C9jj;i{vfPE2Pos1xxabf31Rsp@l8?T7A`g
zA(;|Br8NFpw7|pPC)ssd4Xs(e)ISBTA|n@3ukG&d`crT?W%gFjxkVMZ!Rbr?@!C_W
zG@J;()%B;=(K@uyRYL1v&zS5~!^(zS@ys9EdDhD*U{tW)1T6ghu*un$M4b?I^W(0A
zr#}p!`nfwfLzj1b0xzp8zks7u-__)ZX_kud#`AEN;v4#Eu}bFDvwtcr&JE;--*%<Y
zY$;G_>4V*ZXH>BC7k|dAPSv?M#~Ib;a^q@BOny&5d-N9Yo&7;jtH!=O`q};l>i5ew
zpQ>%{x*VZ-OvzDV!(fk-XDed4$ZWSaa<cYG(RSt>LSPPcwgsn=Q^4}&Zp~lzfN+QB
z<!D4C115qY2BxYtlj+YgMo$B-!kW`@-CskD#34ckb-yLz9M{1ARbIeyadON(48$O{
zamHSDR8`n7;nVQQ$o`9_b4@Q!StCT0jkYw~ixQ8LjV7uhI*$t^-Xj}-RuD*ONyRCH
z3WLUf-ifJ*UhZ6nNpFz#X`i0DJmul-5iT;WE+MKe57&n|a!XjBGL*<YBpW_oM#31f
zNG^XKxA;|X04D`$=xf1UnLJ+R83vAj$n)I8Ns;@MoB(~VnWJl4;y`<1tFM|;xmK_G
zW5^t;KuxcyfS)aXzt=^94<2v4zjb>y%Keq4x+3~sj$>Doha}rQ_XPC!A?8{H3cN}U
zso}9%t<S`rd^l{o3L^TP{F>Zou@HsPb!lCsTAQJ3Xsr#LHQQo6V^4zjq8*qeZ3Sz%
zM$9+oj%AiXRFg?7e5||b0)`B9^fp=H@0ws_cBv%OhgXPH$oOpq(f8R_Axb?44!9n=
zf`<X3<-@b6V&%ipC>}bsWfV6}2(66Tq&H1EArr@}H%%-25(mz>J0O3h1jTqdXafIJ
zVV<ARLzk1}#AM&XDop66$%z;x=uLPz1L@U2f%FFY>JQBgbQLZiJ2)(mL2?7Fg`6cc
zabyJc6$DzidhSPvULsTgeY5?jNJ6bI!$6ftf_2w*Q$ql~ws5Se_8h9oBA!<l{brHH
z+~7w;W#IjR#=b1tw#L-zC_|V*4v?qFAr6qG!1jTNP<!02LK#UM-NGiVXk!3){;NV+
zrrVW!934z6W6Fl8e%8Dx&;t)$D7NU??M@l=5%x}*YSXk%ndxbSP8nrlw!-fzq#rXI
znBIb)myo|DZw>An=EJr!ij{wjWbd3fcAyK=OUweKuDLg+NVDeidan&rJP|tK|J6Y8
z&|S(%m^iKy^!?Y&9l!a3^P-N+fpa6GX!+OUN?>eJ;wPR=!lcdp|7(j~k}!&}w=98X
z4s3uG{>%JmSrHbveUQ^`f_UnRa!PDX)wu`EULw7+-DBCKJ(<~PYaL`X+RRJ{vE7WX
zR8>s~RfEvv=~3WZ$=)nA?q;Nla4en-XwZ+xjgD=Ww#i0@dk8;`9yq*`Ey3uvc|`{C
zd%uB4*_6HLzx}jj_gQRd`x9Pg&}PM8SHLTKa@27b`)bu`x}q&;C8V5WfV$)=cp4!3
zJO&uY^H?;>k_%uQHRlMYeA=Wn=YVmvvDKUd#$mqxe;Ef2)xQdWaV)w1$2dx&lC!)E
zuKh@A_?O<C%-w4cvUY!t%K*vfLRPyJkO7gkJLv(#@Iwt7T?338B)Qgyz2=-91^73!
zM5-!zwG>G}tg=E+pYO#qSp*B9U#^NF8J^of{{|~BTP?SDIML=v$W27>9J%O$F9sQ+
z;7_VzVD8HdB*6;)BFImVriP(#2w7m=Nb0Dx%mmD*z#cHjIbdSu>x&TBPjIJvK=**o
zBw3UY0YAM#KJ2$-hGT?p$?4x<z9l~;iKs3ER`Sniu6d?>n5Qx11(Dfgfo?CkYURR)
z+@*bt2QV!49iWLwu%~<s>B!3~#xQ#SY6MKQO~2Iy-KE_={%fXsUj+Exs{#^h6yO9u
zfRPF*44V4{+=k%)#}qh4!=wv;;PU@Y`OjSnCH?|vIZT>5-HS*O7J2~~`K1+B9rM~o
zP|?4maKLBcJCNnIrIr%Zr`>g?g~g=bCI%bPlV2yuxQSny^!-(3{@1-zx7L#Tf{WzD
z6Xmk2*RW50rr#K93TcC(PU7eS?a4CigPQ1TXYYWU1s22dFP0#sUD+k7(OLsK<0RG=
zsVGbA(dD`loOf3LRL|-lR@G}hYL~fIby~V3iuL*i0#C!X=tY<A;7GfrVTPX-p%bE5
zes^*PbzlbDDb@tuNTL$fJDzdhU@_DxcN5q&22kYP^O~XWY&4^_QOYIg_3_^a!aHb=
z`hwip#q86qu8EhU{RW*9y-J`XUSyDyRg=t~v1FFAr%p<2IHzL&963NqH7oXi+h#C2
zdeUyyg-DBz`Hsplzg}f+ymN9!AKAb?jGrrjHMUE8WSn`I#Kp&E{5)%pzxl24lboXU
zbMN<N`y5J}QK%I61WIZN@eXnOK!%0ywQGw{I44%mr<@pV8$Z7^l`N<&)Ud2*4kxOi
zBGjdJbb-u$pZoqprh?V8);7u7BzLv0K~hXBd*&0^l!N(k;b(2jQn6fPp_lqyQ1n-4
zREZRHgeCF)K9n~!ZnSk}#+||Tjq>;L+0!~jPV(e&60vW?J6di~Tt(%jV!PW(`F6j_
zt9Cv4Q`=8Z8lq9*lS!cJQ7p|cp=7D3m+%A)oNct5G_|8ivEjM2vI(JzE52=FpWlyJ
zwQA7|X6C4U`nTFyF-7Qn_=U!Z(}PbKm?p0P)=#~7CQ(5wBMK*x`=S!&m;&;aMv<Uh
zZ{~{NRmron7WjAC4439;CV!A8Y?_i}igIx+zw<d$+~GI}$uPZ6KUeM?UkaUXDB34m
z2X;MV22;?-oJPjLo-7Tag^xDvXV(u`<b%m8xkWrPQ`dsrBpsT@-aDdWLpf1nCzd}3
z0lnD;FjPD{txaK1aN(@jtH=TaL_gTXeJBXvMn2)h)Gw2IupB2F*Ib_0mM=ey3>CYQ
zD?TiQF9Yv3bK|P6iV0kb&jlxbbOvkenDnJ&_h>+myWNsXx!@F{w%dHhH33@=k~^ic
zTjHb`5+sp6KN_9YljZEq)jgMeupFDf+(Y(Gjf0V7lgYQWSXs9ZXYoCl^`?V<xqOwi
z-M*C}LT(Vqnd($sJvXf9OX*Fh6};JgPSG1XKgJqv@g5OgZ}HCw%VJO~-eqC9Q~8tX
zK`?0}{}*}jO{21*>=`f1iu16SGeao=(puiTW`;ZMHpL}vglhL}@Jkzaw>A4-%@=_k
z&za=&Z6nM|S%y=6G03%}PZcH5Q*;d27?Xb_S;Fg?Uc<#lbSH(mE8x;=JMa}*JE!aI
zEK8}Eb=kf3tRU7_&Dqov=c=oO3$PkyHna-6Aj|Pi_&WH!P2RC~OBkFXPx_KqELXrs
zYib*r%3771?R)H*5P~+{ZR>r{@2Rs`@OHN$t`~J1K<F0Y5f4RSLi!*3!ZzTLdbx}(
zP!tMU=!*Joe)5ZA=||P!*><h2!l6g~S_nw+?n?k+djVy!i6_$bt45yp3elx1zNatS
z^%>&e2}7K7_G-GIN6hedQl&g-S-WIm!pB~kL!H^MpEBm}U*V($Z@^HV+|X0XdrY71
zCooXk16YG^xmny1&^=iZl!Rn~4wF&olKYi-D0zQ0YADXMQ_2;i9EXh-ITO@h=sW_I
zSG0Z&Mg%roB7U;5ui(!HH>=>|Uqr|Yvz`yMmj5wFhxe!0o7Rp7jX4BtiOxQuBuIOX
z(WSK}t9X^l)aO`xjRtM<*u^zmGLD4BXWyx`VVF}otiHHNADYRcqi=iF9j(48NAGuo
zZqHCdsFc-fg)^z*5AEh=BSoS3IWkx7Bu}0sk6#Q$G_9jIQBobnyE=qkF=e{vmAntQ
zPk7`FMFE+Cyf81SqILsh`sf}?i2lSmb?4S<p>|PSEJt^6^<T1z1Cc$QWJ`+!bCS-Q
z#S!Pm&UxL4&F5=M(y5%K=8FUS<;)K%)LbcxLDYXr1g06cJ%%_hsS~!?zzA7!=Z4H?
zJ<o16o<DDRcvDO2C_oiha};ng%z-it%k6lNns1Aqa`z&&cWufn%scPne&-|b{w5?>
zhc}!~4aYVp^aq0&bP*%G{q^+DFK2+5*xobzwLmL<l}2u&A30)0=yihj`~2&<!j_k)
z%&nZ*&>gNMhm`rvg#3aJ0_2WB0oNZE-<Qhz2M4+m8P!38m_}jon|S0$3)8W0_T#2b
z8Dw0FzT*4S0ll7alX~VbY^Lg!J%N};Y(w_rVq=xE-1_CX#IvqWYh@JsV3j^su&Ci|
zO^pVVSN{i7{}^3a^SqD4NhY>!+qTUU+qUhAZQGvMn%GVz6I&D8|MR)OzxAx=MV;!d
z>fQUrUi<9s>Z`6=tUY}Ty8r(7R4qQ~vA;psWZIfhEolJv+pfJyb2#QptCxcA0yHP{
zIdvR)#>gWnW*y@gC67#Z+mwt7Q*6h&#wqZ}v!B2PWmJexSm@t`w}!rs`t?gZQthHJ
zrk5Lx&sbK_jk+|YiWI0a>k4n~zw~T?3ZsTvtZ&;5Mg(#RyH8*LJ$-F2CVwtzp{4~9
zIo2+ZfBCMLx{PPR+Nx_}iD_LI5w!cw8NU8dm#X=q!VLW-Y~_|}$}TT$AzpK@uP(o5
zJIdtw0jnh_FS~GZ{1-Z~I3;)28x_8subJt$fqWC=u`OZy`A2#mnu_~RI(&l7AQ?X6
z`cz;9KYaLq$b5wQ@DKU$j@G?IJh|om;p(Xn3sM@xc!zp@34eV7fAflX^MZPR*&kus
ztw=~LK%^RklQCd&NBVR|xPBInwqHp-lKH12fMrxrgYY33dT@4yR;90MUI&m5e!p$1
z7Eup=Pdgqj%ERfprnqn(^tp$52S8zTU<qg$R4UbW<2kQbx=O~(ah&=<@Xp7DBjRrz
zO}>+BHL}%r8JMK2d(ytRb)@NL<zC%`&Mop_xS=)(OrAZkHuqayY1mbOIr4N9Whskw
z6s(3A-sb-W;>-#xMG9bf7YbaH3Sjw@@7djC7Hs2p>z0I4+yoE=C@-y@n2^;5Q*QJs
z?nE%~L8cy4{E<}B-E+mq;QbsHb>}(OMCLg{>%D(<Sv0p_3-}AC>m*7=E%J{>{%c_-
z0y#AeujA|G9BjM3=;G+Q4I{|$KpHwezi~={vHzYt^J?tf&%T_<`>V$9^P3woygW08
zP!$oJ)JZkQDPhmYt_c8c|Bu70WZ-%=;-RZ6Ux)LGBERJN^c-E$_g_;urmXdaZI9)=
zS@dF`iJ6$*eZ?w@EXvv{)!RAF2w7%fjwjT(QMq!V)Sn%QbQW4=@-U$-LLTIuHgiJ6
zTjzW|G;YPe5*kq87pTm=oRS=-@o$G0euEI_4S!nvFVhV=vx*Mu=2E2s-c@0V^1Kad
zJ}=jY$HN0m=YElmRxCNzUSk^bS<Tyyp|D?<_mb-a|6|0EnQZ3Y^R$Q-t4Cc6puA_B
zaZFB)&^%;GXa*OG+v#)4oIQVKaT;^;NyFGgl{Ips+Be%X>~HaYwfUOdPlwX}GF1=U
zVzuNnRMl{VTU{sXjj^DfO=&HsAnWM`L(9BTN4Gn!xahYdUTc5I8HMfp^&-z$IG!Qx
z!d4}jdOGmUA>N~MYFqLF?&3U0yk~Rh+mn?J3rZgjh5+usBdH55rub?~8L>X)Mzil1
zbKCUjA5Of3kM!s5txLeeOW$s9jDg9~6!J%NeQRLyLH+BH#@DYbF6k(XIPL?51dv0!
zIOr}EoSak5x|%#$&44Pv=z-2aQfJ(G|HK#_0>U&8$oJQ04Aa-Aqk1#c$CvMCK_K)E
zys&J3%1=Q=Qp|f-<G;KUfhdaWnWC6$-vadcL;%juvL`4(y#aP@p|Kb&CWDXH9LMEA
z!yd23kDdOWm-7puo{y)IcEkRcr=0$tk0~MpzsHk)zxx%Uff#>c;uEkYp`KIzwYxC^
zv_$Y2s$K9D>IqZu_-KT_R9~GPZ<;6OZ1PBiBu;C>V3HSv!oXm%3EFtY!QJPber$M1
z!{z;1&}rs3>airQ&zrr#TaxmV`wYX%0PbDZlaTUj1kX-UH1+4mWTx|(0b&xhf$U0U
z26JW!@w^G=_!Mjw4lkC+kCB@|1VcYi;bCO@Lr_Me>|QW(rDP^~ux1?fqTdh*Z{~3j
zAu_R%AUo2lmgurK*MZ##+!HC{lix1mJAvQDr@G}^kFzCJYtzc*wh3R#ac}SE438V&
zuD3&XhTBH<4N>$HIP#lVMLRYAsa^ccS;sJDS3?+%oREhoX&E|I&6C$G5yJkr19oE{
z6!J|tepPG8Gs-$o*(ErnSS2|~hC3Vq4A<_2EVc9!2*V)L!I>n51sVH!Z;i7kgCnQq
z_?Er9T{I#kEEkP>nE|rVIGMx(t*_$fIgX%iV8igP1InYwQsPU~$yOp%AgE*@@Pm1@
z*h8QN3;a<O#xp2rK}C^@Fkh|sIX^^JO3yvC(leM*B2h9=*>Bi@rGWq)An+5~!iqKr
zXY#isUUE2KnewM}z!>a7!|Ysz7CJm>v2`{YJ?4qc{Vg|E>g_%DjEc+bts96o`w*A}
zspToYg;!y^B6<pT`7M!L@R3)Xd<&^Y9p{P7RZuBh=fQkWb$_vF%SYPq?E6LcJ8Px3
z{V3}b#&!*scPj*{ai%=-QVzE<ySgdn3i1k)N(hR!q|n?L4Q9{3qaWY|A#x)egV@1(
zG*q|9o5)Tus;PRS@g9Aks7rptD7Nho7u`Y*i|m@bybi@n-S83!)ln!J`^~6ENu}ZD
zf?5L>>TE@-ecN5z{2W~Eo@>|FgCi>|GoLfv8!=qF4sQN120MEFon1ddSIRPf6WFGv
z<*21qknLl56`(n#{)TcRw@xmiA&r~>CB-EJp#oz`T*Owwd{dij{)y(csXs#9x3Px#
z%Q<1WIZnUWv@XMKz1$u$d=$Vq1%(lZR`*<mFoBcO?!%GVTV=Aemfmdtz1u2#M@imN
zRIH_vJ}(g+nTWkp8Nr1apx$TN_5hD>I8CBh3hw0x87~#9s4juYDj>LFb;TEu&;%}Z
z!|}fmG7Gi`OM5Iffn#eMyWk$eAsBQn=}jbg{3!KmPs^W31>3U;i{>q-#ugd@JX-j_
z8`Qi0pX;NY<lelJc2OWPe70LAmdYUG$U!3{NqV%!KdHSB3?>=QuS!$Ow8^9gytban
z=q)0Hv4U7{T#l|c2&!`O%5yR|Apu0}x3A>k>CqLxsYSDdt3SNNDusA$q%Y3LaEZW$
zK0m_pu}6qtVYI(ku^j|e|5$w+BcsWehZeuhdk@{ESiJO~dF3orKyLgKGVFahW@0k*
z>o)s-J>JM*3i-4onm74oso2fq0oP>^vZ&mHs@t3R!6DBwShe_$ILrQUhi8u0)B?gl
zRvdb1>0QY_)F6N$G$q!W>9-y4@I}OH(DZa_$cyc>S{rz1d!)^_npY52VIV2LPR0lf
zDvmT_2Ynx>QcH1TV?tSVm|(Gc)^88Sutsa|966KZb3iU--2Lh@3&id5d%XX3?6z34
zQr3+T-1tkWQ>%PcmLN_U)!fv`m3@5TM^S=Vp{(9b*T6!`J=LD{m1^OQ@Luq5-;x_d
z&VwCDxoTxDJeMV#9`=?B1n;~RFY7~0yt~Dv_a^FRBV~hi!oVN*xG8txpU%w84IDH~
z2;DYD20n$x4%^oTE3tFFzXTjvL@1$?QR3XK3}a9%j+CkCxg@RT9m)gC=ou5(N@K}G
zLZEWViAz|x+KgUL1D9ALt+FWqj9QjgU5k5k(c+FY+UpH<lJ)2&F52KDuYQLcZy>OP
zULh!&@~W=nrIb~o*8>OeQWwQQPF?h)-$tjGr;^$uTYZ#6qm!-~MOJY~(``nV$zgT)
zfF<wCh7l^(&)5j_414zbI_=574D-sk2Tn`c0Bz8itY{9UTYMDdKM0)K0ML%Cpj>o5
zyaJ3{!1+M09ov9|T(Xr?jM3e(r3o5Bmx(lj2J+5NR*;lZ(J3-aHhI|Mjo1WF@w|UA
zhbW9MI9^h*<{$8z#XKgHVLqQIF;lH$?I2=p(Kbi6+ZvB1Ke~%gwqsTCiCuYU2+PK>
zGdAfo`nS24OAbv<OGCMo?ezZXuqSm8V)`0ukx?3nADDo8ZunSWi7oM%a7!BXXc5#%
z{=yq=j1n~rY<}6(_?;I-9!}30DR6uQpMwPR=hI)8-ed~b&h$z1p_d_nP+sT&hLU-(
zzgTQ`U8&ZlnFvwQ-o>T%ghDB4u8Ee0b1>@WaRq0vYd~3V&XhgWRbKn{J+>bDK;aJy
zUm}rU5ILb;>?GqrHk~-w+yX|3a|lcmeb8ZuA<VVBC~>5#zLm`O54}0{ZEZjdE?G0N
z@T0nt75zv%c(ozyU*46x9=j{&=mBhnLyK`0w~$|bc@HlWV9;%eYre4SKL)_$i4~P=
zhksC<ip^U8T!GL&Dzn@1gPD{>TFj+`Km=RC*R0=y2H2BzsHHY3>4l-0gW1hs+S&b^
z0bf3pZB`i5!y$0HiXMj746m$XFb}p}B#v7MJBrrS@K=Ww6OXt&b+)N#!$tu~r;5y2
zh^TYB{z`iD{_o74Hp8w_7Pc!3Rp;wX$Jzj~wOoIqImlOr)&~KAqIO=dQ&gI=kEHVh
zQ>`e&7Bp2X_;t9Cv{2l-lcmyzUoDS|h9?`EE_K+_C>KtqG+9cVO?Hhu#15=-E?DOT
zU)7xShZ-#md}*=>_Nswyczk)Kfi4W^COpki@!wT|7M1iFlTM?m2^Ut-NmcF#%HEm$
z4O>uzE_$+gA{E-8m4>cGbmFe8HEV$ynHpMZ5-BM+w{tzBZLPYcxzpHPuzq)*B}mlx
zQwlz?`eeQ{2qUzxH6>=NeKm<Jar${W-}o*did5$toI9-x4%1?304~B?>F^7TULDSx
z5{jLVAOsGB$*~b#bSf<~`0$RqZnViD+OSHaSG?UM*2uer@xl41yfN!-xcRU81v_h{
z6>V`WNxllI-0;~<qZIV1T4ImxGyAXTVsKXynT}xE6A_V=<1sjnZ5FQcXgm+$i~y6b
zQk}uO!7Bfp#;Xh|*(Oo4M(2Zh?jOkfg<<gp5yS1b8IT;os4{VbN1zPL0~dKzobzS4
zf;ZQZP#PiDX-L+wsE-P|ankmMR|O_YM(GsTb@%RCNGH1Yok5HUAHqrz*j8e{ZYj^$
zyr<)Q#9#{c<Y6`LnCT#Q0}I*xf?(pOm`-SY9>Q~jb!iU+>xE1hkK*Z~Ul=gX$4Fij
ztysMe#)auldo;fUkVF#r+*RN-8{QFLm2D(tYuPf>@K3{~g8`;(XbY!2)5~FmGSoQK
zMdp{AK4eE9k9C`atei}Hd?XctWV1F*zH^2-ZjdK{nBz=&G;rl&?yoElK-#Ls(e*5L
zau=_fH)Q(clSM~HSA;<XOY9Kz2(gAqg9oKpa5*;^jfpBaD-HOI;#!d^)oJLqpKQh2
zV7mgu&A&~UF1Ks&zN4cYruSW0ndk=h%0IzyQM`o=&`~1N;3Cp3;l$)RV#uie74V|P
zA;jdoBFL!vdon-8uVvnC`pfMr2;_SLm(p*u-_^9O)BarqJZZ#r1BScVSce2ms_3BD
zSj^y)X~3AEm<)TIN~FKTjq2UQIXaeR3N30py=1O?dXeTnOS@1<C@q(kyrgErG<dsk
zvzH*p%96{WF^DC=xS=QAnUED#&ivQfv!W20_?uV?hsi+_>qO#u{ZxJuYgV0@lJ`$;
zBhi6WRDHn8i#tnADv6FjhM=+MB8ueJ?2)kST~}DPVk7!W)uv8lz9oofz&r`Nii;zr
zn1RmYOBD~-M6Zv9@EOlbk?C3(Dr&v~cALxNjhR+KNY;u8cFqgV5Bq%kv;BS{@SCMN
zgmgF;04(&nYPLr>5Y;}@;)eQ)XvZy(*-~lI^*0SV_n<R{V|=q0ekx);4i$2jy0GTB
ziwxX1syrO3^y>2p436RW<qrC-Ko0tuLjeV0(C>)PoY{~D`k0OiD4NiMv#22nY|v44
z$UnvTphb&0z)2Q7CyB{vfo(Kk8$(cusN(&%K9|QYn-kBwBp#9qI-T6|X{${!8w<$;
z_pB`5i^cQi)&}b0(4UgZnb8U^S_eBv%qv&F*ly@3#;*{CNpWRItMJv;Rz4@J{C+Fd
zHPwhdRS^9AH<$R?39sKIbmW1<UhU$80o!stM^U3J)llfA*2r^|xzq-xA1Dx?7e0-Q
zcWPg36cWXl)b9p3+);X|daTT+$(>0!->s~B&%fx|T#4yQ{putsT5?|gEDxk*6LDVh
zWcT)_vBnw&+&17hhE?~d(af4#kFfbOnIMvmb6`EAEILy124@}0xRj6SmZ$#S0WwxA
zzj`KAb>W0`b=M5ut<oc%)$BQe$aR-*w<Crt{4(3ri?h4IU*>BP5u*~Q=V~574e(`6
z^Js>AvIW-G%#;`5YNpZJW_eZDxjADd)oSYFtgXx&y>tkM_|(Gf(lrrD7zP+B)$Lzi
zDKrnP^4Cb085jAVe_mMRK?q#uH>xr|uK!Kx#l(-F@wfm?v)0CC=V>g2ilDo3MThjo
z`)VFgpIQ+^5X6=i))b+;aioXLzNn&};??M+TnsjV9r>L46~7t#bL3hjF@|NC`F^J-
z=j?;@hr*kTmKEFhQ9btKm>Sz-Ux%5wfZln{8Iw}T6a03-=WtP&!X3u(%2lZ!5hl<{
z;NkWWjwxwITvW|#CEQ9RW9YAE9tQj=Bi9Zhdu%V^2wot-2qyf1%V&B%q63Ljefpu}
zhG2Wkd*O&jN8N(uUdxKB`MZgA#)fCT12V1m38f}~vz}Q}cmS%jC$f5lc#LHcg8xxP
zg>8~7*%f`N3Qd;iu9n+If($&NiY3ZQ$1L*H%0UJr+yJsGD)g&YC#cId?(?+3@tiU%
z5Nv!<C{06jAj;?Vp+K;{3AOQWteoqJbz-W<wCF4AY`gKiDU1ZiB(F<+>)HW0YOs<V
z-zH&bHt!a=zQZtN7*%GBB6<8PsPgL_DOiy&3U3kV{2S)Wv~@4Nc7TzFul>OyO2Y`M
zxA_-f-EM1IQ^KQQpU$SV!-^m+Md$VY??X0Xx_%R(E0zg0MI;>@H?99;>)G<DU_tpE
zNDa3fDw8FohAZ{GZ#41VZY4Ax_wfpvl;C}ay7?4G?#KJ{k|f2t4a^`BK=>x2Mf4_u
zTjc+wrJm|V>>u%q7%uV$i5yVqfHFu_O!6WYB4n1q^n8X?g}z?#D|a~#&0I{kQs?BL
zauSCzfAQPLhD~;BcOe6%%pqI5(b{`MnNvqzHfM5DPXJFfKgS!8DXS>-VimV_w%0fA
z$6~)fRw)}3H7H|DDVWA5S84T?1kGQWPd(I-roPc^M#c<gNygkIKSiU;UwuG<BV-b%
zZt8&RQo}Eqjz$WhA}cQ#F&6!>RlEfg&fh9q*Qb59vcj2e!8gL8789VV8;ffCoYB8<
z;6-0vsuyOd7f^(>U;yN6Vj^^Honw|cEt!)zQjiQ-{8!lLRly~|G(1b8m^bm@?5nWM
zp{|$#;1Eq(GRLMb8Q+^xK6B&yDO>Sg=ceO&xh9wY_dvP5eM@R$sn^}Q2e1~%_7NP4
zM#Di4hekZVTY%s^WL&J{YJ7P)<|<BmcKEX(A9Hf3Dfft34l8Op?6q4KAm@@aByUSz
z`CY4j_}#4^?vg2=BAxU{hYvaJpP4{*L1?8|w&5CT`@78bhMdjLpjx3mp<>k?;o`H;
zn)?#WrM2<t)YZfA(In#Z*@yKiT}|#Z?v6hHP7UJmZ@psy8*0xd_SwTv-ejR97fYpc
zZb9UV+a<nOF^)!Mg=th?o{)DJFi&2FE$uZC?f|6UXTIEshK?>?cVOQ70OPK_qfe?X
z0hOyMV~P#|=igKH$@)FyAdZSxzM+rln~N+_b!10^5_f;8#C!6RSHV74oo?;U+D%P#
zu04*oC`$#@S^pxUE#$Mp*hj!v4ca(D4cZXZJ~1HIK4}1D(B`^1+Nc#t<K3v$GxYy8
znD$<EF8!C9y7CSx6vlkA)oQoOj0uEcS6!LAyestF`7R>TZQQl2HK0;VRy2Lo`>WIq
z$oEsQ4^k9c@A0utC{4w8`*7n{Xd2R;Odj*9$+9Naf?T6b6OTksOG8)UO*O<;yOP7=
zP2VrLSGggIE;E7Y5c4H;52vsKU7`u~V4@1Ly3ianTmyqVxFVG@)<{K^Wf(uRQw@-9
z0O8rGz}^mX5v6&h42}(;p8gO7KX11%H*YtkO2!*x%UARw|9_KRS__{pU_c81XKf+$
zanlw9_I%tR0wbZo1Ep^w{)pW~cmdxsZ0N7VT_l*VL<QiRh4G(j8TfXk1BLx3p?;B+
zCLX?U2)0-F@x*+IEd(N+H#|N73<p}ED;wFzE$n|I)<~XCZOmHzdE>e^h3MQabi(HA
zfNBxB%Y9w+bX8rn^4%Ipv1eKNz7AG&Re|xds{p9xXhpZ?l%Ls_KixwAQ+_Vb*LxiS
z1&&*D^K}>6oF6b-0qIE}@URKt4*J1fV(s+^USB<@Ty7VzTV0~<^_1W>y=34u{&YZ%
z0o1?#>I(n*3svI}`rji?|L^e{iv0Q;;h<lnyCy<zDgafYd%9Y-;G_(r36)}p(d901
z;h?{o@LO*_^;mq9gmVm~E0Xke2^em!TW3X(bZRsw4w8wb=xmwN0PbPm>_rA1xk1i@
zgOthC^~CD*3=)}T{x(*muLf+gZ;t|Dl@8Cl*etM(8iLo8OgowHec7O~Dxwo=W!Cc{
z2d%2J<{ZM{Q6}X)rje0mMabA=)R2?RDT|#5G~0B?npVTgLEs{t8X?sqvQIFB<2L?2
zDyC)t4;{nC9*vxnCgis?D>NEcRr}UxcSb7*k$?o{sYiOMXo4D~*1ynPrZi@%a_fWF
zlzm1^dND7@%p|0LM9p>9T@K#0O~+KZCC2de`g)T$^*f_(#bd(5H!Ndko$cnXgoMNQ
zxRYonz*)pgU!IO8B4VEVHw}7v1=S~EfM5sG1gF^=HRa}VQ$*w}Q^}|gfH_ZykppC_
zo|qb;QaHE5G4<-1`%yBi3}^~HR#;xG6Wj@Twg{`lEwbK%Uch9AVYN9M`bm;I5xYJ5
z3f0S0^S(xgCzU3n=`dL)MuFiNvLQ04P+yZH#R+*cui>x*mp%}DiaLe2kpNpiCDx$H
z0p6~b`5=mBSqPmwr=09o5_7Tf{v1fu+uhlVbcix;ItABu7(DKmQK|w>+)4%@L`3r>
zkDg&jNWENe?|b0jF6zHsUo-mx<?K}|{jy%Y^A83yf?Q0VEu#bT<F5ex0G67-gYF2k
zUis@blipQj<Op|$r1$0G>hA9wc>i|%);oo5Ae#$_>Q&jbDswV!Q2e1;%WY~EZ#|nL
zVJ)bo<S^w1N$i}1mMl>vSC?lJ_1R$h&q4OBj|r6Ra=ShREWWQ6!BwqAw%q0HZ%AoB
z=O7qMW>Cr7(mP4!S}ZR|jXm;A-ee5p4>W%*%F4zWQ?$RVwT7UQn1Dd1=3h30GQQ>n
z+YfQNQPf$xXS$i6L73MI!z*nY;<Zh6S=7+x?J4b%gxf29s}zW1Y><{^VJ)0;xG6;m
zb6qKL3y%);g$b2WZ!0!h`Ig8Nx|8H7x$~Mvl;Wd?c?Ft;b-<uBOWcdMxXe%1!MQU%
z7q<tmFX{CkluN<Onvj3D$L7)o-#!w~g$!ys13e$FFghYlmp%ngtdgn9GoF!wscgcr
zrn0jGKPYc;#+^Ub{2lpcTHd?vk9TO~zKdG~-d3mSqp+3BtA9)Xrmi(VPJfn6j#F^K
z@FSz~E2icJ7kSV$RV7%chyNRjr^c_(caNYtZuJ3s!#_ohhF>Z@fDOx?n(Dp!p~90n
zJ0LV=c)l4?5dVE2anb*MeNgbN{hiY#?0%?s33?)N4=*7GL>JVomINFk-1okQ29cf&
z;T-K-sC{KFc)e1cMD{YSX^w>Px`MDNY7<ap7cEm!>%jFl9Km3Vu%rMc$%aI!u_9fX
z-fvBLc~aoPkE7cD63!U<JnEbcJ5r5Ux=XhIjvH*H#1iSfF+ugv;BUh!!DC+Y?XqNl
zW!psUolCmJR8KV!;(2G#0OU3RoCC^!<WKr25f9REiVV1{AwOHWxE4d<NNNXIK;oBE
zm)WU&MK<BcmVt5ahOlx=SRT2(wcb&EnwW~zINDx_9gVYP#Q0`vV6EzsKDHt4y?3+}
zSsV9}lQQKKKd$g7+@aq#10<I*L0F%0oe^<_wz=BlZt-3FPyMAauXAaTPdlI*NK0$T
zyr7U8P^KGYbc#C1UHUh%^wV0|LjtC$rJU;?a@Gpt;9ifC#;|eF!C3BKKXy_AKhD|*
z&kU6m1AJIs5(>WE?h=aL#=iMKFU}lCkOFxH1bAN0BHDMh66ym-EBZgh?;b?HA2ueG
zPTwr2L==_2-^#{J@G>AMO@!Bl9q;LgGfQ3}m#<>4J`Vhy&(clbCLF>LOy`ELnAp4m
zu0$f?@g?A+wlbF<{>*k;9gdg%nX|M>qNDToDFS0>-KUBzAL_ccL`3`NDRA*PjsYoW
z{0m)YsKT74XGt7+`lmy~ll!X|{UC<ej}iOa-xBz%2l$L8*U<kkSplc3AtA9A-e4n;
z70sR>(%MPoPC1%MIy%=%Yf#idG320`l`(P%Mm&alH5Sq}>mcVK$(<j$V>mh<bEb$L
zLGnhd1R?zs{kEOpXX5Je!r4?{maEPh=HBP5DYj(<;fiRx#lpcl%|S@C)5M}Iq)Dx|
z@1e68bieov#v6JmT?Np<o$H6JS`!z{%PS(mliiFy{<a1YQ&4rnEJ{wRMf5$q|H-Ez
zLTPjp=8K-9Ycf76vzhetbt-;`HqsAk2mo&wLg{)Uaq@=K?F-S!NmM7$vGj9CtMv<`
zRU)Y%0;MtqCa(CfMZp2G6r5ut2hix-gC~R84zU9$sfC#rJ8h3=8$$G9;})%l1*8aV
z!dmIpI8XzPI#-dk>M{Ps9&Nwk#0&BTbekS2P$c~WxOdwf*HFhB%hkoR>zK3W*L2#+
z-1gZ}hkLv8z*Haj4#F!PRVmElQ%EX9(vUk<*EmA!yx4%4SJRUXt!Ayuo$<?trqELs
zF>3^xvCAMI5Dy|j>lM)#!Kn&|4(}=olVpt$G%-Y+j6*LMOL`~AT7{4Sk&rtgohoBw
zQz_tPHmn<}ckz`MyQJPf;Q}BX7VsO{oY*?cOiI<6H<IdY7`X)S2heV0G1}0C2dV)5
zG0cf<om-FA?B4;yervooo|7*n*-G1{h^hNt9;o~x3#76hlLm~W808x3bX6$j)?Jn^
zU1>O=XoWf6=WW3lk7+S0<yaTeY;y!|8SSi-BY8p7MMBm6g&ee$KdKG2lMAtT*(F%Q
z!6@KBs6;6ixc&i9#9%=s2wHK-okOrQg>$)I2Q=voz#7rf%o7(E=qAA_1EWbNO;S4I
zA(*}n$3@6{RFh>cALyZ8f}BN5pb%Y1or;AL7om_B*yYeyc;t_j`i_L4j-m+0-EZ!N
zGy(zrPV*;zW`PeV5(Kc_dV%69b+}3A-#FgOt(a;kPkq%#yyl2&Mcpaa044oYG7dUW
z7|Q6htYwoR^|+hkg_TkLlFlG(HuWeAmBVe|J|j~<&7nvwDCOY(U<sq<y)m^0wG`)e
z{*Wo7V9+_60<QJ$;04}j!k&MX^p$B!=JtrP;tk#j7Cck}gZESSHPNWElU*@BkWcW3
zw0OmCQnG20GCTOQ+PM)S9ZiM7JU((MoPJS)b_f}La@c-p(6OkdWYBMh_in^BqDJPT
zg=Cdp<qFYzLy)px+)^iO;AkvMpn*S=2OA<)(nu7i4WG2`I#L2x+Cz#eRw;SzJS*jh
z?yj$|rFKXfhj$J;2;)^Ld;p0goJI6oz_Uh`t4Pp!xQzFFmm)WDvV4>kmSE0<rI@dA
zt`d?LzL_J-_&sjzR1UQcP3g&`+z)A1mQHnG>V@2hoC`eo^Ljne^2v1vOa>1YI|SQ3
z%XSA1?%Kr<9yO^R=|FR8)!Z>tt>*d)+CIj9(S!AmfPXj@U?OT#E!Hyi_e%N_xCpR=
zcSgQ-mA0R5J6e?UroC1)4A^cq2eC0{R$ERT=hdhpqA>ABA%PMs<7~3>9}TE@q~i<1
zBdEy6)y5h;M|VB2vMT~L{N2ggXYPXb!Pf>)wm4_oryg^i^@U`DT`Qg*(6!cmr|%<5
zYFj+_vaLD_EvRbMdy%ffQ5Bp;UIbEhS7M?Bh;owp(=-rX$3kv10jHVo^Lcc({dhmf
zmBu2~X)5Jwb3vawYDUF<LVmBPMiM5<qj=Gryxq6&1bo)5jo+b7LNkInFgh>=biO-P
zRa<l*{c)WQnS^^ZI@oG|Qk<bz$#K<B9*W#<%}xZ6-3)qfRWic(C!k+>qQEa_ZAX+(
zp#5w@^f}J+3*=d(pY6pRPJ?`y+_i>3u}L$ErA+P2KV<<xRkH6~$@v~p7n5IA^KG4}
zz{cbp`x2rHQ;meAeo-u(DT4Ek$?FpZevPL5^s6T{#AP+?L1IN!@sKKsP^84OZ1bk5
zVq8Q_c%Mo#2;!%0zrL!e)y9~G+eR;cyN;6sPsZjioL1kYv!RGHez<|wuFXYK-epnz
zbwwD84S?zSd5({(pOCI-6ZVit=eNS|J$YoDS_Cs3bysmDzKfn^bVN<}Dd=u^#>T2k
z&`&37Kx>+sptfVvcZdC8!S1F+2oKhT@jy(BH>h=z1qIq^3Hti0j3*(3HT(+P9T|j=
z`{7XyZ}U~BP50?!t>?-)-ffB`f`&<wtL!_3lmCLZGwfuc_C_6L__gzH^CXMYr}~1z
za-70}*c7@9md{chSkqM|^3;$N#hS|OG8*81fgr2Lr>%AxjeW>giaS!2pyebmBW?bM
z>6OZLn>q*`49_BebeV^SvLppIY84H`^fYLXGO}821wK86yY#e-3kLF!1RTT)8WiM$
z7#zed1Q`Sw45Sv=3_=DmYR*Rn`Gp_~GLXFo{Lujp;sDA9@B+WSrx~CRoCIV54Cs;s
znstHZ<^RnQzyJ>N69fc-1jJ}YHYCXI2MNgT0L0-?`Y}ITt5(1A%Y;;Hyr&MpxU^@9
zn>GH$r{={4W%USUlB-5EL*h=5^H8Ph-BaIfkmtIOdieJoTlIItWLHDk1|PQd7855I
zS9e~_Rvl4%j_=m>`IAeHr|BQ414SWp%{SwYh35m&K(Ob|jG;;0!dn(NUp-$+*^7Wt
z<bs9a;GoZ_X9h~{8C4k^y+!K$j0KaP<-~`&;$Eja5qz?6lgHdm6ZL)z$dlv%Z$b%Z
zo|Z8vImx<)h@)&bQ1j_Qx%WYv=+8An9*6XtN`CXKYyG>e_XYDy#^BNpS>~)Ivnvn&
zB0|MU^X@*aO^nR)P_fA?1>a{iW6^dNH*>!3#Es8*Bp~R9m8gGi>TT8yn~C0;<FVRG
zkdb;ERjU<T^ZlWBe>sB<U7%+z2`(P3!0D%~wsZ6dJrNRFcD@{7@taHW^o2i6kC<{q
z%GDm8l!uCP$r!f)vH#__^ItsEUo4>2t=X=VzilTG;*-pb)wFeNFjkH-y7NdHY)AD8
zT-8SSugFg38K!>KkzS2R*gZk7-yJw#aW*&%zo?Pu2!vaDPpWSlYhRLRUm1(m?P&!J
zsvEf2*eYW<U3+#@6jqBlsbvgQR{XnJHf3H8h7@&Y-S&YJwnqp!$6jnc@$e^%hwU$<
zxDKM|H==kJE_))T7!k?Mo4f**&4(J)x4*sVbh~YLyJ>Yh2=|2%{TmlpCbc7*5P(ro
zSQ0<E86OhY1%d0&%8N{?Wt6E`1kQM+cVP74`P4=}PP!_gyPi!V!DfY<DWk4l!G|eG
zK{i))1M!Iv4=Sc~wFT<idVEH|C~$T2{D3kaB@CWx1o(Gnt*}r>-#}Qd#xpyGHS%k2
zq_jGAELW%#bhEZ(3(SEq_fTdDww~djkMbtNyn*5dP*+H9BW+^D+FdY}@AET-qcxHh
z*Dh{w6Lhf5nn0N6*x=t0fxXOyNrjCDsiuHwv%&-eEUok&-Mk9yj#TN=30W9XF}60H
z?kzzm3ht%uCbgCf&O9P*Rf!n{I0=Ee{%Ga}E?x@14Cde5l}f7pra@r*g8ol%4(QY4
zqgs>0Xk}-VwqoSrw)##W#fFQx9yW;`I`W<utqQ55I*$dzO&d#VuBE8<&#?)xX(PbX
zUDz%tRTR!B1dgY)RYq!GH=1nud1z5SuK%<$xn&e8xJ>?8nv9H*h^t2J^hKLzq{nmD
zrE|0uBciaXPwt+TM#h#?G<RWV3h8Fz<TUsec*C50ql;PElOSmS57lcA?Wt)R{NKF&
zyXQ|=8C+Q3?w_L`nhnP6HJZMpAhchlS0gyNWFR7nH~lULwn8+P+*{6x<t4&ojv{i!
zm#aPo3T7q?)Kb-h=gD3_9ON`VMddDKiL*&ATB>S1*F0$h$xXYY)1#eKODbR8c+(6-
z_`$KvioPp(BHV`!Lpp`eZCFWlP?Vh>Oe()T!Hw|QXok`TgBD!K8;<mJFozFH!&yUq
zMkBZ2?=!?9NUlJXZbH3r9)yVe|4z%Oi*cm)z{FD<`IlhqS<vS_>eo_(TZ}xD_r~R(
z9sJ>?M}Ay<59gjl7WDhw_V>N50=OTqc??H2YlO>mNQvna?HZUSQP9bDfv0syom<V<
zevhEr42cAf8RuY(?3iN9Evd`#JRLX~YP;na)Xz3mMyKrb0!dHWxxrYwLW5E_1+sy!
z%~QL5jRpa@$FVNXY<JtK{W9AWV~LsQ=&_9`Itx<4*uha~8Z(NQJw)w#Hzauyo>Jp8
zr8rD&%}bT#Z}~3HHQF-(&t;oqwZ<dJ2A7<ZI(`XtEOBI249tq5A<I8e!q0MI^(18a
z@r!M7hE1;25R1@Wca(K%%SFiudB<rx*lSk_3?YZgQ_W>@It1PmRHV{+c#k#P*YZ@*
zu~-uLl}p+;`^Y#YA(G2g6kRC4QtiEzDvZt2s}k$v$I7C<#%dO_^rFs<{5;RjY3gb+
zrJgfNN(f3eS9m$Cfa__Gpe;@v!zN5w6us7;fx>Wd&J!oikVn>!dc|Mk=zq}}&7enL
zCREX5ylz}L^j$Did8HaPfW(48>~3^fECDLEJux}6!_UM4Y*cJ9u!A-%F)&kUqgoMZ
zqn4n=fj^KW!7Sv=gjUNEKtsrXqqu;+P3ZsZfB)CKGm$p33q$7Zg%JfKgNBK{AR%X_
z1?mE^TzjA!?7xvVKm)KLy=M!&9bqDRK%|M8v=KZ^EC<jbhm49Xq%bm>q|Q2g+h8S*
zhR?un!ns4H=!z-hPy`8<g<F-nPrx)s2q@ZK6Rb=}J#xx8V>&+x{W$z%g3#_OPgH4{
zoz9KiQff2JRRn3F9kNAw4cbAcYetiO+#sBKWJxSRW3HHFo$tX^w$zF5i=fZ^VW6Z_
zr~sR-olgJosaf`rt~Cmw!owTkNI4~frN#b`s7t$z7j?O7@_Zq+1Kiy4*<a6mLVe_*
zfGaqgjb(E<Zkf}6QYbX*6+)7&`9hAuDLl>6I~v|zq5%05I2QkT!@}eii$t}Gq_KE7
zaP;$4#G^*)hah}(j+JH0lsRaUn9)A9e{46ihQr!=u+o2(8Vb6SJmR3sLTiG;*&>F>
z3IFMh0uKcrAkP`BMlyC@<rW5yN6S07-2dp*LC)N-<nF<e5hbg$l1E185i^2?xYMdP
zDAx1LJ_d_N15yI<D#az6k<4*Q6+3-pnp(`s=Y^`R!s^=?x|8CQCcDu%yM~bgLyUwO
zC~?<^QP#2l+)Ca@%U*^{-QuLG<f(Z%S_zY7V5;Yn7rZ*clR@&h=V(r_7qkqX;8!-B
zP3j}%2^!D^D+>jvX=y-aNfZx3-SS;py+Uj1CYE?l(7^WbzZQz*3UooF)`kUkzudP_
zZ-c6DlT0=ysZove$j4)Qpx4)({yB0!apGDkLl2MB-2^Iq-B#>CRs{YpMlrH06!5h)
zAryX2^nL%(P|=Se^l|p^aClfjv>o6n)b)i^@b!c?u>|$G<VYn{bWy+n#Ut=}k%1WV
zZ-(+>j(n%GSvAH#wTCW@C=CL#oSjPaM9*fT5nb5r<5<yuTR_flAR!^Maz)qx0s7D!
ziZaPGY#=tu6)%_tsqWJPFcZmBNP`JBBI^?Nm^x2^7i<hhJAqR@dfZArI@z-O3z^m;
zQoy9XRyGkN*8)Zs1tmHYD(tR!T4cy(CP{;GVGO$H5B&w&3G)@Do~CK~&Y8bq!MIgU
z4>LCHl1A2o7!^ng_MCI>P^m$888wPYcNm8~eOL^}5geKx6N0OTPx^A`v1s)sq!iW!
znV!={GDZW9YG<?D638TMgSvjaqt2GyrSir6ntUW{*ANR65j}mwv1!c<ySJMMz&fFX
z+ER<2kp|_o#9S+Qho#$AafRDzgcW4Q?dl0&Jd87wqJ`l&9(9NP_v&FrJf9}7pqx_;
zM>9P`^dz#8w7`J%fJYt~rIkx^a!fC<%J3i~=%Z*KV3oMgVIq41;j`Q@FV#plltEgH
zGUS?DNYizUB9A__8A0>UWN7mon>pJ_Ci|{FDOU2`K5feamPKXcGq)Dk0=Hg&<W6>)
zI7Qc><0nT1u4;CsEbK(F4vYs2IyD>kXISBw;b9NHJSsQCy*l}rZoIVfvz((y0WC=)
z83;y9ZO>gRZ;>MF#gwYV&%{udwm*B14T|c&E{{e|GrIeCK3$w2pN>~YWE3D4fmI2m
zq{@tSOqw6M;c19y-xDV3NLl>d1}cwBT)t6S;^JfeOP6-A2@;y9G{I}-Ndw0mJ7Fow
zk`zO^*fX8B<Gs9q={uiR%vM#xAusM)t6my$A^oMR_-C7QeXa}UfDyx(aUXjGVUs6r
zMF8opDYNTX3aZ4@lk2;onWoA61vATVbT$7x5`_4ycxbklE3D-AcCe-LkMf>_XVi}`
zL8_U_jg<%DvPQIbytG@F8E2blSTpExsmK9l8BF&qb!GkfiRMMCyb~p(-$*IW@0+uL
zN*_7beLSISH^RvY;aF%4$(f`n4GCkMxFAmGmBks{=kg^9f5Yxv7N#dBwR#b#_d|RJ
zI*ntOdU<iQa}zb-cR-eGt}yegG#dR53jM;c!ygRzdD5yH9l5)vScM&HK+Si5i*#Y^
z)}DFt6DA0?G5Uxnk9kgwUNe_z^~YcB#~G={K`1<Qt4!xm&Z+$)TlXi2Pcy0Vqa_n|
zY69XreqmGO*D2*qpr>n@m!AV^Zj=$6dY4OU!OsZX*ODmY23Lq6Dq<>po-H!RJ+OhF
zOC~Y$?7x!{%9!WJg%YYV>$EJ0omCh$E$7pT?5S%_Zke^Sq^XJgN0on?h;Q0hU0(jY
zV*1d_yU>*-XZt%g(MQ4(Ur7C%Jo`jz#0|UThg!JqNVLlp=9?3nN;<MXdBFG>brN1^
ziujsRgy_b%6Kn;vuu5`pAqYx7Tl3f-3I)>g$P5a45-6c<J>Ysly#8BlD+4VOP2E-s
zCny7+4eh9}$U&roD_jTEJbOJKR1|csMEf=`GkNjL%*Bjgt6O8Z*LU=tOv=vC?|Cfm
z4oLRFFz244eMXi=3TjGSxHmTPBbcrsLMf5X^?%9pC5j>&IZ?M)Iy11vCaTM~3umCt
z#&{2~lHJz$hs_9+Q6}ojV?m@eNusDrZsyv6Fi{76L>v8lFl+qyU=9)2!{tchv!DG*
z*He#}QsM~EsN9kcm)6md)_E{XXO-_#`irG<IJwX4D!Nc|X5*j*G>pr(UmeQfKOq@Y
zMUK7qNj;PO2Ur<PPnU<oQ2Fx782Mv|@Fh?bno&y7{)rlFF#_0ZF%Apu18cmo-;%8b
z;Rysb-QrEr<pd<RR3)mPzZ*OTY1=ydF0x<sNC(ar&|DDNhAZ627N9AsqcSg|K=aV>
z(oZx{v~)Bzl910mTk%OM?cBmX3+Ay`_AS*ELk_^M+|S!_TPu}Gj^atRC>*9KsGY2T
zXb)^OWn~RxlCn^$no9`&fTvJaM`P_d5~;Zwi#Ca-KtBY~w~S-o=|?2rQoaG}B;xnd
zc<hZYqj&jx8YXCkniYwW5SX;WdS!3SzY^Q%rA8?6VGuG$Da-^xe!;zmsG#Y!?}eUQ
zX&(4D<i@0B@IgZQlBPcE7}LaVg<j64yU1)&ekM`VCho9<{H(`Wv4wlm@SLA`{O7!q
zgJ&|wd%yEg8wQIdBS^xWb=S2GpEA6(*RJTy7+GdF-d(Myp`J{Dq|?3lzNxk@KH1Za
ziC0b&ks%+DI>6jHrRQT2Jp1w1-R_Asvz|6=#)^^j#uwxq&7+BF%$~1ev!kOmG_i^~
z`6IsKV>5AAxcC6wC^^-+f6_w?oQqQ}0SR2?HOwYKVMi7%ye%4Rs|t{x+`G9@Lp9L)
zGUhUt^JsXusbSk`IKiveg;=$m_36exzwh+ZD<dAtfPr$lg;=r+1QW2%?qu51b*D{G
z(-eBVV){M36+@nc2dS_v%s^UcGo!QGBb5RZow}=M*sf&$h_=$9@Y)!?2`3UG`HSX@
zdQGjMgs{r&Z))B5eH9&;gLIagC*`dHQCp-NX7bJ&A2!|QvVAuo$*6Np#r+--+*MIc
zcEnepan#CsKWW>ZDC2Q50%jW$?s+-`_C#1`Q1`TZM*sZIn#9v*Bztz%1Elb<&(EgS
z8HJCvs<rjbIQp3)q2j$+whw4N<1CVFZAb&-isLpVPU|XV-YwH69mya4Ky<BEvB|TX
ztA0Z@zt>SM|A7B!-?uRz`di#`Tj{s;<SO>O_K4ioAAZ$<EBd^~i|=z7c>0C=pJDa?
z>>B^4{$H=?y@ulFRYTFcEdg-+{O1ZPP_1~1J!_7Y5ozsI&40EADM>=XZW#(iP)ZcN
zUtmIS83Mfsz$<_gm)>vyr~7~F+W&5}O6(S>A2R>>xTIE_JH%pYr`@t~J#1HrZArRg
z+sZroY8H}N%+p$#2Hn&o=(K0h#zBou#g1xO4NM{N{mUFhLsCp@#5Sz1!Uk5q)7vKC
z902i8Pi%DMd<SKNIlSJtosnn3&Nx-s0RV$8S%O0jj&Y8IIcdQv83~e2a=G80O9&P}
z!7c&<3tF<STpxk{t|4)gv*R>~EdTh$k}6tD1<q`e>Y8{QHK5ItSr-tiHkv|l;<+{a
zcjg7t8L`63?2_(gV?nlG#Q}oaMo;%BWcBTnGnDJ1-K!eQmdA3>+1E@9y0lFZgI&FT
z{)iNLhFN6_2mbDyO*&o1gdl)N(rB7FI|xPtrI6O)PJWFiRHyw&?>svd-9_Uzs*Ua?
z=T&mh1$9uz-8GFamddEQm@RJjb|&Wgg$<kO@Uo<oT?9ftnnomKT<t23x4o@&aU6+3
zr9OMWn!M-Z-1y)4?_~-<!je~S`+F#uysOgwaa@x>-a<LW>BN}}QVfap`FA?W8j{WY
zDi-=TUDJAVJUWWXZkj4KhYj$_7R5)$l)U@xTG$*kw4;<7m@sbhXa+;%I76p<`F%yI
zU-5culG^v(sN)ck7Cheb3{{iK#BMfvml6gdm%j8BOnu^5HM=0dB-gcNNdMt9SYeRl
zn#~y!bUp#c)!*}<pF8fJWP>WKJWJkk<}(MT?gs>T+sDZTZA5!!iYfdOnpW|jKAK$H
zOv|g_u4z7;idJShKKMB#HVa%+`c(gzchS{bZgtOZ#fihTk4+u{6S?q$HsF~`s^mqm
zYTP+he(<$E0AG?aubS`#n@AH=wns<vJx^A{x>Az#PJIdo)OIj+(^3x!{Y<{Am}|ng
zl>yTA&4E8NyKt<-+{bsvZ-t804mA4fejYK9np1m)9s#w6&d~IC(*Z3AFpJZ|Y1KQ{
zO5Z4PGkVd_XJ4QKFdO;3pPxLZ5wO+@khFmZ(;|;nzQ;K>Re68POJc-sHSgmTDA$!=
zA8@K<IwV=}&d)UzRVT%a%R$E);yq`DI23Vac9$FP^|+Q9=X9B_iC3T>J?($bPODPa
z%U(`bk{PtVH~#4@?kqzkBiaKKmUP|67OekAU8eBwauI3^5HeZ*pm?y&m2DiK6m&=G
z&ExmF|I1Oe^{Q;+VfBJ@Wz+n`P?sHKeJv}{_8*6O1d^WGxMshPnO31r;0{`u9?0bR
zBQ8FjmzxdKp=NOC$w7tLVmKb1M&mYgdy=8A>C-86?x{+G`&-)*qc?#;=+Q+&ma6(+
z#>~F2Oc8U0>3ry;?=TCec(r^!MPfNj)Mrmz6d;s5XdItS79b9;3<Gxn4jN7wNkYo;
zhe=6LuSZkxOI20vx1Y+a`k%AKYTF@!m35Gj=ZQECEX~_qmrrX(m#u_<rm2VcbDlHo
zTO4r!E8p<waGEQpFb0|FgbqeqDu=S%pJFU296ZHzSLLP#$8oE2X!+Jnt*u=9XY!em
zzl-tzMgOdgM!eL*bKxC$l3Kfi=EWD>FvUU(sB-$-CcT#8u_kTN+tvF6$Ba3Rm1_+*
zPo3#i<q@FnEVIHzuc#XRr^N=qA_2}q(P_A~-5PIzPgRE;OR|<0-{5fFf>dJf&&XRQ
zYpPnsuK`<$WNw%`suAUAuDQq-l7kZDJgt@*za`^nb}>j#*Xx2hg{u09R9&R6Kd}nE
z?388+vwGG3R;VsPzLK_LK@VjcRueH8oS^zH+p^W3MWUGEt-iWt>WctF!==#KE77>V
z-G+%W$gH!aabpl5QZM~07kw@X_Ri}>8OXV$N2lI!fai7s2CnUFTG`<G1|Ol?sy0g2
z*VVi9p&l4nl`(+FXX$N@(a~s`KQQ(0s63hJQE8QHTd~`U_jr?cZkKw$lNmCeIL5+5
zcOj4MbX{0pH8N^;K2wDe^4vt4+JC&c?+T19%>i`-Z_Fz8P2Tax#S%K20~YrleH2O2
z5fg_`TBYfb2(HbMd9rKpAKU2;Zks?&tQXDY>Y3`XN6@eEk!dw20YTd@nJ+s^LCDnL
z16|p~Fk>H?ar*1TWGKg;8+aRTSvU5^x6q-^Uam5iBUo6@nIsVABC~3#9Q73&_aq+u
zi45FE50#DL)iWFSGw`k0)i!tC0`INxb#yVG&<Qa*mCpQyi!>Zuduq1_2ufaT&FvB=
zc~=#5<9!Y`B+Bo)XXVZrR$QWXIHZeM?hkpqG&nj0AUa1K=a3FpfEW_BbMmP~MdFHM
z@>pj$;LnDr3a1#22{R4G`!?5UT&Lz_)w!{4mtRShz3c%=hrzQNESAKGoxB?Nywr3Z
zelSkl#aTX&l$~<<c{Vtg!6?M2RjyJ+rhLTPK0wo?&QQ2YQgBweJC4T$8a59;W8p;}
zXV}TVCw0`P<5qM7H5!dfv(5)K2oH>!ZN<z8{|DUC6E1&EJ6-MB5&D9`d7-A`%KYqo
zBRae5ssY#RU7uTqJfpNbIU`*tf~Gd5wIq&N%ux{X1ldti6148y9ZDR-#-9crT37n8
zJ@*Rp%PMudY-QzLWUZO05}fFJaYm19F~}(4<PvNyAZ3vFF-RIj;8bjO7;J8eX2Dxr
zHH4$4)(W)L-HHn^N5@8omL|2BCtjT8pLmhSjB||9Z0qZ&$vz4PhAJ7kcf&5mZ+Wj=
z^$JQZdx)kp#UU2PKkQ2Cc9lu)H74h6xU>EX4sV&EQ|+2zff^A88fj0_77lGg0jFy#
zAP%L9+Is%!wv}3iDrRvo9eRKwC)4DKZk-97R$j#g_~a`7d`<R@g1e&(n|1gR@1J%D
z8RVAKiwJ$}l1IhFSvFWx{|B^6?3*(L<rf!odN99Kl41n4!YOg-q%08eHx3CaE-iV>
z<b!UzRkO3#M^S8T{5-wrI#(#v_#gU8&3$c3i>N|p%00TfuQ%}fd7(RJ<6YP*LfUIC
zo*FspI+<9O#y3wCpl<gt<+$SuvdfVb7z99`z}`Q{O-q)1v|gp`S!{HGT&(+Kd`1EN
zLnC<Brcr9NmEP5PRP&XU(Z8vuzq7s5)7Kf$fBy^V1T{h*Oi=Gn&C&n{-7I#tY4*LD
z3MP|*l0ywiW;}x#v39C?@tR`e@YfoPM+MAt08FO!vj+zHFG+(7ZB#bHV+H009EIMf
zV?{c}u(H(%^AOw(e$ExN@JG6VanUPx?zr7jK%bt|nJ%d2`|1DVFvPFfq$ktB@!|>E
z1!ZU<yKKVVZY`9{i0(rgrvYyXN-J)>qf1pI7P7q_aV%(JbpEvApr3;SomHni{SP+f
z09FABki)V1MikQAgF6XS`@Yqg`RuOoY#5Nh&r!b3Es@DT-L(@0XC5L#KB(r}{{O>F
zG1&dp=lY&~5hSb$fiTdbi^4wLl#{@gXryqR@+F(-B_cjmQ+fsMRHK2^hb3cLNtQL{
zWPVF5r17{wtd6((|7g3%=*pXQQS@=gwr$&1$F^<T9d~Ry>Daby+w3^$*mw53_Bwm*
zanHS<&iRlzYCcu<{PQ6rnW_5KQ|b_xeQ?w{)hw9f1qQb?y?3;QGB@>T`Bv~g%kS~#
zjKb!-xkn5roZ?Vlr_TcZt)FjS{GTtm4?SftDp)M%2%HRBFW`{Tb5&ZguXEuM7>c6K
z#FGRn$IlLcYKK_K0%ojwpJQ!5jZ@Dn_Jy;#0<cOh%8{oO&h#1xF!!FCc!9-YtTa^v
zOJUsw{A4Jmv;rjVQst0M+S=*g-IRRP%w1?UF?Fn+9M8tof1q<g;}!lX(~Yw0)ww>+
znLC_ukiO@aXx47k{7a{*cul0Cwrc{U_^3apT|H5BpZZ;p9Vw<!_(mDW|FE#^G6I%i
zBma!dm$CgtQ>vQsUfdsAFNuD2b$LrIO%Ful=}ByfVvcRC9F3R#UeZPFE!fMmm6=*x
z#>tHO$nhBRaj)fLdi*q|qPD<<&NWCUagHqs71-R48<;apC30MH;2w*HOMt^k*3Muv
zv3fLV7;|s!I#Ji@l7?$ufL$3%^_TEav{q?3ud=598*<9~qCGEP(BJ)25$wI2dgMNF
z3mRuQ=jWEb+0FZA5F!?51SWC^Q^{#vwtHQ<w$r3gSrVUeq|O@AJPcZ%90GNqm&Vh_
zq+#GkwRsnQTfYGnY>Ke;b0cktdj@1+`t0RWH$6ctSt~^VfgCpnv9q^?K}%dbz|yMc
zH{MxyfT{82i7nl=M9j>4`M2{60_&6xf1K?rfoe>vlf7H8Z7lkTIlpk3-oBLL%T*HV
zsnTBWxa?j8#r!%F_H|Q~UUdQvi7B9wD@8tzbH+Z^*k|?>MO$a3RIo<B5emT)r4%3R
z)_(eyO{IKZ3JcXrepe9ar$Z`UR&&O@pezdVotx3`QcEx{A#oGTlEkcBME}*-W+o{%
zT!T9gZ|DeZt@e)++ffG}=bSHCZFRr8K;X(Ar0yGHYi9_ZzEFkiXgPcpOLsezTDNd=
zN!&tgKq3=sA3<08Ab8niF{ilbF4VH80G0@r6RZFVDk0|7qOIZ8JN4?XS;}njP3OaW
zHH{7@U6R{xDb{d5j<ouwHLkLA_kK4VwD72Ht00f*jXRu{Woe!B%v&VSdQ>0RlZZ*o
zE0DzgAzc#zg$${sl}Aowv5#zV7iAiSS)%;?&#6%JT{9=?AxRoC{wel*2O#-gnlcY(
zV6ZIekjC;DaZTfl^0VWZrsga2qgXMmI|Fy~l8eP7N2_hrYxKG?>POt6^#`5STe^5v
z-;e6EbCaY<9$;NBpVtZSLL=s%nULgA5x{cFsK%5E^^99N1`AOIPTPt$*lt9OL8Nks
z%Cb^fI?Xf?8TGnGHi2{zi{_YONkhdb9p4GmCfrEup{^IjGK4`&B-6Xqu;EMPU~vyc
zcL!13ixCJ5EK?{G9MUFpo6BQdj@AhNA|<T`?gyA}4+9b^Vg!nd`A=655~xeu@X{{a
zEw~U`x=1&DOh|(}M<+?!T47iGWzu}Ea}ooUV5Dh;*&;Q6^kuE10ZgfRG&v(%tUP?g
zC}Qo%3iB687H%#<ZZ+o5OuBDLMrf*kaZ*`EEhTr%3=q285_F2tA3I%qQQx-j?|h(H
zAbkc=(N>jyGz7@B98CiM8=q7T%m0ISXb~o(!mP&2c)Xq`ArT}4Mi&zZx&`%!TgQK}
zzyeW>VmIU}E-a79gTf<b+8mPHsQ6$3k}OCcsgOE9J*}rz{=#IUN`%5aFB7QyJ*Odo
z2mqAmKNkC#ef|CY1zxM?6m@kmgj+KPWHbz`qNchrv%Rfd0X|84CEQor+V#dgqXNFs
zA&a(`gml>K07b}=ltLguM#gUG3352xafk`g1%Bni<=FbpeKU9>3nn8l{RPv06ZK>A
z;RkLxiJplya}w3`0aK;s3O?5ybiNg@dY4%z2pD1bS$K5|;XpNUG(?EONc8}k3zQWI
zp0K^3{2oWIM+_Xd>->+%U&dPwO-@Njq)EGw<j?A;=hNrhI;ub6kPa>Kbaq5pNc5zC
zq@1WKlwWBcg(po))hxI>;u$;e)nA_18ogDMY~gHOQT3y_42Idez&b>O{sWWnKy2Pk
zNzf)Q;;|YtFi1;P29QnykmYTKZ@G1QylYl${za2Q&)wmcuQAJa05pjM>0dMnEAbzi
z#F+mNO=3~}f6*jUk|8FLxPZ*ajYxgK?P=x22v?wwxJEVen0%`qPgPyYEYgd|I_hzZ
z1uaZfXjPLw4tgyf(!x6=A#b{1psvMF`Idjc@+*UKJSlec;iDpCjiJ>=wC3boe<{{!
zkzp1>nO0MHMJ)nTPqn<w>v2U;{_HrDbN5Q>-!Fd2`364wy^ipg|96*mlpk_Gl~zV_
zdu~aIaw|qsLnkq=gQ7%}w&s54CyouL+v<HUk8B(`_;f15AdDTq?0BOdQx?lrt1kXe
znI!cV^*>~i2IU*I2=z{qLiV5h2|Z=yE`<ukYVa~EJNBbLjN`Ll`=Z-Z#m0$0tD@`Y
zua(_R_(>X;996wLSjAr?AF7UNVukF*MV@q82nn@?5J2jYqBQ5Scpyi8p-02$raU{7
zm|Q4IgMe21@&WhF?oO}NZ`BL*9J|Ik7gdz;$apffQ+;4G?rE;HVTw^bfXyHYW#!V$
z_~uv^mbB|Rh3f1>Fo!CX*E*{uC&%RmhkueG$GZtHS5q#HuIHKTTlAEw@|nlYAf^&T
z@Ei3#u#zOFY3(X*4=O{DfH4m;CbziDiOLW_VHQ%6cdmYG5ku9kC_rLlfFasYwuS_%
z4MPOV1F)jXAb>T35(W|kgaASbNEj$!$_v1b*a7UwIur)*@^5<tm~iv5&LINSiwq!0
zFo1p>Ko?+h7)ar7j+dr?d=qOhPyibZ6i7WBpaF^zhoGHtS4m^^A-qRHz{LGn=AO5G
zaO}i+Z}rV?+LULcUV8zVqojT(<mgD|YPcAF_@@sg{NaED{`H9CJD8j?14r}|+m$iw
zgTW&?`|1A&HeyohT!eA?o%F~z_RTRW?eG?n!YNX9DFrJ_`t`^YmFRGG0GBr1sT)7V
zdS2Cz=^Ml4w~Dd`egC6YO*@eNB-3v9G52eU)TR!wgnjBhz$#AL#%-_{Csp*ttC1td
zMrJ`^l18T5c3FS$72C<Un;TKpD;~jYAF>g@UvBC{wk4?UYOa-(*c_3TLL6D`*+%8#
zsrOJBgE^&_N6p8>KiX(~TvVCX?8O6f?p`M$;j_n4c;tlY5Tx!dP5gKrQ`AXLrg(sr
zAJ6YL<e-sbSjMoQ+1hkANmrSLfKfalMA1~gG`TB9|H>`2vl`2tY)}#Swly{jG=(-O
zIl=+~qi&5vVJvo}P1~y->ELT*`^}#%LHn(sXQxLv(nNO`HuNfs^u%PlbCOul-D5%a
zF5s%oGm#6WO{&?oG=cgTb#I&V*HcSlOOX=Rf+REhy$qGLDfR|gSy5Hh$5F$RAHBgm
zN?-!=QMn1@{DEMRhr?tcVG*mOVnWs{Wm5Pc2H6K-c^6!Amf9ijgm&OA7%>k6`b%@n
zBpvqch4#=~jBp~<x|}TSWFe1xj4_)vT#lFb#L)uYA<jbGikFrm9&vvu1x$W`S}zoh
z7q-H2AX?CV`9Re}IJO_f3q>i9orc=kI&ifTqUL4jx1i2V=)!&)nu{M+<fr7$8jCw2
zT|a1*jW6L;R0g%Omg*3p!1*-OAKYit8$4n|=J>W?dsAOs$&891sr@h4^x!Vk{&=P1
z<4R9Vp0+-`&x%emr+G#px7ON@&T}fjnKrh*r1Ce<k8!uRUui0R9+is?IK5N6_$>jM
z1aj*I_TUl|9_3K)O*G*mdIPYV`NhN(<T)?WYYSkAs``-*n5AS8cj4e}#je7xxj1#H
zH5SrZp_qRvMeDqV2iSjcUd#}N>{!!C?Pc~py?Yhiq*97|jbU#uvl^ddqI1yFI5OJJ
zf5(eKgB(VbzKB~&(=?h#AHto|?4reH!tr4<{$NGxM4)*(Sr}_qrJIt~X%V)#+Cnq`
zwx-5}GyrMIU>mxx+(r7Tw&d&Ou&_PrmG!fdg`fV|L>xxlAvwWX4;4^(WvJBzuD$5y
zioPhVA4VBBV@s8G0idV~3#uH<w2;##nwwdq+b>BNx4*aWF{ImMV&qY6O?$B4nR4hc
zi<#j3f_y4sX6dyGT&a<%i!e#v<Nv`Lcq@&}?NUIHZlpU9UL(NY@qW6sr!Ti1qW<d`
zn!(YVqB-!Z!8ABUNjfKlBW)dYX!8vSb1uOWJm+5WR7~IV2gN;p#DV8c&M8^0t|L!C
zp2rW_B*^98B<R&pzwv8lIWZQ9g@~nT-!{7hoxtZM#~O{R)X+`clT{|i3(yYpx%ntq
zXU<Duey%pmt6GjkT&R9SS|_O)<v5J-0Zlk1Fy@vQyDd6}*P7trliyCdHgEjFe=o(J
z5Y>hxv8p>@h2)b_o1U%Z&85S)mns^0OMbQRodBwl-6}Z05yU^V(kvg<n8WFNrp@w+
zs^dZDipt>@MH?7?bngyUEO%ZepGciSfU4xFGfq!lUw^bswFBL)`}hbySN<BUmCi>@
zo4daS8U#en9FDBB8Eyb^UeSJKtl*yvc@vev<+0HD2{z%L5$DL8$bt}3c*Ujq`1Gi9
zNt+90gNF@7wyaFcexo48SuA}4{M_r)biua8i9!v6v>IL;UA%1jD$g<FOZ>ua6{PaL
zs+Q^7K)ll3@*feCD>nF)^uIcnM-{F2QE$nlu@l0p%veuEMwjN<gLS}Lhz_mt;fT}$
z?-8BQRzu?|00GFh2n&%>RT&)NYCvEYFz%lbss{fAXnOwp-IV}Ou#TAAN5~JpusE6x
zKPK*3M5hO9K?ryv^<2w;l7`qqwqXlbLs0pA2Ta$CL;XY^8vW-Xf7TJ5nq~n{&@VPZ
z8>6-^e(qUqqxE2y?<Lkt3;aFqB1-*x?E7te>Iq8lvyKPDVaTiKrfKouTVkg|2Cnsq
zL$i=ZCjrjMa$fwEiu1$l{A@Y32W~-DoV5Bl#B}3phKXv2gp}GiH*|W6#S=(2edtA9
zRee7OXQ?hborRhz)5u#544+HI<Yj(@3w*8|x)4U^=_!$UeH$b4M&v-zTM@yXLQ8i3
z)A8|-i{dcx6kZtPsZs3}EaVNQo0<JF-y%*f%|BGD{i?rs9Pi+>K<KQ*@3>%LlWTZ&
zJ#}mEEAx0E$m9I3Vhu<Opz=Wdfvr}m7IH)c98JL99%+0$7>?tnEkL!Q6oPJXxmw(<
zhXmWIVM8OKg(I!RJEZg<O=$YT@Gy2?!i8f9X29t@&Bm?~pY$pqQN%Nw%}k_lQW$l!
z3Ub^vo8j;<Y;v=V4wF!abgZW$*p_Wk&^`o}cFClN$X3;1r;LON_^I}@R%KWpbP^}p
zCK=d<?!98#BbAZJs4Nmx<4Ln`L4(MA8GoTxYNJnar(}^5Q_LBkF-@CR*PLd&fM0Vm
zcHxdz6s-WY6w12$FW`*B$Og=bv?GR^Y$zA#(t&p(!EI{f!>i%m8!ag?BY(M7goGkd
zj;j8d9fWP4+YD{aqQE<}NVIS7<5=6&o+~zNdd_%XncnGn^=y2*oSsIg5%+(+t;p`V
z9uWAnecIT{y(G}Tyt=x0zu9_gQ9q#&__LMkk7(-|?f=nv2g>upRGYZ9W$%x}G)B=-
zT+A}&F35v#rFd7Ju>IpQIHevf`Zy__wxanKjE&~5YOXZlJJX)Bu_rHOS)MYx6AGrQ
z`fVR~bU%bWH*Sp{PK>$+3lZiMd>WIS-&Md8)a&DE5l%b}vGg{pI76Wy<4K^KeHu`1
z9%p|tf!`_?I59bKCRT-g8;Ca|T5zgrpA<PZ=Ojr*X8@6TPo}eY$TG#6?y!bk@dL~W
z<L&T@28&94%5`SW6&B0G@P35m8^QY~`0r6D!@U>!c01X5SnTTYjX^;dKY3kk$<z=>
ztkBUU*XukB{3zvBjdr@B`sU-Qcgcv*E%5fE1@?{sMxDoRY-SKaZX7#Enue(NLEq<U
zb-vPsT$;A$X0v&-fBW{OF|1-Rdeh2DZP&IpGo59~ZqEk(9QNMFeQ*90IcJ9Xf$O4o
zhoe_Z#iNKt7m#h!ui*0ByIPCZM4PlM$VRa|0`(DZu#~1mFG+QdiB?%ZK<V=145qN4
zNzd*4Y|xoArJfNBB*K#e1;0={D1qJ|`Qi~!Rf0G%P)-*&l)o)fGSb8U+&l$A_&{6S
z!cqF9{Epqd@RsuD)dM{)Sa~=OUGeejwHvUgmy5^e!qE=BKR2(RzZd#}Pcqy<<d(5}
zC{)Ih%V)4}*<&9!$SpH*Y6}ug#JlXZKw<tSYatrmUEm1R*r^0Wf~1FWpijcdH%~em
z9f(LnNv4N~>^Z+(>e-7Tf&0edf;w{b-1ajyR$lsLOXJKev$w(*>U25yyR4(GrpPnv
zhv#k*p2iab@)H7j`7iax{AzihJ8C*)OOY2Q$hi}vkn9eFU!7Qw(~YS)8-rW7IKZy@
zjr~1}AsoC^ruajj(|GWeJF&UcEoP!$qO4iyLz}5MI6p1Jky%7udHsc99+<J*$1f{G
z%Ae}d%35zIy&Qt#v!K>6e~HNBBzP<{lUUH-_Lq7+nJtR>9_dc&tnu->I}0L8SEOnA
zak)bz{fuI2TZ%f)D^_bvH>?%>zQi_h8`P@4TYgs_xG*O7B~_E*8X0&KWr(!v72QB(
zn<hxoN6h*~81WL4G=-B&ZG$rS+ND_e+U*p#KqX@hmI-S!ByEH~qk6COS)V4g6(RD_
zoMIbnP?ypB^>~lz;bR@wQBZc0d}!gRs~P=n5jVrHPUs`7m9MeL_a|o>iY}>9+r;Mq
z#tqh*bWT6kl%>NQFP~Vvty2I*OCOPA!*H^-l|um(|DxOsYa%^-0<MV(dJDG_`}eC1
z^i&kP&{_%c36?Ewc%J-7fCnRBuYK%20Ii7{9@BvvSQ;{6(ETzE&CA$B(V*LUJr6D>
z)ny#gc9Y41)KIvoY0VfP^lOGpnVyYA_3+@7$y3bj{@s1AJ4-=N5FV?RlL6C=e0MX>
zad%$XS?gzI{Mr=~(NC*}bYFS;kOqPD)fveX^VvN;frF1yjV`M0H^(ZU6^srx-KTW4
z1d}m9EuBzoKO28WhohrQjL~E??-4QYF#MS4bW8?$0~JDtRa8QP;4Yq8D`b`PMu|~x
z1WJnDa$0UR=^~ZG`c4iypo?MCU)SV(xX~CU26U@%ky2Sbf_vBZcV68oqIn`pvrLgR
z6h^m$n0s}|WhKVQrgc(YsW6(o%Ze?S?E?%hbh~x;O+X^T_H@03cc#^1IAm{eLrt><
z%KmhM7thEm#C@EV8YyG-+%-qRBe*q70Lo+ajZ1K2=YtZw)8tj4I3C~5bHF*pnh)ZN
z3a9^FpbG|lb$`FgdN{IA;sp|dFZ6Uj)rDj%3SHrzD#d7Yy!LCT4$8fqnUH9gg&{CB
zFnW6ZD`YY~%n*3c?+~n-u?WknDIKG6(-6p<_Bwh=vXTIiYt&oaN2&%Lg$qNumiRh8
z0}ZwQ5Odopy8Mkj3zG-jTjxU5mRI(SS8zCU7rYN`&CA@~aN=;B>&@Y)u%R@KL;(^1
z1=()ELU^#rVK7WC#G2j-1!hOv-&&v1O8A1^ClJ~M|N4!a8>(f4iFtiis7)|r2)jcf
z*S)!ws*3%$1aOI9&q6q4ThU4p-KqwE7v+j`zpA}mINbT<&OxbK$OLPyMQa+hzWo)3
zsIIDGbC{{p#JspI9d$JQn>}ehU-iA8Ww}kh>9%Vm+=9|vp;nK|fTg46&|)Al&E0v+
zH3Pz1VbGw-{xhbJyoH|AuU_KGVE~Dj?laoZRMPE>R8jCLho3~kJv~|_(?Nv~foaB>
zqcj$g^$<#E;|S(scZGn1z5GNrFcp#|!)YtLRu;5TiX4)npV*;n*I6{ei!rsv+8`@s
z$s9Y3-FFyXq)vZNl%hy8{65WChZ3ZL@=9og>!Y?2CpW{}o{hiarGe@-P<q_FF)jh-
z`ioVU-km+Y78cChf13(xz&(#plYvi|#CC5wVds?V#h4cL0bMC7#lH)u1E{1wr0DY0
z^{Jyt@<ja3yJw%aGTMG)DMECMJl-lRHR3s^98KPjwJC6AJgTBbmnN}tCQ>XVAav#T
z6!9K@6-Co};z`4%{kSOlOTc#|o}~NEmC%HoK3mGuwpl<!<ois1k+}hmlovc1Usys8
z5}*TX;a?rQ>`C{y|8#(ED9k%ko}RYk7o8}~v(&<o@m&i5az$mm!qAYjCfzq)VibY`
zqW*Bn=77n74~&2FQZ)ZF-Z`#6wGq&QN$A%vz~uTTsn@^1fgYJ5YV63gyWXfJOVm5T
zc2>~0M`YEgjj`Y*hhqb!Cqxr^u4-3?Fl^K)lngfSxZEkQ4_?Obv0UKOT<c=O!c;;E
zg6&`>9j(V^jZW6d&mhPUrpk8r3F5m+bh8i@2nht5jHyz@$#U~f;LNc!CLxod*&zZ>
zUb2Wt%RWe3?2M_$2cO`r7Wi&Eenr_Si=S`m4GB)TakG^vQt|b4*m`Z#!Vks}d;E%)
zp936q`435K)!4S2hkUj?AE<BLn;W)txUkA((~&6JDW?P{_&#KMd<u-c?FWc$YfHS9
z7Q?7(TzmrSBqt>!5IIy7Pg1B5JznZBec?D0#Rv6%UWqsR#Z#~|rZGfLeZ6TFzbGIF
zJ=6(9C~2LoWe79;4X|gL7SnEu>Yrq&xJ^&`{K{3OWdo!m*>eVggj)50_xK%FQwgQB
zY<AO9I_<2tSz%WpOcFx6bSAs!!YIGR7@*G(2<fj7OZ>i0i+7w_3zp%`iv@1z2!lGN
zTvtspVnc5b#oFmM`VHI7alN`&)tgXCo`VqB_!2AwjAc`_1^8gMKrrS}O-7J6F3#Rq
zE0PfSvuqn@H$C5`9V6{L1=ng}kGS)5>w)vnD;V$%p*hF5?c-QzuB}Bw4exZk%)$7{
zLpo}ar?Sn+m<p36^j#%Fd!6wBwYs6vS&xTRo=*c<4p2HBI0#!i3UXPSxVn+{izp=S
zGaM~c;|yK>F?XkO{_w>16xXjV=yL3YDJ{q7<a!-?bS^eV1X|rC?ato4%S?k5L@^Cb
zHs_LbH{&{<?XuiJM!ty$M8gI(FBtT}n(EI`vLx)Gh%tPKs5X;@4MJO6oNaUz%vP+v
zXK{4fv6wYDd798I@9hj3=xV}ad!12Q)?*$HU60Y4AtwSu8pIF_?;BkoS{y1%)gcWX
zqKM|=mR6wSrS?GGxqXcYM}lu~7)lq)+g>iZtI<`vJG;6O%-P$CS-Qk}E$m`CX0=Q~
zx<6o?r$QbN;sd%=Q4v;DW1QLJB9<a(e4Twkq=uwcvb!9+CJ?Qg@ICKQ-X+0G>6k89
zQDZ_UfvmuaZiaTf#c3os(Qo)^H*eBvW$8DVvc#TWNcyUvEDd6GViKFj2Yz6kRz4}W
ztou$^2>dkbTHOf6qL*<c^TRn!1s%58uA9;IZYM@grNG9Cwj;QU7lSMN*$*qy+_SC6
zb1=kKWhzz@-vpwry*}jl5sa(#brYj&>i0`NTQ-I@G5$P)-?_tEym&auzQsk(f=(L=
z>kepGz<kuV=SJ9EiBa7|pnRu7FaDFsy0rU;-gS@PLw$`Qt?znI=uASj;UT@XzqWS0
zsWR)=Hl|m52JPlDYd|dEXO*!=?-t&IOmx{VG<r0Ph6XKIY9hU0{nnY;av=JLDs9U)
z-)K#ux|?<6g+a|mnlqtQYC`x*<)1NKv}6g7<YfM~3d%I33UjSLJ+)X}hH-#{M2+;v
zUY87xM5C>?kSH9TDIifRh^8#`m}P6hOEMNqPc1yT@C-m{^^sz$7dTDOwev6ykL}*{
z>x7RV_u>OXraS60JvN!>G^1OlVinI*?dfKn5&OZ-3<@GlSl?qjcafxdbR_VHwkCcc
zpUZm{VGlGr^-cRRkMZ#~=Z8x1XR|>-bnJ%zDc?y#!VeO)rHlv|_|6drMiS1DbkV5c
zt>I9PuO4Y+d0C^o633~R7FF2jFf7W)jXf<tBTGghO{(+G(I20+ts?}@<8e4wH&?)S
zTDkzZvJraXP{fc#p)3ToFg^9HD&eJ&+BHuO*PnAMAwHcJR(u+hx=F)tB8{-*q}IS|
z8gshMXKl6t;$?kO5ejoh+eo8-1VJoI?UFpZckA;^Z*~9RRAZY_BbK)&sLoOmBKkKB
zP0ZF^FLgjy$Zx&Xbps+xwm9C4Cv1(i49=O;mpNtU?AT%Z;*K4)V0F!JCLTV9+~2w|
z7LbdEg01QCTQt8-kb%4{^A3<=FfNNYc&jq+=<AT)iB1Zy-II^b6ZxkPEdh?~p|>Kp
z`q3Kk5W60DaqPX{drU2=-@cP6?MR@-eHsm^hXHCKbbF`SFCCt-_JqYjtRX62`pgiu
zr0!M*I6j)Umwe?k#(G!Z|2%WpfFG69Ju*aO{S9{nP8p)7anVHthkiWA1oPcFioD&d
z$pD<nbQ|3QjY1;qL_qiR@=wVVL5x5*On8tWCDD1fO{@a(D&3@9KxI;TuopeCEWek<
z0VUJmJBD<4>c^&l8LGE>&bQ~qlnVB22e1!KCuSN+s8>gE_GlEKrU5mYU1W%(<4(E=
z>6E1l$0yZ`f^7Qxueiahbauk?=$E?R^I@Fzj{^f0&6EKSLz{MBo$-GZfORxCO;_Wu
zFJp}Cn5&hjRH6ISbq?P{Pw40ji1TQ$2Z`9&5aW6$cC!xS174?f-2<*aaI!wLB2OXt
z=TKPe854{|C1QE}SBgUg$&wHVFLYNwnj@NtWk%h&gHmgxt?K6z0@>nj77Q%<@8Kk5
z+v4dyOsagXysT77H*e$2jJfVSVmzk|67@(O$8gkk9NfGO2D{_C;l*3?&VbZzb~$cx
zdv9y_as8h&aF5$=)%T*q@rj${ErtZ@w1lJ{tm*&o&Hs7dFjwV9Cw`IAijKmcA59QY
zOCwY<-3xSAc%U%vyM~QqTO)Yxxv}wVooAvcO7r4k2e~p9mIJr<!g}n3g=>rNiy%M8
zt#5JGe9B7k;vKC9{9YzJ4vrXE(%QyBAdD|h>__x8H(s+<1<G7PQzn`z9o?IuO?1T<
zrB1kkC{VpOL28TG)oZP&+g;wD6jZ33z<=GMq>6=Kh5npLLDG`)tq@x}`fj)pMh{<9
z4xK}%070$oycVjFCi{n<4xEQk3=wbWR$WVeC8Cb2vcwiDK;Id?eIASn7z^h3z*a0~
zn?Rd^o7lR8G^bh8=r>Sq&N30$w^`40kdxVD_VV<Eq3C3@t)$AEVX-ClP&RL>{dz1k
zW#89W(+d5gmYxvH6<T{1bZB{z7fh<>mf?GQXFQPV@1~9QHP<z98IhsezOv7Ld8S`v
znok8v`z6_diPiYuCarR_#)=QFt^y=}Y3TdW%S~6)f4Y6{-CtO7;t$+DPlD!;1pUl(
z#fPJjqr02+rUGoU=-A-OcoN(3&t)u5rZq*mk929(qHO;_m66a`{bPY*F`itj*UjH#
zBYi*!ululCm@5}6KV2=ila-@Wi6;y=o#ujeBLnLleb#C`q&j8SYNN{JzBZ9c(DLT6
zJPIPEGO3&M{7Zzk_RBPi&#E_CAH-}mS{J<8_G9_n3}&ai{8vsp6kS*god;;|9o^ST
zCKsc<l_ohshV<GpmNWVVYRY%s<~G~;l8ZO>fcTJolw0gRsQoLWWo9;T_I~s2g)<)Z
z9)ozxYIKYgG}?tH#5ObM!QTXHSH>*dRSENN8Df2wwjHT#T0P*B;IB>WIUlcFD2X*j
z<rgg{>^hGduajvX&GW<B2ovL(v350FZI{d`q*WO_gJ7Trdj=XiU2R8+7*yTZ<eF6Z
zuWXUumF3jNqPjDn+IIp()lFxiHuDZnG2!;>L5}q|7IDYX_JikFy*~t^1>Oj*1_EO=
z^Ziyok2?~3K0Mz>{GWIFz$4%}ufNSDhO&|hA78*8gZg7D-ZD;@&|u$z2VY;4T#bHc
zj``fy{6;RW(9y@k&`JkQ^V8A%WivefT!1$S*<;TNzA9*#x-KG^@q^Wmmg2)CPn)Br
zkW`YRL-qM`uzPuY0?yia89P>5MRB@1e{?VFcQxw8-V0S*AK%su^Dh>imQH=*jiro&
zW%O-cp0_5JHVo4*w*H8VCurwM!qD}+k9~v_c(?jo)yteyhaQt(l_yv77@oXJ(UqsD
z#G?+JK9e6I2#@40UzUyhCbm_kQ$}_Ssn1T+6}8*6{O1}y4=5BoIM~p4SBPY{U{y64
zh=01^LqO4i91|B0;Hp%0rcG^V95=Fd9LNgy0rzD}4o2A~yG(xIBkOyW8Q9%gq%}|^
zlS`dJ*EDoUQHNi$Rubwt^_O{J{5h`*=BHj~twh&P{91o`Qx}MJ>)Bd+*<1Q8FW}d7
z_vHIL(sSw8@z(HhP_ea@olVf~{q=bEekjrXc85?vS94pF>+WYjApqf4-|=>7k3#+y
zY^q+ncBG%}ud^z>@{ms6p@}mbis0Qo8TZ`IAZ#Kyy6rV-x$1sT?>1)KtQwa4CQRp4
zEow8bg!siP*m%=@{q}>hRy1CBMq<XH78O3FfA?{s9+g<dhY^K;;V6+Y<k{dg6$N`{
zP_~uCfo(K=sp>-|&(QA@Gkl3H(_O5GrwIM*<H#uhgo_rsA3T)d93EuExlSH-$p#1C
zr%-=HjL9>PLHQs$vTTei#tEw90Q!K>hWWM^N&^qP!Cepzv^;4tPZW2Uq0Oem49Z{{
zt_vbfXxNFof8xP^p5$JtTv<qNFq$quz6G*SjL0}SJ_i)4Xy(VQwRZqvT;l#;vjZ~6
z(<4tQ`zt(r8W@j?ekT!*he1`pdm{jaPYg&~_1O!%@B9c-HxscHP^n!-=$whDf@J;o
zgO+Tq6k0iQNLC4wLwSbmvo3QY=Y1fC=d|bm1#aZ5I$MPX>3d~-@SF`qOGw)tPi^E9
zWuez5;~zw{W!1Lo_~&maIGYeDIE%}}P7DjM5<T309cD*xfs*VA^RQtcF?Gcb8{T!B
zecZXZrc1hV(V{*K>9=LY>w#Of{gC5DMS*g4ta2o}#B7=<Q<P^nNtZBtym@_V#P&C)
zbdiBe5vcDO@y2RsPI?)PL0LNNjdPRx%&qH+q$Cb&aO?`sV55ark%20h<k-)<-+)*8
zh!({*NX#!nm%I;MoX9hsRr-|9It<){<wsY*ZPTnIMN0Dg+)v?5ws49kR@%+*9-!)R
zdp+n!gjT=*EW%SybEujt#ybA#zy{wL^wU$ordW}Y#6ifan3@Xp{N#sQqS(Sjdt%GT
zgm$vZl&OeuIe7_;)`=TqICP0vpHu%t!ci7`Wm+a+_1iv`naffJO4KY6P#(*3(ze6m
z)(PCgIY^Hw{#qCJRXEF&^xNDes3bZ5!zN83@PintrPu&WVxPEPqD+b^a0$Ip?ft>V
z(z6RH&-|UjH@z46XF}mz>G+Q|ya}~ZGe4&h=9*9*6Sye4eL01%g>O7^pYl)n;$rY`
zwyqRANbt5518M1TfiMQ9<c+H{3;U2D(H&37<Lj%L!DFj)4>nd*IQ0#_wO!sbXWa^t
z2jiI>VVhHEq_k#hZru{C$LvtfbMF|+VSSmIX=i)|q?T40&Lq=)C9e{)TN%>E=5Hsq
z%3Zf=5tk4t7P&e?<@v$st@$VQA(h6hOsah>+o;aFMWW4VNV57GigP=DJZ%Tjbl&6?
zhiJ>VLs<qYFp(S=2E!I}lZZDIMVKFvOUT57Aur^9yOam5J8FMwhAmkmXT+>+Ge~+&
zk)CMVQjs3c&fe*)(VsJ~IQkr+3ra}QDk$pV=|95hvgf9XB6NWNkm|srn9k2fm<O7^
zKD<4<WY!<w`{cgMHY+S-#zeMF<QF6mQfYhL&`k~At9>NT>Cot97&Br=`|JKZ?z&aq
z3@%h-t0!f-V;-|M=IkIE^(Az~`P6EF=9Cw1G1J326n%oHu69<3q=Ir3`hLvNsIL(_
z62ZD^@Pp*M)!h~?2~!hzLNo_*Ml_0Mo0bCG+(<@ZqWwS@x<3k<%0nFHlOZLsIiY{o
zU&v;()QF@P8PY_2Jd$eVeq9pksd6GT>`o?oGa~Oe_#WJ^<3#2LgU_?=z__}jdEcw3
zKU$Kuw)o5745ubQLn<{I2rmcG%2i;tJYEYftmq_v?E(YmhI{BNGl`@Tq)vr-ILk=e
z=zXAk4uNKvzj8Wx?ph6HF2z{Qov75+ITm8yQN8Pj1JL<dUBNdrWq{qS`+N=)cz+{E
z@Nzp68i`U6l0%q*_iul90n=pJ=keK30}qFhH8`lSza)#gI00ubXi1${vIe8FzQS30
z5Zc*=lJ9^N7hK4kWmWCdFvy46c=c2Lcqg8xwLec&I=Dis1pd%_u}vexYWP`cOoe@y
z<aWFvYgrRvs&rU!CYQPz+0;t3Bh3lyWJCe>nyNSbEE2$E=HUB&`}9+S^62b4pU81E
zhhtPmWqZ=vgA{qDMYCt6ylyCbY(=4SRseZ&1A@BlB5kkd7>{-NSB2wGh4@5kwV?=a
zcJ=u*vz3;{>An|19R6c)d&VleDH&g*sQf;k#`&TkQ8sG!fz*>R(9|%+Q1T><UHJhg
zBZ$f@)#>YlH>n=Nh9x)kn|`c9rJ`4fDRrpqoSf^CZwT-pP72;2z-y4hY`5oHupoa>
zphg+AGo(FA%hyavNWgm0a9=qWL9cw0F3~?;a#r~4g}B1|C-HJ}xxYd#JeQeThmw|o
z^^*;x@B&V{t7d;gtw?J(U~USkvZ(c+UATI3-_tPtAgCu7p(t_}6H0b%AWf8f6Km1Y
zlwFFV`Y5=F;eZa~3X|0Dh<PQ?0nmaXBevAnM?0~^32mWaoAHqPH$)Doj-~+d-SML|
zc!4TVAi_>KARrr1AOlStARvS$U?4^ypulw?AVNTw2|p;%uCpx=5bdcQ;KddcsMi`0
zxdTMry)H8Wlk(w!0s`29fbansb{hb355O1i`zjC+CJ@jn1W<26IxL8jBp@||j-cP#
zypB;p%I>$y-1p9ugQj8?&TrSOGf^aZa$c6m4#<6{NSlee1=2X3GgG$?SD&sFy5TV$
zEk89Dg~)Ed+Dp9|Hu?J{as2Cs+SUeiE*u{m_BYQh)!h@cec3`kj5bdhhLS&-H-Be3
z<_iS9@s1fL)6N#9g`iaP1<ki-EXhonAUOssAY6OXd#t6rno#<RzeI~fQk4+xRR!vC
zeu(5WWE|b_bPdJzn2Fopzo^=#Frh2r=h9*}efsW9L7`AOi|K{AA5%SkeRhmaMW7^?
zxF&n0c6M<J{JBD=zEJHSil(*OA5AoJ*P_>c8bYq=y~o4Va=YH>D5*u(7-meltQ4`6
zCn2a0lpXDSCuca9RyN$!+UI>3M<=i+ErVW91`G3jrExeb#G0sPKx{+gx`{EG9E(ui
zo?O56BcA~EO}hCS4#6czQemrH-Y;xp7f;7ej6C&AzrOm4{X*ipC}Ud13@A@^hNtZ$
z-`Y*HL?`c?-#1lRvB#GX`Mx64$&FqXLAEI|H(MpRnljWi7(N9RSH+5tVSlG}$;gi(
zdJeUx`O`_2nfBaKQjJ&Uw<4z+b}RLFIbT#2vHkNcKL~{;5Kb#JgGFaG4=-WHMHq15
zDw9rG2ti-;_eSC(^MRvRWLz}Myk920O4u4y_@(!pl2DwIjmlj3c}bFxw^q`DGp1<%
z6VTl$ORan2f|BRAHN5%uM^GQsRC$GH$!%;uqSZjLKa5-m={*3;^pnusJyAn_Mb{VU
zJaOpffojeCMHb?+z${heMy-VpR9K$yyD-o2@d5efPgil#T6c^QE<rr+>YmbvMTUVF
z4u<ZYE6OfB6V`!Ls!w;X$(N7POl5($8fE4j0hyk>cEB70S&d>l&@m~uDk#s^>efFy
zL$O*#WX0rUOrBEfOQ0O;yV3V%4Wwa@kzg)l&V$eRIgA+e=TaJBd5$!H8a+gX*-AN5
zmI^`ltf(dRbNq05eURK^P>i~tSL>{@9G>Q&v(r%92f8du<i@1|oWm+#H=JY|87`uW
z;L2$5dJ#2Zf3_Nah2rrbFu0y6Np!8y%E)ZB3z^;QsCYxDuQDPIMVi+GK^iLY`hH(k
z{&pYG(v|<fiK1!lqcaKE*QrinAY19Al;L2CbR5HW`M$TME6EgsQOwEOQK3;RF$OIz
zroA`WNXnRMYipk3vLTVTm1yU!$GpbQAgJ7)eQR?(Vb^IAG0HB5boJfTEMN(&MnC;8
z%oy+mu>?C%@3<#+t`xyMfQgx*_xEytPEB;r@9+|CNYB0ejtKn@1t?Y2Wf+{GcH`eX
zywZIjzN*V2$)c1u*J7}nuUmD`3u{tqp~OU4+fKM0$8u7hTet`hG8Y9NCX46K*%tg9
zUp@>d)9(<ZXTS?v(vNlccBn9UD}9LD7v2+C5!$z8BFYLwx$4z~@U=nAI%7>Yz{P0L
z9DWFg3u7w8Pv1#~QVASvV1RLLYNv)uPv}6fYg?R=!EQ6oqEzoSE-992BQC{FkzRS;
z+#k@K#m?$d$x%=K%hWw%@3-`m6Bk6$!H-XYHYGacZ#DWKC)b~dlv%|qS?+)en$(^@
z0v73=TDwcVfyDD#)6k)uyp6VAuD}zd2_?=Lw!m%J(49+vB`!9jaq+d35X#X2J(Vjn
zGQz@q6V4sN_Y~_UazDhG)&Im?@T6X*ksZkTzLb?iVL$$q;ePsWex$Vq;73A{rK)T^
zO^;riUi}O|(GT#5N)q|?Y-|@HMLtx^k6|^Zgk2Zy4v|-#V%3MD@AQ-v)xqNrkqsOn
z5pr)!LEG0@P+_n%Lz4JgZeiTu6$qmPO6=$5#J0YzG5!}n@)3{Ql<-_$EB$fEmOEM+
zPPd5Av||m6h&e+C&l-WAz$vOaA#TQ8P70_})XUyUWW~v`5Ih92P{%Uo&&$8F!14on
zI8~x9M@fHZvz?oJN9!(OL~BIcw~TlZzII#q9A;UVE>PtAvo$*cYO0c+^<gQSW5ja;
z8Qgar4VH{Ma|Fdk4+oA+RU<TM&jBYD9h)AR!{kG)VSErwk#)r0X9FA%%rKx~qJUdx
z1bE;m5un1AP@v%eb}&Z%Wk3TE4=JDrH1YruKtDngAkz1*wxKPg!TV&82+%>HZGfD>
zVknR}GZ-Viy$BFVBVg1@Km#5Kroh5KS&%jmdpQ9al%5j+le-D2-pL~30W%SMe*-c)
z=EDI;{oP?oP+gX}^{;c*ys^m%SnD(ZK*{1Z@c(2<!n%K1lBn3G>9e@}ov@`-W%j@t
z#K5<AN#z!ZXqS?Vim;SWHPya@xTj#9c4SS5;-wYRigiAvdZlH>(MHh@jNdLyCb723
zXx+U+m-UuH4doGB+y1(eHQJ_j2&zTS&o1?l?Ypw_2waI%A@QqvxNbWXA8BFjm#|$N
z90<=Ge600{nwZw&+wF3+AMpV4V#p^R<1Iey%=<V;Yp?wLC=&sdi*5Os2lx+aZM15=
zG!l~s5?dfg*&O_c$sow($`Oo2=(pQ9BG8K(?;XCd{QXh6$4m9+8@)-z+&PF~2OwHn
zqF_wH)nuVSMIj5tDGT+m+4&4&nOVmlOxsM;xd&}|WHYq4_~;>%3Ug_U>y2zA%Imek
zr~9Z6ofGx8zgrF74p9#liztsXn$fH)??&P@Ia#71%4pHr4fL51W1xIpeuX=Su*@ww
z%hI1P_bj3=oO7Lt%Mbl3GEh<*Ds&-7g_V6EN>{42)1*$nX5jiRDpxSFXq+{nqyNZu
zH{s|69tQi5O<FIMr2wD(FPpS2zl~^ZE!8;vOHi<2kAOzyG!oRI61!Dmf5)y#kQaoD
zUkX11ON=9911SBjC<xb<Q;q|N0w<d0|J-^53Hgf&`<e^+3%te10Ke6?>O4<v@2paD
zL0_755^gq7;PX_|YiF*;K8dBzV4hmo!IJgBEwnXx+`%?53;Fa6UM;tfwLrEDiIbSg
zSZ3%EVVjZwsY{=@K^hPkmolZz6*!YyaY*>jQM2JQ?dslgQSd!e)!Kxg5b$@S)C>mj
z>(|Fw`OITi%)?GBRr;J^KRNb>u^Z+~pZW;^b&AHZVfz}7h`kPj9pdkBa#|X1oLg2=
ziSo67TN;yP?<jY-?)q7!@ttS}5@f)XIpf&ip|`kH2P&&|#<LAh)5D6G*mkLP<L<Py
zhpgwP(CG^hj{k<=82^~n(wmxaduEm8wjOIN(O6#YOeX*Ur4B(2A?$SB$FMV`jBJQ_
zv|&32Qt_;@=20R~5t?3O%=U#66j^1=TnHTK;pCyRQ5>}u_8dKy0~{^JIS=`)px8D4
z-<Hw(aH=bKsYZoT$9T%zwG*HObsc89p$wcFCu}`?;F<L($#Wo>$K*1GVF*!hCJGb6
zr-fzL*i#m>_AqXlR7W5QZ(^EklZ?>1L$6Ym7F8{q?ZNRP(Z6VA$U}^_r-DZ?p?hJ8
z{!=q`MjU%Yh9`OS+ygX|5@chPf<b(?`t}40Hd#aWc8G{1nq%P+QtX!<MsM@~+A<h8
zcq%bxlCxT4MAhZR&*mCv)RR4NUrV(jxDY^8Cw20~sVf+jc=%+&j)<AC5F6>-b+i(E
zjsIbSvz<ox<LE_5Zvr~C&xlVcD&4oFi(nUqmFE<Jud2+V-Mgx=x*ZKJHWF%MmApig
z!?IgSJZ*s2+|&ND;8lwc{?91<<;&dIOW4H17n*Iv1<FpRROITq0zQ)PeVc~i3BAmI
zsp0h~MjYtyU(D2_-&m0A*@2Uj#2jnne*(|2ay_D~Vlfr|`O|`vE~1U0fgO2)jm!-D
z!Sgd1{mhj4DrrL#M)lg1M(OrW@qQPAgbSsf$tos?oiwD%RD723FeLNgYN|Byb-W|1
zt=`+?>Nvn4SFKKLXk2GH`=<r5aa06bA(zD=nyne8ilUP1l+!yQpl1Eq`*0ri#;N|P
zYD0`ZVh)oJSk{E2S_2%41!-yMF@Y#kPh7p{fl|3`phgczgen0XkP~-^Wwb%!k1CI`
z?fte0y>WeX<uYx@((UE?Xhd2yl;@ose9%~XxPDF62V5of?HY>sJaIo(NXJ|nM1G<w
z1==%wPx+Hzbg6YZW{Y5OoCvnr-!&uk>01qx3P^=I+XTRL0v41PwH`W~IHkY@zN!sT
zM>2y)v+I~4cJO}iF23X;X5yK77s~N>QS9jCb0x;Tf9n&0575;Xs0|4b$Wa(T2_-yN
z<24A|!!kfm=E~tTe%&U>VdY2jKtz+uls2<_Pa5}=I*lbs8-7Q7@$iz-i^t>p(rsm+
zNWzG-{s!9%6PgayYHxxI`Lvj&Mr>`;>@6x;ux?|vlPJA+Ax|#OKHr7o(z-I^AwaEW
zA93xcL$mWRWGB1gYZgMPSs!}bm>){8K>(}c>G=lkWID9%IJa#Gxjrltl}f=#J$6wH
z^kU#4XlEPr-Jo#+pXiz|FAJ!mARO3Ki})9D>QR@aC0fLgD%VXpFPy}|5vB%=+du&{
z6RpBC&qrrY4H?q!I8>L({qY5jL00kpO3|~^QfbY~1c(!1^jg<Ny3nf|7+n|-T3@=}
zxLIu&#!;Vi>pAf;eiKK!#@~zjFo-<egH4i*@H8o=^_A1sTzgC-)=iO%QR_c&XCK`K
z;6WMEKVvP6!nC(<vW~Q3e|V3FdVR@X2ZA@ZdYot68X+3+dkM!Hwm*|?Nir9LqasEA
z!mM{P7}#G8=oQw*ibK3f#~=~y6F0y75<Z?Bm=Tl_{%e}<alD$ar~#&_kJ{6|QamAz
zIj*_OeQ5IDiYeZi37qB+ewn5aQD)p8-AZY@{lL#U<=T-UxkYi<U(=u_olts+I`LKR
zZWzrna`}L@1b(CF2rgkFl3J~1z8PCg+3;5MnCICthbb{TCy4vyopp?;48#t&+`NM9
zk+<#`IkhXds3>+91$qU;y5Xz2lWaOWsS3DP#a^n}YgS@m`cpPb81@u*#_@+Nhre}+
z2DtB@ILlS{n5QVP>5Io#GA$KJx!+T$rXOot13RCRC+MY}{{K+Z<o`fT#AsOm6E(pY
zZ@kz*9mVe}yBfsoN-~Vl?-e+->ep_Ci(}zf^}{4gb`f3Fm1$cVSUjZy(WqKcuZ`mQ
z=7Ja{`qQd)YJQ5(nKq%HC(~+AtkMf*ugMI7qK2^)tCe}gsTlRcN;`!@)nbY+%zm3Y
z+ih46Z45e|ySyLW8Yq~>5trQz2!lM6YG}`TvSBvFf}H;BRA#QY7TjaMF<x7Z6kivv
zCF@ym{xfnDFI6nF_NT_(7-LtZHLruO>&mYM{dCj9?^>NPwCUEiLo2>?gH$Q{P6=s8
zxoLkawpi^(E8X#-$=WpG!Lx1@dG-doOOtf7@S#Y}`;Sk`n{4_hF#%(l%ZeWH<2=rY
zvKXG(uFi4V#Ktca`eXJx51HX#esi`&(N@>LKsZ7;oePrN`>}7v%V&+`?cc+h@-b@u
zT<E3h_oLOYS&l!A`h%)FgIn8L9XLOE{62?Y(ob#4e?3?DK-*CGSh8opdl69a$1Cpv
zbOZq+uBD&Yi=k&VA`dIO?EmfnFsZ*CXaAbWRtvYJ4`5O%{?Py?Rl&oi;@|WSlUmaE
zhZBncOa?Hihn4(Sn&y8V<oXYjdOiOyCiPEJFWb`3_F2Htf0$HE`dx3))?X$y%o*hK
z<mCE4n3O>6e=w<n=|Mg|#_;b%AXv2kCRLXHZzcuOp)tz&-%KhHW$G`JB2NNRW6e|~
zN>iQj0A){PG7cP#$d43o@Q^~qSO`Q~XJyU2Jb!`gu*VDB@hQm2m_vT5F(W(TB+S>O
zOC~neX6<y!4mlfvCC&li^1mSW;yCawM$N9jGtd`Wk8yj2Yelm-aI_5ve>nSi?92S5
z)7v)z9cjdG*~s943#tkVF5ZRKl>wOx`w8(cvD6?FPx9_GIof(`BTSBqm=}<_3HalP
z>Z<*#v6?C*x#5B)bb8nOE=G1MBFbxRibyR@eiU^!U3~xfqe9>#KI-K45tynf9**uJ
zuE@Zs{0ZVW`+e#CzQ|UB2ok4G@JdeyzC=A^YcPV7oAa*iXKCC*(;|kZ6W~hGnc-t(
zQWnohkW*jkr@%&P%_i_P*D)N7wr%QW%skAR0*?^_KvAN+p?&i3=O&aya?zpHL7jwN
zNWMKdx(KGJ>Y76yE>(iT@46H1UwYuGaARgwt-}c_^km^#*y<h8G&kE64jymhX_dlA
zYHCyU1?(3w?$iN<GBZwmqN|n3+kqkZ6%{>(u7%=tM)hHi()1^{?3*4Np)Es$CAQ+6
zZSi8-^~P=k3s&k+IW1P!eQ3cs(J<*Dq4+1oFbKX48m`1P-~|d|2;Gsf6vSjz<(L&1
zV9v|;=or17*tk%V3P`raQcSh`d3(YUzT?`l)i51(Xzw_*?~2D2-iG1y%@b9!NU3>N
zlLqR${W{LN?;fmb_Gm)`;86##-9<)C`%*hPxdBRbMK0!dn%B&OTJRG1A7BE=z_e0P
zey|~6L@WU+57t$u{`Af)0I^g_a3k99W@P*20{>d3-N+BRlq>42aA7;(gHqg%yb<N%
z2;|Rpy=tDo2e_JaFwr5}s5y46svvYx)G(B2L*Kq8+kZb}xxQdwblkau?sC7?&+A*2
zc<+-%fAwUI#`drE^s!M_v8Tc<KJ889!BK5)ipG?x@Zi`WyrH$hZHCU-bks?-U$JLT
z<?67`li1}92`g_k`dt?rsK;FnnK@)z#iP2*pUurcqs11VU3DuiX#A~HaR>xk%bkXL
zzB_md^x>5sK5+3^ylT`8Nhv=>nhs9>)*}L~(69^kj?<^8xmZSD>(gst^5OXpo|NqN
zFP@|U`oDM*;>k3O7KU@zV`?j+$tHX7PaHjIMdmp~NDWMks70H8EAmE&w~cK1FpS-U
z9k%aelK`J&Q1ZX`N$2tZ?URc4{`#aj#xcDA@JZ4XNb!><-=lu>xi2(3ITrd^_5USG
zkK%uclA^^z-*#dg(dlePQ$8gKJjIqEaui{=LOlwzIgw_C5!B`6eI(SVY$xF$t{F>8
z3ph)<gNa<xvb|-hgt9!8&k#FVI_3}Gm)rJ>T@}`k6?TrFAA)pIkZKfs%lP?HO=R`P
zrJo|?oxlwBHs=?&woGr8>5ql*BL*PzEFC7`Sz{yYBgfK(fchy3I6@Ot9rhHlsCgIq
z9@^T3xX*!jE*gO&*8Tba4*+~XgTJ&TMM8LVtji@mqdI^+Y%5H8uNKD{cf?}yTN{FS
ze9TB>isf3MrX5hF_*6jscRku;mEI!`eGeE|(rRS5KqE{3`BabcQF@6bfy-Vn`-jVW
zW?$tQD+6{}mIlfuyfUe_e7}}VYNkmUz+k*fV*oYn9#4aCI<eDqYOu*72w7zDZkx!W
zkhg$Z$6+lMLou!ZF0U4H*7Xw?uQW~5)!yop#5}r?e)IG==I5v9M=?MDs962Do7_CG
zxN`k6NvXX&@?4C?Fw~BbBCy$ebTI{qo*jkgwO)3vwyv3I^v%~+m4uKdz~A990eXg0
z6jfN^&|NVG%vaL6rYbMl`lN;Ot#Cl8&|gZS=Ncx-E=hJGD<(R2abN_>k>1K)`V(ZY
z`(^%{s-Vq8*5$|w6QdsM4VuVN!2u3nG)F|3Vlq^b7tFhC-Li@tvv`qK)GU)z0YUBN
zTi|lezDAYiwM4W*F0P0xI#k#U5;cSG9C^d)8KaMmnkJzHhBd^7GDL<iRJ3VWExsoI
zwe$C{eje?9yR-AdtI?l+{A%a#`|yu{+x>R;XZy!jySqC(KYaK8?bZ3ok9_y%A4FST
z<6l4T{J>6r4D4ig_uJn-I<*xe0b-fa2eaE<WqM`OfuN-9$U#fgGJ{A;1b<jeI)ytN
zs%elZzhS~wR5&VV2u|CxRJ-yMZ6h7PhtS5$cMfnz103+j@qVKDOD&56OY#J17?1V@
zh#0I~z1J-X+{0eZdQ4+WG60xa4Jl{|LZ)Egl==WK8^#FBE}L|>aYfB&{<x_kpjL1&
z6RB#Z6+A9Q7;-F@Y|j_^w|A-eOH-qrf|zOoRY<gjyoHRgTxy}=@tyeq*Bv=yH>}>X
zqrTIfoCo*e+wqq55L~G_n8n%md+JrknnGsQa2M{APqgN;RYqQcY`Rha8$r~XJKUfK
zqR;Gc{%i+v;b6Ie9J@t3bVuZ9`6&&k_*>QN#!j`iSadA;;msUnu%$=RGO5SKRc|3+
z82cV@-p_&(@IXo#KD8)tSbx-FyiY?(J0=Dq{3@;%-|DF;u%F`D&m|2+vaPxWAX`Y1
zpplQVnm0V7#a2+(aQkRhv|1eXpRO5cZY9ow7UY`EZ)KfZ?rUchMCGt;s<Bh%%rGfb
zOzV=>WX!BfVd2N~eR61vR|RP@PHFVg`@s!@cX*E;4Trb0p-o_lsO9!!EgrZ7ZLfH1
zK$bPZY`AdHYlh~*M@KS`KN-i=HzXHKskfS()=RY%u5mLSnPOQkvn))XYD6jMD@^9y
zFCSn2LwJBIcxH~le0nh6^ou)yWkvtu@a%DGfPu54tgrex@=;LizX`}61|7}**;1&J
zzI9c%Y%9eEH|5R#^?!l^j)@r+8QNqIu34oH6rYX+mWw#}!+*X4`<t83Xd1wn1EEk0
znOyS=pIq$PTEW>k3PW^3X{2YjzyViQ4CKl6dlg)DuAg7fe;!{=;jF`FjIA>aVg(d@
z7?H%lX28A+%r3YR-`YGky=8k27mn4w00H{s?C7G`ySWhT4Yu&53vV}o_{Z-~Dm2rA
z3}-Gek1dG6m0yYml6jzXWncJlLCSK<lID!i8_Emt&x7|zs-7_#UnrA8wI$4<e6;uR
z++1~!8*Z<RIhtxFTg|Ao2Epr_=l~E#%?<vzo-h}*<eA-o!@^d>Boju#4yQR<@YI|+
znU`hT=tX+$RHZP(AbTfpOpmO5GzGh(SyRlxu-N}mGpl7goe@gl?@Rb9gfpBrgyy*-
z)Fln!4T>?X;Qwq{F((`<W;tI*e_*dr!+D4!!}GqIswPlvz~rtlNZ$t*Ku^txSz7W5
z60_p&fN(fo8u9>4*~=G}cOF-gEiP@4j|f`_3WQp-$7h#6y*vEN$-A}09pQWvRtyQ$
z!$q5-eGz&uwjQahs~Sx2iis<7l@9;9SR8cG2SOLliBUw1^q}I>l0uf*ie?Pc$|6!A
z9NUzHZ1N_5#mcInO%N8NYfrSe{@{-+vi)hqQ1`dxp~a3#R}b;GW->iw5dg2z+DVCE
zxBdAW+)-?d(U_63Y(<U?+RPV?Ob%57+3*Y2SXH(+Zp2t7lK~byGd-@65Tg)nUjn3Q
z!7ZY-1^`1`v-zV8FKE{HyT_@Ow0cZX*Fx-ijNBL4IjK6M_PyY82cHdMZN{8^2st(O
z$OrKTW0d#M!o5#U1yQmz5!82$+9Lolr$n`5#Z0|HEoK`}sBsxrtS)&IMATl6Mx4fz
zLvuctH0IzpX2(Xjs841;^1L_euzOxC^xxCPd#<BCYX<BS+E2)|mThI3Wxss+<7e7d
zpR{}uZGHWrova7CJnJr<TuXmSb>=|ehsJSMw*lq;PmPO&$QmQlv9GOyO=&jY>d#{d
zDAg!xyu|8XI3F9t{^;l!3lDlSnk`V7Q05h_Ez@RWK~zCN6x(O)T~9@r4m-JiYkY5W
z^*zT`1%v>$=FV{FrnHJddHEoACxVBFT}LjaYq1bt_PaOaDl7WWwhOm6JQoqI-qM@J
zfLQcyp5eEG-p2dm>xK7@np<?$(79zV{b@sb)`r>0xW^sN4%h4W0d2GZxQHrdp|a%S
zGG=-a^#x`e^t3^9EBHMOnqUv+3spKxc>}mnedA3UR^QS(S5dYgjI^`%8sm$!c!hJB
zcN26b<OS=_=Lbr(SNGQiX4;`S^c@mr#L+*UwzST{rO?sL7iqGvMZdZO6S4ueolt#=
z_Mi32c~fH%L7gk2a{VtZ8sWu??hDA#C+Fx3^`mF9$U$}*73_u;Zg|b|YCdiogF4J)
zSsIXm$w-5MgaA3Y%P8hUPJoB+>j^Q~H2+ONr?8i%xnAUiFiqS+L>qIiC+e-1K-UGS
zJ#;>K)mBvjenMKH)Qfi}t*U}!8ioZu3epb*8;1b6Zh{f@iW;W|u#@lFu~zTFVljjK
z!hprP)x*qqg<OX==J7C=09FItg}X^AnSUK<T6v8Q7I_O`y|<^wPIS^8y}5)v3F_&0
z*pp(-l;>oOp*;Fl-4W~-vsV}^jdKp)*bEOiqI(B3>~7Gw{~od{u~}Z@;H8Fik6=f`
zbD^b>@sgpOht5@LloO;by`>#(Y4!n{IO3Gd1s6eS##@J=6LwcgtdRyL`*R6Es6JK`
zMWw2OAljfIddJ47qKIj?Z%)Qk59?lQr~g_iF!J@(1Si6EEF@u*iPnpyAgr3PlGU{6
zPsZdR{91G7nl*bSFtManSmr-HP2jaT4@_Y4i59#E<lp)rE~ISUa|IeSV3o)gnn||y
zmuN%wyO<miaS}!=4%f@JHA~T4$ype**xc0fN^;TMPb?Lc{`sTHoef&Kz2-vEme}6Y
zxij1vi0{J9j<yi<9V7u<y!t~BX9Okeg-7=~q+cI-vp7UUubCoM%`%n;f=`GEo}*1{
z;+-=I05{tBsK(4i-|D3R>=6X$NVPAF4<aHuWxebisQOI8VOtknpL*CtlMAh*Vo($`
zxl`~`OEH3S{jCb!f>WFG!<RXL-`!}YV)Io({Iu43?IF<epiphiY+P)ZmL-{TMg6HF
zA5V|TE3yN52wbX5hv-<0;fAPR-9_-LIa41b8`;zB8@RK1H+{KTk;2pq3U#Lh9Oqza
z3r%SP)b>%ap!ok(7W#2bEY#N|G<o*f5Yku48k*CF8rEumFfiC(EradHa;}r^FHc}3
z>##D)5^8$+eN8Wh1wE1l!#Z_cqS%^>T$cA{q=|rqraA8jCH7>53HT43o)u0;m<qda
zdS3F$h=tOCIVUNb;yW+|apgz`Eklsn0A4Z}A>dgylIkQyBMfR;1Y=ry?|dN(lR(72
zwC?JQc;_Y<L%o>OZeA_CGuYw2gm-QO#TK&o&RX8-zcWY=FaMpRurrEfnJlaGT26S_
zfk?gQ%t%Dym1;}gE~e1#V$*}InJ<y0%8V9}t|EM4$qLxH#qqqrGO8yJpLuB!C}zo*
z9mZk-PZ5so!jMWF!6IDsJ=rD2@<(YTB=-vM{=Eau>a}4ahj3Wh%=Spl3JL{3&B3}x
zEfT{s?BJH{>=Z2|J$?otrA(0XaYeS?*)`uX1wYR|T-o0N(#b}*MFfOwlBq|K7rwJ2
zDYSZCbCH|EUA+}{G4LqDhA%W)6D@zBH4F6+=;n5VjMh%_2CHL%V50}bYiqBwlSv)!
zqX2r=?=d1mF6l3FsUvADCfgyVv3T-Z%JYYTEq84i*`dR#fZI*^iWt^4sv(3G3=m+f
z-~zpkZvXdy+VY6tvL&h1tD2Xzo|Cty$0pB{@h$B5xS3sqexQf2WaStg4q@hg?`$l|
zS?CgzwLE{=0<)-S1`RBvpRdNQa}8N+jLIwKabi+LLiqS<im`R`VzO(hxyqViZRC83
z-GlF*P)FMi>Ym#PAWGd!Mz^muY6CEAh0EF$G^*`$XHmGbtZ~;Q&$L$8g0>=?y%=dP
zf|~mAGw|Nd*-6PYs|71aMQd8JCcF%%wU`9`K0b0LF28y270+A*h8Y%;4~I^bqy?pb
z4JUEJpTPdJ*%`;B2aZVfJHn-i;99{+fn%6fKSkg=mB#OJq%IGu#S*Q<Kx!q=`{g{g
z)jgY|577=D@(~xnQ=0eJ%S<6*-#QfMX{qQ@%^(Jo7MB&v)~(yTeSdk_9}#W~jC`Ci
z_}<H%bIZmvDMM?95wf!+hoA@dQ+%op%y}B=m)|8^6mWek)B%hLzr>d!nR_ePKNHAc
z?&SNgeHIDyOkj-ncQ+=qu(!hx%-;(X3|=fF-7Z}-v{J2YL5#^p%hKzn^S^dO`Bi54
z#AkG#PU)Qc+xkgj9^H;NUlMXy6nF!l+vFM6*4N>UT^J_9ocImv%{ctt({0CQ>2CaN
z4F=a-@;f~nzjr^kjK~4bu>9+Yq6Md&61b;V+3(ORI4t0cGt2>l>*2f1v}zbpk}<wi
ziSz9zpTr0n1V6tSOJ8F4dS8d%pDg(PL6=>J|DP<!0NlUJ_n!&{K%N!}@ce#=;GZg1
z-|&nbW|?folOx`bnO+pyu>7(&4!VJI_!c8hXu&DwZtwpxEDv5c4!D^X-pU*f)iC-f
z1%^j|-5cWR!v*fY#QpTp3kz$UK#Redj}8_VP}@*--6gtbkX_4h6Yq1gI3tR)3QK+;
zwCIgy?)v=?)tmqK_-qZ~i>`1zCZ?L1@tl6*xk9L)Wl&FNkJQwZ5T?j|3r5j8M0UKm
z(12U-RFDodf_LQ}?q|uUP+n3>218q`qnj_P9)?Pc-DJmF>ifS?P2FY<X&a?Ke{^!;
zccPlnnwdNL%$mra{G80d)JYT<(}Foua+iH#%$i$f65lPYPY@XB(ItW~Q4ULLy4%cC
zH=Nyq=%e^l(8A7&nUtdF#_FDbbZkGbMkVt-S8K3uKfh-?@5NPPO$wHi^V4JU`tcY3
zE0zbq@=(jR(rLE(^2M7vAtoufhFk>Uwc}itls{T`a`pJ;Nm~?i^3RqQC?A~5{65pz
z`o@0r=lyTo<o>+>O(pY=QvbZKZnFJvOo~xrezdi6P_+Ke$m-Z9%#DI9|6~`US6}{Z
zO*3}RY7Qcm6#0_}M_U>qxk>u3DPQ4O?%f4rIZCQ#YK%<v%wWg%LBxdID_PAbhP9YP
zEH;7m;|q_*Q0t}FYK~x2^r0K~21ZDs5Q%9`o!3`2vLd`JS*~TEVoq-O<59Q3%^~O-
z8Ox54M1n7&72KF&XKh1rc`HJ$8B;_BC#Y3CUhMT!7{HQ|3U;%ff+tX<it!JHdxjcW
zFx>h$;#!)ZU|ae9JzG+|D_gcm@5q&#5J<~SLm{PsCTIKxqC@9I^LdlY&Lr6gQ6*-K
zG&QdZM!vab^F7QQjh2ExdsPcv3Qnv-B5U%E{nwwLI>Z}CUuTf_2?l)ib426%nOLw!
z;w$fy6G-rZvX&_{RTRA+2dmBBTZ3<x?H4R4UYOUJH1YThQp!(Q-F*Vr@0mQgV_6#-
zjUK64UbDbrwQ1}A9dp_EaRIN{yo-V9PM!zs`}_u6vydb~*iNkk40AB)D;zmn)_rov
zRipkdJbIZd$L1<C6R>mvbMOkn=s&|J6S*sPlIz@>4|XBEVjon$(zY^iFexCC)EIm)
z#eZPu7Jr08Af@9%!{VK2p=rNoQ^Jozk27|~A*(dMp#>ABN>-6)v_|i{$%(H_DL|84
zIk@bw<+UC0DdYR3b;Gl^pf%CFWExykGuG(iPDh|9g)NO5t`-MdtN~-h0IfxFOrYx@
z-<@9BzrZo&#4=yU<MzB_)lENf?NrE`<-6V;=(x&0`HM^U6NZ~1q%&(nv2`<lbL7p=
zcWi4SYj(qGvXe{9g>%ERW_O?be_E~!w>3Hu(J&GheQzS=sUok)4s`B|hr8C(Wa@yu
z5O7WemLQENKUvYV+X$3a7pTvr7?Y7#gS!m4GCZYc`E?E)dv`e6{BLkBkeW?_58#<z
z0~c6B4wgn%vXImHWmPkpA4#E_8o1k&7l?UiATKNKOx_Y|KzDM2wRvPaong`^c#zPn
zmXJCbyL(*v21Qrx+XPV76ykD7!6;z-xutV+^68l8OnDG`JK2Cr3;KR|@Ll!IcX)RE
zxCbOfw|HoYoy-X<9CX*%)pl|}tP(Ay(Fd@amwnHt)&L+BB(xmvl7$FnDewG&Y^DU4
zmbv%xp}YjZeVrDD_ZG&sxT?6C3NkEEuLpBZV>Ifw<(So${zLCCFbndUWU{WAswBes
z?FN}su&#vB@TMnsT0&5vz$I+GZCmUHy+a0C8QdjVT<u=LW>Zq2`y`^@;KSRs2*4w@
z^c>Fsv3~H)7wR(m0hY$-qxMkXN0Tz77&O;mR7@5Dm|o#TGOcgv4snd|l}n*RY{5!w
z*Ltgd-D#<~o>ohZ?9@~!cZa^yX(KyI0Cr-FQyjat3K9C_hA5MinB>9n1cGgua(OED
z$eC>Pe>^?&STc1c8~9{ndw{RC=^e1uXt4%~mI94`Pu~h=rI(4lr-I1ZEL{@0J6o0>
z(zl13TyqbK+In1ngPw4BGc;tV!f&AZL{$JzKW}TSbEc)GhD{%-oxZG<te!Fg$!25e
zD*A%JmQ0Ruc;v3dA+NEG^pTJHy(No?ha%C~{zEZq0I~^)ixIn(RtI@;nvuJl&N{qz
zL~)^{pojf$=Nb4vq@ui5`{dAi+5PW~Z`$i7YVhj51&<2CFg#7qV^KcbBe#%nUf<8o
zGPHHg=39GFm|oIjM_Z?2t8=UO7>W~^Ai3QZe7AL9q)ZVMqsch>fnGAyl2#@cDs5yL
z#PYgr{VpIsE4DOReBT?%O0JDji8`T7VZ2EJ4x5?L<mHXl@U<2nI2vlY`U-H!9$I8r
zU>f%phSGa#wZlTn>$bAA0YHv$dgCIKrO_(!UBJv_2zi9YCj7i3BvYc;S671#*ZvYY
z+X~ZntW)f}Mf>b>1P*C~-TXH-2|{V<JTMbkk9nSh83Cu`;F}8spwD7YQx7{<QCDkX
zA(ike<e^-|5$Esj@|xYQ_u#=0o<$A;0MnXbf&riqpcqr#qZRCiX=a#nWpWh<Gd*yJ
z{^NGW#7CiM!_|b-al!uYV|gYUYpwgop0Um2&2q=fw(M$(kepA#Yibh6V~QBCzNMva
z<}&wKL+dF3#f=TcUJ27ej%h(kF7#x=3zaQC>E6ox`I+g!J;<kgTrgwG33aOUYUp}H
zEOZB4wt$*+Gb+e?E{=`eG}gQDXvt`7vEGH!&1kI$z>U(&^KpNN7MCxI<{#OKg_@_9
z{I1Pi*zHocCZWpGxy+rFn4p;$y-kX2^@(!}yiZOJGLh`&CNL?4fmd)9n`n`cLy=?j
z+X^cI1%yFsoPxWoPF)iZ_B5lapAR^ujse-oIS?{uhZCqaGY`);om>s!-e}&rn8{mm
zYoLulL?#N!pW=c3BT`}k%5bD+1SPlm#xbF;+3mi8|Cy8~VZD#YU!{=s*C@m5>8Xyy
z9-KNzVq9cJn|p~Jy5kVc07m2#T-RSeHWoU#_rafpvwVCCp-EjH2K%`*;`dZB{VlAV
zsX4Y5kb{2FEAW(UhPM5&K1<n{VhMeCi}V>d-g>AQNkcPA**0c|dxRDe1o&o#AF<s0
zP>bd$#VrcxfdkJVa<TKa@Ab$s?G)IB4WRq=(>P9SokVVl;JfvL?XJ3EtfZ+mFFC<A
zM-6iyj)8Gl8fZA`*Inh|a3h`;7O={1MhhR-m`SJ<P^0=hX1y?ma4#~p@4Nmm$N`Y6
zINYBxvUY3SX4kB-cAOgE&{f-zF)gUb^l<>GBOID!Byp{(>LIcJh#6z*5(m7;X?oZ(
zE>xpuhM=;zC5fcJdm7g|sqp*7!4}voxWB0(Hw5K%S;572L-5g13Iw7;-rAuy!nsmU
z^&~qsN{ckCD3o6liq!!8@@tXth;i%?hhlz9=S#a^QsxXb!MV${7w#e%w+)%{8_nux
zd^&@OUzczfkmNvb+;W0jfI7`sQIVSEZN{SPsc@@3J>|xfv@*t$fM0stIN;a!&dzgS
zwpOc~75>8UubWzM3#+X>Ip*x0t&WJ@8`J|8`UWZu{$@P)!}rEaOHQb5lHe+dkyU6_
zBWpTk2WDE2bf1C*`-IhNdhT~jQex`bXigGvLNN#huuNd?qZtG*!m9OB$(aj1tjni{
zi_u$kQc%_K>@S7Pt}h!IDoCf@Y0Jjzt+gPB-(QkruCBYnw^&r8AHWl`1-f<lS0N8)
zNwv1hI@^q`#}q@e*jA(5-_Tpda3!F`sQx<anuy2tOw?6GKGs#-pg5A1nW1<Y0Ie}u
zYp-+`?&@5&<d&ie0c<4(1aQTxugQs5cxBn3ToIQj(4ta-6wq<0`Be-U9NWnqEvtg5
zugMm>Ykt4AN4D-JO8-YR6DTTWN+K6pH=eM%6W{TH<fI<YM|Wn;KOBGf8pO|BYDK@Q
z*^O2KSzXK8+5f#w02f~-%c_<o_k!Z!97g(hqulwRApi|;fbiX5miE05#M4s!>4Zph
z;q-${xpLiUIyd8qpyVH2>nQt;tZgR;IlDPfIeoncQ%AC$FT5vJWb1W6pmo<SdC3b}
z7p4}n8LaDZB5OA^zzbe&ksVpX9JDA>Fq@>wWl;pYQba<ec&jr>usjnG!D;?M6cPB!
zbZWF?*&vU)H5R#v#QT(WKe0(LxG<v6drd)6V8Z9*Nb$*~tjK(Nyos%_V*x@Qix;0B
z+ncarwc@JL{4?)KJRHTKox_s;OA2!GmrK)81Zls7eOY6EQoFG0K>W~uwKdZ+Xo4v0
zo?R4c_2=Z6HldO$^nvVLc6n*AtU82P*kncF_Jv^SHeSZe;6k6imwBq7x$SjfZ&Aqd
zcZ8ou5Pqp=LC&OLd*p)AoM=vG{`q~)8@9i_PRT=`<(SNM3kzW%w~OG{RnNoe$IiqG
zAmc)gi8<rze*2FXrz^bt$BR?@?)sl{0<R5UMZEilU;8<ftTzj~PKr3$)iPPsoYtW>
z?QdLRO4!P4E+W9%eI^D4NZ4J)vZkM&0+K&PVZh6_Xdt}^kg%qHz>8R7CMGi+A;%2e
z0#Usi5VGrgdDri$pwqaH;Q}NjKG>aHvID3AF6>t^UEWY$&@nG~0|M*rzSVjV#|lfk
zR+j!O(z~D40g`)>9sS+Gt-iu`_u)Q+A3|Q}PQZ^COCRftCsPFyGQCDhefDmQ`1!|+
z)3wQnZ-UEc-Io#dvrA<}{YBuCo6MCVVq%0BaE)T(vz(*+mw%3ksjt6+*x7Ypg)f&R
z6~BsF4nIZ~$@<dVEjG<+@G-`w2|C2l=%x_Q<l!D!Wd-f?b^-A!gpVWMG-_eiu4i{-
z5&D2#g>`V<j8(Hq3XWMn_~x?j);nU=jJ&x-78$tWK92<|hu2kzzt~o!;1kyHz?V-*
z7a#?1WSyEOATFlOjHRjh!cq-+?|n*1CX0e)7S#+3Y9Cw8P{oWLdjI-A!Bl08QU^!?
z2Nx%Y$L~+}%ltPpc{^(4s8wtfSa+YK#EvG#6UN6%R<xO=svi1Ty(?XE*pJF(SdQ9v
zbnn+vHutkJPuik@jgDEonz23KQE~9g6V`hR|HVn}&v6FRrJQiFo2<0C-Dv&oz3hFC
zZm?#iH~X5+3B<%tWDQj%`ee_V3|8-;Rjl5R7OS3XkK&{#c&iIG+1w6Yu*tFwG9N=O
zPzTr3Vp-eF5NQh+7xuAy$1wlFi{7HNTrY9u_Q=Y4HGCts*^uZ&B9Z<qd84&sc6)Fu
z>uWBiqg&q0Mks2k1IQSD@EiC~<U9}qahT^O2Ysv9q%AOxUhNZF@lUK)fbhTOBHtq|
z&%cctV+Cm=GM&S!q3tBHoc$_v)SBw|(id=Q%Yti~ONGDDo7y|ZG%thWKFOECXk+!b
zD6u?NE8`*$C4sc<#}WGKoB7PZMjSYhTB8?Mc{c#SKK^e7jNc+1lymjZVuW)URe47U
zYtjH;3YhQZ`<h-9MDJ<IhI~Pa(HCcZ-RS<Ms6WpkTX%OZ)WK6W{~U<Ucu`n`FGNM!
z>e5|a&`b&uBbh+{l@ApYmkrIX!?$mchX;Asd*~VD;b*}Y+GB=6qz0Yag{&Z_dZA44
z3xx?{8N2tiO7Tb7XBT8z`*E<l7F-Yzb6Cj=a!r}wZFuoD38CgrUjgkGMdaRa{ky2t
zpNx6a-7<<bnB&OgL6(AKrX~Q$oLas#-6ct`g2=3~5!x;#(yLdmUV-BA>OcPDKZvZM
zGH1ri`#*$V{o!>$<+!f>?eP6Oh##vOg;~CE4!Wz}FlvwdKbIfQ>>*JL--3zDEm_PA
ze0%n*KmPvrQP1)ka&vIzs@OY=DXke6M2566R{H0zG~-JI@<+Ok(y1N>TF^rFFowR%
zc2`kuBM1Rp+^<>bOrJ4mt0TvnY#O_&mj8|W17ZB$%>uFb`e2!SlA`l|M~r9_U7O1C
zR^`M(IZMio6<q1bKr$mU$B5CEyiHe{Sd*o~+y||=Hx3qoj2a7A`=+v<zo(VLbi7&!
zhveH5k|i`T?mA-6DK*>tg{2-h?``&ZW9h2PsM~PKD<mYVF3pwrA?`{v6@iMVoyGR7
zHzBs?zYno3FBxh$qc5}gB_CslNxRsvrCe{=;&2GqR;6W&U%-p2!1_+`p}EcAo`EuQ
zm3Ph)NSMxDIbT8OSjnPoaH#aojPawBZEW`C?fw1j^lnu{>&9jjVwSU~^qI)lHj}+P
z@`l<_=JGhBP&)muY7BY_hM@Htff9(<X^CkYXdidc&bKpWkWeuKU?)t=n&?{@gh^Xo
z0aIJ8(`LN!T<4kMDdrHx$<C2WiDI$Br=nr?gl23v*u&wBDXf~YlGS<#O>Z`j$c&1-
z2wwH^oMfy9-p=kCR%@C#x;!O$&2Lz($j)DwR=XH&+B!5oH^Jfpqiw|40wdXrSa__d
zduyBYPOqc#?M*RU>qrXK7UpuB%eF>0y~}|P^|-PIr$7~{*;MOewU@#ZtGur@7;NMI
zR_9p#Ot@S`uSQ6%YI(zRE29Fesmt$JQRU^pp-Rb&gUPJh@rV&INhZj={qk%Ukl{Oj
zB@}mxfLJALp^!N{Z^s2!v&&67(3Xvhu<3h{w1*sNQSLgSxG9^DN&}ZrAVBY~9mhYy
z64J6jv3~PajL6cxo5`4kCAM?+QB=LpGg=f;%GFh`T&=x_(I#WFX(0h~P1|<u0O^Oa
zs;!k2?d)9G07XiPxrGFg!tN4OAGZ&<ox~_lJV}GI@_u^>GAbFImG|1SU_!d8suVsP
zL2NKOzgkm^*op!1g2f}~`?Vr8aJGkysp#>`t$4Ngq9A26Wp0;|+2PFNaHe{^<C5N;
z6fK_aJLwSwNBnSGkz8hN$wbqUP=_pwt&$jhB%_0w!zHW8x#aRz+|oKfJP*vn(a*ur
zJ?$%0_G5B*9=c(445`&k4&GmfvwE2+zLEN#`K&X#Gpw&T*5C;rJmD|j6Ml-$ZLdmo
z3V$K)A_AJ;keBti<BzE0ETnRXk`@<~H9Vr7yCX>zbZHz=tlfb37RHHEtFiSXSi2}=
zEa-yZg19%pW)tkm+*GTfLP(Sf)SfLJ7~LycqC^h=P!-J>oLeViM5GnNmb%=!b(%{2
zvx_;eu^+o?Dx0w~<{Ijne*BHzv2)|h(=vC%FbgWH%UEp<o1E<RVB}jjafwFV?9xmB
z8WKNG@Qaeg<v#EEG+B{{r)TLmQ=QUQ1aTl1Ex6s_o^E)VQoMx(gkiV5Np8(Z#TnaE
zsL$A*1NxB)`Pg&br@jamJ%Iu8F+e^ZxV|m-k2Jz!>tjEB2b2MTBv7hVeT<rA(H|E2
z5mh!Fn~(R{-rnEe-bMh4Q;^zbGWyTxZkfnrZmTCxc&!=`Ry*q}u1y-arnK+wp-OP>
zv4TtT6=72xzj+FQF@bA#f~8BgY?js)<S-JW{a%rRm%PDR%9^b(6)EEDwu7DQXH~mr
zI@~W=DeL*3>r{W)8^!!$7Yl*4b<IRm%sqK?gW{%Jp11^AUF-9T&espl3@11w$w3pB
zs$T7NzzzK=6E{gc-q2dbo(Zz5gqiaju4IIhziU*?KSZA;f<=vzZ;XBqi7&lC7?;j7
zpwFaio2rc!>#*S^Y7e(9^WqM5yz)mnQz9xMueTEVsA$u$T6|6ZYv=D@{XE+Jc4y~@
zSEE1u_|?we_u(J^w)^ew&-Rb6c6WDne)#VF+pF`FANlUjKZv%x#=m~v`GKAM7}&|~
z?zg{9m~2l#=As$NdW75jH53&{xY}{~SLYv{tYQ01(^qYY{|z7ZbUi8Ybzgv*l!hdI
ziOA5%K>)09%-5PA!;aApCu~?*$(q)4k{jFe{IgjLH&puyCY$rH+a@7NBFlMOZX`t_
zjO4HRE!3eh)vhe?(EQA}zQ#1WMs?h6N*p|<SMz6U%K)xQMuqb<0d!C1Y+JeC;v^DX
zJ&3n4=<}|)r>x0)5K%W+mL!UJNMa5%{x9}U3+WN=`#1?KRqjfZwpPdjVVA-pLK_K&
z7n5>&0wq;DjICwz2EM@+IkB869>}3dU5}3n6L^aXg@{3(K}B3J=KuvJ(DxM-BD>>d
zTas4k*-O#yt(!cSbsgi$D!G7%dgiT|OKQf*rCZm|ZVMSuOld-*TG0B<e2fk%CjdV4
z%5FlKUPReKa-W3=Ui5j0t)=Idy%h$j{&eR&xT7yXVtx`iIaa8!@b<Mz6%Iq+6D#~$
zb{(D`Dw|qNwqpneuM;@nm9wTAsU(|cCd(%8Rq4dRkt!A84H@bGvsPCNbQrS<0yyy*
zFna~7erQ`RnC|Fy#za?3T9KNS@+R~+#7i)^1V;ts<rOQdf;Jn0u6*wqtvzQn)e9%`
z5iO)(<owf-iLSlj;5AGG>0Nb&xsmtaWnl>p9qX5-9GW7m9J4&vJ7MM+XIYlFg4Na-
zaQ^9NkMMoAZ~t<g+U;)S6oY+i;9ZOhUFQ4vdcNt}ALSq4=oi=D{(1C`SEupM|Il<6
zl`H-q3(xye8&G*u|Mib^nO{~c+s8#!|A-2LBVd(oVr0BDJ7dWjn$w1E650Hox=PFj
z6#&QHLkpOy?v}C0iu;KJ&OaSRjtHCt4i+RSYxc>RG*D#3AcL`&7KOYu$qen-H8W`o
z@;1TZa6=28!z;yEjni$$-XbQT8&*Wa+P0Eyas{KwgbP~mf3cWU{kBD;lWco}myP8N
zy5Yh3_3d$d7zSBwwhnf*!BG>}M=Ld(WaL*J04D3l51hLqtDicl3jM20G`wbB+L_2f
z&27+%Y(~X&;a<RtW6B!U;coFpjvl8mG9b=c!R2o53ZnoneaTpU4fl?ccvXNhy0NPw
z%a~H{WuC$SR&@#YhVMeZFk(@GF#~@9z!BvmK8!_gMsE@_sU%y%y0XC|SF0B$ID!d|
zUjO2694#hZCVG-qCzoz?1K-Q2@YN=pF@SL`)}<`#zmY>h*d13OBpO{v&`Qmui&5NB
z=7W7h7d9(n|L38R^A8WNdD+fV29whF>BLrSNA*#wWi^<XZE(Flfwe3OR>Q&?w8H|#
z5$Z~!CoIL4Yi$Ki!xik-9_lewm^$2|Lcr=_v9Zf$5P$YpL1F;(_iZiPz`T=-ZS@17
z+u`{s%)zRhQ~1MPx(-}3W}1Y$Jaj2+k|5dmBQ62qbvyGN)IBuL3!5rHv)aS+Q=Dh&
zEZzXA&W*m-%y^xTDq1&l;ALvBH%AwZoaUKc4O9_V!`5#-@_?nZhW~k$=41yr{(}_p
z9IKNixs%1!@oW8wxN?Smds(ZK3Qd5tPh7;$c$BtwD=2PH3H|oPfdo9`)5;?kY~saM
z1A+>L1<*W<omKk5mrj%gOQ-H>kMN1U5TzJ_t2JRlHtn>s0`xv6buh^rfP;GT@&@Zz
zG}#d{#;0Z*Fna8L7s2RDMHlmv6yE$j`U3nU72Z{3g$OQkeUd@S06eK`vy5pSapJfs
zk&_geyLZ`{g)C{4&6pxeLcVX+(4t_uosHRW39?o`7c`#A2}&(iXd6VHLF5@kp3k(G
zb*T>`&*$3;mR0g({N>C=m3j+|A3XVb5ppIQ<H84*6!k{y-)NLfX~S;md|$A}q~o!+
zh6_83w>1^cG~saq%ZzN=Aa9gLqMHjR;XdD1##^huhlsC!D)W7E$(Skm(;NJL?vI=`
zl*c8X^4rc~QO)SCpODIhl|kZ?S}Nr>4TXzi&o+c90b%t_Who};xOf)!_$!d=9k%~D
zWbiIp$V1BbSh4O0PiH?qosbKb$s1N9@txdNRA~9^4dsO<JxhXIS<-_7iG3flXR&lV
z#*j-Hoz4K8%k-m1FvX**n%!{ODvO$H8x&YnWBl7QK6RC*Gg{G%H+n{ytaHal66T^B
z+O(=)7a;>5(6d_X9X)JVkVYV3+BNr74qLKH#1eUus3r0gkxS&ufG76blLz&XCli3)
zA;=Xw8yi+>5xO1XIFn`7Hq2wGhLxpW^pU5!m#6Naq=HV_$W3O{fpZU5xaSiMTf_yA
z4o7@A;xF%rUl{6KJmf}7`rIL3&A4EsB{Mo#M3%g1OrQeo5cPY6H@!Gd!<4{mhj?dp
z=PJi`YEr5q+{{>g%N43ag7C7!x)H!!Mh13oOCh=WX8^7v><&zdIK_ect@1F2fu=-X
z_YQ{b#-ui*V^)xVwyaJuqiez5#<iOYs*2~V29h-f=1tpS!Onbgr&S!4hU_GZOSaf$
zA{qB`$>GA=%}DIgSAr0FwW3-?49e>8>^PN;B_nmnld*6@4j0zfUl-g5_YLq&hpDnD
zdMLSO^F0H#Hf6rekCP__sZm&00ZexuoAR~aRy!%!63UwS?ST?!EA(jKx>!8P270Y{
zP_RK*9&oDE1t+T;a<N&8da|Wo;jsAg>4#BWv-!3%DSf0+GhW%M+Q7qBBVKHu0Lp2H
zN4w9d*du4M(f>KQ<H}^VIhIVF$p$`o_Wi?Ge<{0XQio~ACJ?TO!QBuHZFb4x+T2ca
zMNS2gwOQ(wCg6%;Dl@$G^f|xz((%pi%DT6?YnqCg2H48+8}I^D1<hQ@3YMm%4Vxyp
zpSxDFdJ6f$vV@9lU0dlg#r7oRz6uo9wsZqOw%D3&{bw!NC3di)$z#>^0}1q9ViXH`
zVynr@6!kQ$&s!4|=}KB@w)ela<OUqz|3L9!wNDO-;$m8`-gn0D=XH}j5r7tG^1h*k
zmM~FM{{Pu~|K`SVBX9iv&Z|H<TVLB3NuEhI$=!VO+?Hc|Hol$l_!)aAm)h*@LL?+1
zCIJQj<x#SE?@yrtkf46p1SrX#St3>0u_OXu18DS*Pj|ceihQ!7K@4m)VlCrT7@dPV
zvN#xYke+<jdT_}O234qjgCSPJE}(u6;JbrW^`WaG@Kk#8cCmBTL2{O1<4JuA*WL0Q
z)|EcH@qSbLwjoFRv+yP*dSVfQA03#@asiMhUBiu&ahO9tGp=5<59=N<zjB%PqnCBH
zV7XUz%MUx?0+mI&4u}bL*y`FUp>-nbR%5{gkp(xP#I-MPWw#lWbWiET;x&p=6kOUO
zSj$HxGW5d6%ebgHJW)i{CrO__m#%gH8#=5^h-=&0!H_%HWwmJJlBzMaTVp>Tz!A?U
z=yhF?k4i8>Q<w9CafK*LveNqC%?j!5{RC^X1@2OJ<k-A5q(*t#ma6zIBaI{a9OL9p
zAJHxxXuq+(;flu)_D}1d2hS?-fl13i<;FgmBu!h+YdRJLoy{;~BnwT_=p0K}DV)sA
zMTL<T1u~)zC7N-mP>z!sWo^5(qA9B~pVp~!c9pbd@0C*R0rty@HVUW)^jM|3Tj{N?
zA7<GtEQZkq^g%Vh4H;{5SyyzKSDr=6CPWCcaARU0Ky-piRtXnD`F5c0;f&v-l%snB
za4dbl6Ct=sBeq0K2+c@%UI?C3X?PL|+=WrRC@TXhnl!V*W+l_RqArc_`V1*7rbOvp
z1E|Hyd`v|9q_F!dy7VOV8XGiyq`V?}@1BBmb|CLgcv!|-gYI?3B25J>y+uD*A*o~`
z?(Ud6j%L^V`OjCe1+EV39yV;r0D9bWk)`)EwUBUhq`N(CzdeHuogHeJh8W@Q?`axK
z;Gmrh12q@Hsau+~2xv=F!jxvLLZTyhA|$~5f|`tBFcKG<b&e@BV01q5HWb{=no~K`
zxg=@;cvvV)!PN{&nwOcvjPO#16vuv^>l`YNW#pqd=(|j9SdY>a<feoXK@+z<DnzuE
z(OULiN6Muql~h;4Eefd)NMh3r6j?c?EmLwul)eO;L*xOo28%V;u;7yLHY;(J6E-wm
z;HOZx|MQbZZ`arCPf0;o3Pq(}*N4bZZ>LLYDtmlVC6y2DoSPy*9XuQ`nHkSgiO5GK
zu)bSzeT!7RPY`B{fbxS8n*P%Zp6Sm)@RTGGL<MCM=#bpo4b~)d<Kq=8m-*Jk`b8Be
zm4rzOHNKY0pB7lk%2WYYqh&0zkwPF~D3exzP7vcuGxwt$EBr*`CjrA$UccNV9L5ZB
z=DHg|(r)u_xuycTdD9U3S(>zdBo4|J9y8p{4u0jy7%pHm)chIfQ{!_Y=9Ju@*ud7|
zJyo-zS$=r}+SbW0;Xi@%F!q+yG_{fQr6iLwvw8bQUiH=i#8(bbNz<<)thG_Hd*Jr&
z?(uy-rST^jPwv{v#7&d0d2-3_Yd;LAV2@hac`d)Q!d6=e$yo8+q--WNB=sJzBgaeD
znq5bz99UsVRG6zKo^5!;X@>4|5c?H4ElG;7tTIfa;eT0uhBbbv^%G0G5N14cwILip
z-;9>(eUe}m;J1x9(su6OetUTytLN1{I3))DZO9nD7Ix=C*$Ddg(zmNX{fdAd-A1-O
z?~aavOk|pn+ShkZ<=rkV6)S@^IndW<7s!6vG*vX&Ov}O6Go$YAq|Rl3rU|KWFDaFG
zpOF`9S<AN!%rCRC;3c}p2K*LmPq?MUD|EqRDM*d^UmjG8!#l7p;JnC)eDwq#uP51X
zmf)X^v#r2FfsJGzJH8ss-80??Y`a_ja^eC!2R4&)Rqn`jr#HD*JtJ;gzphHpqLY-&
zPh^T;4q)mor$+NVu|x+i4?@Pep*hX4$QF%S<8_Z(XmLXWH1)*+I^qK6kYI)~g6G8L
z+||r*VRYi-PvR`?&#_vh`;uABNS=VyC=_#EU*weO+kJ$-wKuL6q|BbuWOTpy6jm~V
zIX#KVamjeNWs@LUb)SDis~2L*3|0Bfso06MPStx-@SV!&W{4$MB31eWE-4gV#R_4=
zx05o%0tsSVgl*UV{Nnok#o6iY#rZ4rwH=T8YUT*t`gOUyqy`35T+e7=Z@|`8>8cJQ
zRJgzlT{5cb8tx{_H{;C4-|8`}yK_p_z^D#pNd2|zt>xf#RShUsTfNoJyr!-!>s|~P
zRbgJ2bJF0I>d!-k6Yw4~UYX_*7pC%^*#(EA(cuULq{Gpnllrp?s&3_rdic14Yt6ks
zLg<}KbOHH=m+<iw^u4ZaX)>%fPf(DJ+|<w<`!8aF^;0@0ERd{Gx0joE<UaD>+}dT{
zzuE1K4eN-WujM>;wh7O3s?ZF}nZ8Ry*RD!#8_Fmn-aYiPs+VRb7nZ4^IcdqUBCjkr
z$dWm!`q-x8VYMY-N2SAw)uvohQ7f&SR5Ltze{p*L_F|N`v!sS|e8SR#Qx=jmE1u(5
zgSm6!J}`QKEo=&zOTE=lyx<w1cCEA>K<i(cAe<o{7JR2B>;kLVe#{SQ=4f6Mwo<57
zP%QZ;LfdDfLah+oSowg-Kv`EcgARreHd_#pQxnYll)BZPR&<wYRmE-Es$p2oc5$ca
z3*@@>L66&nZj9!QRtPezidju)2630QSm<4FEr)SV5$9(yePxSf=SZ!nR30%vm*OmI
z3y_9@)QJ}0jhz@zO))BAQ3ZvdbDEK<9&|?8RMx3?ZBERV13_pksjvFV3;kCA<<*;q
zV}14R7BON5ZGAwuP!B%*X5Z`G;vCQG_Ew<r+E|UveT9)+<QZjmgQ{-Xgxk#N1nDo_
zjuQlD+qlU>Y)bm&S~Cq4cZ;b#x#YkRrjOg794845<n*tggM-g$8G;RZJGx1zOeEdq
zH39=P?huA9Z_aKmKUF{bCNTzHbmz)dGQ-7bsb=R?LazE)S#+fzFHjz;^@m_~Y*9(-
zmeuxn_NUWpgiE~y$`%sdp)6O^=Eh{M=|~yd%hu@P`r9{Eo=faTkHdHdI1FG?pC$H!
zGO8$6T<pv7+!(O3(w0*3+@APL_X|K$2Fk1}-Pa~uQ14+SFPT=HaYB}Y90yQ>*UW;t
z-vo^R2kSS{2M1^W_395EwBx@jCq`9?-4<<2IAbJHyEQH&ME@Sk+Ueifl4Hn_=>L{D
z1JVYNC~Qe%UbC^ld)d*=EoCWH?H_{&23A{20)m_&pAwi!y;WkZONSOvbcl{rQUqXW
z_L>kOE156Hns>i7`{+$XLWK6Oxkua%9QeIh?(I<3HuK4O4d0<RR4NlWX?_f;3r%FW
z)*`ME7l;-=;4~GljHG3CeJ(=6ji{^&GGbPN+m6(tpb5^h1-d=EhCU_wkKerjwc<Cw
z{@sg!efm5@$)Axy`<Y;Zo+8Gu5g!Qo?X-e$1D}Qn-})>Vc5Kd&-lmlh5vy?Yp>BPs
zoA=P(L)~2N7;_=)#cJt|2MPRE?<I33U4PnF(#|cG^zZH1%&>JfsbOPrc3}-|&$!|?
zn2${kOWRRru{giF`Qgp!A1~g(s$0;r<~~*#-(3{ZmU&*_4rIGU@USK94ntS3ZvtUE
zyCM6s4TnwI(f67A_q+mN4fC8PyCh;BRu+FxG)12{a6}W=5d4#XjO=y^L*;xCpZ+N@
zk%;heMQN^M?hT>k3oTg?Dcvpd`JI-Xc}9npP`eNuilt=5XBnpXF0ZS#1Db!{xT@10
zY^RZTrmb6bIRo>VNhoeELy2>*rv8rOme(ZduRk)MKziq0U5wEAz8nkHV9VL!aL9@v
zES)%LgGZv0#XXZHL!Z#S`{$jTwsvpU3T498p4|y^opHrk=Nu91x@mC9wrmmlIWy^C
zG9o-)Y~n~O2n%LyJxWdt<II6sA`+E<8u=MMv%HQw^YzDI|I_HaHTqGvI+y2GIdiFI
zLTs4kbfC@0;~7bg>E-!O_!SrGo{RXryUh-k0ND1smSnV!d!Hq3WHxPi)#t*JZh$3u
z)P0CGeJY&kd2ysC5x{;HsZGtnj^_97ace-<dnJb3V{n6LeiW9pZx7tvz2Qzcyx{tm
zZ70)Y?(SKG3IN9~&N97wIIDA{w_OFB2z7uG&L(u4<3gHRiYdQm_gJLp^!jo~yxJbL
zuqt02qWkONASefrh5C;%RkBf(&NE-?Tdo4CX?Cnxuk9&H++>I+3TLKHB^ncTPY6RV
zUc4}FxEH_w{qK=pQk0T}=Bq!1U;Xyw%aFnUa{BfS!U<^Drl^6L1FW+@j2xi<zIk`$
z4vSp+7B*W&vLMaVhT%{m8_p)IX0R5FD}*N#v$0*#Kg$@OBhbknvRKT9dD;og8I`Io
zD;MGjF}y(U)7DP~V~H9wzph3!GQO?oSTUs_BmvGin;O@F@mAOJje~hFilF->4sU``
zVq!>dMJd%EOO|HArR};F9Xwl^fe9M4UP7?DCJB*d$NV^gs(-5f^^d_h>`mj7bwgXH
ztiDt*L%39Y2*oj7)aK|HzX%@bG%IF!fTq}!Uss3rHrRw<RSE)6#0>brdnK4T*ag&l
z$tuRfa83rA0h<{H54u!oM$#!G!kAz+x5X&KW0Kh+d63ryb=cs#!N@mu;FyZo+bCvj
z#s`UIb$z5`Dk_<oD`1IQ2pPc}#}%+9aKk{(8(5bL8&A|oU(u?>S+*FGkD4FQxvl>S
z$!P#oUouG|YxV;Sx)4N}e8dOl9T|s6;RDmX7CpwLGARKE>mP}G?>P|*J5odkT{azZ
z<;%U2;IY-%8~bm$)5t!N3F>uMaC5&!_vsfGUoAHt-EGG*<q?;Evu&rEy>6#Vl=kUk
z!>rvmCZCxr>EOgvjPA(7XewHycIDvpk2_3DkPIuEH|>rrpnEf7EXBK@9@FkffDvR}
zYpk7qHzRy@>eJpS&|MWn*ZJ_6h9MD}M2g3g9(5~p>^HZ=wzvqL4v;^mriJ&8EDojF
z$(k?DXkkhl=-Wjr86CH?X&-P#(`o{yj>;t)pewHQe=a^!sZ4Rbb57(HSMbTRSV=>G
z=d_MixuyUcg!l^(9pOdYdbvCl)tXa@E+L(uA$i9s0HV}P!%V={Lu8x{K^|E<1G~;#
zG?sa1ld%(l1TN+qsEJf$I3X!YOCT85l*5WlTVupGwVa44*eH^q93HE!<F#wrmbQOP
zoX=_tFEqZ~hMG}zc-n2l=q{o{64rGQPf3tr-{>nedUtd!tJiE>*kjvbjUH``K$zn~
zv&DaExevI*zfggxkRx=8BxTc#G`_PIMz5O=Qz-yx{P&X1aYjtS0n8A|jJ(PxE855a
z-Oso*LL?YwARGK0SsV;HNnJkkJ-B2C1DB<w$uKK%8PK=~@ZG_xBGO%<=y-@aKE90r
zp}K{Kotd^xvxwWtYiw8Jg)5e44HB#Nim0K%#^KpRpdzwwDvH?~ofrvs#SfooF|?o~
zN-{txXNL-nGoIXm5f(BxmxT+;s!*}%n)NygDp*}NEQlTy&oRyLICGXKfM6QqB;+J=
zz|M6;w=a#nG_=W52hJG95#;Ifhp#t@H;JafGiuz2HXrbQJ1@npY49IJ@Tig2m>lDG
zcbLPyZed|Eb!%+x_n_a+tqW};cpgO%FQty)X4wJe0AGxOLVG{{^>%n_ZrsvH?HT#w
z?$Jjq&$l*zrAaqAu?0-CaEF^~>t4!bWht4-5@USBX<1~{6g1fHHi%U)0s=bf7A=Mt
z(8OC@baEF~y)-KD;xRA7g(90s$My#W78Q5?**!X&qE+5)oL_^CY2wrdh~Q+V1@fUm
zRA}YFX$j|=PDW1W%XfR+39FXCohuKw<4R~aaHX_RKdUpaI(8#!Y-hN(EW@D;;H|-m
zvsCaQqf$@njw~uJ5H;?aH>{IR=~HQuMI~DqQA-@rqk`o#hCOvK%QSZBTU<zEcG6N(
zyjcUxv~ZtWhzyR1x2aoq$3rKl!v=>#C$kUom|46@ZVOh9JP5P4+_q;v1~68mUVJM=
z8;C6i$PqvGlS0~-+tWkbmfPh7*xLH)IzAS$lDuTR9VQn0w%lT{aLX-LzcFolXTvWs
zAsXtEz2o7|1*Nj6JiguBjc@V7-eus*8B3m(D!iV>rf&UmOz<Mk0tt1bwlIKKnhLIO
zbE9?Zy)(D%=4*)eGeoHprftP68s}GdN-O3z5^0(CT+(Tow)>=7racd<sq3u0W1B5K
z(=a@?J$r21wr$(CZF7%p+qP}nHum_L>%70bKj8h)t16YG(%m_#vr<TvRb*i0badGI
zKU5_V(8i}o^WV)*t`Hbavy!rwyGC2C3_GvxE8EQ~?H@48*3xld;&l0XHww{9^h+B^
z+PL%hUWA588429w1t@4ecacWGjw~^bB3D#UA$#Jm;Tc;}s*YRpbS59L>XWKMyC$Y5
zyJ{od#Vg8AqlHC_X({9zT;*NmOjg(XhTUe<8^<i&>)HgTNb7>i=>-h7Nu@?RnE0Ck
zAC4seBS>&Qr@wnh1fzp<aYo;`an((|U+fa*O}$`DI$wY>dNUGng!=WYRQljhEw02!
z+9Od6^!Z8(^P{Ca$H;-j)NKZNsOx+$w~#a~4JBAdO?v56=HZN+#?qy^_ZgTd55{J%
zuxj}v%uefigGJTDj;$9xLaqT>T5q<YF6KmuFs>kRl*#AFco~M3Kc$E-dP*59ZxXw^
zbP1FTTS+J4m=uvjnd;~iHwNscGiB2>D(Q#W^>K4!$H2jNZi>>Zk}n(o!watqE+qyn
zGb**x69<)4vzcM6Twcb_=E_(pS%K5}^JfIQU#l%mXCPvAQ^lEcTR@d1a45NjH&17z
z!o6bN`NA2KypW@rfGUFkd0nEJlW{vHu>gCmMvP;;T^*+4<~cRy{)#SEU{peq077Yf
zV9_;4eZ4#!J!-l_>u+mLdn{LEjs8ash)5g1&BIs?0Y$Qm@~gxe_H=#x{VANyZ}9zj
z)<lhiMH<bH3w!&R@#^kC%=VQPbU$rOjH?kzUd;t%ut0JJc`~YNOJPMPXCbQ6MTZp@
z<@01bP+MhnpCn?xZvGF?`(>@~A6!2d=cnzceLvry%EI2*J-i>^&*gi$n>aljJUkqq
z*Xhk#yIQ)Q(osI2(TUHQ&*#N?x1)oPlx%D~zh{wB3pQn%iKY0c{B_k@fTQhvr&j6B
zqu^UEs`lyj<&glhzN(h|{!a9dEtG#XvNv+GDmXlK5*jPxZzdgUNLwqeFXf$Gyc$*2
z<t{70HePu)o4)|hj%Uu*1ea&7h0V^d<m4LHeDkaYd?U2=7pZyX-<-ZSgKA>gh!5Em
zMVt|IHV{(xDI3`keLm~D=QAp+Uh?80D3utHDzSaTffV(i(ZErCkCIsa^-Qc&4Nsm4
z^77?G2BTGyRL`Pu!Gc+ixgElwNvlsPdPYy#q?B1h<P-@cZpvf*f@jSg#beguG02aj
z9w!xL?5nD&z~@HYg(8(wit6NhZi;CJV87u>1{uesYeazrS~u-#?Rge^&W5fZ^r|&G
zkAnWA8`t2ONo$?$O<m@%<RXMLvq08ZRxMqWQr$0St+=g1QF6*&NTC8PCNK$c5F4<M
zyG)z<d_km*5_o7VTEr$)XtmDBzYlqJscL+j#8_C+&#oCUh9+(wV#A5_VL17>>zOnU
zFYeFI*r6mffX&R8!Sv>0#7~$ox0H^@^N)Le^Y>6)pg2~AaO6oIk%^|qg4^o}px+ls
z#=YWLf*#!~i8os71$A}58<Yu%RETa5KZi+i<YfFI#dz-r<2&(a#i-VJ9kPd~j|s-N
zj>XW5vXx~ZdR9i|;A-4;_hw9HkV4z+N<;RjAnH(`z_;$hz2NYYd!rny($BZvhk^KT
zeKlGsJUU=$U@G9c(}5g0%u%%b41qC~WiT<a6N_@WaCD|Fu-oEet$$0+Q|G2u4ddh^
z<qvM56%=E!VgygZO7t>!E$ccFIyoJaNK_T+qt~l{vZvtEkfu^!PA5zzWlU|JCm*|U
zT!jLpl6(eaV5N8fXpJh%zDI13Bj(PmIinB;K-vlJQbR(Yh72ftdh6t1A;cgx00lyC
zk16rcZKeG%MK*Gaw`JAIi&)lH!pg9Z%ZF;mvp71;DRX~1uUX)1Ij<?P&L0W5s@qXz
zHiu`|=%j9`#MDF(eZ)h^n$dM!w$u?HvNLW1+3q=_t3<^||A!iLpDz(Dioq<qwk|4i
z5qVV6Q2Ubh*8)nH)+Rd}gCd-jcNm)4Gj)l{TyXP}0KzPcQDq0~?$u#-n;pzshY6B*
zqN5@nvOEN=n1X8jRaeAScd#+BEOg9-!p<LnUH@YiGQ+H#u3mN?KQD%fO^0SPowe6~
z%|lfaC&PHsr@+)R+{~uEewQ&ji+d;?dJQPWRe23uWv6?brEiwXH_O}R@t|#4MTdaW
zA)7Y6NQbdwi!Mnf-#EqC8%Ro!bmS5Q#6akCT9ddF<bEfbe<*>c${kodMfNO_oyg{~
zrC#fY^ztTZASs5tP%?&ClO(<zhp$4zVa3Eke=6d@=bvJ!0dBg%D>m}~oZt-u-T>rU
z)xUn>&Gsf6oY=@6a}!W<NQg6V)f@TfS|vM)qN3Nks05)+#+U?`1)HT;bB&XoMWZxc
zfX}84_4iGXW9hL=7VL5N@!<A`dS;QL2gwPhr@8eFwO#VOOvNrWGT__P?)Z>N%_CQ9
zq*+V^qkxDkj?`+hV5~9!9^62?98E8Rd}!6=0QXH2N=r5ZkpM;@{4WbaK#5Rch~@<A
zS0NCM&I<>R2uF2!(!2qdbk*)Z<_eE@Y3~Q-nbQJjv{A`W;{ZEIhErpZb;3-3KIhaM
zE_AJx7t{P%jjZfuu#*TmGj`kwft>2oVA0)C|Lfv|Eh(beNs%3+_G??P_CPxIIe_s|
z%0?Y>-#}};JJ-xNq?S>^7?-r`tfPrxRZl+n2l!Mk^vEQrR5ivEi~9F^(YD>+mt6)l
zfe{7;1VGnI{C7p4UoAPz?(rmOW9+!)m}P(kXlFIA+lnC))wd*~iee|!R_i9*yau`O
z4s*7EI!FpE8q-8_lbj_}XjfGxbS~=U3UJgNE!6zdT$l!WJ$Y$rlM|<_=(dC#IzAV)
zEesq}0<;JkF-QawoDy=~bevTFlNV93R0ZfcSh|$lwK_UbMFKY;;<;R;Cesy`!_Shy
z*s1TH6`~K8d0?^(=$XAwL3sDOoE3lD0UX=f?f{Gx8_&!EvO{~_t9n=n3A0W6x=n&l
z)4Z^fvv&ZKRfP#970V;Yvl_-;(fJc}=zF4z(UYFJivI1ig0CJ3`HuF$6M+hy?-s^J
z|43ZDAF-(gC&OvKJRI>x<p(_jl^RFZ9Bl5pRgRLT2$$|Gh9U>A2Vu|*C!<g`fa!m#
z^D#J|^h)A@x=n&G9Su7kj^c}ZHlIwYoY`T_8|7@@wq<I9O8ly0n5w#BqpW;{OHa>1
z6d$uRq4Coh_p<TZ%?ZsHP4$NnbLbqKsFh)^c$+c|^LIh-B4<K|P@-`H|CEOq8k{l}
zGsUK(8seR)%nc^w4h!cR&~Fwv47sG8czHyj5N=6kBo+p-B1X3$AEonsJx&!E07I3J
z$P!F27DrbO;HtyV%i13wA~pv4NbldO!0%PnR!vBwFXx})2aiTH2J77NGOgn|1>Uqn
ztMfVehMM_@3M1yh-l>*dN+phX6Te8s8q7oJw+gJ$$$7LB8M_}f-nh)7?fApdoFhP5
zeVWK;MW@l&aWoML4;TyibKQ~pngVQ9nO^IfbZhycQA7BqDXr~jj$65hancP!I9fzu
znUF<ZfOfW#B+SU!E8n$guD6oz+0^Vxlj^y)yv3EI>%uk6lDln0EaIOLV>n|_c04E@
z*P7J3f~mH<O)Vh1HOjMal%K%MS2TWekjjfH&A(v;w9;au546>iz^le~g(d97`x3RP
zDh-jXs~3u|1`>dx!Tz_<g|Sn|pcI*11BXiFfw0V29v<?H0B}c04gk{K5^tkwiUG?K
zEMinc$-FYIwwZ!pat|mja=Z?ZLs3%nM>lapU1i+g>p^Ki{ez?l(IFMXY(Oorf<}h2
zfNKU_(i$UHa+bfsbZBgQRm#zAa4cZ%I$AQgF?u&lGsx#&-VXoEm$h^&EiVhIKjb<4
zz1EyR#+g$|7$Y+b&@JSy1*_nyCRnGMePHUyX70z8fvrTjx0`juIP^3rRbao2?WBOK
zF54fYdC%k+hJwJbqo7(_XV$FHcFH7QBo`jAoIS&W{qr=_a`Y3dXCrpO;1MeWhL@%j
z22$;ZdFih%i$|AB0E-E;hIWoy2y43TR`DOWLk6BaK0^t`Cp0E*mXfi;%uBu=o)s-r
z>GIT5K%W{RiS2*LJsUQznIwd6@eZo*>m2!RS^q}wd+G>3tP%-y=*V`M<4IBt*o8S;
zyEYw;J#u!gV*&E>O5SZ+{fJs}C+l?7#rn>!skdxQ*{i6Qd7Cb1PF}|3a6jMgv2I6O
zS5t2zdLZs(1d!eeGh2l@Xp1C-4!^{AgZM724#aND@eFcn&$l(Mo;}>Xe9DWFzhE$e
zgxf_My!UK`$6;F4NxY&~y>D~A5fM}N1c6GV3pmh{QWam}*5jbRh^jHvUGR(FF=C{q
zTaxKll32ceV&cF{Xlo(=1xxcq77`Ps<u}|#a$D6)`eiy;rM_X|6@oAkFK_6WEy&j<
zUKn_cbGyjeXDEo`PLb}&Qg>LCNvk~AK{33=6L@os)4T83THG8bE!1Wlf<o|(0~b$?
z8V`g_x7iF6_3@tPM2t}kM&eg|`&}Zr`DO*G2~h9V>-d>)=b*ncwBBNnxp^~s2sw2C
z60GNy52E3#o*4Z#)kSy|d=YViF~tF<`iF&Qhd&9jX#E%er7iQLzBRDhb9zyx)cUxa
z^(MJdRBol))K26v;ouBzq3ThYkXr$50A4KM68MRK#xAT&4O_>dMS#}*2r5Z)kb-HV
zq<Z(o^gO|(7F4V+P_!b~t|CubbP+MbkQHa8SLb7Kl%+7MVUeQ*6W0tL!sR+1!G<25
z!{io6Xp<XPR>{)!+l6ZTW*%zq`qHblX6K7qN>U6x+Lk~TCD2h|`G9)xAz;~Dpr<#r
z$Xma)S<`<cQxFxhO%*q74dGZ=l6%<)ofuQau;2VmI!-@O6T8$yw?a&?K{)-KR)SUF
z=ky0Zr<jd+GkBnt2+^ngUXe$$(nt&ZHsLtAm>OaeKSfh&y%L;oaD%~(E7DBpIjHU%
zi=AC5&<qn1ZqRP;@J!Rmix%M!>zX7LIXEAgl4_2lY;w77<e@aKAArI3eJD`57uODH
zTdkDM62?pnzq~s>Pl)Cadma&!M?War*gdi&OWk7Ko#Pri4*YTqsAMPU%nEKl=2$Q~
z+;}&>_#ICVS{DtAQ2#qKj!ofNOCmU=vq*S>0wb@S|5ba-1bZ-q1(luPFXJSdd8kH4
zx_?xd?dmkIVlkr^xhxBXo|5RX_1}Rd+s*Br9*x!F#TGleUFM_f-urt|zyrkqgo-;H
zfulksjP6w)GG?MxVfh?Y!fMz@w(XQ*0Er3Kj*^f|5SfTX@_r3bMP>dtQVmz=h|mT|
z6J?ut%MK_HczT3%2a?)|e@y6Zmy9pmJ(4o8`6({>W-{Pwwj<*Z{rXI_%cL+ig;i6(
z_72h^Q^G2>?J#n>vRcre0?_%QfeLNIcUZzNHoV<FJMTj7s}e<svL&WaMkNYo6}4B*
zT9cZrn`y=T<U9(q_rOSviPxRrW+1m)Z&gkH-mo)KqM}kFpA2hHe~SoE(@1}SE?FDG
zzV7FV!vcJ1xa#*o5lN7Nh&@Hs_MgiuAS?I=%$9<xb%k5K+^-Y1-Z!~5+&)H%qLr_g
z7wbnf$$G-U=4BDwcztHCJS^g5Fpt>^Ji#MErV*0v6{^lYa=x3>O5`1k^}4Rh3WjSo
zqtnx;*7V=xkiiOq!2?)G4?-b%E=zvWB;$3;tw2JG5i*<h(?`4d<<_W_KC%_B@+xY?
zEUDCHLpgoZ4=7@3fK>*_yFT8~YdN^cCeN3?T4%PJy%*QfeMUDf<xe|mc=br{n`f@;
z8(Z1z+olVpV0r$O{((MgB1cNBA`}W~rVB|STV3p-i|Z=ePl<7|x(L*7BgO($AZ&cK
zwJu_JLKdq9AJHp1&{(F%cHmz4mE$n_PLGfspqQ`CXk_4LTCSu2d_KFDfNK^=v#mql
zz_=o@UkIe$>>uA)HoVH}y&CUzYi&plZ1!cVX0IoP)gc4;Rx{@_{!Q=by74qML$RnH
zb?;hnd01Y@R_lAs=}b+VCN->Jm!bt-Iwq0;OPlsD#!yOPMfD%P02$H6rctGt$iR{a
z!2ButP1!zo2~It?nc)&TO590+Da_rP@wwl=gAma}t7oBu-d>7mqKKG<Ys(zUW1Biv
zFKLR7_Z<5dKC>jnwD~hn;vq)?k_COACZP%0CvP?~>cn#}?utj%4`?KAvGOqt@ej>_
z;ou%asg&K`?Dz_Z<F5ZlsUuZKpWy#g%pg!ksghIQ{}S?JlDpwlmUYr}@kSt;#4ws8
zi?>mDtj>VyU1n~VEz@NNMG`R8RuBEd0Qh<f?e?si1tnChRsnLi6NdAhpd3lfn&|77
z-V2yWg79?c7kT%hOP29Xd-WOsI}Rj&P7jEZCosllI1<#f`^mJ5bJDM9&CLWJr8@Fs
z6q}eCE&hqim{HD?2x+S$HDQ!YfZ<=`&zMZGV<mRUM>Q9!Z#d55+mr%c>w|4W?P3^^
z3`S5;!ny#lfYuQ%s`g#~>XG+s64CZcs~>?u0?ao;MO%PdxpBWas#4DTbDM*En$mf;
zOzoJhyw<|d&mOI0PU8!Yr<b)wIB1{h-%EQO^wqwh6Me@JIbA^MzizGdi&m$J22njR
zx|^J`5S4<V8!7$M<y4IW0%TtE?I4l2BuO~ih@yh}3-#@O{BeJS{hY#Tu-h&MK+Apr
zz1<L~c%4Tn^2;D#F$uwV>!@UT5)g{$+X{blk?H}IJ$>j@_;JK2HB6t8He^EZ$g|oB
zUzR~cOQ-I7Jz4LpfcX8SxYm-Yyz|08CkCU{W<@h;CWr}$w`*GL4>`As2j&m~UVF-G
zFRl&RL&DsHkXQa4cW~KLR1`Jb@c+I~%2Od;%&@$T2v|Hax9D9n;_Mao$6l7NLab_N
zD$$tP(cpSl9#vlE6fpQ$gZkNTvSW4XAmb_*gs(@v-hab<KODlr#b<gy4?k~qJ|D`N
zJzJ!hy?CUA$z+j7pl9V|Glgu<Y_Aa?$Kg@u@NZ)Fs&w`_JiH@O=ybZDH<NVxy}!08
z^Uv2+x}MLkDD>Ws*3@2~`_0|1f7hwKes3RsUiX)DevikuKd{|v;DD0Tb>G(_r}Zg%
zH^>(6D2tGs1=QmcNqNAnQ)Yz8M6J*}>oW9=>jjIz%z}Ib4{pwR9HadVe>6k+$;_Yn
z&HX)vVjL&TWq$<xWnjVv^_J$_YY}M4-^w7EKyP)L(^Grf3aNcUW+cnqZ}7cNLFmDf
z8ugBZ_fe>--jGeBsqlPN^gsqF42Zs14--u(5a-&lJiiT}9wz6b^wcM_eK2<Na0sT1
zLgAttlqaY3E>fH7x6g8atT$D@?_JVO)Y!>7I{m&b(cfiPkTalk(Fl0@fm@KVCM|TQ
z<e#p8K3hZ1O_eL`E@pS+v2fIki~BUzj%xQY?cVLp<XLH$s0TVa>g8BCgTz<W%AkUm
z6{~c_+&c|~{1zEg*$*|+J8>9<{r+YNq`~}2@3dC#tm?(;@qYdqbJ|W@?!2$Mr)sq=
z6l=v2gYzsl!7I1dW#;70X6=;H`8m0KlM-q%7InO$)zw9C_4Ik$XJd<rOI`f=iW?40
z=N^7fO>Ug4I~TnPZY~fM8V3Xvof@xWzUj=5sCq39rh!CCC+5*RdlQ^R&jHj^zcs&$
zH4)l(S5IF2%OuAF1b1~2ztj_VZ~ZQb>>3ix&`52mA=5EmB{l|CG`XGy0ZMyC0W2{1
zq@$7r=%5-vOPe+c#G!5kJAMxYSuiS0^7yW0_oVk1#zZpNNVSDFR5J@;H~&!4fj~}?
zk!(GpXpsPIJeo4GOfeo=dyb$Bf@#7e=eyw`+iIx`^$T9sq3_`g*>+neXSzohG}Zg`
zYk1nmM2nHi1Z~(U!&(zhMkai&#X<~pHeYT)5x`s{oO1b7A>}ZO5|WgcaG8^D0h8W&
zjJY1y(0P0gb4J27RBf^E+P(UzVk}=bShez4Pic}*7t~rarPsjX*O?E6*dnVjNu1I<
z+;n<RXY)$+6AQ0a?)JOw`J{KcFa|<W28}7C_r9L@F9lw{6DPy(CY4aNTg}wnMqfws
z>*4z6pT1hF+D4{0!UW$tk2U5|{whFh((5&nqmhhSoQIpvm4%wpgBSXsWG2@T{7qwT
zom0*Nhr!r7Fl**|>S9tUyiuOaCftc2LLCb)3Jkg+!C&WPuwen79O}yP1CzR+&670H
z;2lhiEeqE;bVvW4`qebkVtim{k&~9W^<lA!8TWSpl`ngNFLmy~8Crd{hpi3YEwF}H
z0DsU7|Lwq1_(KBiiM$GKVDw}ZfECkLG*;sTM(1fIHb9>_-0O^4$f7GuI@ON{xT{cK
zO+f1v#(VaS3)ez=sd{l519%gbfx(@996cLbB>1U(8h#TIBCoyD{%>`ZlMmZ$9Roqk
znKQm{cjwO(+V?#P-kY3R+-JK&Gm%Bsa(Jz{$qiFut97HwR&~^g44SjO%u1&Ip1!>r
zvrJRzwpr+JanVAYM&Pdlp{a#^A_W*g?R=k!F!uKg)ni8WRKS64jTjX85^bOW>0#g4
zaIvtC@&~c1k|6)ha=|6adU}iNVVr`A0bK!Ze_~+WCgbd+V~3)-Fi~5`EyhmaZQNNV
zh1Qo4use`w=ePr8Ea*;6z!BoF8le&v6XLX}B_oYUL8Rt$5k4D^!(@$IwE=`HoY#}H
z1ZT)enIz0|Ar3sA*L^w*UpZ;0W+(o-<#9sV(r7h2J#S)(a#d>nOfBn)4lQvji-IMa
zw)*t^)Qmukz0d>Fh&GyzP}JnVFU{c05|tqYxEIB;?&lW@0q0)+BgG40%8%j3BOd(8
ziq<cHQ%<t&fPg|((fl0zurOAyB?kQ5&qhr?P&HXnDs)yPRZNPdcA0@|G^mLtHQ>Eu
zznfV{|1)xY9n2!wf$^zKQ`zu_H2lo^Ufwd;yOjhcie}tt%8wwZ$hIznRoYVk#N;NQ
z;%=4Kiaq6LMvq`c;iJnt71OV>X<u`6*lq}nRbr4l&E`2T$FV3Q@C{3b<UiHNoC}M8
zyKX9<l@E|i(N!cG;Vc^Erd_KAzJ-r~Z!2IgFqh3J_XQC&>{BcU(uW}@YjCvqsi>EX
ze6$D?pkK`6DccrJLBdZ;JNUvimM$dSZL;?MSk$;w%LfBQu5Yn#Mqou`K*1nj$u#r~
z+wm?ER<yOZkan%X3rAd`vH+<E4k)oYqif;LG{59iUv9FpGFSppw_;p3^fX5XU@`;i
z&#g{i|7GhxhSa|7Qndj#TWPhaUOJ~0vRY~F2HygaHF`wp`90^#ZmG|U-P7A{4l~D!
zW+PN<Z7n=tIEKrLsVxOsps6O7fV85xp}V~~mKiFFNOQNqPIZwpw>6E>#y5&W^;FY*
zzT>?eF4bMRIR0dip$SOhzPaC#$BAHm#qm63NLTzSWN4)t9Z9QIS3DZ00Uas-S<q1a
zGGu7(g;>z=DR1-F;FMXP?Mi?Dy{<lz`gc0;3ajT;HKtQ@$f<s+Rrn|$d&+PO#8fFz
z7f!Fo9nqEWkZN#rIRu`MO=wmX?=D{B?S;4NF8hxsIV(qI&Ip$!UDL$;@>~`xJ8k8H
zBZmSxzx+!#KQmeK>-Lr@TKF}01I59V;q`h@-bi(qf?%D5G7sr{^~Q$*Y9h8}v3$uE
zPPtx08>q0D{1!fq4J3aQbL)5=Y-nLOk?N!|(0AduNk6W!Y#OCQ3JpT~qOgiHs5`d`
zV|XCLpLNC$sE&nH|Jf7g=oUj*c~9Drd)S}g?2j8CanM$B%;HRZ+wD?q_0*dRHwT@L
zsAXqTZ>5EA8JTJE9a_kVj*`*dW6;@u&ii&?O0#h%A}0$~_!_a*1*NSQ%L_N>K3Uyy
zjcj^6E1r)kohzBOnyowDs9eT&J%PW4Kux<ID4X8~mcJJ|5}r+W{94WLo4#Cuj;I%U
z5hQHV6^F6xj>p*W&EcK7iwL8=vR|ITJ0gN6lvQg0fz`NkhR#n1m0J}t%_y5xt+nwM
zfy6WA?w=qPTiDk8sTpc_2!oyDV<)=40VqgJFwNR43naAfm?ZMpqU@-M`?g+vKbz%!
zcWQTu_+FYc8HY%}v_!(#)e~3F7pRSY>M(WMOJiyQlE=2s0CUkmU|^mcnh)M6fR^GC
z@$(~&(|Y}bIk4_s4i~Gr`+D{GAWwIp`0q5-f2L3O73+Jw;%@C^MMr|mMk&=$|3-vT
zA&|tQE^<rg+R+dwO(Wd|cyaeZ!r|LhT~f=E$GglnH1Fod@=0B%MIDx`A!GC8#Xh@r
zOtvrqw!~%Ou*I~+y+hL}bJKOY*c_TvX=&Ozl6AG|a*pUi9p29A(l$V3v!2<xb*O*_
z7p>_d(mQjr#`4+5R!gJTc15G<czIJvrf>Q>ea#v#YXa^9!q!%cKD^*YRH3Q*dS{tE
zlJk$a0yq)Hg(bO&PE2tb)0gIo;?~vyqkN5Bw%d}c`fiRDD=%|Gx2n_DR!+gp;YkbV
zkKobZ<^yWp2<=BGb;p2a!OQ#R2u#*Xfi=#sraIVSRl?tDtGOhNB6yV0t*sFd3U9H#
zs4;?7A{iS%-bNLD;cgL0i;Fjttli|0P0N}S{-L=f5^gs{La^y-xey*YAtgG3Mi&-P
z2Dj>Fysv*FY~!Edb;5jss=xoDx!pgFqARNis~8R+kl1187b2;qdZi!3$T1i|Q)3p$
zX7cYnu?<Sj98AJCiOR|sW#*1Wt+Vc;C6~{`mEK@v-yVqHgK%BuFx9>^{PMo0W<8S|
zKGQX>V`3)pb+=JWY`z1{TWn9L(6_<8K|LjPl1maj&S$&#r#aMJ$3>&Bhva9%L7>^o
zy`OjN=e(vW1+evF8ja5#jrDoJ(srE!(}ls|SnbI#^{|Jc^-PkhPwby&{czYA$5)ij
zz6ffbzvIQUZs8#<yZMOA{#Q6%{1Dn`-oaZi@8&Zu|D`0ad<c2^g<Ev<6}^UCJ?z`O
z3t5W1P*9WgI1B)d$dH&+nJbRMbn2!1@ib!&v$<POh96{_s#<H#vnIu${hcUjU|dOw
zp~%hfP+XUm-5oNI*`6J&j`FTYT^}uii;|d6U_!>bOg7PG={1goyVO&@v#PTcE3p<<
z-LnQLtgOqT94g$=&A3ONPh&}L$zdI0h)iUl33oI-<RCOPzCk;bts7k|Te_RcQ(K)>
zPrvrJ;%D*B)QV=ZdR@&;^Ccuz%GS<fs@|bLnbYkvcqWtkUF>EUees+WMDPmPEnLs!
zc+bYipzEC?7x#=jf9z$KSTtl)1zFySODApGqznAXKBP<GTX`4HeVMX7Ykc^QExi6@
zJhXg>dvvr?#+=%JvF*bn;aHRtXsP@22l=rM#rOww9Sn?Y{wDNVUKmf{=5?JIY{){T
zmqd@C4t@)hRFra5=o7ahF5`1YfAiy^6#|7ZjSYvker6S>;cC92nGskbn5wmk-24iD
zy(Ve8T{q6txq(xDgE;r<zU(*;j%}j1p1gS)I-kf%UwnI<Qd8whhwbik?@_~<n$bqv
zw#vP^vd9|$a3S_1J)g;0a`=?a8j-uDziEtkULVqIk&WH6;RxWmPPwVN)L{3`4Ox7B
zWA`qM8~jT)c8LVFXhV0)H+LOjsF$PWzljXqbw#;GA_)|Ja#YW@wi2kt30CjI-7bgN
z^@54BBP(F__4aIjKc2H28(^W;%5=+$e_b9p?}`!rk|bcx1;c+?{c^2o*L++364$h2
zxm)q9`mtk)#}xI8Yh8O)`l$al=w9w=-B7z;Y~C0RHF4P-mBWgCX3kgdgdX$+BT&x`
zoTuSDs@T-^v&~nXrJA}}4_3FK>ay(2S5XinCZ#7O&9XdYpzRkKNh{c-WIoB|rrRr8
z_7W6f#HtNA%_=D)Pi7PVuS6ZybU9ZcxulA{u02pULVq$D9hi)LX6bnUqvI1((<7Q{
z<s&=MQavltp3lQ2Ms(q%*kbofQT?T0F283b{o=f2CfaQO2Xp^Anh?(R%}3-UHzND6
za!}+7Jm>T{%jp$X)^0AE|8o4!d;MkJxU+g@x&41*?BF5Id-{pr!dvYA0_Dpuf|g$i
z`xUkiA=Y1+Q*8YY{rr`<lwYA_sIHw~UOn@y;t2v^c!JCz`}m_nb?pHfmw$@FANtF2
zdS&(O!piyg5ps-TYDAScPnF83KAYbybt<cCSC-W-8UF`bo|ii+R!+Zu*O;zcpPgAT
z&D_^UmCHxp7Y{xo)A`e{tN+l!|B+`u-i~f|PY>U}oPUYS9lYa#d_K*&CWL-K5n>;f
zI$!(Ol`b}UkF%GbzqP*u`83y<{!U;(b?XM-hG(Tu<;s7P8ucIOw)$^kTdn^CtG{ht
z|LZhMh;gYz-|>52Fqk<ieanrIEf<w8J`2konm;J1k*8h87op)CGGi8rXT84;86M1<
zCH)YxcxMm_DT+SYxT)1QW*`?f2E;Oa5Sg*@fjO2nfK03C#4`<}<={$Q-kq2oF&wiH
zzH327!{mgx$B+4+4>8@hmxyy|##u51(m`CYum8q5D!IhzflW1`1kxtZ`1_biD1Zi~
zXHIQm4`}H5N)e4h7z3ZRG0Vv+*U3azt53{GSx8xpPv^xnbt|WR&VzjsY>?>LJQ_h)
z+V@PN4&CBnwCN<lt}t|)mIZ?`rRvjKl5h@e50n^aV#4j%kPRfM@fRv+*m|;ARJli$
z9LeX`H=U-p`(>obM46kmdJw#27hkTvfzeRnn5q+{!||n~?DVjG*nNHmm(Mq&jO1m<
zMuC{RL!>mq0yj8tB!$<qpk|&j1CJpJ+pn9Bu@f!5pa?x!$;u&XD@%@uK_?;=Ik?iD
zpi`;S4OmIeA+jG8dneHK`kFu`CW~Bfn2k_axc)^2bS^({Q}mli8wWzazVn701yX$8
zt9&Rr3NTvTiD0`fl5o#5Sa}$YW(P)DE@o=P%%Q5WcFi5Y?D<b(jyKqz9vob}eCgHf
z>gaC2j280Y!gJ5PxFfLc9?#nYg|~`SOdB|eP0-jj7jM{Z?@8@8;XknHegsbQ?UlSn
zyw$E~_P7!Aw-6DXXN4f)k2qDZ%ps6;3;0uItrp9yQd^`!y{t(1on3`ZK1Nk;POhe+
z-wM5lD<1HZ#F7f+B@+gBgSluo9tg&B92ZZaCBNx^IcV{kK{VDeFlZ@vENu{^to?9~
z;Fc8KejwEi-dt1KU++QJW&*2GreBt0K__}_MpF{nhr)g8-JbS!p>da~+Z@hq@oPJS
zN=F-{j~Qi#p=~fe)B;dJ_oEx2sS>ec)>`-dt#3;XZiLM486IXczR!^swCR)?2(+0l
z!0)pywL@I=Df6j@h9g4?YE%^5NF%8prynuf9uL9rWb0^wT?+PV)=WW%B=ndJF-=7N
zhMG>IJgWTrccYM{;FI_`f?I-JN<9AvGS@2h*YoM7y{*uibLo9zZtdd;5~E7a7xE_}
zWBR)D(XDpQB4gv?^}pb+<}NV^^e14%L`PPBx1?fV<%Oq8A3AQj=#P%agI)h(KZSK%
zBPUbUFboGk4TGnC`xQp7NipQ|7#YXrVM2=E1Lkq~5jH35A+?&Qf@1f;SmfAdyeCnh
za(V<CsG(?+ggF%0hoR!0#<7`yK)@FPzSMop4e@%oJ_p&*{oZN^Z~dNngP@o2PrL9y
z<TTNUF&T0asnXy-DX>nwK0*d6k_s_XFCKosgnQ=?di~+uw5w{<A)HPCn{vrGWa$aq
zU??`hyQ`ky+D0skiWA*=k^#^lSyv99X>wp00eg&0s+&P?lVzGz+5fJGx>d~_fo-U(
zryUfyBWYRn&4!J<JbfZgOl4lBOWZ@X5?+;zJ87d9F3HS#ZAoqYR3aa#fZZz|c=Dr9
zmID2sD-baij!wp$86_hf^|`Q*iBAm`z9b?s$A5FjCq+VYlLT3^KdL{cdekxGFPFwV
z=er)QPm*AlEQdU+3U_aW-ubAn&qdS!y4sWH<UKEQ%uZyD36K!|fd<GFduAUM#J$Pf
zEOC}K!S=*!9PZph4u`oRpoBcPgrDErX9?tJ7NF`<7QsaSFl=a06`hL%O(lL->=kj@
zXp7gw6@F6CFAmqQo%_N4dRF6ujqBy)e7_mK<Lmudp4Sum%~izreesX%b+k4%E-tp`
z<K%j^brpSg@i4c?$i&y|`~Cck%kkc4QZ_cO_npwNA!ag=k>$wHJmn2lk#NpCsEezR
z>&N|;cDrJheSLbJ{>6Lk&?Izh)d!6*h&Te@lI?_f(d~{>lfx16<1Iq-s6skdp@=^w
z{9nZ0+t};Zl!NGDjTsXj&)|;YniiB+>+GbWyAhm#9Vv{LvsS9y5Q-oLGl(rR2s&h%
z9KCi?H&Gpy@zD87WMLq>N$4_IsS~qr(S-Qn)(MN^<k{Dor#}$qG@~%4w)ULB<b77H
zCPJYpku?CZ(--F}Q^QqGDUw7;NP#t{px??aR(o(7zsiKXu4yD%wS%gP=LKb=RWWub
zBy#*j0>DYt9Znw%QX*1HldFv%eZ669$6<)?CNwJ>kwH=ln5b27G%XPiD3W+C@a5_Y
zfB-&O2;_q5RIrTRo6p8gIR;|ABR_cLBvpgKb+P4yo0omTD1^RFNbNO*?yT6^Mpz#z
zjrA~;W*nr(a|vvT8e2c5YFQ+TV++w9N}%-Fs5z;_gk>Xz45X5?;4`EBwu1oBzF8zu
zATn~N>FwvAs{`hVJlxl4Ze}PewHhmu@0{ZnTb@aqW!Di$y8{?8J}%!*qhr`Wao6&W
zY?eb6f1@Uz>HxE*Saa@x`VHLS&5k^b<mcm}w*J=w%<K!D%mj|{s=R2&sk<fPUHPpy
zO9b@z6ot8!gmtNX?!0~rw7(8n1F8Qrs3Ms>#pXFF8haZco7bUilUFe}wh`DY?t?M{
zr7is`o>#dGC8RDLwnW>5uN9IsLZL9Ku4z3+_c+<7Z|()*=1|j-f8*2sQq|PNK&`Zt
zI?W!Nb_h8K>IxWgg`ngFzF+I(19xwI(}())Dz#hTG=Gf$BZ)4(t@r<n)aJ&>Nia@0
z?mD3>i|k*%ye`=lWD#|<o@Pr=Bp)ixAg9Dy$Lq6f9CKdGvOw(!I(S?iDCJUE2T>OH
zht6E5vmarJYLYRLFyoZCSUtfy;7(Wo!Do;*83G8z-ebu$tr!#0JkSE|2w1P)or2JD
zq7UC>j!GYB(T@ZYy&P7%RI;NMh$GzgmY?z7b(XOY{C}?V63UDsOpk$CyZOPVB4DMo
z`gQ*fwZ5Fxuh;T(!nof|zEHgp@@9v}zK@6`IEh``|A`~fVIeO4NE1G2Qo(_H>8(2k
z5r%!OY>&H{hPs}MUrWo2V%9NYX-1PDLD<>q7;QCYKuebUOEW{Gdm%GmvT+vK?rY~4
z4*nfHM6LYDPpM=y#JC?Dp;N0Ru+TMzPJ1)p<X3je3~x98rjk6_+4@av5`QEPdDSqN
zF83UlM1EcD;QViK|5v+)UFbCfhZ=7lY}>xlPiU$L+r39(I7Hk*h!+)2s%!$iR}`K)
zVJzB5N&UWQhmKd?FlRnprrTFT|A}ruLp?J-9=#_$4YL>L!1@V}h)p<@{$(0R5y$nW
zX2gUcYH5=}<R{ayMDVkCef_*DOmok+Z5MoqA}kjRMM$cB^kL}CL<>ye-!gFgJyZ;Y
zGaqRNLrHo^%DcTR*3*TX-+QOndx8<yD3UBBA}XK=_p}F|5piDpj@)0a+QmGI@1A@7
zp1|ijD#A`xe87>ho*GdSL#1uUdIZtZ2JMGh1Tcd<U!A?GM54E9XK-fChbMNROfTsz
zxS4oF`pv9d!~hFX#pb#c-EkrpH_Vt%a}u?(5J*zWFcX{>yW%2tSwRVDnl%q%_Jl_)
zV$z>J{1dnquP+hmPoh6zI#^{i@$9RTHOK><qcdGK#huIA|EjuTm3}sV1Q*v{qb26)
zJb8-^P-Vf3@i8KowA~&K)vO8Iq^MoFFDyBvQN#+^C5yxm$03NrD%CGEMNuO%!si_0
zdxr5bmraG$o5^1_H7dMBP$pP?6=1)mVua7+@AS+*58Oy0K=-WP`*CgO_qbV>^Gu}-
zK^sadS1aq+_GS;J!8E|N<v0a26e3!8e<S4uOk}l?vQTtXSJ0Y@tY`(o!2B9>@t${k
zA3Ul9BDA*nF~@8oDn2hT+ciH+M>M^_Si!Gt!e0xUvtkd|C~U;IPv|Tb2Wg!*;oV7h
zt&$kr*i?DrY~<;H#y0p$C<~C=1{v^OJdWuLAsvmWjrZ%Q`v5Vl%~NkS)^pDrn;;p9
zm9yo-xDL`d?c{TTba>as)5(fFr*(X>ZG*!CZLj+@l78`HtV5Vqd=`t6e~>eo%seu_
z&4Wh4j#pP;l%b%+6AA$Y*cF|L@#k+`id>iQdp~9mw;XO8cNHUZKQpkO<~Yi91Sl1m
z$nopFPjPPi`o&##P}kB(8AkcH!lR0CY3gd>-Cn;gzwL4hKE77}+EDr{&_fF7(J9Te
z2)8nXW1+i0z*>L4UFgQ%3|qr?1K;jrM=1#dNf=NlcXv<KCwkYu23tQ(gS6?4+HiOh
z*<L#xw9!-WWibjd2%9{Fpkv-l-ppdYUIhIkfkK3Xpr;zjQFSXZWVNxvUn)fP83>d}
zBE0fM(=@B_Cl}`>wtMBh;JiSHiRWt_#^eXD&=F(FbmvP1R>;;Sf6=^#35M<OrWXMJ
zmuhf;v=v~0m1bOky7FfLe_VjMie~_TC18M!sZwwN?j=uvzKomSpN-#EUB4HuEf2un
zsnzZkAb`|w=O%L=0DYrNKmhm_T!6j*ae1r%<pB&J{Y$elU4S05(S!$ZKLL7pOgSM$
zZf^4JdmFC>#k*xL9$;}VwJ^lF_bvZtiB!Evq%5}*L927e+dNw6_<GBEE@;2iEj2_a
z2W9(R8{6?Za19*Yw2!Wpmf4*h#Z!eVo94xHa}n!U>1MPxJCgmat$jW_7}JA?{*K%>
zTZpYX4<r+<!G5sONM5~}j_)|q=nstT=f0~b`pCFSCUn6hd5Wqjt@<aiT_qY__9wnX
zI3C5fG!^4vb?Qz#S5Jc!k^u1dem+s*lC98EmNbAd`OM^FhI{y%trt$aieABkGIFi+
z=<;>dY)2<By;G7r^U)f&g{S^pcG9G?M|}V_tt3cj@<zt%6@}bj0wc5`TW9RrVH4b?
z4stzp_teD4h$@;(Dyvkt{opXNkZ{mN!d|_U53rOsGvVl_TYwe>&YKvr+<2HmrO}aF
z(%rWpF7d6`VPuqyBP9}ohIhltDD8}aA~W{k$^9ux4+PH30+tmm@8UQM7`j%5jh!?j
z#G$Uq9dr3PGweFQ%!*VS2U>ZU@TO4zOjT+vWw1Lqd>S#nnjIJ2_VL0MBNwWmS;Sqn
zNE;P)(i1xo6%N@GB^DLDCNfb84^$=p&a)LBpn}uCumhklr(s|btzUi?1!8&J9Shdq
z6XA0SaiQ_l(FZX$l6_8*S)T%~3I$Ht6T1imn|Q4p8%{oQ3u50=DtNXys<$|(wit_T
z3mU?L?K_#~UA5&*Edmh7Mft=Pg!KZ9`Q6$Xf1<2_or?@pcPscn|3K}ff-@fO(y+=}
zMtmM-6UbCkg=If>rquYD!=EnA4FUv)r`-+wdO5?aK>W3B!0+HSTn@$HES#}*Vl<~f
zOG}qXy1XMdl}@`gH&OyMdQ_3O9dK*r&;h#bYrkkJL)G30Gma&ox5|<xKb1b{Lf$Ba
z5NrLbyvhP3tEyZ?*}RSg>=6J+t;8kRCD*Gy)vbx7dQjFwwLqT7s8NOj26S0!pQ^eL
zr3b!faaIh<FV?UqwdKGn0NJtI&S9`V5o#{hvb@j`G#VkOqK5v2babR>sv(5IjO8IB
znELKIni<)3j<jzlSB~ZqEpRhaJt^AaMrZX4d|ed@Z2-c7C?LE@Ne0QM@`9IV&&J4{
zXC^o*IJOZqW5256IBFhensHMGg26VNk(R>A%`8i1KcpTr!<$;XKum%$P(vdv-9kdY
zUuxeJ&1DljZ@bXeD+5`#!Yq$s`!`D9(S$7nIl>*Y2!gGMk&B<L|I(~P9kgNMg*TuL
z_E4?!iO?xaXl)2ROK<!0?&K*B-EO1i0#w%2w}mW}{*J5--OODUL6oG>kFL7*tL)Fd
z`zZc2e}L$2APu}t>%t>_{BVJTL|)%TqI*ycrP|kk_%%MlwD@IR`J)>;8v>sq#9v})
z1lu|2XtROxDVPOBP7~<I;(hFDL_f^r$i8J`5oU05c6Wxr9~}Iw62VD(R1A6z(T5i7
z$+1A^EDvHMVL-t;6LdQdOA07-gf{po8`9*yNNI~eN5T>iRCN-jq(e~2HUtv`pbf<;
z`^|b?rvS&%8|K0J)SGEf81ZS~FF!>JDMC5jo_}$AKP|=ffApMs2GoG%$Du)nV#ltZ
zMYe(Ifh5+MqvAJ-E@xKh5Ojbz<o(L&^h@j4gr=z^uH_3Rt=ymnnt<$URiQ#52N{7e
zbB6)C`Th9u=JELb-gLxI>(y)7VVy>bJGx?ZllZK5ia+L(l(A#VQ8mZKL_h{L5LB)u
zue)$tbMBlrqV{9sCnb>SS{k<@guWuATujub6<wA*kFeJqgVaJ|9#wA(I-m$8Ir<J@
zxV=S#;Ldz!<;jhUCRIJn_fxO1^Y}FZ<#vmjBRPTA>CLsjV$0q9xbekfqq()#%M2#1
zcoX!|G|TWTd!do>>2=w$&F6H(4-i83BFVVRh&xd0`dGV4x9x38A&0;g9ZU*-UOqkZ
z%z#j%?PdgdihCkG?7dul>WmV@G)F^a$_uJ-^jkw#QmaBVLBbO6+>GZHwIe;M4Vtxx
zO3if{M{SVMp#qiOj|d{+;B}`<q^b;OPKj9}qb^hHn)Z|@*L(nsGFQOqZLNP1yuLMX
zdfq4f|Db0zyuS7PJHW`O=Ks-^mPCG$if6!RAArM>|4*NqUlKg`|GI8?o<04qrhwPq
z!RHbfBmcLC4?N2TukRoKZ}9^_bn%xVuYY~&z-kk(|2?L}{;Wdu)qgd$zip*{$Nc0*
zt>jmw2rv4<|J_xL69P59<%sJ>3OhlcL7>hlkqm?D=4e5Lc;0r$qa&f(r>3)Q%s>y1
z*W1FWdBNb_5y?>fA=k~eq-09~Ll+SpjDLmLRwilKlb%!~r<eeokeCrcV5C{N0p-*g
zYhkN~4%y8Vz*%p~(?D4t*z$AvjTASzfK$nH`sdgH(~(z^AExc_yd!Bn3)gvT_Z1&@
zacu2ncY}9l=OxcwD#5j4?S4sH|76BZCn@qLdaDZa58YHfys5{>Kr306%-ND;BN>OO
zyJRTpa;VGDnndOOAcsq$!5<*j@KanfdZb|6RRqSqZ`E6_GJ55uy1xk@6WrVo92ZPg
z{1D)M0~s+0KoFhH;`CDpGm)4zmk1r*q=*LYS?L(J2&c1ef%{pcwvRccm~znt3<T=Q
zfq4|F#D*QFk)Asqx|G~AV-PwS>?|`4Av>Fi<fotYn^inauwdm?s2%z`GWggA?`Mu^
zCs1V45g|LYtK8l5TqW~Pb1}G4QW5<{&clUEq$tQ47eb62L@XLmIk78Q#6x8LMi&e<
z9u;(60-ugq$^!&J*U5)m0M`a8Qh@HU7A0)@ckz|uSb{b(2`lXw5aRTog+j?a^Z;V3
zeLN`NuG>KO2uJ_MEH<aeJNB1A$F#+8j`Rl|y4Kk@%(ef2R9NUIYBi3JFpaa-xp7|=
zp6GCVL!e<~Jtk5hJ6RBqN&+zao6dgkYNfu<XXiCksQkLOZ2ER@wqlJpI`-E<J{1C&
z7B;_5{p%@Ai8x!XNDMlT`azH{#R@bDf<J~SWZ*;>Ue8JcA{|_biTJ7<r~=6({76W|
zVE_g9I7dOJ5BF!;Nj92Mf|oS7$W=3!BMg#lKlD%If$Oc8AAY5cq!~TPqAKeAAX#`r
z(u{@X!PM;bfnsozj-VXY<h`NDTS4@DxdB+R8Kkc{UD1Y(y?w^^VTg5h!vPCA0#_$9
z%)x+1wKqqPg^QI{n5I~dDSy&34xGuekeNp_oz~&v)5^L;36DggqI@&^p>#qVjRB~`
z=2Z!YvQc5X1-@?D+I8_zIFqg^1+g7DraR1L&C{{)Ed_Ee7&O#K@^Sec2jal+qLnH4
zD5k-L*TEm}sc)f87GDbLTT5DzP*6Fm66b?4V7!DlOSMoscJ<Z384J;pBSBJj;Lvt>
zrM2_WdIKzo90?!hXPrXKnETDZZPQ4Kpd()aRamZQ<{CpE5;XNQ5;t0d!TgadGuFR?
zEoEkcLNK8Ep?iGvjz2-TY6TLZr7B&KC+?HsN%p-@z(+wSKqLYf>c-c}uMfds<5hHV
z`v`^+74r-JqkcXx`kRf5mw2|{j*o-qZ<~{q2xKg3L*cZzak7+yO(mwsZkP@nKp*f!
zsP##^;POj%3f<ozts<i&ZGA==^YkqE-(&m@uy)e%eG5;-s9p5N_UdsMMy87vx8VN<
za<ZAja-gP^eQK9GrIMuQ>(c7FX&kd$kV|zK2eL{iB(R#GFDkvTkJ7O=9t#UE-Plrp
zkgX%FZF@uz(d(N_xd|c8o#qXWcQ%I<zBcmZ@WG{BMsGnszk7_Qr#7GO$WJX0K00ge
z9H)J`ML?kgpXAaC*eB6?rYhPbR#DO|mQLT0v&K)y+l*|@Xq3B;Nuq{l!LP$C>64H~
zl2x3Zng}SW_8=L-2<Wz|9PGe!mRfg?rHi!&FD>D~u9PGjs?^sf+gTB1+`|<V5V8VA
zb@f@81W-9r+=yB5g1do|n|Cpkjo7}lWLQrBf$pyd$N4*POj)*^!v2A%=s)L5q1kb&
z(N&{ZeyP{^u|};V{R431472!WfDl;gKCwH*2~}odHmW>4F?*sGlnxjq$`<HnHTAUb
zP%6sa^w&(`a%{;H0m1U16@~EH4pe}w%qS6flhEoOU{BhvMHnTj-jL4@9P{ltwQN1i
z7^D&I*v=VP|A`@F5Hnn8ZGsQV`z{zCTofE~Jh!n4w~hCS{ql@zmVtR~WTw}UM5@k_
zChUX<Tr&6vhaST=05zEr=G~qHP%3;KX*bCz@jN77!}Oul$mGh8c~mK|t|B(zApAER
zv2%o(Seo!ySe1ghUU*kGrx5*2eD(+9W)iXl^JoJQ_%6}F6zB#E7i^%rsT9@0Anh7}
zA=Ws3YRgM;hVtWYOaiR)Z42jCr&-soB;m`jTkkf-?(?v1cWvg>g!On9d6r=a4WBFD
zS^LBL3#Oxq#E!hGFEfF;7Zbydc3&B}Lln^FXfSxu3@ZkxXs5OHQ9sx*h&n1OhI|2u
z;*?@et+Z67JaN@TfZB06-=EphzKjG8NXntQror8_(`WB(v;a7TU&rh!?ieBIOz|{X
zEgoE#@kUw;`<+La6gah^IUL`DCjZd`3&7A|Fq%I6M~j65m_(mBMw+Ixr6SO9oLoX0
z!sx+7V#wJjt9~-(BX^fh@#`{{vHrDh)kFFzlEqI3xF`EZ4jGAxXN<N|?XuUOQ=Pg#
zv{XACE?o$qDKWV-25a=(#h4-FECIy&Ih-I)a8~L#SP1GuDqtia-bce=`n9vHuiX12
z_kWn-5)fH^)sSDIx;mjyG;Zv5k{cLO4k(IX3(c)63`{aK1Bw$R`Xada0*o;0!PIu`
zOcfslSr}}fZrWSIIz#eT-25Y%Y0!a^&UYi#0|C<%&d)b1VpRq$^zvf>RVh|-PFP@e
z!a`A&kC>$cI40%Om~(l(jdbcP1kRYe{32X&uia3xs=Cz}e{Rn6y4awin0})xU0alu
zE?Cc6VPpe*O9>3UWoi|q>RP*k1ZqyhD|dDfyjIeGtVLZYwF};Y3#=)9x-rc(iU#en
z53b;(RN~!K+N&Cg!EKvHlXv7~lBb)dI<4vrGNimopQI=v8#4)uOwlf;YI}XXoHnp=
zh)J=^#rM2|7qcWG(F_=K9Cmt|{vU7e7-UHk{eQM?+cu^(ZQHhO+cu`nY1_7K+nToB
z)4lh3p5H$<c4H$pHez>QR8{6VCr{qEFYe8%`sDZ2S&Ad3DiBEhOrd;+LSW;HLpIe6
z{Q%#DS6<jqAk{-6U&bB4+3ZNc2y2l7Q7%`yN$TF3ujD5B@iyu-ob_anrlV%vt~dTu
zE6ff0e9Di80Lzh+xIub2xC{l=O(PlQ7f`go5BQx3HORbW;v)Q}c!Ck}>s+%8Jtmt&
z2p$my-OT0*Pk9Q|q=3E4S#FBPcVsj>Q2x~DZiOxMpy@MlUP^yB!g7<z<m&Ht&Sapp
zDwqyji;j=&pGA!epF6b%a7}l%omz=Vrb}w@4@$(l%FB00kT+_#TI-Ha%@-y~+n)7v
zICHlM-I`_H;?|XF-j6P+AHEr5AcS@0F7A3H&m*{_%A&MWeQffw3^z164lNEDqrxl<
zY|(bCcB<Zt=xy{v86?$9rZWL)m>C$}IERoi(A^#>=8&#_krf`*vdVk{{-8B#=vA)e
zv9*<>n>}{=e_eeqDtn)o^<@E<_p5f&?~n6Z->21{ck7E4b^oi%-WIF>Ll+RL-2(9H
z|6R8K&oK#z)Aens{lejVGFNl2sQo(MFfRmsTGsbR5RH02uSIP7FaEy^pp3&Rpmo8T
zG>}(_wf^rMUe&c<9ZP`Fyiy}{xKSC)$)asXZZqK#&S;+(C)b$C@en9ZXQpy=FwGRg
zwf3}49JDIb%rfAjvPMUFT!?yV5hBnQB9x>|W|zBb*G+uPv_1wj7KBFs(TxGDj+*U`
zJ(123$&q4sa-b**)+sE<b8J-uR&3M(B*qBGyH-2`Qowx@DHLt!uXTyp@OIZq<j-f+
za<Kk(O@2Wqndty1${^{;dlu!UvY*zKgs2f7R^xBNnDd?3yC~Fm$vUmi=tI>O)w==O
zz_jt!!gOWoH?7b+kM?(4GA+mHGly=BWlCVF2q>9Bv@TrGBB&G_PGHhJ{$SHAnpS&h
z#z7-NNzj=J0s$a)P6qechJ~9_<*u?b+1bZ>^;d9THoJ<EN#tvjb_n$YE<q&$GfgO?
zX^dYF?iO8ht%wqqQMB3Z#EN2TDz)&Jn=RtS$b?#ncu{@WBwe3R+nfoZ{p3DLNpF#@
zuY)o2?n?S5(}ruFytrx7NYk&~$P()A?U+TXw*^yuRndCti5JCWlfY5?G*RxK{X~|K
zS`2nZNWFGOTVZ7ySsE#1Oak&Av5ht{zX1A;Ve-e^Zp2`i(=QWsDpVOMmov#l6-q(3
z<*v=0Z6G(kS_n5gLu8c+5l5j~>PulhMa?jMNb`+b(-bP)+xFF=`J0=)>E~inNj5A@
zj?$_#hr(@l2=w-_k@B1I4lJjd8NZxaN*$Xkac8-k*$PpFW=F8)H^K-?TVN4=8+BX@
z@WF!=L~(bAM^W?fFhwJlVS~89dpN-AY9YiyP*lLO%8lTv%;uhjqP!;x#kWJX*Fe7D
zF}{c%mZh+a&^J}*DPW})*eL2~91O4982mVKDg{Mb+5;TZ`!Uf)Bxs(dpMc#esHt@~
zecYtO6ejoQHu<Xwp@A?&#rRu7!LZGM%Fo@k7QZt~-RSmw0o9~ZL$1a)zV7fIg=L#4
zK$r8toD~)~bKfXrno&35TpWS?n{U=klHgNjFOlU3nxodoOj==Zl<Z-+;ePtKwmE-U
zTF`g|mIkJrb|kua>hO05tC8+`8xJsC)=FrVZe-jEbl|)cYV)dZp$v_AcL`|RCV>x(
z_Qxr$5A85?&!L+a(MS<4-PjgloupG$F(#!IrZMKe*up&Mb;#Bh*eMU{x_!0O0FCuL
ze`;ITmecwuq!APHbzrI>*Y?~XQ(;EH^6Lv5K*Y-(haRvvj5&QK%WOCq8=zmrI^e#!
z{xC&Em`gl+nhUXqtX5h&X;$fZ)c`Xsz7jf%jt7UZHn<ZZ`zFoU=L+O>&ooS=|8Zpx
zM?BZ25>dy6o_!ob4F(K*7(*mTA%axGw#FF8m)!$N_+2kcW4K$E48#riVO`x;zJfp6
zk!Sp&qjT;1^!cEaQbMpkN=8ebbCYQqW{s0F_Y6&g!`?o~W$QU~fUug;dZ@M_2}Z`M
ziAvgWVD~dwb*n5d)4?FlR@<92XC_$`t;3~`7KMcjf1{oqttoKRemhm0$>5=R+l~5{
zxxnHm1$M`x9ZrAMsX9klAIPcJNvc?(wW{=2hhN!D8`vBCw%tTz`idwGKm`{#>EmsA
zy0E+R$^<QlIhA7Z?rk~t&X9+_7byp2V2vobGzA35xj~-RxUz&}EoCa=&ppom5A=Wq
z%hpBQd9OAqn%eA=hLYrOA%gXNDLYw##hFQx!jZox?po#|K^0ZD?=W?0AzoM@ublRI
zku4uAumF;zcCka8u9jD5ucSP6l{{;EV*#ZEjJ$F(YUhH3Y9C51c!3KzVYD+q=V`7!
ztzu^nSLPTbD72G#?<z=-)IgoS_)cQB)(*~}jnU|Vd~9T*xvK%sc7s(O&GZ>Yc|7f$
zG7HzfRP_g_v0bn@6xy8-Rxp_cS)-fud=6{+yuyUDOh)8fx?_2m1G5PL%N%aG2H{So
zM(JdWoB#8K+6}LDQ<6OH))#3Y8AC<tFL>knTMidtL4kI*L5YS$PnmeR|8O=F?At*r
zR`Y4@W^Yzy+6H2EQ1F5FZ!7*Ql4Br3Ehi~G+@iFQnQOQTkH=xCxg@Ei+1${rXkSlv
zbGg$K99~wc2ywO}J6rekxlJ?0c=q_wWVJ@;ZR(%-{jM&TD0_+v;|II$Q(0`YEVwgx
zQ}=j+iaB1ddKRHVxKKfT1+%`kcY<MKJ({!-NiQ>ki7&Giq%AXWc|<}?f)#AXqdu&Z
zoD?yJ^nnD3w`@vxk>4`2_jlEbq%Sy@&e{h28=FFs%%oh%oRw%F)r@nv-nA;iZ*^?H
zdgf2qkI$fVt3FiYFd2;5O@ScaB}{3>4f>V&w;Gd0;3^e#arY=_bqu6Nj$NeIT}&7l
z+EBW^fKzZh`AOq9(@_QMSo$5n<sl7_3jO@K<YnCtL+i=g@C(i1*`VhDo9EVSSU6=B
zVHclqehx0OEl;`NZNRd7{Y@5k(~N8Wtr<1?Fw)$`I7t3WS<ODOal?R=c!G?vt<R_)
z4r-o9$sSv_u9&0u#B!45*}7#S+se>m+fK97I#8B14i8?j($SQK)H362Tuz#fNm;}h
z?E*q4J$lUUH_g61x?&^HUUtv>9_kqQE<=3<dfa27YAZygl{5{o<ajp4gey1jLe07z
zG($1-ZWGpP=4MPe^n924c%}gc!D@w)a(YY9uuG{!3;?=v?hDh>Y?Uk7Q5$S`JuX2c
z|LN_0{n-fNrD?w5JiN8x_F>pr1L0EcD&_vvoGm;JQcYql+qayYJs_)@e`A%v+QlO`
z4%b+|lY82=RC_;+$z&_Iz(Q<$C!NXK<`B$SrMON`7VK2d(jV&Wn<sR_=O6kfB4(~1
zb4MML7^q3efmauI7RWwb5uEa@@5UL@AWLGnrJ9z6io<Q|t)t8uwXaI-PgLd48?VqO
z=!xdbyfy&g^y1&{=kDpcN!WGjam&{ZsFUH723e5Quu4tlIx^Ds`rHi)#JKhex)LNo
z91&uzB8~G@+04GL8t1y1NPXqrf(T|n>9dfMR%Ec96xM!x@t$GMuam2<v#r<D)8*0Y
zye94tHOLSUkMxYQ<TxD#D|nKe#-gn<9=%G~stRRh0F6C`p_=)pS(vW=+ck#QqOV&Y
z#BHrx7rdrAakYgma-AcZkEs@Xwh(bTRxvxfm_5vtB;J-_;}V+m8>X&7!Gl1KmQ!#{
z9g5zVbq|N|ueOelFvg9fL28!iKv1AM$v=BVITvPhUh<)JJ4_zCNd=J<R@IV5&Rc=X
z1$tL@e(my^>KT1oHPbOh0rhKAyy`f+IQbg|DhpQ^!^QfG=K}fcAEn*qm91~}aQnZ&
z<dl?$Mx`amOiTqd9z*R1`4I^T*>-VHECAD3zAyJ+=5lAbtqucp-Qz!g8VaH<R|v<*
zT$1C#rP++{+|P@^)Ivu5JXY=@CDx2mOdA@LZZC4ufve^#@{k*>2p+(=n)prHCJ5N5
z4<?*~2H5{+qKT$Mr3t{!4*G&m@*4V}v40a*BC_&OWPD!VBJS#Z9`_>je$Rg+FeosY
zz4Jrm{&)q)k{?H(g8XVKIIv8*O``q)7m15E)2W!eIG+tFo%9FCbi8!(UDhdMg{=Fl
zqN<vNJwE9COiKINv%=jsT&AW;jwRAIdS}dMc>=<d-V2vRRJrcD--`O8l`{_CRNurt
zN?t~xza2BS?-H|73fQ6de<Gn~rtja!*X^%}wP9}kLWv&7d>LiEP=CD)sG&gfXN#Bo
zQdCL?-Q1_5<id<TpPeXY`-g!FEu&=3_N;oJ<XKCfJ6{}mPe>M;%v>MPW!ML|?X260
zD%%HCgtk7Bt<I?@no<v^ilVgeT^3_Rq`{uo09xaz80ErXp*yay%xSZgI#s#<jYYXi
za$lFZLXK<Q7(SM!N1M+5*dvLF+DYl8lafn82+KfBFy9d5Fg`A`-1+|j2&G-sVE{lJ
z+`smLdTT5A4ox`B2iG19<I}K7^j|b1;F8FK%C^%NWp?{3HBRZdlFO7P_!OgcREb%l
z(8l-?1AY^{_2hBQSZqDnoD`Y^*e7pk!;5E6O&I$r;y=?NhVgb6_mSyB9zd@T(5DnO
zJ3Gj0@GJ)|*8H%h+`Vp4b?0$(=b621eE*Aj3LW_C;3x=5KUxXu7n5o0+>_MqmqYXB
zb1)bQd<Ubk!;iannbW@@1zvmQ1l^h)u&5|A0xe+}S9}!NkD}gBnqaY*^uI$-D?M5-
zkf_v$swyLJx^?Z7zw<i!0M#h}|014bx8#W>{)c$_g}sIGJX71xAXf-??l?OpTv+FJ
z+@W@GqiJ`s(zvB&Yfkq<G2`&qc-YFVwnG$Q!f4qxr65@R1UhShKj#5r+{_&nC=Tk?
z!_a7h2u>7WAev#yZq`G;y~AvfP^v&>5l}Oh9Rb{tt>frwo1Bzxgj>QbLir~}t*clF
zMqZG(y0Or49;;-gqusc=`a|!n7}lEL+U`arrGvz68uz7YkOK5MyJ+O;a_f~oQnmMQ
z&HV+MP6ckLu$9lqB>1WwlWZ24IkqJ7v~!YDl|)P3a<0Q-3<&cLSu=PiRHk97nTSAQ
z5>eV!RA32BTDn$UD6H>@<bbFZZT;r0VY=Je-O3fdPSHQ_4*DLOl^lR*m?i#Uj<U8g
z{$q~BNdU}IqpEsQ<@1-qtZ=T!@cCXa&=aYc3OS+VLjLphuy~ROdN><burvZ`VGWfJ
zCKeRR%{?rP{gbwP-cknk#`1g}t01=N(9oRlXC;00{8q;ZMtf4@VrZ0z%t&mFIVq?5
zpFg)pw;sb1TXbANQL0M4VMU(6T!xZP=?H+=Wew<b9Mhe$UPvC!xUbv-Nu=ZsQq@*)
zdFO=GiW^&m;^F-G2uO<K%pIqf3c!(Ke^RYeh#|%f!}M-ZqPjCf%NMRK<f1&vWsHET
z285FTy4@wxs1rrW&%r7a#~WDR&iu*Fo`RZLn%Y~$G9UCu>L>o4v2H&AiO_KTUj2)k
zNd`#Yk3nO64)5(E!Ry@O&FA~<`T6}qOw_fFAsL1(TvH=IZNyAJhM}wJ=LSrgwtB?h
z{Dt#Bj9noxO&;0wbG&9NW~jlxIp=~2EhtLT&gH>MMI`pHz#s?NxUW3zKjWeu)TD-;
ze>5_p%HpceZrO|>+c;uYQ%eA6Qx<4**YY|Qqy$_2(OJ!m1c5S0ehqn+PMB9n9Qi@y
zV6eR3;R?)_k1&VZME(ljkZUY0hw6f4bf&SIlNQI)AH$lt7xNWdRC3=DSot4ewD)cn
zhAqhmrgft}%(d0H7qK)oF~#cUgwNcDJpb&cUGMuL5>Mgo5#g}?bAc2CKUm0-Xd2RZ
zw+*z9LXRDU$yvl?&PpfYKntEyiDZVP8G6r^!v96Dc0DLOU0EkO<iZ{N!ad~N{d8hP
zmJEsZff?C#s7Qg<n+T6$32O{)j|WxmvCl?oPMUY+#_wZu_mjQiv?AdkooH(A_-y$M
zk%MrCXk6GMTsv${7|R$8_ok<bgQ<bSmRc49n$}BuF%z)YS=f2^pc?U=K;C0ZlqrO_
z8&Ou-?C87x<#{`HYh-8d`$c(=iYvZIqrmLm&Aw~rl`6@s>M16Sdtps}<<7OwE@4QO
zW6sh=+Gyot`{g%`Kq0jiSOAH*F^5weE6F+#4i(z@vASxNmhf!X(kvrrp_6ht$x4FR
zWcd!Q3S1)@Dtn46ov1t(QUdF)owT<q-7gY-b@z@Ty{cjOH@yMq1Z8gGx!y;o5ke5S
z$e@eES$`QGA!>E`b8Hs-u2|zGljY*6npKu{k;Z9d-*Xlh51pJCN03Yvh8<m3!Q248
zD;?QgtTZTeu68rksy1`w4;c$LU+D|HY{aI0RJ~g>;OFH`!LITItouOA+TwA&2rCsE
zA)47~2nNJLI9Y1O$88%Lc5EA4HLl+Ho3YQBDYZ`BYg_Xesl;<aHhppzFFu0d(GGYJ
zCk1a1;B}~xX8IXks4;nJB7S>IhW-2sv$WV4B%oD?KZgp4Z4Zhq+RvxndM{n3>9V{=
zV~2O`5Bg)d=J>|UHZ)H`yG;GbKS5@Fwe#muYtmZGnA-v?%&J0`x&ACj{ZTgp;Wv>D
zlasiK3KCi|lPpPmhGo3)lwHoI{#$Sv#{m<LEo@MsEAERrYn92YRG%sB>)l!~eq2q2
z%6=%c?i-O6vaKaR>Trxg9G<rV41}};0R+?n3{+PE4-^o-0R)5v1SDt+1e5@9vE%^*
z-PW@M0jarg08W6Yy=H*r4q)-?ex3#lT7m!)5WocjP)h*&Jiy)sI0*b~fPmnDfNVg4
z42ESOfVqkQsm&Sw{VJGiC2m1i<oRlj$;fwsc}k~_Z?_uphq%%P@g^Nbr4O<vEHTxR
zSUq{!pKP+nW`_emd9p`09r64@N*$B3DBf`7nZqcUyn|&sGFN4$O_3b~77=f>89dfg
z-%Y4|#ol5EC8$d=iCkcO<=?}3%$rZ{k}<uaiLEEIcm6z7ZqOOi6@+nVvK)UJ9-V|}
z+O?A~4st&%t@D5KIW-=D4Qc8Y?~vE-#>;nghQN5II5?6<XK~&at>vVOvHR8!MPK<U
z3QAY`(%!(SfmlxuH{{4lR9YShuhfO4r|q7Y`dUs1Xn*`FRat|Xk0nzT?ChAXlivj@
z<;!Tid<STzl0xn%$Fxt0u<lH4j#K?QPUMq%&66ai6em}OuZ(xf$gn<SS~PZI#!Y$q
z`osT4>a^x;T*6c*!w8SF#+LY&0KG^j6Xe@3?Onag6Bm|Lli@*5rUWe67GD4?9cVxv
z{TzXug&H7b$-}U-(70pxsnS<O2}Vvnp*n6*G#V&zx0fz1C}EjUK*sf?NQE59DD{qv
zHII|<+jUPMuK{irRVW~r`qP~LmnqBTX<<ShTOgfwO?j$8u6*!0*`Uh;(a*cv?9qI#
zKEVRr^1Hfh5upfmZ4@5(3lHp-Tc)Z}_*Rha^%(ViXkHlkKe7^m8&%~~wopcm1YIYX
zg`kf8xN_0TYIDP;bnm3T=8Ri`O;CtU4NrkToUJNkELG8iKdZP$$DH@l`rRW!#zjt0
zdQzTTi7jj5Xd=JQSfIVBLr9CKt~4K*+?=AhKV!Sdoi>;RpWEs>yKbmEa*o;hlPf+v
z-v-=1+S66~J*t){IRdggdF+5W__JF?cVXgE?^IA<rPYzbyF#$rgk?qLWOyD<8%m*x
zDta*XnG|T@PLN?QWiCR_`C5$_^%ql{V3?0IBaNP7!fmA-*YX5mdRJGH2U-Jf-kv1>
zAs-%-*t%*gM@BX=IOu2{nd}xM@#D~;Mv$a06PD98jW#fbL8djk>2R2Feb~(Z{y^_S
zq<uME9Pd!2pO)2W6|%VAMmGl#O3cWEP?n6gVF#?;WbbOrzFrQCJ9A#y<yEYF)EFjm
zu<8yeN!EI3C0XgiZ6@#?MYq=sMd|&p%6OUEs&tEmCg6ny)edG_C>moeEv(WVSENik
zlC8Xq88%t}5K1$i>@TJqdMu(QxW!N}MJ%j+UO}t1GWAg=Df@hZKZ5S0QGU7<5M~(Z
z4o1}Scej0>P2cU#?1ZQnpTICWdQ-LpeOH=>q$)}0hH|9;1RCD@0K%G&vINh4lsFUB
z_Y9<bB#1g(+~Zx8=IcCg0}{Lg$)ZB80%(Ejpw96c<U2B$i3W+JYCN}l2Ohx`B_>&p
zYE{!sT+@`Nr-;&y3A^%9{FuEcgN<BkTu`+fjk;8YME*&{IHrCS=L4Q}mS_A^Ui7Z$
z3_)v>n~>6e;>CGGfY6H^SCV2Yg7mV+uo;R^c5O<|whONY!2T2rd!W9&HN}H%V6hD-
zXa)8Ps5PoY)#J7o$+F)(RJ1wnSkc^H|Iz`87u&nZ7RR5v%FWkc>ib#rSRbpuV6ZR7
zuHKgV%6)7sGGoCWkE7mee7#Mm6&e_L`Y5)TjScx5imIIRf;6G)1Qi>--nAkB(J6NB
zW_*C;v%rElQdp(g#)P7f1_k#6P2+Ei2)r??tcDE}%+JG%@Ws2pT<B!!Zl1`ez_*FP
z836KUJ}6CK{la-Ejh>IQV|IbZxE=^ogHtx<GmQ~=pfq8P|I<n~o217?QW&LvIp)L%
zs$FY6ETM9bJw%7TnfS;GsvSqD24oY-i7iA2o>(2(7OFkUQh00`$q9W65ch8cjLpA>
z<JSMZ_t!i;p>nL8pSA83$;ot+Q4A80#t(k1kND`E6p#bZs{^D1j3WxIwE$fHdqKkW
z?<9J-LN%!yNKQ|aDpe$!rqgKO9JrG~=Fwnu2j0p^x*2g2;JjSaeE0W0K}dNoJFuSl
ze8}z@)OTNGjL8(E8(caz$QU=HBkgP!Mcm6eyiGrvDqsl0sVI*YQW^qTt9!^amkAP*
zQX1lfO2{|51xlldy=^Y4ZoToA7_u;aR90y0{ap<u=uka*RuKIeK3h8Z8+PaMF#&eH
zivwk|aj@v4i10z7H76e+QW|(!5-yg?18Y1zrp<wkvdMfKe=zP_#L1<7N4++nTFmYE
zfRGJBZzc8s4hNS~%cJY5T=!V@n+Jj-!S7n$fUE%eH>f|b)oS%(pfJCq2^i@II-d`c
zv&3mrU^Q4-ze!;BW@od}Zyj}rK~eC0QMOXuVn*)<bi*Jym|Gta;!%0bpj4j5Blj5Z
zTGbHhLRoEAmO^;xbOt%a*-pC6FgX}@l2a@$a?$!Ztwy6**G&;o{sc6SaVbaWXLRAl
z^to{PC{9XtRN3yiBbL;+;*xZ|Sw(k8ngTL#*#?HBB33_xx+27q<RI6{0?pB=Um{08
zykvMsG)~?#Yclk2<3JZD1G}WW;2pR(TwXZ3^SkE2uy~7L4JBH5$v2jj`f%s_V%g3O
zh6Nc{;K@nv>|6CLumXd0$Ps0ye&bHtT1;}D5s7E{EW-DUpX@}j!&eTc9reC^-3`x%
zf9T&_{k=W7W#sp(e~Cx_Jah+GzHPo=jr{%XZ^G?&dwOv4{*Jx)e+f1nvwb~1>>yrV
zj`qntzx00D4w2<eWoFKh?E+nSl!;DvN_j!HplVI1{m4`{YpB{7L0zhvY85P$q8Lt|
zjXAz6D+-!f%g^dFbVnz&U7)hLEg8H!Z{GI^WkU^eya~WQJQ_vN$oXxbC*O(OPSS8B
zYy8M^4(ZHb`4R?wOC3e3^R^$Jqex^#(vZ>ko=RH>sVL~7iC$$=5IE>#k%Gx|6w|?F
zu43Vvv~3!5Y^K%gfPiZ66U!z{ZvEDCc9zSmY)@B{-u&G^s~ZrPje?PTQ*g0DHvN0Q
zqDvM|1oLI7x!6S$E6p%MM)L(B>ZG4Dw7PgxiO$-3hfc1@VomqAHlJ-HH{779zk;zD
zlZE>Oej>V<Ab&a<{N$57mWcWVKK%ChL-`J7%v+EzaO3EG(Gh&5HEv<e`Vl;Rx<wb|
z$X@Fc;YPA1)X{IpX?u@;vr8G%CLp&4c;WdwP~$<hr3M8p(B*6mLdr++AXQ_rcB0}c
zW0krIgu*%S3dWeI6|eQ`O4QkXk%<8lC@PF?8IKqoc&Uz0$-2$F$F?XL*q_dhSno#+
zr1S@Ws|hvvpknQ@^M~nm%VsvWVn+(eI?_HIkjhBxn$j~bdUqj_&c^RvODB8vzg&FY
zpFc@P-e_>cFgr)D;ZT26o_#`-mWvtS2YO&9PHsk^i++{7<jpJCWzI**dGsHK96geP
zN|JRk3-XOW6n3SeGXxJa6{Www&sgv~pj)_Y5PGR8&ujdul-G5o#Ua4FXlj;~Yy3O!
zlOsbp>N#`2vmyG_?B}x^iNEoH`0K87^5Glbw(J6Rw?HadWJAdhPUx{+!}xTkQE3Ox
z8}M*<*7o4~wK||<w{@UbF_eRc+LU1UYXkvu<z`eqMVqz2p9DuP+Gu|=Hg@QTNMr`F
zZ!Ujvs8?<b_p#fG(6aV=l!}fA8gE;_#7u}y%tC%Cyd;lx2J(+I4?~r1Z`SjIo_hxK
znoEMXZ9Jr*1)35y{h1tKQyOC#JGMfuvT}6W6D&FfCD&=EPoit|w)3uvJ(q^X-i1oD
z?E)emV-2u2y+a!*ZHhUGI;iR0NTWNwiIWs*^cHxdzdKZFzWQ8aXJ{p^P+4#`!_r0=
zv#O6uUk&L}+fl|(9jUe<2KBjp-|wGj9zNCyodxBXDMuEby4tay1_`r#>O?+LTKO7F
zy!WXLQ1r=7+9p0v(r$3pWb^v+Cak^Y`1vGa?OpsJTKY&Fn}$<uZ5#@q1eX<N*pnF%
zlkm-KFxv!GIDg)SV5VbQ1lLbVPO)w2B7Vz{26!-uLBfoG2B0_7AYeK0flEUr4Ygi{
zpnDm6C>r!wZ~TUjOLG~4vfW~~ATtzdZeBMg0R5gNS7u-%RXrMfqxKYhe*Apd@5xru
z6F|VO<7C7(E7{vhaNJvPcGillN?a#EB963bZ1<IC2yNugSeunNHJ{tx;W_;KTcex4
z=fkkjXBD%PP4^`OJ;~(XdfPaDHvUWw$IDlkV=3s~gQDKy1aZ|FSd6m<Dnt%zXhZ-?
zio4DVMdhMPd<+tiin6bQ?x&h`k;+j+7Y9Ai<%ntV4FxY=thtE+{Th6<RCce(zWw8a
zS5K<QZ(*f5=xAC>qq`xj{d$b@Qeza;dO5GOmxh4qLOW)c@VqmvKI1cM0H(8}6(D%>
zpcBn5^-MfzoiAGYr4_Jt$5kU5<fu_k_sf*6<~Vs2ul9*SiPZ{{OJH;NFBN!~$vb~Z
zB7vRfpmVA<FT^!9?!aen7c9ow!F{#$NOZsW8x#a@*x5mv3+Z?ahQcFts?pd+-S=@l
zw0j2&5%C@?V^CO7?99e@=u}3yA@Gpj5m*gV5w=%z24>TiA&@!UP3*En6(JJWn6|o)
zR4oQ77ba^R31LDeI$FaK){awb#Ro$+7B{%J&ZUSgkL>wBn9c!sKl-|-vAf~u(L}q4
z`*C4onFf&p62Tju-JpfgP_x5OxLl|;gA*$3uC~9mK9iNuCA$wK`WVm7i>V8WU90ht
zgEZtZFAd$wn(wQld34r-SFj(F1I!~gJ_@n=V`dY$_GBsMv6o!i`80gJY0jHB-g1RQ
z#tAAsChPIV^xvSe3!0hdIvH!tjk0Rf;(62WSh9a0omtrwdH|$jS#PLD<E3<wX2nU*
zP?@f!U}Ed{_x<YF(cdK@T?UUZ_y&4fx&}=nWZi_p)Pq{X#+$Z+)*}%nYIZ4+D=6HH
z>lqp|RCqt=O6<qPngXg`g2^?!VZ3aPAgFL>FPMg=g7Uc9^`8$kq^u>Q_N2*kjwlAq
zW}R^3Wv!8aFda9Rw?fWr=4LsH@1g~0GmRuxnad%fl@PuNEC8m%P_)Pze_b-#On@1>
z!&K3JRdbIls7o!IHkl(^N(b7%p64z#a?494u_7HmC!yU2SQmK7ePKz9c88*cSN872
z>jpUQ3oRf#0x%t|BIm-lZhc3Lm66sfE71bGUlMFH(xN`{%bAq?nOgnUrX$O%H7Szp
zr^6()0)x1ZW{D2*E5Ed^#!DNw>?cJq-U1|%xsxBeR>P8V`)#St+Lr(gVaeJ2B69;=
zDK7+a-teScWPk&E@ju5Nd-5aRzYfq%g#~A-v$NLxqEm$h);f4{-Wz^Eu9)n1R$7W5
z$&XD}fEzi0)gL~^959&B^549aE&s+lCk&`J0b2jFV*EF$*Z=wey)wfzIML}3eKE_H
zXb%D%KR`d8QB-9%&XSiMP7IV@kW3i3YFrt^anNE=Gua>$@}|N5@-Rh==K-JPS(gwM
zrV*Ln=!GijXg#-Rbp4q6%7F?6)UI@|Bzc&^Fbh?I5J#lVoGwS2sxa>Y&KeJ47Bm^2
z8z$uBA&-jI?1!?&$($DV;v2ZuhScZCD=RT;8v0wQDanN(VWB2nEU}IOU#nxD|IQrj
zkXQEOdp~P!&T9lmJ(eBsKDQ;uFUnW{`l<y3A*>wbbU3nl;xXPCu?MA=fC|fC+c9G6
z(uzRshjG+pPP{zA*z4y~AM5d>UgW@@`V9>~mZR~qi_VI?J&N8|Q^vl=2^I+^Tui%`
zXOKXQJGfHB088r#Siu`)$=#MjEVMk0_hfPbD?7roa<#S<h>lj%9T^1Fz!MDAOW<G+
znC5{A=xEcCtM)^QVIMouFS^TPr{`Ec5iSR?MvpJ3_YMp$A%Dsk8LOERlL=s7xb$sM
z87A@hngX=S`gHP%SHQ~B{I=V3w8RcPRfO%%2dQYf)C6M8fb<Hmu+#sNp@5}-15#yg
z$PdL&LX(+#+yR<}GhOWN(`h|Y$U?x}KfbA@OkAae3J~Y&<hp17u1jdN#Se>3Td$YI
z8`s$>U~$Qt=>F3trDhAv0DeDF3}=C^9S0Yy9^ZY4IO4!Mx3Fw5cj9KWFa&|^T{Ss_
zm0#FXAj+J-{*>ZFYJQ%>S!u2LvRnDPf_S|PeN}^c^4KVm74)HRLA84r7H_8q+6-DT
zBt^B+A=8orqw_H5of>MfaSINa9k;mEK=AYY{6<5lT(K&hz@RT(n!Ou#VWno@mN_tR
z6FJ7-WIpvWdHc4>Xs!FSdc0^4#^{S8bV|s$$9XX{{8NkJ1-S)8F`@+$!0|LBCaI~$
z45JrVSbIgo8t7HiuA$S%6=S_P&N&bd^Bq@<uZC`~!F<8*6jLpp@s6*PAGlg851B$_
zF|DDuF>&Zv@Do6<X^Y-D=pJ*LgO+Plw=Hn2x(k$RoOLvE*tuaFRj-5-`~~Aj0k)Ec
z<Ax6{BxVi30jBn0e$AbqK#l|NLWJeup|JTi=>}qs?Dr+%U@e4`j+%B@RDJJYAola(
zZ;kd9-|2FmNTc4R?Iav#Ne4!6?BgV`G5gKhX$`L~a^xgxY^)f^fRBlyuvG!mV8S+|
zJI9QNqpY>&yrxNY-&5*8Xb*At3V)ZedWQa)viUF4Y15;Qg4wO>+{AL`!%cc!B&|s`
zkrAGNyIE|fT>#k=iZ+G59)JE)p<d)afKy@r`#-XWEv8uhWA#>afh}gs^w8c~y2U2?
zWEV$RUj0|-W+ue#yzMmZ$ujK@Xm!Zg#%vvOhO=pPkb)(bvI_Sb0PS%Apgon<?uhpn
zM=9Iu#NKNc3@3OI8^vS?Y?VH4>Y~TUdgjHm*EBF@L+7aUZ@X*RJ4_NYeXv@Xu-(sT
zZAc~y>>-i3deXon))5UEXfaDR6IK*W=O3HhH*ve5Os0g<b?Y2f=my1UW>>B+<rcwf
zFN?VFm}$QHyx$GBT2(~uY3S7l99d?WcQjF`8+^j>!zN^0$ARK>R}MKIXzq-VQdRtC
ziB@o(6X4t*<79}pYhgGvZ#FwvSeHqp6P13-VjgfP&G}Ry2$b6bC^1Am3Jr@!SC0MV
zUOMzq#m)8|HN=ixOxWT8<<Cejmmk@A@v`KU(quZHhy#h)J34|e+#W~s_45V1S7nP!
zrzbFzN5Y1r3gv*m1!u+=ZSn_k)pLOy&M$`!a#Ckate9+O6|4HsRA#}M(K-XK8LXLh
zul2b`h_{U?MQE&DZ6l3=QAE*fwJVC8zU>}IMw`1k7ZQ7{D)HRa{<S8mV6n$g^wDci
z1N6QfAs0p)+q#4%90`JFZ_p|m;p|f%pZg`9)8M<Tvuk(sebp6UYy$oC8Nr+3CNN9p
z{mkf5TlRjZ$i5!7S*CIDm?xwyy_6~O$!L?@2u-T29Wc$GM~sbanNlm$DC!`q@uD{3
zMRr@46fv{%95TM>vw5UXz6!u+j4M8_5{K>Ao#Ah4vNduK-cXha@XX6Ih<Hxk;4?5-
z=Kdv+?>CkoZKqOsWeBZT0hddv1Q3G3I|_OMN`FF!cW@UB3<>ZX6Ml?Z6j-alswF6$
z*aoUOIyv!to!#H0@pt>WzwgTm;DHH2Yl@pdhM@G@8M=X(6i<;YIU`%%&kN&<M-rd(
zY6x{*o_;YGu5~)$?I~+lZ@3H~Kbnt^R}qo_8RcrS%mymMZ_xryW1`|XY@uS%RBIgF
zR<DnC>sk61M(H%)2&m#X87+_|JQ&+RM6BH?02)At?L@v6n-B(fFm+5b6z^%}j%puo
zlPXrB2Ge&;e89~GY#ELWsIfo_Us@6n0AUPvP7((>=XT#l?s>6yc!y;$3%`xbP4^5I
zrbam1Kb+Z(EhkohKE{XgzPa+#7S%?kFyYP`oLnVmTepzx$B}roWcp$F9#&YgHJ0kv
zu)@d2+f0LU?IF=vuj9cp+GSQJ$(YmzxSzD=?Br!J+Rg7lKyVaXMy}eMx8M5)8SV9Q
zf4`P?%03;@59J{7idc%6i}D|}0;gWCZ68CFn0%<^FJGuf8&_XApZh}`OZR3R3N56H
z!QcU@>hFZ{IZ~(b>u=yU?rdr}ZBCs~R7RRH=^h`&k<M*NnjzuTTmmk3l|{o0u{U>`
z>#Sw@Xz*o4`X#WDT$zVX^>Ozd5K8$^YPdvq_S9`P@H$OhX7u~)D7>#J7R^(^A`)nO
zA}vvQjKoT)>(EXdSUdVzII!W4%lzHgr29Vs)qCGo*!jgvty(I&xo9oEmj?nB6?^L_
zroS7S6Ko?w*U4@cmFhs1!R8h5{EMG#3bC>dy;f3zUfIm^X=Ra66Y5R)c2tj!uF9VZ
zNE=$D4=kg}!Vqq^7k`HA0sUlD-oxuy5MxtrXschS%1T1tX)D_psWW2~)nP9+Dv|##
zw|T1kd~RjB$~?9m5!$z;A|wU>UP=G5tr6~HE00loe)@~91Uo<1$p}pduJxSv%axIa
z+;4-L^WxkQK>HjCvE#eDL-NoJzn?ohx;Z|5-5k1~VyX|`Va1J#6F~72$ZXl%TWC01
zrG)QDuV<$28C@7musS~AS4&REXij>#Z&iYG@8e7KyM%<&%eMrU=)hhaUnp0${6ILE
zQ;p|+JNtaRJUIVcep~;D6}BjF&aMH?jWn!P#CNZ1t5}CmtERzV@P0c#bR(R>(G-Y`
z3Y|plb&4Q=?v1J!hi`k5?t|-WuIy{c+4b7K+|yQVUQ*`BKfY}Nw+Hg*IsEqGhCETF
z2mDSsQ*Zt>o(aksV2K=Mcb9!nPV@)I(xl=;u0_r!x@It=S5`J4^*N!h?lFyip<|g|
zz8`1^GJPi?S+xno`ir{hYa>?bs^q2LNX1!g`_dqG@gM!O(x~r0F?4j1PV;f4jLYz0
z>ufgVr)_;$9d3FxE#A5swB?2^ouoF6ZxjSv=fG5Tv$J(S9*w3C|EnrR;cw<}5jEw7
ziJ1N@*tWeu!3E17FuS=smly~~P2dMcTPuWP7)K$?%iyoPk-We1FNT7YRSNu<eot5H
zyWbrjhx~tU_CQ1-vtNS$NDAYi5Ieg8KLql}mU(2GHlWA8fegHeM{qm&tFh>R(RPHK
z{ajTa4P7|_Dj`%?qt0q%>9K%h9=M^E1!h-RD}F{wFe8d3oV4V}{xdT@Nd>(yZHMp2
z-CW!J>@>KM-aK-MqMF=jP2~iT{iX%?=Ha8{Xe-s$D{%?CNPTfO>C{qQ+8C&mpYgkr
zxfWgbj|3EG=^nsijmT%W=zSe*56_8dsNiM7kCRfH@Y?@!NgNHYNMy?q1j9xMk8kh2
z?cWKx=8s(ouc~gY(gds&QS@g#@mI2j&G9c<{SHjbg@p}w@C(QQ>P4!kLVk1k4t*d*
zc1d1c`OQ(2?J>6Wc3BU&H6|)u>9)|3>GjpW;@WqG52S0+rsxUaou7*qL?m_hUES0r
z!RvFv(1)buI8|?i{MvubiHl~1EgwkV?|Of~9-I#Tt$lg+^Kg7kBkW!K7=`+}>jYT*
zTl{_MdwW}723zg*^<!uKjz0Lmi8k(WzTZ7>Al;sg4Jbc8^uO5+8{{?Iz_WC}p58{i
zz0W%M7EL&;2iNWm<<qcH{zZ16);D9g;6LJah8aAkYR+$+^U6hMQX*uvU=H#iBQOBK
z4q*g{G}`);&m$b9^u7T#oLw)SG_lYyB<nt9hYv~#5~0kukI-R88?-xE4J3AbM{^#`
zkEvRG(E1Lu=$b$7;Y&i@y*ls;M5CgDZGE?<+k$%@49}7InYM$$_Kz2BR1}DhrdC~!
z%&c6aiVTMCI)+{0vJ?cIz?Fpt&j@9P0x3z@$q|FE<Y`w+bih;X0JUz`F^w4!kM^&d
zN2u<kbCm>EM`LM=Bl-ag#W4-@BKbhDh10&*W?liLF-gauCS=yYKRLUU$t6l6BBudy
zXlXa&VL53PjJvk|k+~!R)wDjmv3pNGAvLy8I^zRs6~CX-6PA%}AHAw6HHu+WBZX!b
zp*U5iOFkJgB=Nlaqj}5=_LbvA|5RqG(xLdRNDNr8hi?vSz2UD7TO}*<+F^S}z+80b
ztV(=>PQu#(4l7*a_B6||LVf(+?YesiK{9Pg%P?W!(KUs(D?r(EgPhsfhI58eF_NCN
zsW%yA+kQI@Loib%B|&oyoYF*w#LTKlGc;F^iRWSmg1J4LM2^>nRMCDbQ5e7JG3rW~
zb}HF)K{*E84GS|zY@I8rB;>YB2<<X1kR!!rQ9&9wRCu4;oPdixtn&i=1X#Dhb5JL~
z?u2P9)w<+&hBf?s<$F^>+!CCHIqb4sT`y40m$0+@W;+dW-yk|jrrb$KBsV1z%TaWS
zEsG}0Fi#SlSkM~-qaDO7OSCB{orKJCDVX7R&)?f7^N$T@M^|_EYUHZU>vQQ9<7YuD
zYX}gE`%P3Davquu*^6Q5u*&@L&sRzml(E!-V={GZv8?g!wrTWwH9)p@bF>uq-O<AO
zQLOPtL>=9r<3okH-lji(_e79XTX-0<tc_VGjW^KjEs4UV`uTL?<i!~wKJhFis(+#K
zMa-QlnfSYnHn3G><ZahaRqi8bf*MD+p)P$t_Q(DD28hWiCJy>(?~c0%32&Y=nNbw&
zfoNnv(?35naRvz-UU!Eyus>56vbeeMW@$}?U0xAfUGFw_FrqKC-JeVoyE}tJM{BlZ
z5hB&J%MR%L_#R#|ygi{Pc@LnH%*;I5ig3OK=&vZZo-C|w{`Fi{vF}PTY7HdENu-rv
zOJ+jlcob?$aE0S2q45~WG6K#{9>ZWQID@670f-ElyLZ)_&K@Oq^<@^OqsCYn-i6^$
zW7B7HfqaFag@2nhhd?<R_CykLPH<kgHh)$+;!NK=&ue9!jMZum@k(Etigb72^qNhh
z_%HsY;FJ@5OfE8dQd#LQCaf=J?Pym?q!q{wnKUer(bBq;sgvpTBh0f?UdfIZKe}lM
z&D?QOqSHY@PXUu$pAWtPpg^tXxMI%L9+q+a7C*jR=`&wO^qo=Vw3f$`rlu#!YGd~=
z!-&KM4%k1N&CnfkL+qxzTE-%;@l|wAYmk&s4uX=V^euYp2;$K#>-s^&R~&CPeo`?v
zK%_?UAm>J6sds70{g@d_k5h9U?L-T~MpwFx!T8*zqqHRt?f*w^NO2eeSehsSo0_pi
zXVIFJe5;WGmtcm~)yX<26LkUe^(vROU;pvwI4-{ZdL#295r%`LzAy7DxZJ)A!iZXz
z9mK^$sBHPKK&6-!8(vawxLKpVUEc*-rM*(z9L|u^IF@siZR8!|g&2Po_D3C`x>&Ea
ztcbRp#&+oMm1$m_h*8}qhymcL%F!qSl_@OG^3nH)ysyV_e)6ZwiC{Ub{Ge<?eY|g%
zw{2*X>4=-#NMj5lh97~kwY|-0ObvOMYY{toQqtAPMOE$gDyxvb(Ud$_B%ENGJ7Fc|
zFe4zavTG|ZmFK5viDsVKqsch#wFdBiUMB1Z>Bd83P4T7Y(@UHFZ}FWN=HUNl_zr*u
zKP9)XD*wVgM9C+iT&;>if3c}4f}XCix6BEC2xRvefZZ|B+Rn^)AHot2ezPc+gp35>
zJ7J8ozaaky-|5Q>J0615;Hu2t9eqjh6EmyauGtG^6)To_iqEV?`N>Nde-I1_3CvZ-
z8yH{%c9{9<N)G}2776x`@DMqV%JOAHA~MJx4uUV<Ij}q5gxlno&+J8R>u)>}!;`qt
z(;0ta?_5_nJLY27K6UbRCGov>dq8>dfv1HPItUJh<(QPZpOCt_2!Ewy_QI>i=b+DY
z6%|ak>BfI7_|4O+t0}XYOZ8H99>xwBjv$>`uPW{iHD;Q{s8pRO?e0`tIC;{Jg-o|8
zxDg&u7`9@}LFu&PE$)}P0s)1z0s{pAaGfeEP@uhh0DJ=gaufhSjtRguWex=7Qw3me
z(6<4n6hM>*;PB}Jbo6U|oq>Sp05lKM90X8b@IUq@cp#u!fG?a7Fdh^LXcGuXgZY=B
z0D>hTbq4I%tahff%o56Hz|*gIYp!(*sZeH*Qcp9yJEsllUje_M<l^^oFHv+i_I&N)
z!ku620m?%zTivol1^@CJ1=rmUA5f&WpTiiZW{A%9qsxPl&b6hw+md!qPgu{5j-~vV
z>hBK@h4!PNU(j2pk_eS1ffU1Z*$!9O$t%lUW>yT*5un+A9=lHclPyb>!e^`#_IO${
zT=3BL=#K+ug!kFYbm6;a^kJWD&R&JHwN{NW^%3{4CgWvK;fYzO6bdI%U2r#3%9r1_
zA7j%|s43>IDPCz^e*AoQ*C;fXssqEZban@0zl_|q7&ae=QEK}h@$t0WZZ<p3>rgaC
zm{PB7gzV%=2^+#>$GSe*884)j4Y#xoc%CLO2<^$rVK!30!hPQ%IG@I|O;>M_+mX0#
zbB(6Pqy8^hpXOJKnpi*q#PMMpm6MOc@7MS-!`ayW5g?WBY-fXgwlfGynMNk)R1C(#
z4!;LZ9H|bogXMY&Rl0q?s4zS5ffl-JaxojZ0Gr~wHjk`Tukbr%!KPfK+!QKx^1%jz
zaFgM|5Q0$S;=szJqa|@cRkEI)D{&xI>wv-)U@_kb7<qZ9Fs~AUvgVl9aiFsJpuClk
zN1JvX{h&e;_@-ny4JlCCVbBx;NNQlnNH>~M&}0;7Vm({Q+xDtMd(FYs1_F*P7${5D
zuN2D1YMy+3a&VWX5|&otx_K{wLj4$oA#i(6dO1x&%(QyW^v9fT2gn5@-MNXCaJ1=i
zYJ(D0RXF!1K627oU?1RJVicyw@osLD$`zg%lI;Toe^UF%Y<8IhUWQAC8}BGPb5B{O
z;&VT}p1N&61`1Us0@|l>_&qa%c<sJv#8TV&)}TUDo@KDFg=H-gMni~e1?5Ck)b+pZ
zmzE&eRkfm=Kh|J^J%>QJ7k}n=%vP^Wt^%Zo2L6#A(%?Nb%u>RGu}T=YX=W?FwI#~&
z<5hZfMkDQRLa(*XtiNj+hM$ze`<>&W6mAS2#4Mu99m939mfj*-FW{`km?tp>p+Bw3
zZwPq<dinRwrNK^B+8K4V8Y$D;-Su0rMO9{qNoYfwsNhwGF|tS1HILx7g`<hUoaQ1%
zJ_<ZzabWqr_$U)I^o+ucnL#s{fx4>`mfGxg04?0i9ewhVO0&Prf;KxN6%3=H`f4i4
z?gOgHd%<>Anqu<=+d`_<Id|H3JvL1Sd0mWpfEOVBQ<uB<M63J{m(eCq6l?Hlm8NGB
z=L%))(|<O6EN>t8?e<LJqCRWE{?f<`EfmP#-_2Rd5u>mG^Hsa@y796F^??gvDF*Z7
z9RrT1=^`aJJP-~;mIeY`Eo}(bX<z3FHhDvkD6?^|u6)tmJPn{cw4DAw%0uD%DxASS
zB5}hYy&^NnF|V|3R#-Z+Vj_(JK{=SDue%8Oo_f~UGl9U3reyYe8dR|NlKb=-2Jl2+
zpq(DH&W!~Qz=0n?_N>cGO@^$wiAl?>Vl*2j&Pog5<0iVT=nzfEP5Jr8-AQcJ^qq@v
z;`$wFmCQu=h>zdnDOMRjz1|Lb{k}^D_J4GrbPfKeJXGYCIQXCP(C~1TM8YQO#f&>+
zf({6mlK&Zl0pMx4Fnvx@OXb+xT5b?$HPBY2Tz?-E9Uhb~2ILX=Thvx!EkJn4S?07{
zqxJ{9GlQx#pWIIJ4cpCv@1GPKvJ3~(riRY2<sb~jN-H<3!>6{VkUUiS5pJQGQs1t%
zkuv14cd?2S5Y2ythwP3})|}$ihXKMv%8KgXiAN{~j!=ks4`rYo+pK7?*qY(Vd@Xm<
zZU_oQu>qy_3v#0Pfi_rdHGZR8o&0<x5^)N-uIyGsp3{^pG)Ayb!dEXipkNfR(V(#f
zp=1b(%MFPcF*K2OV03lx_K`RvW|?(s20z^>-VsX=L3vTj417FME~uYWr*bNP-OYrh
z@vQuGTT7!6x&q3gZ|X6jUn1d54(T<E7I36KZbrawrjSF{Zzv*;gtZoP{u&oXqbJy!
zHp|f%R@$k<L&w}?MD-+ZPpuCJ8cARWW8zy20~#R?aD+1WTniQkIz;OG(@Y$|{2LxP
zCLYiL*nLXMq5+mNfCb<ewgp(~{%sp;;DTWB-|r#yy;|V@UPJ_hC&B^8RBj^mK>?yZ
z+4gJzlf*aun`H<v7XolhFj`LmVDPNOKLTM#NPV1OOkRLk9V<X;M&*ByHa6wYT^l;s
zTzV9ytecD^+Z;<fVEjZFFDE6RqvJQQe1)5C%zL2%l4};9!cx!tA6zRl`$p0GpngT=
z+QDKS%G1lj(!!M$dyZq?LJYc*bexOl(n+dUz|@-57gQ!%1>3ML9as&cEi*8^qk>lr
zmV%8HQQ$lNx)Qb8rgn&`Mb5829dI3cvhs-S3De%B^}O7dJ@W6&h_0L1UiNkX;UO;z
zlkrBTm6$HqUmEYInrgO#UNLwtF)|n)mxY=;Ew@)0Xv%!73zv$L;5qfetybZ>Lu-n2
zuXou$X{q9Yaf_VeQL&(fTDhUH4g9x12sq);#obsM^!EoLnZ<qOaFGUp>*|7#jDQT)
zA)v+n<C5@&q^+Zv1S!EsJVrVF<^JW8hP-vqScFB5CoC3MVx}wxQA(nfmmU}<Tk?Me
z#g1`}luIho{jjB7(KwAKZgeoifmhO`cIodiBEmy`|09Kb3S$nS4l;E{SbCSx7B9HY
z#pH*Jiwu-jh6`ON(BNdBh%=Px>@;aI;?=UrNJ{4cx<ex@t7*Q|0No*-eqzvjnlrY5
zXNyHi;K#6gAyk9MgqL3&LmQbW)y~vN2^O!TII8alKzJ7r*NLyK+Kfo?0&($4;bvm<
zu_x>TX4x(Yh47<iW``z)j{h${Y%ofaH~S@Po@5{3_OI>`c{eC59K9(mPE5PV_&hXG
z#O_wv>_;RyU($#;oRur5UN<{lZJiki*EK$q@xkXBa3yNf^MfS^iMmK?m!$?m677?)
zP?`-`7_>kFYv{m<9+I)SRz!M)%}G_yF-(<|3X+~0IBkZ-9uuL~G5C~Vq1_BN&96%a
zV>*t-_fY3_4^+D<X4+V<-49S~TV>5);`A0Bk@##B1}DG4hg1x|Ym6)sG8b50+p3~y
z?+HxIEqQq7Js#;>VP|4jyWpI|gH#3;hlwclhOo8uV#A24>eY#~!w<Dq1@5Ja;|oX;
z>}^B!c0#SmO3!tKyb?)s(u`-c$&E~oXjEz(H%us63DU;NF9lwq#zmrrfq!*}oYyh9
z$m}h^J>Z1h-+d}9VGb7!g!|hXc+fou&o@Q@x<fv~uoO5qk<72@f5UTEUY8YIw;ie7
zG{(D(rNrGl_ekAVZ6<EPA+2>DaP{i2xs|c$0}Sm3(cC`!)&wA$>5};}-)rV$ApW)(
zv}PzW5Vh+ks}8~y&Z$<_4gpxE$!cjVuBCrirvHt!dkT`RZPx`|w(Y7}w#`|#ZQC|y
zxoVbe+qP}nw#}~Z`}gX#x_6&+?2|khV`PlT$QY6Nyw`i*3jeW8xd0OgcVxXbzH|GO
zj5H?`gXLyX&5>eZ&yv1IuLMEA$00z`R^1OfxpU<i&&R#l1C<cjH1KX;uAc#|JpXIK
z05`jfr#sYMVLUkZWbgK50<-ARg0p*EtPF9*m!L}Q;EvTmI5zt1)07znH~Bx7X~FNu
zGL5qSSSFzH|FTRT1sF{4GM;=r=>KJzoSrpA|6`euoBpv(HgjH?k@Wv<nQ#vNu}t~@
zWtqY+{<TaiYYKRX|I0F^56Jg##ZD7|N4D=b1Nr!Fhx;5|+PEo<afg5Y#nq|WjxH{l
zNkjZZp0(3Jfz~y#CN8p+m|#A;|Dd2*xHsCMXs$;q+Zt0T*gMWY>4g<>AT=^vz~QkL
zgVG$2%;6t_W;@?Zmq&k0bmed~ezv<f^3%&!sWl!P)0)Z*Gov(&4FADQW(WUZCMEg*
z#!MeWIauqbx~IzZQMw3O3|=4^<Mt}`G{|PeCBaA6LbYym#`j}|O6y>?KDH?3y#M45
zLH!KZrNNr^e(If%DLp8B)ujq;25UXE$5{nx)MR&jy?vm#yI3GhXBVKwwB5V2gaWW$
zdkF@-tA4*EGzip|cpm(-BuQ@GJd%T$WJSL8JHI<?#KdR%=OGs9;O-03@R5^S)4ykL
zZ<_<=^`Jb-n8bvbENE$o(#G?`G4mLNl7?yhr*2w!ifK(PMJPK8a9%$W4h5#UCtL#+
z+?zc+fCNN*Z{4L2s*|CEoZgqydgg0blG8Ad^$LSIjy`v7?Sdg1GJfPoGX;_SZ<?tJ
zmmc6>&D0fZPq6X-shKcV#hz{c|7xaRW|~Y4I$6CX#P#Vw2Y+?}TN`0X{b#2<1HEqi
z9Dpjq3BeM~!xF-^lAenSmC4am4|~e*m~s9d8~zKLesYKY-=Im>5OE#@vi=7&<<tIv
zCajGAQ_$q_4`^bC`QJg)+2{WNP5geZCy@UGGzn4v1DgC{#|?pjpq-6>3-p-kL?VD<
zXEuIAr!v9w0W(0xBDeI-*q$t!l*~AUfR-P0)?$epjQw7FT0&)-FCP?|8ic7B0WUBC
z4YCplZq~{_>w+d5lIg`m=aR=}NZ^Ezxh-<zw-a{RTG3u%;0XHJ2lN`sLWu?u6xn03
z`egq9G)?hLIn7^7U3v?FE7mV?lxyxC*W)Kfhc?3_yGd|ko=R#JweL6kQ)q03k6@n!
zJ18fvoWufECoJaBO-ZiwV~-hji|N<~<DB=;>}ATkjFV(ov?gQA>E`mpoF6I_KdPxE
zpyN4loL16-IG3mD!N;b|D%W^RIs&#{VK!c)TdCjNUVU(3g3$8*eA$*R`aS>8fDs`o
zrkAXljzeJ&;RLB8MZYAp;rhE7<e}i8>DdTQuV5$6dtgN0u1~KE5tgx42_&5u<8yG$
zkL@V*&)w7os!%E|HKKBT@P-PN{;JiwHF?AqPF~cgQmwO~F>D8MHsL~rm&2J#(J0>I
zR|tb-q8`O0?J+=*7Q`1S|1)iYJ_na3>N-#48XX~Ei@{<Kj7L~PHF@T+RezdbOu+tr
zFEd)v1s=5C6K!lrhh+}koAe<wJ&NBiN}0-N{9mFe;Oc*hre2Ky1JP92ev4F_yv3eH
zc}5Rxm}*FCn=I3!wlcBLfSLRz+#JMQ)|m{ofwDIdrg8>l*+W$>5W&-VOEeUy(=k>L
zuI&S<+ObqX!AI~7tTl;R(OCL-`093M8Mmyv%0}>UIrojKDfg{>JB#bix8#dc$@k{~
zSaa^%x!fm93GAY7$XRu-_5Xd~=hUAAi?;t>XsL%?*1hHHQu2kx@lWoMMah@NzpB2h
z`wJ@^<>z9)x!|*E!ADiAf6qVvm(@Qmn-T}{i846+`=*a;a-YtnKd1VphAT7UFdh4g
zx6hLw`A6D=y<Q!jr8LY_l<!XT7F_)r(elwd*MVap#~@?2gd-5n4D<BRLx>juVboie
z;#XkepW5n#Dr{*0ajA{5Px<6Rgfdify;cDwOQV^9DwQG!tT1CO7N9TBx&^Z$MIHi)
zMHNK%-ML91r!@g3YA`or#Xo(8Xt%`;*!IdxOPfV{t~Mb#WGBc~r%5C<)@1H*$P79g
zh9S%X;_$s7^<dlAEJDewwXdlruomU|1lxdWxNTt_2=I9HdEb%#Mx(Q@^EcFpUbmi1
z5AI#!7f`edq9yY`=@$YPrH?p{&QUKKLG<C!H&Sq9B~gTfkn54g)5~HCZ>v<$SWf60
zQ~z(TBrMW-afCoM@xzr)q=@W4{ufvBe)mgQ8VN>o5mTUNnD+#B!uC+|xXra0&4s|B
z?Hk|Ll_gZi(CYhduJm^SUELmoRcCtW2#MIyJp$;|oANoJfl|E@G{t$83cYoUvI!>#
zqdL!R7#}9iB<FCCH1wqrIi6H#aAiO%t_Ol=7nLUbXY^QofX$(J{j*<eyzN^DR2g>k
zsIp}!PKlNzGy_w${V&zc7MY#fJ84RV0HTV@WLX~TMU*S0AA!`g1C!8-Rl-(4P;Pm7
zx1n>sNUec~pS>jQ@h$C!TYGTx;6SmpD0^$Hux6d2OaHuu>T_1Jg=H^lV3ssgYEUrV
zanXNrhX}1e^W=o#yCR~=2uUi-Fv`(E9G4!@(0e+ta3ICx5Uq<O7;5%%b_K${$26m>
zpxbLvKd`Ak<d4cd^+Rc!#w(=}lXEQk^i+5HHte)N+?Z8tQ3v}$Bllst3Je<eB(}A-
z0SgVpPp6LRSB*m(aqv7IkUzvgYRDPh7*LP`Cjb-{Z5xWd)s9Sla);FTcESQL2iCq$
zaUR-jX5V0xe32&kYny5ArBlu{teEBo0Y4Ty470_blz0n%a)(&LS0U;(g<(s>`d|cI
zx;Hl2zXw<<jfG8P6OWfP*ADGJAK*0p`d!ZkYNzVfc1SidCC8qJUx~JRHnot1#x^_g
zo6%?@LgIsSh1Z95YJ22DQ>0Ky;4fY)S7RInvMA{i(}~jQa$m2b9CbRS>kw}ijcBue
zH8lZ@G?{%>)-F4t^0rLIz~gT&b?EDOZ}Z5}hE{xf!Ny{8FHzDZB>4+A#><Wtz_Nj<
z)UH816LibytY+fYg>+sSytpjTk|0*AAJ(^1Qc_)VQhB?m%GZFYWSfnC4;?)O^Jj4V
z)K*YGtm*#L5s9xOklMJ>2#*R066onG&@0qal&8*MUD!T%arwaWetE|$^>xUX1Guy?
zTUNKr3S$p+WpA0av|PNOy(U}F8}QV%SD2x8uQJa^E;DD$JYiB|k+$|zz;hdzhnx@O
zw|Jfs6UL=hgd%nx+pH<m+APRQyZH^XE^LjM-VYH#S#z#<{+m2h!-^u@vs-{I7JxW_
zF5x0@L``g|Or5Kp;==&g8ipR2(r-0&*Q7^^95oTP@J4faXLd&6U%gU9j2xn;>(fEY
z#f~cd-8d<2z$Yh36tE~B?fkn$!8+^$qwG6|!nP-ZdY#kLOLKzPvgos<pCQHXVS-j2
z(Dbf$vi5b(j3G+Sfyj)*`1$f67AWBp+SU>}5Lmb751izUn>0s4Q-K&nbd+;zo~aUe
zO^9|7#r5JHdwi6dl#it#LUc4{m{hG6^g;ts8A>)}$#<2gXT_Z7K<+glu%req7VXSP
zoG<rczE^^df%r}x`o!1OUDm3q`_P!5c2c2#9b~ms8O?SzNqm~Q0vJ8U^&G};>Gt7y
zf(+S9=1eTBItT$Y^^WzTI`RXWoF#iT$w9eDD!=ja!VKrnfk8{@c_-(ZFJgvh+JbFv
zzQ3=puP?+$$M`7a_^$Ek;7O`gx}+41$)Z^iwHU!`3<@Bup3$_$1he(|2%SsgQ;SP1
z$bY+D*UI7$?m%9+xJiFc+lA*rQQ@>x4f(xFw9P0Tl4xc($#tQ^k)yszQaot&6R)C<
z$`}m_4bw(N{&p{Eu1o#`Sv@bA@Kr=@NF8hAZs;4(kA4J`J}B4$0H;qQB9vmlEE|D7
z(r&U*7miZz5Tmk48cp@fak;0l<1p3Dm$=s;Tq8hN9YDpUv;qrD>vfIl(0|OB6&00^
zmjmj@G7!Wh>_?|uW3E8cjr-nuA4ccHzw+(;S(cCJ@BVlh+~O0tiQc~S?fkC)+>iMD
z?Ciwv@_v7_@OmQJ{(c3YO<I0gp7!LcsmBNA`tcKQ&CxQ}lVW~qCJ$2=E~=?IsZIps
z6kHB7NR1N&aY()RXz?<;a3L00MnkqKHK?dEP*?%;Pt=Q5A42P5;5WY-ZtpUIH)a9A
zKkPfQ&At@I^LpaA`LTxbc>oE)s8sQtB!Ql5lI!v2SK?p*OjHD+Gy-BMFxU%ud&+|u
z`s&6>H?6hgnbP=d${<QmaVCVy(#%1lB@u&hB1qP66~3QnS$xec8Wa(jq;sIcnqrz`
z5R)Wnn7O-{u6Npq&@X})!Ce;E+T!i)@VjtrmEn66)BdPucy|};I9E^@nZUa4hI)xw
z(rOwXppFz#fz}`jRkrrSS`fTV;2lr9AfUq~VUN^mHW<1J$*5${`Gt2YPug54Sw;vC
z$Kh{H$b)IR6Vt?dXlXs70R`7y10H`8k^{mQB<wOp0EIk?(hR*bCo~uu5cE~=S-e(e
zr2)NDWPNJQ{U&ZN(*&sdLkx-as;_b%Y}&8_Ifi9}KN+qPk^eQ%LNr-9pgt3zRX<o+
z;W+Mn85vN5(<IH}GM0f!8We7>U6&@6;!HvP>Bc}f+~lSlL%N?JLf47ELEskhd@^h2
z#)Z8GQWUCT&9}7Y&o%QD-VA1>jyw?z4c=*DhUeu(eE$+}FXb)h(3{{<Ici?7B)N;l
zwjYa`bjUc~_fRU55YW|UwDoy+d&n0I-V$JnhVfH(u`k`-0<5O;Ko>=a*9?Zi&NcQ{
zmQ92YI{20D_n|*Cd!b7c#Cgi4>OAhEU}eX&6<PHS4Pz%YQ93e1>ghB|>0Iz~A*a_G
zn$P#S3|-UR`ie6JgyBelVnGpa`L#uc-rl5Q#~Rg#pe=`Wx=Lf$lZXoJ?(nGts+xIz
zjQ)^4tg6U<euHUv4)aG15ENg8n4t!<<{GFTx@w@AVOrXDl{W}_*h1G2z}vy)p=-Il
z72yK5>7fwXmd)>F_*#aNc|HKfl$IfyCbTC}HykX^J;%vd_r;!n%wa6<C~^jS4EkpJ
z&$DP*76X<pdAvX)$waPK!}DmLmUA?=O?4zkngyxmWN9N<?|J$O0D{OQ>{m-x4MM{~
z>Zad*pGrTmqDU`XF^9&@LIy`_vhn(fu*Zc`A$>oACz+j8bcGi)XnVf8B6UyA%C|gI
zwJ}#Zvc%4{<O^jWQwCe$Q7hpB3G6OxIKw{*PQ8`@hth;YSHxGZTCSgcAa>V%TUr^p
zgjLT$6{Fx97&@oeWPqCH6(mgE-t{*-4jrsJK+(k_^f*^E)o4;O>xgJzB`~N!<?4LI
zc=i^~_vOW;$X=9P7bI0M$k}e5^lTSIC%R^|600(7k?Y_9YO6$uZ>KJv(<-<?@>H0-
zP~=0--dvnO(rUN~%={Rk0s+o?LZH<hsqf%eS&lRUTE3-hL(A7rG<Dsl`GDMW^I`5_
zl(;JVZL<j@j}an3_3WB>m|pYeEB1!GRpe}7Y?zgB6wKNL`d=wHWuVm?=p{AfCN`S^
zHPU!MG;Ssyn;3+A1nX?z0`pOtyhbnp!Jlt^J`A1N(sTQ8X<~zil-#nwg-PVbb*-a<
zv&f}q?;#v7_P|;s$2*3D1x}3X9_kP|eom05&=jbA9W&yB>t9X+0ES|rM&v=MPJS8_
zY}pcfOw|fncVwXjohXrvp?E<@-X!Lu6E>4!ID7f*37-RZTUPyNukHn3S@i4HsJ9Bt
z8d)>GU-cSIiN;BvcZbp0=9=Dfcj66?k0CB~cqexi?M@CfpA?I!!2bAH!|I!03GaMt
zv`B=Oky685E>Nubs|Lk<(Wp5}`6ahV<-WUKRtWF;`G(ZoC!=Ofzl{Y_RU4Y5(*J_W
zg96H1;n%wIpz3p892`~Nc1|un<EWw{0Ij5P_2;I~ae^H#{#nU{z$0|QZB4Nr5b#>P
z-ij%&IO$%a-PpR(5^C^}v_%6pm~D3t-iGqPzK*U&-{P{cnN=1<PwIRqhCNlsHX+)_
zb7kk!s@?~0m<8HlEK3O*iyI$LITc<&PqCkw|EWRVd8RiD08XJ(I;B2@-4S{G%Vw?i
zlcS*}yc$41H??LNNjLZNDKlP^o=A;IE@ei;Czw@VRYOlS2s)l{5l@8X`*K?TtlCTF
z=BG~28R<v(ID?ZK0b6n9zad@nohRNG4G{)#stO&x>1r|e)uV1E$K=aS%_g6TP8-Mm
zxo}de!B%P6Wf?DjEwF|;qmMT>{|!b;1Pg=&bZ|hMp90STh{rpJY*1tV^Q4i{r;~Q<
z9HG!pYxxt(dZZ=0Xi4L51Et`3;dNJ5SqAhG*zmg){aQ*x8FZK#M$!YN03U)C4$y8B
zgy;;FMFv)nY`Y1$a_i5a0o-d4V1#pdNa{UQE1dPjzCJZz1y~!jYrGQUH{(ph9TG0}
z9a@h^^|Wl}NdcFKGo&Zd!u)kD*<c#x^eBj+`$J_L*$RzGHN6VfF-})4CZ3(pGn~oF
zXO8_hLLF7Dy3YPiVX%{|o@l>gZeh%Acy30>l(Kn(VgYSuA+ELg6JQ$qUcv+@I=}gl
zW=Ib554x*}1tWd01tCzvFAvL8Q07Olo<Zm|G*prwXjo?>LoN$(u5MiRr9s7b^{@#*
z-sMD#t2tFVA5=h4nN%OO(0Cv-bU^Sa<#3!#14d3!o1>(@&(0#fS<3(?rGJe=>i|F4
zb|?G6ryYk-%w|25vAE3f7m+Gvf=}%!IEeO0B2-aq<4r7*vs$C-7!4~M3lS0yvm3J1
zsEJ>%e?~K5HCj851ZI;~w&sGEHn2jk=O&|?5bkk_0kyi`1QAR@NG=LR;W-O*@!jjW
zg#@cp3ICbbfd|NjLT2SlTkT~+Ljtg^y_5`12ydSi0$d=1oQSa?4S^#fX4a{@z$tnE
z+O4q;ubSqu${P(@l4l@?O531tD=lOXboi`<+6-_^zwb}x@Y~)rD>ArO7Wimb^0@pp
zbC)A$J!z$7m6Ak~>LC1CN{BxtI|^L~?hc_<CK+;~7PT8(qPr=4Q_i7?PmIkmbAjDb
z@6P7ksvg_701f3_41#m4X8|p34z%#ZUz_vtt%UZbFG#(xOw8>5w2CmN`kx(%OBTNL
z^eehFe=dg|Y~rqdwjvUr*D#JDS$Mp9OVb5|^2CAmb2@A1t)%@kwKFLQ^9w5CxP~Bk
zG75xzfzQZdkr7FOYIpL;x*rV<n)Blzqe$PwrU$V<6a%9Xj9CNFVZ`{gqs|(4Ml4JO
zW1$XWsNr$_p@T;1AL?zsxoCPjB~2gf!BM=Kr{Q5*)9(#;y#W?ZWAvKY*fH;G8iSYh
z%_XXDiZafquClKo<G$iA)_FW3CbXAmA-P3cJac6*|EDr_I<{~u5-p~R&`W<5Yo+z@
zwxfr!j0`^8-5inJWHcFf$N*9nG3v4}MgpgoQ0tLrm1OWv)SQ_38S4705_s~gQJ*lx
zPHk-hUThKy3Y2fMw@riwsh{a$C+Xq>g@%~N2aKRlD)!#~pWz(KHUlUh-In(1HsIW-
zNV70VpjCXSXbgH+JrPBNhmK=xdY^VDstdynd0#Lcvj#GaZw?FeBf`m%%O4z@j00Ge
zVW3_(e1z)C&M6sE=N5RN6ZP)lUx*IEzOj<H;)V>Xa14J3<F^&E_+YGBvFAska8*Dz
zY{pavYO3U6e^u!D0T_a!pIAG+`vNQ^iGn0oiWTZCb`(4Ybnx=AxMxM$>Q4_(UJyM1
z^8}Jmk)7B<Fg<&k8VXMdB&SpyzV@S~7z;C*>HYfjVsXi|95FCd(y0wajweLw`}q+P
zS(%O=udPU<w1k39bS!y+=k*-Ox#lAGydeW1f2PCO7Q0je+f#!|YpFO>(lp&^ygOAl
z<Q>mFub~aS7H;)rRnQ4xaW*{N<H==8MzUOiRzZMTX+D~E!<eyTfb{VGGLqWzanz~W
zVTXueq9(?R!>JsHmH@<>F#zcc{*-+=#ZJp(CsejAs1*)Tg_?oF9&G-o2x6mP{(&cY
zc2}c8JxdBxpmNutJ7uW4S<mr?aJlmf-yV>=(A~Fw0tM;GTEIRlF+6Jl#(@53K3Quu
z-!^&PoIL!AxZBh-GR*Pkx^si0*@`ilvB3o6mnW42gohp9Kf}q4V!_Y5pW!4>RdgYz
zAL4HEivqEuE$F)`5avXt*LNcw;ZGPw<n7nhP$1fq%ZvZ3r++|igmJ-oqGhm3*<YGa
zhE+3lk9nsrX|@Di<6v2Dk>k^Zsn+iDY~rKYO}BfJU&F%wY&R>U(=|<9aJCnH^oU0T
zwraLRyU$rRo~)9t`=*xkEk|+Nr>ifW@2$o{aCX6qx}qpF?AHlBz@1}0Av(SKfVx_G
za2Q(f+r~x8{h@J@w}lcJwtTO|A~OUpuajzTNcGF_q#s{KqtEbd7o;EGMl4`EU)sDL
zlqdl18pJ)t&w?P|O0{pnrWfqvMpRiiw?1PJc{9O>$({ByunGOm81@3tG7PSs-^u#!
zH*NMklMN3lM|LH_v!WFA+;8Vw2(tLJcHbmd#UVNxYWpA>a8q7RH8p-~!DZ*Pvpjz;
zG@{boveO4S3fRkQ4xafVw#<&Iw!hUn-@0Y#SP{BTpq32{%33j}Psy^V0^iiZ9-ZLC
zq@^MC!#A4sP$~tDrX!$#EdLbf>2D%8RlFUaq)4bkl0qZ;hDOe|*Ss_Rl7SWJr;5U^
zZ|KDZ>!p|``L}yfGISrZGLFjB)_l5(u#3^@Q5>mEA$ta@6ebeaRWj0wR%6oJ&9OHS
ze}6n}LI~u;n!KX+Np9!<Rhm%V@M#d5i;5I+ig25Xt5?zCr+W(}Mn1bnu=l5X&!&4F
zEtaJMJr2z5?6~CU?i)5WJb-b*$~B4N)w6MQ+q1xwf*mXe#K2`42X%!nv(3@R{q$mM
zdFqjF4UHTx`lMIyqT2h!&y(u>>Wzah&bP8SchOQ`+|qQbheUA(iHT^JCAjdVZA^9C
z_rO;9n8WM~frqp4?tjvGDvk&g#AEr~?HUSy#ibW~r`@4O9d2pUC*>Dd6b+3?O~bfY
zfe?}&=!{y3FjNc@8`MHJ;On|E2W!xEsyKqA=fZEcu+a-Z1&K*no^^DU#iH&Sk2=r*
zqe46M<43oF+Q9KIkElHb5+iv*R_+X;aM@zVjcX!0Or{W0vh!E&-R|Wi_W>kDD%GTa
zqHy~YDo6T~Z!j&41ne#iBQB4DfVPiaU&oUSw$~X)JVa@=Li#ssFrz47nK=yE5^y^4
zGiS54UP#6LMNl@F5>vb{(>o})Y+~=3m^Gt#DOYWrDcl*LB(5XXUG@EZEEVjqe~<=q
z&(`lz<r8JD$_@jyB<{Kk&EOA!PiU0NEzLXmWLLBP+QRZ`x9Zm8zwPUwEeIPnjZyF!
zJG(+|@u53d#T{RpF?$f3yh{T`E0@-MwoM%$iiUQZMAL?ma=qi$+a6}yNed!|>~pap
z(M$OwuDd(3T6a~?RfYBFyE8j(#KEANn(9{wo$^N&LF5~gH+4k2Hh$w^siPix7xg{o
zEzu>>|BpCeY{AgZABrzvuI3ja93To@bS$)MDQM~ZENMtSD4wYm)R2m~k6<*Z6iRjB
ztXZtiYf`c<#zFvThr^w^{-kA>f#S&P_$AoswSXm|`#5zw=}EQxXf9m;Jd`G8ixv$$
zt5&c`MBoOrK?eUSU$18m<DV^035w%hxY1lU;mT~E1C30-ER(K1U32y+iSF2vugGB7
z1jS63f(_11zK%xHGp|>cl$L&m0!DPnDbUBkrjuWxAAA~B(9JBIh_m!a=-#%3hoyvc
zBX~|%5h3qO^G0WWJjix3AV~y&$-C?G%$pI(D{1AkB^gMGs=-__?Tp<drti*i*q^TK
z8eaK!v<O(z0r7j7Iss{G{BfxNRv7&<jTkR8Vdje!U}3RqCZj{RpZTq$veDW>vfy`h
zfMR(+;=(#yAba!AH2#+}qsw#418jH|)+&hH63U)~STDKWM{6Op<K1cCv6MT42iK~f
z1oWGa+l}_)q^p<xTMIa`aI>3PSmp#I6^_&L%A$({Uj-6P;VgJfTC(?a@e%+53ULF@
zRd^7D35D&4zf}=Pa#HK_U2X?Rk9Q_o@H5&_Q%hM(8Wbb7Ts63(j3M(`^I_m((wE>h
z9X<42no(U<Y8i3g>m^vKVohn_>`jrWtA>DFZV!o7r?uu4Sf?PE2IdBdy3VCeuZf~U
z&O345_D=tLBSa5T(*w>lK&{WsWbzr~J7Ch#Nj{w1j%Yk%0S5E3zLFFgV2aMJ5M!n7
zDV%-eO`>G3pjEGg)v`yq&!%~4OO}e{--`t$a@UZqd2=Ez2>=&^2t}OsCOE{m{b2I=
zgp`BcTaW<jL<e_TxRD^Mhi`X}qf(<Y0oI$*r6&Mg%XKcj@>v5|BpOhx@2oD=35jYX
z&uP%uM)fvg2iGQQo&sBVw$>v&l*Y%FFEF0n8xyk;xuEUek6~p189rM-LPknb5;mPj
zfy-N&N}b0LByMtOPWb`UpC%P&|7JuxLQuz$YeAIv>^X^=5HDQF@Ev}z0&s+sfL7!}
zMFaQX&|Kuof%E)k3vn<gE&%W8n{&G7Ta<Fll7(=1Y5dC9)N5XcP5zJSGmV=PLh!D+
z2j2MI&q8oe;QgDAOHyv8Wzz~rXx~E|9@iQNI#;G<=dfHx56I}H%T9adJE3uS4u<s5
zEc`=UZc+ndtDHH}I6=~~^?5Vkt9otW?B4p8n2LjSq{ITGG1R^^l-<h2Us5{ThT!VP
zm!4U<`9)Pf!KWF*exUi5X8MFJ#d2IU1)b)^LRbKYz<F%+RO-JfVb?$=q=F+MW>$UE
zTmp<F;oi<HD|VN3vGtYo-ou=OU78Kiw4ysPtSghgitz*qNmIZ~iI0KD94Ux)oN!&O
zLI7{nPt1=shN#Ysq-Y9|-2!-H!Z`L{SG3iumnQIdFuUpp2mtiun4}m0P=MhKi#!^=
zHYp~-9IB+M_Vn|>t|xr9$5LJh;jCKH9GNH=-`t7lb+t=vzIYhx+*{PH9aiI2MG&K}
z%pFCf{@g{OfajVTZzi;k(JT#FfN~ovau<p8R0n}*1qTAMq#bgrckx%16WREwa2tQT
zhR8sfiZbMiC8~p~*aj3_dyJt=#Mz1iIu7?1R-_F(p`()`htSTo$u}ceJpeYyJGt?n
zUCrEI^US_tGu6u6Ek>``Hi9;3oh^~dsQ(&YRSbYk4xCsk7!}KAaP4?IIK+e*v9bA!
z|AOfVC|?nZ2*ioN$=_a5gCr+_(b$LCFm^smbE_%lQ2zAlVQ_{SQJM0O;o!;=XiOD$
zYdZaj0DBg>pBmKKiqizP1|ejW7yCkqe!!1Kf|d&=Vj&`Lon(uGbe^;k1^Y5pNDF-Q
z5$lQ-SklddsV*+&MDnydBM7sPMYX;naXE<+qz7gvKHh2jx~r|7>E!|PMVh+1r3fT-
zcE`9lo(tVp9DHc5aVR=k5%~@GCS2X4*o3?GH2g+xY#2`RuuC&<y5p9fYd{P;Np8HJ
zf{BNqA%?J%&fzoQa4$%cmXFd*odXWX9WpXFweB-RG~S@7htBGE#U{JYUMr2%N)lkp
z2Hn(t7F-)wwA68cvW&wrfrtaVU&B0Ow@}?a*1s#lO+&4hxE+bcTfq=7N0B4)=-%g{
z53{RdWVP-3sUHJOplaXJZD4dcRWMnlZg|Pg(vw@>^b1)-F7|XEKtYt9c~opqLwQlq
z;2V)?Xn_RIEqeZ;#!#z7WEzIw*j^Gz-1nKeN?Kv}dHfGet-77BqM!}L*m+$*#AfhL
zel7}xP*6vspmm^QVb+=WlT`wmxtctAHz`Uv;LG7M;XdO2%CD%wA8@7O(w#SfX%PUO
zY)-c!%xI3yxX+fhIQ?n`huBTKOG_~7ztwUG(hT67R-Z@6GQJ)uysEgX;^{H=m%`jQ
zk_52(p~b$Z`Z_aH)_+x_+D7FCdbr!hqL-$k>Fyw<o~?<K(8X2`Ug-q8g!v_Xv=4qe
zot}mxw@EypoLEF9SNU(nX(Vo{InSIo6w(D(h0eTVw_zNT;<AWioF8&HKe?YVkR$#i
zfg7SqWwOMS)``A0FN;>>R#|;OS+J=um6410>WCaa=cSA$i;it2D96`VT!w@5CTiDU
z9@Zy7Rt(Kd<#;!gJG*3Aqw><Ki4{)~M%rK#-r-m97G*FMAc@H1vi`CVcav#Z72#cN
z)jrr@Y{dl3;5dNU-%$<E!g@PZ^g5De6lDlKDh2{SDjjd}sg6FXa<Iej79oGMM5qG4
zD9OocgPxt0sVg&eR4H$9mlf^%;Y{E<M>gfRZy~0jJcS}+hg|1<igK=7TzoN^v)j{?
zsfyS3c~{+lmsH8h6IGV>SxSPRBnhtf?q<lHy>TP;#kvC>Ih>4sF?`zuE_`N?oLw4(
zF6@c9u4jKYjWWJ$q%hhHpBM_&DlX|`6K=$Wk9<p9<L<b|%L8&#Hc`rAI(WS^v8IT^
z=YsHy4j71rt2GijcmDIf1p(GS&O9>4m%(6ey%D%|WR@v^(1f8(;+b2i!~Iml#X?bR
zok<~+Oo0g5e=?p3fpk-4{<=_OAILWk5waz^W!GJiu|k5Oi#)iOQ;<VRy-;u{csWo|
zF=l7m7*buR`Na(H4IURikyiXfNLVm`Pk181i!zv9w-kIQ1!R0)&N-p*uTAUgvZiD&
z&|Z)t@I7o>Pd31$5kR$@CJ$<Sa&Qz%mmENO6L2MK>tIor!~H^IRhMt^{-xITH<^K{
zWyaLjIE&Kk%0qia6Q%AWbLSW_Q1?td2AX08(0$rWhPjyO`=jd!7W>jh;cmv1gVb?z
zPGDvDlJLcO@!syOmZ=tKq#y>_VCto4`>X%`o<-;9)$#r6E!zRA8dg`h<2_0DU6EY9
zI>{*$#lEiGxUPc3TEH61T3cUYWz3S6uxHJi6bw{sMSHNWC_4)%j!#&>XS~Ubpc5jd
z=BLUgLd}4blnLioG0Y~Ad?z+S-MOdpvTbQjeM{6X5HShwN~TsFcnKiwg(`#gPdva3
zB%K>D(D~Ph1y879P~j%I<TvqLd-ft=oM$Z0=jLo>SKpJUU3M@0FFGf(9nr|b=*M?5
zMNlNhP7w+3C!5HZ*O2F9?07_7(B#=RI-)aE)v?gGh#nHQR4T!N0SLMsu)zUYhp0Q<
zFAl<@t}iSD(`A3uF0DAF4@wJ;4-9qUb4kbM73T8ZVT^Rr69m!xbOG-85Kp5_)Q0JG
z(1CIU-YB>ElAzU=tj$>A6JQrq)?Q~OmC0fXc9YMY^6@Us>p*44yE7zpqn+?~ZnP2{
z9o1i72CA_Evg-Z7y1c)%{ZKk$oh{P*T2fe<l8TO=lPpFwuN5U2)lsPHOH9<{-d8+=
zDNQbB^3T746cZUFaDM^fbn<cWdV8``-fvGFUg{IUYYxHzpI^l%tjrd;^}VQ#hO^!)
zEei6LyB12qz4N!ijLW}AU43ed9r>^xnQNld%rZo%GP&$<QAYXvJaKJz`M5?u6*GFB
zD9E%fNG+{x*fe}S={&RZu`5!~C%a6bff#NT)diKqcvtI5|15G@pq7iy8Y~vC<+D>j
zZJqI?+t`Nu5TY_zMtnh9Iq>Cq1NHR@M003#^ru>nVfydh`mMYMEjs(dr;#;x7B8Zv
z)tD0@!q_ir_xwgf7f&aubIYHYgyxP^{JfIVC<4Qmf3ge+kNq)1_qo|PPBaILto`jD
zEQHJkyA2zG0>4?%UjfbCznm8^EXA;6PjQxDt;u2!FP3xjmz27byZjV2(X{5ZC_nyg
zEo?Cqxntryi}S*ZV3!XIhaJ{xV4}N|Ll#)`Ma`&gPnd$S?)CUDV0G4vwF3e?-TGSU
zeI%XcXqEV)hOj61Q(i;p3u5g!0^alZ>dw~(obb@B#!QPbyj@gOYi@R<JRU2KENx~&
zJKrQs@`2|u>7Xp_K+DHAwK*lDGsg=Ih>^zl9%>H`7z@^)-&|rJ?DFG1;k|*}-H`R7
zuNemO7l3812UQRhdlX6CFa<#xV750mNZg99m?j%(yxZ5bqiG=^II4|8IY_7OSi9ZA
zLgpUH=mKA&3m<IReYTe@WJ|ftZ!(6nr0kCz@FxWr6_EmrWN36TZ<2^t1&mbGBCgSr
z%tfHn>G=KpW99q4=L@UIWi%Zcf9DI-{X8}Peb`d<`T25*9g1I$6{Ox}2iI1<MSte^
zp__b7d+|$NayuYwoJM^D#>?|5g75n_T7LQt%fZp^sBDERf}#==O(?j5LFMhZih17=
z<W96LYOWLyOk+*}jy||+{D)B35J3QHZB(nDN@X*cl_L+QSz)!8C4K*S2iE`CngptS
zdDBbvip#tA5sfrM)=nS0Q#l+E;Gi1&i>h@x`kRr6X*hINr9)aZO)b8#Zv(utg$)kP
zKN1UC?Y*fktGh6<&#6NLBIIBlDUO7h;fm8>nu2BhBef8Z?b`au-SV_-yky;OkcybN
zoOUwth4xB<8Pz|$By;dd+*ZIU`-^v=sm-WlH?nJDFWD;+m-N!0Kgpp}KcfGao@R0q
zjSnDQ70@|XZ^#krA5XBc5#=ooSpxkwyF)L~Tx61nrrz8+E~cSqnWoy+WLMGr%?BH0
z!Sf*#6oaJt;)m3c<)-*f?z`YMg`+$6d^yg~YD*XoxZs>gEPtfXW%Dp|Y%_e<*{Nnn
zlNdP$AU!gv@w5|7%s_EX9Y94*>p7E-N3G-3J&GfQ!O^WS$uNW3zT-Uo#{?5AzLoyn
zNQ#QI`nW|8aA{lC=#h-@4hWsc(Ey_gu&t>pEEUT%_Ev5(_eoo|%8{+@6qR-i>orbh
zUbfynpnU7W6(FM32sO8gQcuhD2bt>pyGv;Xt#cu$MYJOa&5<S%w$5>XxW|?{u;SmS
zrK?ishCiKp$mJcj%otYZUn<9HpJFXqLe(N-l@>oacU1X66{X|XYVwDNJ-HI2k$*-j
z)^9@*8N^9PIzI2L&|-GEd`VDT!~N7qta4*Gu$$up%3lvzam~tygjXJT#MT6(8pvHU
z<u(!~MGO5U$q{l~m!tOa^&!pGbJV(DDMgG<w<e7y`jFN+-U-UKjxlM%$q&!URI8S@
z`px2NR~usdT8pgPUHl#d)fbl}!d+Zwt^EiK2Q~x(#PnSu%c9r8H)ISF$g&E0)!n;!
zz%dhHrp7!k<MjmE%F0l9xdT`9oO~LK&}vbE_dp{=XP&Wz&33G!u@z_clQnNGUWNI`
zOvW~7Lrg-LqWe?NZlfeUTooGJI34DQAfjG&s|Z^s*5bm7h;rf7(KJaI-o!+}nL;F0
zVjX{?*;@*oeYoK!`e&zmXL&BEl%5P7xZyVGIsF&TNWrhG`_((gP`1Uqr@a<1H!+u%
zaV&2F;j?azuOazFkDF8rIfJ?pToD1KZAZsF)^0@??2{BYgv28x$FT5br#52?pxT(>
z$d_z-J)!r7N*7n&5G%A37|@*f?f5sa_39y?jBLsl<$e)MfS&av!9`x7(#R8r_?G-E
z=}uK5GZ4;&>q~0eY;sDIe61d4EU!dsvm{QcV>-e*OY?n6T(7LK-#1Kb(oY18oiVCt
z_LCNa^I*JANo(cFv$a3Wbq5a&L;A?qb!_Zs$;P9)yLlw}FfCG83nPFV%m%E(UY#Z-
zQw(Z~{l;(^Pd`|SRLZF333`jXRQ%1S@CzS&>U{xyH;;_|H!s-8Fz|Bo;a9APnw9rO
z$h99MKn#dPV_CF(J@s3^0AJo%k>UL<UVD4~>=iALSVq7C>wN!r_*GJv)KQbiUBYr1
zpnhY0*WOxzzoo?c6<!(0F&<S5u`VL(;B9#^0tRx637J}((YT4ZHa{E@!`d|}h1)20
zMPbD%lwvGlmyPGjD0%rB@ceFxQDFr-c$MO(u`SAdgf}(F(hu~JuDv;!qzO;Aao<BS
za;}`F;?(71XUf=#AqJP$F7t4n0c3k9mf9eGbQ82h^&}l>Lo%7NZHYsa`Kpqybwl?~
zf<R-D=wf)|A?|uW(%0gg_T!DOvo2#*spt<*F5%f|nuy?9xE;ekl?p2f?AQ=L$<LGS
zx40#Fz3%k&y1n21TK4qh>tO#FkJi2TGz9s6+5B35=UeCNTG`%Sf8SkiuC5+3<-7aL
z_C>IE|LgnN@eIuM&QKHo`C09oPQRMvHzDjuelECiM3-CgyKgaSyqov?#0YlXG_A`*
z^27GErubYutoj{hp@5nA)KMr{1P(|qNU>`c1k)wbhh4vaOk$})CuU<M3mtz_qor_7
zm3}oNWRn$A97%m@-GPb%NuStv(l!?^vDC%bKjg@C=#eFNm8ERoMsaV4p)-w-iwn$7
znUON17&6C`(X@T+6OAnP<cz=LFMqb{Adj*1RzPUmU>&jifFP1%%B^obn}%4l-S)7!
zUa5m>UPGe@8bmt^8seH5eMd^dydrt&n!XiHJlhRy)kx~0)a`FL=`#;6rIa2`C2}E{
zI~dBn01j|+djGEK9E4R|y7jmQiD{j1AKT4?+KO`!S(Q;x?gb{>K`jMG5!%f*7Z=SD
zKLZJ5q{V<G+ap6KIS$a9R8<$`z6ZiFw77R_p_{yEK`R=b=8H;tvBzSr<6c~EFr@qV
zk<nU#prB@3r7}B=w=A{Y<+}5m2f5V+gF0M6dbi9T!0HT^MKO|9LMC-q_i70;xG1Gk
z2-}g|ujs}$jhy~KX~dqeX}?t}wMW5qhh8VqW=GOCjk)lJiUhXY;a@rdy(H`u<aE_)
z>ZlE?P)>)Q(`J_(`K3DSvG{WWP$EOynJFi0*l;@i%rRTaswvp+@H%KoJ2SOD=3}`O
zePfX0j-ALRQT9p3?o?{le*yQeW#Az2Yhyphoh_Q%W0_!{YW-aqXq{4{Zyvqo8~Mig
zy65Psx<Ai%Rdq6ly1x|X)s?DVd}(>EMXi4yN`Ef%4KsFEsIm45D}P5q1rX^a+87vh
zFmoCHyDn;jy!w&UCNTkq3NXAS2%S=Pl~g+t{vHPWbDKg@5E&qFXv7qjKiNoF<ctO}
zy(^Lt0$XWD!7dkRsSTj+>3a4pxuDa#iF*}8r>usyh{!XrmU;Ttn&Ygk!LvqVpfoSt
z>QZGs>v^-{O+3BhLk?h@H#;A1Pwc!fe=68C!MWD<O2W?b6Vt32@5<o-;ve_HhpI--
zTr-t|zLZI^beQNar4DkASj~igBA%L@=ynDf4F8_lHM<dsM$cnlBA8b0IIy_}$pff%
z8Buo!dy0y8Q2xf;TvLuUmMU##l+_0~ZwvJ7cg@wss4eM9@#h2B3B5zaAIf7ZW`j&s
zilfojUfmH?Ek`GHgFxo?dX4C|Z%A=VJrUQ))@qxD^`gt~Q%$!T0vKvkORlTvCK?W?
z;i~#A#@rT@lb9xnp5IbD0Zt@{&PrwYeViM6{}VXozPcp=7C-m=x}ahu`Y2y+%#xB~
zZP&@`-$)Im(%*;G(2q2LcqWlYMm?BlX$>mVk9x6$cLu4P!nu(r&~v6=TU%~|;QO@9
zZvgP{>`b%X(-A*z{Ry12e*1!Rq^CTE`Jqpz4PKQ>FD;;r*M`C>9%J=^sOopqmidZy
zhKF?=B#oM*e))6qaVlqo>hCh>{Aw0Qo#PPH%5=~hM(3II{0I@5d#P&hve0t<^JYBv
z9tDm5?>q^|I$)e{{_q!+@_5qL_`}6p%g?YDhhQI1o$`1nX}<<pt%2zmdh5$2xs5EO
zx624%NVlQlMA5DKQglsN2uc*R-#_&aDyQJOobqVYnQg_ueZ_AA33~`ym5|7F=EaGq
zIie{Gy~MTvaA%X_*cFDeMzSLq*=g22C$-PsAo<lO+7q%0Zuie8&^Pf)ZmO}Uge@bF
z;$RfOHw9&rj781^rTaxfGKxl5TgIknbw9lUrs3p}uU*Q55dnuTtS0>=BO0#)Gj5b*
z<c(^%)(Gxkv8D*_ymML0g}kBM__mg6Dx>kY$<XLO(~A1%tIfarB6%-gKhvE3gAc21
zv9qh6dgaS@S4W(6p4%e)F6-%uO{P&&1W55vaX(-`2dY%B=WTvK0)8GyxwuW9ii~)3
zNkRZLs34Ez5WV}}t=pg(&#DS&d@Y5Q^h)=9edfV%?!CcKMC0*WcFlg#=J0AzlSK2r
zeUK>3);j(z>TqnfWObp(*V2Y9jZYpUFBZwv=o#E!O^33EcZ+L3RZl6wsM&YB7lc$M
zFB^1X%7uyiyGXr-6|9pG=&D)PBMBfN7pqeWfxGrk#22?@1dFP*pR&LHEUyaa6hz`v
zseJ4CKJBMNzKJ36lJy~MKNbTq(PVe_GS3$ri^WKYddv{io*F(;C!t2y9>jqsGttW_
zzs)kO9L)w1IF3o4<{e2GgP@gG_<D*ID;J-FptI*nRFm%#R=$W0XcY97B}{ffK)(28
zEg0y|_Q!&nBa30UPF{}dN3<DH=XM&=<a!&?=1voF*Ft*Ap7DDk`)#EWs4}gr)JdS{
zYKr2Jannf%b0=A-t6vD?yOm)(pXnT=>{4K=L|`uUw$gEK+{XsfD3L@ziFWYqO<#xl
zHY~JyjZ`KyT*kOE(W;q`PRWq$aVU?GQtoi(`S_Js9Jp%~ftYY1UrX^SXBt|vP^ciP
zFcIRFGM^y`GSf+IL+H^8V!K>x{8B!bC1`<*mDN*Vmb_@yO%9R9GLw38-q&l<w=(}J
z3dDTNB_<q-tOE5+Ubf*Xkw`-VB({W|7;fqh$b5Z^SFtzJG9uFuS-p#iHQFd4F-5p$
zC2|nbg=EZC#a$#c%CDf^(jBa;JrTogU_*<V8AS5&?nv=2=>p7BA5>~Z;=$mF8T=`}
zTxZ>W8lH^^m?JN^0w@B9r+Hlqv>_Y(Eu_hW&)UF#PM-(6%rY6Tm8UxV#{gjN&QEcW
z5XYJA0Lu=gk!``1o%+io&0GoI$ez+#9DnK{60NG7^`^#Vz;Z_u;?QXxyL}oKJLg&J
z^jpg}Z%(DDbx)}47>d{Z?vttdOUq?C32r{}Z>pVe{08jkj7zeXmS*F;QXY12OHIjD
zgI^hDQNui!tnMM3E?4)aHZ4}VXHMaYv0vqe7qE^WVZV4{oq>j;fpC%h)iIU>VUZj@
zb=b*@ieT~hLXXZ!rzCmBA2;A`|Cuc7NmJZaVYr#ugIQEx0{^bR69)XAO=(U=C7(6C
z@MIzd<Mz3$TYL=%U^qM3GhS*@GoWz^(oAzNQ*WOg`g!O;xu9ts$L#Y+MY9RozQVlf
zvjkvG*tJRaWf+<9;C1YnPBB?tOCApWGGNMOK7W3x^wA1^X7sp{m7fW!3h$IY9DEK<
zse_Li2md8|q|kC5w^UnxyO?^HzFZH+x}5GyPdEt@CiZdCV;zV6o#h12Mmsc!^Ok7;
znC0Dm1$a-T>dxn(sfwNCY2EzM08A^VUT_Y?kPEN5sY%ixYXs{|okCEzLrQLcIj*^C
z4Mwx6$XR=fB}@TDYmHoSn2(g|p?`0zwS<#JPIwkyFr7`c?BNvvXNkP0r;7s9_(xkg
zLWHK2v&hBv;#kve;2zRLk?kNKNor<cu|rSm*H~Od1Fu`XU|L7Ep6yeQ_L)CUdUNms
zx$L?EdiSB&ekj8*yZel212j0NO_goS9s|gm`RDzPGAJ*-d1}c<PQLhD!(m6RA^*%F
z43kLR4B_9Y+Q7uV(FrXj40Cw`qBEsD%w(uT_Eh;L7cr`|y0SZSZO&skVaup3ibXuV
z?o6|Me~X?_<<j=V*|RVGq|H7P4DH|eO84tAt*p(?!fft`>IGH;f%MpHq)&iCWF<z4
zc8E&0;BR<SFGLa?9>fSyh1afxAZ*41Np_H>n2^)Zy^fTyvV{Ih7=saYj6XM6PidvX
zD2?iD8OW9_rq4hk5sl?XqjF?OxP~6YqcdMfcDlUMa~ky&ev<DAHMZ*C!L_T8YANkh
zZHZ>isb`M#xdbIn0&VX){9w<lbie6(ZHTRvxkO||Fbd$s?GRfS&D{8F_e2Wbb1RGc
z4{Ro`M@lfpE*`!)R>Tg0L~vMI`pyE)Uk#9!LJEBeCY4{anB0hQJ3i9VgY+q3(370Q
z38{KcytfcgS0<CC8K+uEEPifkW|F;&Fyd*+seO?*3c<|7K3VTLl+nfq@f;^1)YfX#
zb0`Nth0y%SqIk+e4T-ZFQ97n$g>;mqRe_o)61Xt~Ntony4icJ42jOPkkgOpiz$UP0
zmKFNFG`rTydu60nX01KbxwhZQWPi7+uUE6<0%}mwBsxpsV|%ywn-`p(UMe&wv)5SI
zg#9?(+4UHhvI>!6WhL~yn-AX5N=32>CeQ#c!HJkZi_y8~vjcW0#0f*8%7|xjTbk1=
z!cK;UsZ?n1E5{!rEaWI5<54`kXd3xwY7!DlfvQBt)r|53fA=UARRClX3?-{vnR2My
zBLB?>ky3R3bWpUzU>ZopwgC`spX@$NgF88r7Q8XFpL>gKk!!li*tK!FdCrR5MG_I5
z%=YJH;UzPW8Qq6YU*YsBuwZ3gr_=RodfYp{$?kE+@EjLTTbp=Qh!am;ZSy9o_B;o;
zqXI7}IK3vUXq2z>Bye|qe&NktdWnxDgSR%`D;izqZZ&#t#0PV#5v{!FNZMA{FRu(V
zs&KQBZ;Hc;OB*_$xQ%NxSw^G;S5ZSkJt_+`#olsC%YDZg@Bx*Pj3cBjhnhEg$yUkM
z|Ep{9Ij~0?h&iog3xS?vYa+>#NvsC?Voem)p#9Fay`eRD=KcsF6Xx%W%^Z9kRH$W!
z&F@R@-469o4S_L>Scm&+=LTa$I3Kvs)kQ^#4`*JgmRd3D|I^<q@-$ymnm1~qA=8wF
z>Fi48Z1c_}Er$CXr|^0M>Ry}F=r!K+!HNy7lP78wupMv-`P|_4w<?tywAAn`nQU?I
z2CxE}osN-Em(PFrTpVJG@T1<o2~~}}CKl(<Uis(-&%SrhljI#6a`FyGO=3p5i>M8|
z^nuQEBzv8YVq=ytodTopFU1cF07+LCmbB|I5>9t#B*tajN%LUgCbI{uYS9IOh;%Fg
zMcu3%CR#mMNE31*HyN!-?MWDP5i;Iy>Z!R~oN{3g>eR)F14yyIA`GgJ!ZN8{o1!P!
zp8Fd7V>1aN`R{|rHSvfOr{Ypkl0*GG=^(RZ?;lKSod}91C1bWSgZu@~WxR0#_(~#d
ziqx%0rE~ap;<>k!DiGLRnF*L^VhH<$R_))a%gy-JbaYqM)jIjrmtG61Orj@S*W-t%
zEcE<?kKtfXU{=<NRc{0WA<z>uu=!<IyEb)ROjA~0m0A65T*XSTk!N~E3%c#I8ZtVr
zi+(1Ji<-C-mS<~qc!PfOEJw~PWYQf9pYA1gKwE-CRP)?>eNJ6WN_L!BnNh!gbK+)l
zmhzPgELM8S%i=HFRf@k81@g8Cpv&pHQSf#_c~^UCra_fYBBK})vGFhue?_eHyisH#
zqlGS&tdG-h$3=axHM^un+rqaS^mFDdTXIBeTld{(P%`&B6kX5Fbe4y&2Q!X^y25u>
zoK<p+1Q~mn$!IuKj8KhB*BQx_@irB@saZp^%bnX9G*YN4El5z&m7#XMxOv+@UU?)m
z*B1mkdiBi(D55DaQ)TU|#<x1|@zQ(vSzAFRN_K9_b?jhfyIeNl`kiN|6KDLwL;J`f
zy#Oj-wV!~uII`0rYEmdsmZN<&4OlnL7pNrIP<!<o{jI6W@&_<DhE)?GRxy6!J)vze
z*5x6_LV3`7txR8S63)K(6#Ag)kw2P9fKBvXgbD;xWwL^l`A^5V2K57NOVT`hap--0
zN^RX>onwKD5@j@oQ1TwNB{l&pWGOOD4>lJ=R+@=Yp9m^Sz?8X2k;fdSv7&nNRwE08
zrVL1FZ9&%=72N~ZXY#TwUex0|{BtNGlleJtTZqriF5A2OHQKS8j;N;pkfk9D>ocl|
zL#$~64@_B?F|rL+F>*n-9SRx5)RTRD&`QF?c%umx`4yU?sKcl~kraM2AG-`v#>lBI
zKN*?s94iR+!~aFpH%3{~G~Ld$ZQHhOd)n^lp0;h<wr$(CZQC~QdEW2G{ZXs3A~N&D
zs#tk4Yv+zgIL8EqGzs@n3lK8XO+uKhO`Yv6&uZ^ySp%5P)4rq%!{CSr#i{DjK+UJR
z`qOa^-FzO$3;3|LI$6@P4OQ;_BYZk*M7k$5iVcZZ-+Jw+3~r^iVq)V<3Xg#Z?3-0}
zH@Y@#FPvfK(1BlMPol%R3Sy{3;Sv8hv$2s?Ro4}%vNw=@4!nQICHgU4jNdjvqAvm<
zD(qrZlg!v6l9AtyyQ~$t*X+L^enOryP6GlOemuYMbxlWnROKSekvpu`lWm73^5HDB
z#X`RkCf3j3EyoxQ6&`)0Gk=={E1)zNG1jcD?iMIGCKS>XQ@u0Z_4b-eO9C>PoGJk^
zmr0T?w>z2xhs({SNdX|+^a3=IQK{pJy5p@ISlq5CiqP3_))<TyVDN8>WDjl?QDZ(X
zn?3HwWGN#i@~N0S$GkC^70p4~eW1C0dJfqk3t}@3ot%hRM`Egq;K)>!J}VRRKeHev
zYd~9i+x@9XUmG@h{+f3edSA~*zq0sdl<!RpXT8Z71?A)Zt&YM6zB_9Qwg$)x2ika{
z!Em#gNF<n%iVRZWc$I7AoFDT#J}R@TaSv-lh}UVlKM4NrS@IaumTbv+NpiG}ApOe2
z&A@D~CS$d<oF=TyyTVk%@q4Qq(>LNir$SS^x%s|--hWxK(O<EeZ8+vr#pKsUo6C07
zB>=4-5WB4{TEz|C?rDRD+2Dj(PqE^#oQLa~+3Y!C{biAQ!m>_^_)y#YD&9}|J_#(&
zVh`KT9}ycjV69)8NxwhA4~m9_s9Qxb<uutv*yx!@3QbhhA==%!V9zjfI!knp;4fUK
zT=~j0z`}p%)Z{GmFvGp#v<|&twwPshp{i5e>uClRo-v`Yzj;ySv)g&ZD*ApAGfA$n
z{ic9U4C75RBE-68-^77aPYfYV4!3?7S88B4V>mHu;&|ijV!N=sH>H^;)0)2)z_5a;
zmg!WDSZAFImSQ=9rk^RT1V={Pe=tNA(+H*CS6L-K7N(!s_BT0H=qN|rE115r`k>GA
zi?Qy<%yA3rt8^nPgSsNKO_7<9O~!$1_W0l~l4RuZ_?+M~9QtWg)N^a=_?PtW)#r|6
z)5d6z98xPoHY>NKl>Yc@UsAW#t>JV&^y$Y=j`;+Lzx-kI#m9feA3R=KSqUsO!}gvr
zHVM-4gHW%yfm~c{ToK^tTfdDqhFH=%JeEa3eGkw~(u(n>&#}&|T>8+2aB~A2AhV8J
zV~bM^#_`vP(J0$nyEqYQn!#x+C)7eNzumbc#{EWxzD821067d#(&(RP)j-S5oGUeI
za4DrW4MWMHOp4`6v5=o6AcX1lx>>ASQ-0oSe!?G<^Akx}^u7o`&)I8qgJiyU&~LVh
zGJS)s(y>xmd-*;VMt{H8bim(i>BmX$0M)5bK+p47VZo8s?^*VngL(9|3b`^d241Cq
zYYe~Q0B2niMntVK$aDK~7AP)R9SPwO2BVvDS$!$n(){^%)Up&QHr#@XOI?hDBI(OK
zT|Dgcw{xk<^Ps;IU3At93EjqD!N6YPMwD{tMmpKJuj;Cu4YyNU!%q^cQCFz8gA6h*
z*x;MXzuKq#`$;drVikKg!AVK0q_SI?LAX`f6Jm-{XZiTlgdaNl4Dk8y>RY^;pr=;y
z3}Go$O9kpjZa}tquM25RcM0U)ZHRiH&p{46<vRrxK(2GnLVT8ps4r8SzG0BK$2fMG
z$TNE3&xOzmmijg=hqHj_fj?C_^+`}yc^%^@BTCBb07|0|O-Sr|&<eH;VvSMi2K=Eo
zG>ptTuhvLqmrNUcm~ag4X#LS6WQPS&PM<~+$NNDD(~cmL<~~S%jEfl}vxm&wiN-rz
z#6<cV`~pAB<AxIvnp<h`mrf{L+w+mG^zEwkCG5Kv9*ez<VZ8em>SkffDdX4ie#O;r
zLCDo=G0*<JO}}^hnnkO6e`5@OhVfN5<I|+JG&p&&!J`10n9>|klLdH<&!)bHzoGhC
zyBWOU?|}@=e~jB-j~K25zr|vmW>>ktti@h0S&F-q{<czuR6p!7`sN{|i-eC9;5k`1
zUIrA@@>&a(03X(rneBNIL@1e2XgmyI(#lu>dv%zS77%k{zoMD2RH6NSFWs#D?LL$A
zJ@Z6Pm1I`!G8E=HgX(!t<2+BW%Xw9xQcW2MEA$N-8hx8@-J^{gZaz~c!mc1Uo7;JS
zM3BEoGeFb(By5-oD~PAj0n{<0&C>k#H=+*O4~Xs<`!r11kb{s?N?HJ8IdvdhMr$P0
z#y>NZa+M-J7Ynaq_HLcEmi#_u>_H>wR_tJcVKK6NU?Cc&AS6^uQk`9dhfFZotD<Js
z^!#*PwFc57x6Z3h44z$#U=r{Rz0cpc3BI|PQ`)OMir6j?UvDOcwW9%Dz%CO~go0r9
zDJ*%yL0r81%Q)0fO!p`O)ymKp&qN!G5DA7^0ruOEMh+~ikS^yfd$TsduR?L&Fg2+a
zX0Da|c5AGhXkI7p)HRfguR8`L537G+8s>6=W}m_>>dL&+cIv)T&|payk(G6ogU18H
zQRG=xl(BIxEY5c2^EQl47@8}e1US*&xqO!6U<?>TKhNGlqqVS-ii%CALC-`GaH3wX
z|Ec61&H_vfvx%EOg3Q0nz;qG1T8FL0D=lJrS*!9zKV~sI5U2OgGYg_Sv^f@6v8j%z
zSKpTnCrWGC03ULH@u|k)Lk#&XeYh8_{&_=l)7WS6*_-3#AT~sv7{DpGisH5nR|v<y
z^df%?i}Qc8a`LdUTbmU=M}FG9oWe~!bXDn@jmyee0x!^P?j8T#l5Q)fA!SxEhy>)x
zjEGDR1{)y_PzNO@$SVjoWgG;N?Hmv#chP5+DgdU(dtlP0s1I_ybe;YC$L=JDH@|^W
z^Jr`2jWv#OilgZ_5l5PtpQkAiRpb3`V<2@DIdRFuQ3vmJpo-S+bP{^Yfu?Eeu9TVZ
zSLJl?`DRpUTh`usJq)_hFB@3Z%%Wg;%p`XWc*8$-ex+_Jo%%YCQaMuC8p`!am`#I-
zywvJ^|5la28)O2ccJ_p@8WNJ@_ouM_76*N729NHBdS+m?bK`Mw;<9nzaHV<0j!f>$
z+I!U69||&BOw{r}FoOJJeIIHGHwCU60<j;Q`6?u|nz(%=w4ShK{@vW%-4Tr+p)RS*
zv<-)h{m~4=SZ6zdP_cuty0dnxB@-IlZg}I`>L6G~LltAg?sCB0S?hw?YCjxrQUrBl
zQfH>#gNxi5+8`i=U&br5+f?j-v9W2oC3Z7u)$xY4{{{1>JkYNzRrKH!O5SW}Q=E_%
zc%~>b*>3=SiRqT7ve-Je+``)R>>P_=yg@OzRX~&JcOO5!R!JnQzKrFcD~zSeh_mW}
zvhAFb{v#vp&22{}F4u!s<B-3J{%QS<>$hT`o3QZg!~VNLU}ACSDp5!ok!42F<jN{)
zXpdypyrYlGmEmjd&eTIz{W6tkmn6*8SFJ?5gjJd82<VtG&-p?Fn}SQcDS351CHPqk
zhEa=mx>kY7GP<DhdI1Bi6S0wYMnE%Q!*Rsm1o4ho%ug5b5cKfQj##|c-u+A$6+SV)
zjhqM7i<N*!Z^t4JF}~l#Zl0|wWwd~kc1aWi{k{@IeW_?J{N%x+8aEQ$)b+kqR+SnT
z2lFgrHaxT{a&hO3qv=y!d-aW!2ciR(*|fakW?*Ug0;X2QN7o7;AXkMKSGx~XVR+CZ
z3@b_P6-3?GuEKDW=e3AnACpHZR!Ll)It9x_EM($wjS5L4jJI@(8vJ(Bn6qdblng>_
zdU<$pqvYf}HpFOGD3%OgZ9;1UOGttgM&wqyW1$kO*E5ZrD=K)oTsW#^t8jx^I3m&g
zUu+pW{E=;*D^4BT11ilyf~c*01UjNr9+V5t7LS+|#2n0(R9S?{>J!YJjDxXBMLBDQ
zW9;J{>M)cCF6glz*7Pz1q7xE@5Q^)AO0Ib7>XiuT+1M(A$!xkDfn88^`kr+l!)^W6
z_v3Vw6sa;w@e*n|)Bh13%;2u)1jo;FCh0uPGiZ69+S<pJRriEocW^G_#p_@NI-8K@
zR-aQ93MQ3PB%wM#7nFDK6`(4eOEtkJy{kw7Z>mt#DvH#uocc_EKThC>ob+&We|#U^
z?)-dCH1J35;{RNHx}5O0^Lx8_dpkdW;qQ2P`FMPpxPKqKR8Hbg>hWiL$yfhu+Q&XT
z?0n@f)MJ;U8JUj`&BiWSK-^z5v~Co8+4sj}C2bzBn;-Nt|5g2%-Q9}tGK2C|BY!zL
zDUZ%xO{BRv{A3coq}*JFdv5FK<l9i!TDYi$Z@dDw+7QAw?ZAE)*hq4E^lR>N`+#P(
zdGTwG(*F?HussFn1p#_Y?|i>zG3@%i=0BkggzW+ds`%yqtO~>&w_kH?ORE+evtuJj
z_DGdpKK($%-Dov%Rfi)emud}~YE?s%`U1qgxsbu=l%&)%X`S$4mZok7F=$ik5(}Tu
zlQ*cMRsr*cKS^V5^Cvu8&Imrs2Csfz49yss7*lWMbvXeK>JAi{v~)xV|5JTb(=U!|
z;v|qUO!@{CNT4O-&X(>Mlcy}`x&@CKle-9LtnHY3_Y6AAEKjOZUnM7Tr0IF`hSDmU
z!sMzxc}uA+71H7pjsi**=n%mPi2Z24Jv`K;3HKL7I;cK7CgORmytyVz?A%+RXI2yq
z&Z5auQ-&B-qIysyZGEli!S2<2qMI(z(~*K=_WM>O=uozk@5bY+v%w!>qU@q-K=@VH
zqNb05x?mx!3X!P8Y#dV+&sm4ZLtxK4)RZgb;pk1u2NYk#hEwu#p9_=`h;)!{mk6g(
zQFuk{0p(cF7u7q-Nco6ISuL`gyO$Bhw~pE1va*G{KYC_*#lT9;Ro6yTM!=uen&tYO
z5h2vUUP*6?H`hD^_s%u)j3S?(nlFaJgH_#(g^&nerM?N@bIv<*6f%1;iW7u-Tvnm*
zur|DMWuoD!QoqH=Pww0*i?3_b2`6JW-K(8{j<SNq%2akFi|K9YCrfA^hd@V0#insf
zrr)P{wTkkg>FO3xs}3pp3q^OVjyK>Tml~|p`cRt8g7&DCwY^K#WIQu=3bX?wn6kzY
z!oP~!z?&>dY*qjDMND!Z?)?eWM?;`Q=;<*g8^o`090C9t&7S6!$Il*_Jh97DUH~rN
zmUkg^utWN;Ob&D3i84NOJlzxt`0~rY_Ka3<Zn1Gbl5uHCAOpk$#OjkZeD;)KFY;3!
zLb<M4W*j7?2jAyvQ?DP<4a$K`o7T<>h45UuNSHktha1tQbL%i`tAB;S&+jl+GpFj3
z6FK0f#ePJY7$c5$ma-QHnQS+aF&sxoUwG#8x`+y)QDSqdu@)U+7CgX*$kP##qjLj2
zem1@L>F5TT{~sPXFrR6!yIIyfP&INeh!uPEPdP=*sNe1L8oe>Q!_r~afKq%>(8yMH
zxC4ItX6<-;KkXU|*pgGU^D7xd+?*NWIJ{@kEyDB>p%jk+LG_=6R0@UY3vx`U4|xdN
zZA0^f0>IQ;QF!yMSVLQoEF%jAvm7$YYp8xjsWCzktHbtTIWw;Z3U~UHW3j>K2Z9`4
z1keyKd_byK%CHYH`v}*+axCgz4sL3?<MfZM<c~ZBmG6lNhc1J%E+*D1GMUR;L$4~Z
z8a1rxh($<wCM<U(`2<r6Q&sp~hbiFTDkJOfg2W|JGQnF%4qg;y77h(=B`J^};8HPM
zx<<0s;@sK53csE@ZVV~i^Le3}Wz!P<b1m0jbt=e!Gm6nQ0;O4rW#$H7v8=KKe8TcF
z!We}L1rdon<pOgl<0$sg9$;%(JchCH(cuyCRF|hLnqm~{Pmn~MUvKN+UQBXN%<%PP
z#94<~tMy+C2UsH)GQm)B-LKK@O1+>P>ymq%{Lcv|wV3)a+ujiL_v_`^s?=Pb2ZVBj
z%Oot=iyH2zf)diK<o7$}GxPXWO+Xp5o1-*dJ*yNLlZ&aM42>FvSChrCE2Zo{e+_fw
zzG3E3svaVagpWO&wdnZrXBPWQV4|Ub{O){?1<dNXHB-IdUQa@{Mvgnw+5fN*4%d78
z?it`P{feS0Y4&4nwW7i=YmrYMaG46tLY1K6i7X^}DEM+jjx_&-&8B@{gEl^J;V+%9
z#9O0DWPB{_^AUHIK9{!<(8;6Q2SO3aqe@`2z$c&(4R(%NZ&;^EA)Dq?v0C_U-%~o#
z-aOSYc!UW%=IOGYsUY9vkt@g+PF7>$nGiAt$llds{puRKML~Q$5S1$Ww)u5@eZ4Id
zD?OH(2fR;nIi$5z1dF)E^1(}k&(gBmk$ZRwmsy()_a|9MSYU0Gv%cq7@M-*+4qjhs
z?gyqUo^_WgD&3>W<OhW!LnI#Qe(P#VXB4}&2QkOls1Cl%am6p1UJ7-o>{%{t=uf$(
z(M11INA*fydxQvtf*{v;gQQ`ENO*3v<nB)Kw1Hc}xW5#9m2|qFZj~ll!`e>I$-wTF
z2^)Vh`cz^sL!$JJgSJa6r@57l-NgijRH-fAE~K_CK0cl~U|8EhlsUo+h^Twm3jR!)
zusK7hyYxjcF^4fMvAKleLqXm#RB*;(j#NO|MLwLP=RwpE?ng7ITg|%e1xM6>@rXjk
zc_qO>BKBboiDHf4P3(9-sl?U_f;tkF%#vV^gR1o5sv{^&-x?Y~G5LK>4sMnc^r&j9
z#HF&70hk$ZjA9Cym&d0`ebL(Rm#r$j(HbArt@~=W9OKXDx=vZu1fs3NvNfwH&!O)+
zTIJ48rCq351L#U76&CG>cNXTn0aBVXMc&JQ%8i}Ml2CJia1y>Zl9FRofh}s1YT%S_
z%zsp>iQY72bnQ)XD|T^?3rL7Y5-H99WK!g#pRUJ?Ftv9pbZ(rgFQ>UTH#yU)xvxHL
zawqA!a1XKO@EVYb`ld%2OzW2(4ba52B=#(0s_}2q24%L!d`Ki%F?+eik%dg?y=xl)
z&GV7{rM)C3>y3+gY-`uwAxM9y+v#jJ5IWs|CL^&IMWBcaV&>E&Z`i<f=JHEes#7GP
z_tyk_BK++o;rlX+90<bG1aGB!oC?btFnCZ&*|;>avYr@gWa}qBq`c~jMM+w~pIFGI
zs=~Az_nFABVuxrYvPn9ecAHda9+3cb7X1)Jgk4-P&m3Eh$!Py_6~DQ~U{B!4Ux2hn
za}bla{8x`>5u|WuW;qcXIZ=tQwYFR72US*qIBOaOarju@zeC7%1NTodm0vlkcxqZZ
z?E4Pg$#CO&%gS)-<Zb3X69w+mw6-I;GXg>ZT4!Y@A*rE^T5D3p$D8G1R2xm>>4TL3
zWwbFS+|OI_I%7{j&2xd{>U(gpzx)KD@ca@#{8OQttg~=RZE+-7L`Fq*o~$v7OIdKp
zT`J=2O&tlPdkAJWmeS$c*452UmW3jy()pB1Z|X&U;q@nI55J{T1}TY4texsGCr3WK
z_Up)9cP-h6ML6LW9r`v4p>%b>ZK$KQTg$=t1CJL64v<hl`gzONPt>Y6?SQix?(c?{
z2HO^mz1nN#4yzTdN~;n1X78?#VUL#|J|r*L-41^egwvb@p^5(If2}W#B)eahQw*|x
z?^{0$_MzXLsa_&&s==NEp!IKY7a5V?|A58ht{XiSjYTp$pI4g7RL;h5l^?9%4sKdq
zO<xXtsy*9{m_^258nlYiw>lo@cq1XCZ3zhp<nlSu5>pgoV2d)Kzp%R?RZ}F(j(;C0
z?r=(BD9xtN{S1!)FDS2Gf+bQa;*etY!6XH(<Y_ATf3qDdmp-!di9s4mlsAbFFV5<2
zeO>iuyPb#cvJ^yG(gtnI6?a&~ny9p83JLzEu<6z&#M}&iVR?ZvI8&Rt10rcLl*WH%
zOtaOW2+~@E18R936*)}Q7e!F{*?51*LN4D`0fTGJSlMyuh|s*b*NCyZ?<G%YVJX4x
z=f>u6@<R+wdRtu_MIY>p^_s&8kR2Zs`HYHT&o%NlYnBY(yeimvQWdCZ;n{K=R^7HB
zuF_@`tM3-{D9VUI5r<bG&MraP3#)$vw?%2?6VQT6?r8iyH0LqR2EodGZDY2IZ?v#%
z;{mX#eFZ>MBi1d?u`x(6WWmj&G+xmE+Gyh6s#-ou)R|<Qy5-m)ife{GFh#D7Q+l3b
zY@B-7V<`&0x6z_3=H5tYv60(ue|l}W48h&HY7e4Oh5-EgL`=X;(00rLc>zYxrjS(?
zTkc))ED&&Y5-l`#ex^iNiTkBLNr4mv25rt6B8|etKb9HkCgL2K#5BBkL*z%FZ}@!;
zcky~zN)TtVe0p}>@~kMaXQx|d%NiOZ!Bw!d_4GGg8%Ya`k<BZb?9OwO*e`Tj+hULz
zCL(Ph|1dA{mh=q=Ka3sI%eFKEm;eP0(aC^nJz0y%<aZ1hgacz48i}WiJF>2SPHqLm
zj?Q55>(G#3i%ip)xN&o6!1p8rN-Rer>EQ{(q82NzeCi=+wMr!-dJYgamre#EBp<;v
zOFyrgxAm*B-4A-6osbnf5=54ja#AE&{!f`ukE27v!;ISMN`A;plns`C#;HYVV`yv6
z9e`b1s-!hxySzVd!Aw*p8I4`ehAuuo&Ren5%C<f~&4e~T0RKWEutNnZ1mQyv<s|l=
z7T|H_VFE$}?;DZKtfGLJEj3_b3oQ%ubXo;x6Dh)wGL1+?K_gA6yjo&SDKZqqmcYu2
zD`H#X{3=&QLa?H4T&0rvrug5mZe}zm2~bs!kU}gkKYZ@)a6gCHdw|cS33JJ3FtDVG
z7?ih0EV`tc?NQhw6jV10GtI2=iZtAzm)EBY9^}l-o)PacqC_&HS<cpkek~wDPon%b
zv&)JW^j-QBY}`r#ksw?_Z5xN=XG_$YsFL*49^I>1&c2|U${H4kzoY&AzS8sULO``k
zj}m_B?cmeK6-eBPLd~STA#OO~R5OFLWn0BQ>!I<5V2_f<NPO0%n+H@t*_u;B=lTzB
zfN4p^VclkUy5KA!EgP0P@Q+YnKep73FnzAm>JDj-iF&z*U!Lb68IyLyYl}M7hK*EC
z!a1)pD~jY))F5UZxoyL3AEGfrZ*7?571?j@dAc_Fo@@3XyyB;d?HLH3W8D;~8?Prs
zYW>bAxa6*?t+8w?G%tN2L<Q9Fzxd8=FPeMuVf`!##lH`arx-J*ug{B9HrreUYY(v}
zfB;*5pPk*nxc%})TM^gPnl7}K>TzATmwuIK%)j=JksaZI_ONL^U}xDc{q9CyoyutC
z=E$-wY2U!O!!w;TWIbEoKCx8T7c0BgWNKcT<3pZp$(K)@j|?hFigV7VOl3cVn^$z;
ztz;>paNka2*5$G_rR!9D@nFy$8ZcptSx3sQ3Y-o`;{_j$`WB+@J+YtMTL7WV6^Is~
z*u`hbB%xs+6vpaEkH!&g&UzKox2c9MBmtYpsuBEM^B{4j7xzu7FmWDOf5=e#&d$Up
z=B$Zzqg9wXz6&YktXmFfs?6U6m8N+MklLyHwTR5n+l?l}BaYK|#h>vi_<u|H4SiHx
z)nU*g{T%?(r%T@M)l0bgKIs0f7v|(SP8Ebu0A9~P*|&-c+rYog*u*HgB3b4R!F>K~
z>ib+LQdMuvel&*FDS(#cfYh{Z4BSe=bb!8&yN<9s=kf~cS*3cXu(ZwEKZ!TGzvwp0
zk-)5(T50Armv-FC%|6-N!ckzx8kYBh%_eZuHviN1EmFj^Tu3c<=uy3!&}A?~^Ni5i
zuy-fjo;M}l$iW2qA`xXmH3uuKt&Y-|T0H)d;*4~n2f&XdbxViVHE68cOmmwT0-c$V
zN1%2v^hpQ8%<y4xf3t$s5-q3_u5%(Pg;q*xlB73RgCL;LEwDk>>tIY=i_GXZ$!hs5
zGmREao$s-ERA_8Chp6QSRI+9ZM<=(aI-stdCi$FVgO}dtC~ONy&jwjIo%xt35p?N0
z%cz~2JuXk%iOF=(PL?Yh@oB_?f;HEMbd$<pQ74@q{s$Fv543*)|3|u-#BI0VEr&+;
zf0y6wNKn7a^AJG_A0LV(G}uKeZ@m=}itXQx{>~#Y_<eWs)TJ!i#GyRKRM9evgt|RX
z<RE%kffz}by65v`zPkb<^iF&2OQF$Lr1LpG5UDmJmO(pCLP)Yz(`<VJ##`7w%eZ*;
zPf5=T@dB(z+XbBNC`Nf1mx8A8&(UW6H`V4T0h?zg55sqAoTH|A@=w*7%%-W1I-|KK
zCs}0EN8Np19gAxnG~4*vPa#gkQ7DoHuE@{p$;|g%3?UJX=#S;+gP!|qn144GIi?Q|
z8Br2F${6&ly&i|p?(EhF{U*J*w#<*>F3S|eYcM*;O!Lg${n129&(}Hi>&-+8J@(Jn
zQbkR-`_qNm&;2<&z0bo%O3&N5p5E6*Pv_^7jqca+QcrHmh=4%Z+E!2JCC|$Jgcn(E
z+OMo!W&q7g29nEe!;?~x(_Z<u52<fdIY~}_7UC;(6#i7?AuGXwrSUURZuV5GfZyC7
z>nL$9^E>NT3g9eJ{)z@yJz{Nzdr3rNtb>kfmKyJ80gZPoon*zkP0<k@MB5XkY42p@
zAf?LMW9wAL>Q9N1cPvafNbIu~%oG;sFyFqd#fOvvHN7a^@5%MA%Yj?4D+GN!X4k)o
zMVkBHQay!Jzr}xE#W(UMHQbeq*E}+jc@O!2-k7~AE<|NP=_6w2c7Jn+PJOV@o7B2P
zCw!$uMNX9}`&fE^C$C4g6H$Xs_v;;^Wk2YGS`&;H8wHEL+PXZC4g1EDeqgCcHfqu}
zdqCT8Tbc%Hh9jr&P&<f|3O}-sVHU3D#<k&!Hz9w1>{YDz;JHl`G!(dGd-)vU*+iaF
zI35z^G_sJQPDc#;qAwiVmSOLB^7<Glq)bXgZ>dZ}_tRP1bbmeR92}6&Rj$kG;SFq$
z$cbQBC9}@fpMwC0abhM9Q*yARy>(wAQf8B^#xz^0?`L>49v)++eTL43=PBjjQFBPM
z3kf1gD|$~xVfP<}E(-VJOaxf!h!G?0B(y~qCP~gS_hmyq%iLlz_dRuE-L$efHeapR
z>gKwY$L;=g2`zliigZ|A;jX)Ak4!rnnMf}lBTP_HU@&nYLJ|2bgDIh9d|A#5Kl%tY
ziRs@KpBBIhR)j+zOW-c2%w*H~<ek8p^siW%lgv0Hv~&o1SKLvXitaEXaZ>VGX#NZ#
z!cYuVQkilTT6>nT6N35OE&IE(onqN^oSKRy^V0Wfj(po4hPOq$3%XiyZsellBV2J(
zE=~6CQ!e9K{2%iCnpKo)p94lhEsDXWr3B5Ar&97kCKaTrBGD3;+9oN3JH<pDpVUQg
zo^)oyB~s1uB=@cEnNFN=7i5+5L{E3JPbb!cd5s^emId;8{P|{TI9`1C5y8s&X-kwD
zDQ0pwSyen~&DTyo=8U4l?iB`IgIPZ)lML>cl}_fHvx{A{&Y*1u&R{)7r~u|vS$Y0U
zGEC{PbaYx%p;c|LCO0k}D!9Jvr_EO+saV>-&>=PE$yx64O`r;M?Tk;1@PMH=1v6J)
zY6j!xzNL=$6#ywlD3f8wS5k><)5?{4yqtE%%{}+kfkV)rEQ{&SP8y+kPLvw&RwkLr
z-w}Uh)KcV3(rU<IvXnS(FI5FGNcuD(li{wXuw$d{$0XLpeHsUPurl0?(YeZF94h2E
z*oHqE^h?GrhyP)6v@|w53|#7=74ypoOyNU`tNHdx8xuo5Yf`JwKLfDD>@(XCIuVrk
z%JeW0&1IyT#_<YqJF22py5_`7Y2u0pDH#iaFi*IRZ0nXG{Owg96SFbKJ=w_p#}>dD
z0{=>j`qH|Mq6QW^FNX<ddaYj7WIugar+_i*j&^&m3SFkrcB|6OB=ZqeLmL7!ZS3C~
zA^Xe1NjRJ;oF<pxMsCM@i<NU&;wY0W^%Vl94a?*+x83NztiiDJk8qX!1H`av>D;0P
z{;WK>I<;E5c1O7~Y$(#&t<dbM%s-y)hg?xId|1JcV;UanZhHr`3UH3Ksb|K_W_i<#
zU%HA@QdHHXm-l|J!`jW<ZtjDcFw}XYD&?%944wpO;O)#g!*wX@wT81uPb&xxD)i`i
zQDu?1=EGk}MpVmL5qDD+-ax^aA!M|uR4gS{(7Qy2cKT1K(6kB{tqtK4H^M2KDIqo7
z`CAGXou20^1p6*(Ed~Hqe-G1w7mb74k3DSF;muiYC602dbjzj$g-n>)$bKb<*rLqu
zF0C^gA_POqWLjBcR)2x<or$k%u5zl#)Q#h_I|(Gjj#DWKjsyq1pkb|`h>)sO1_G<d
zl-SgR1O`%v=PR5z?A*0DoRH~YOD56CSitNX^;2V{Z;q9xp2i?15Y`omDx(6osBF&~
z3A3}3z;POD1ZqD;E)*4UAuzXHW=J{%?B_5QF5pRx!^?-<A{cXw#z4X6iqLT^rE%}`
z#uCs)3$6=u{_KSJEIV9Wy<n{W^0J6D*3N~Fk<!F(OLpY`xr|x&T-k$M4J{I$3tsRZ
zE6KOwZI3Fm<ZFakfURU`c~avxKZJFO$gV<@<-_ED=|<sT*A=$OF!qehYRf+dhu(s(
z$Vbu=2TcGmhSp<mc=mQI&~7s_aaizoE0Xhwx^pqb;541|KZ)g;!L$`kfgYA7HG?`~
z8j~t>W(Z;Kq0<suU37G)U(&~rV$v;U<3y(#L}Dy~tevbn_}<yzZWxR_aExT0L?UXY
zv8Tp1r6$Pmf<}71Qe7cs@q#ny*;HpK0-H5sQ2uL{l!Huk-*Ux2E42ruAgyr9+Cn|(
zeqf*lWj_zyS?ys33n}d?rHDKQ`IT4HPcuX$%KA@tn$e-&n}84D-C7JIUIZ2a^jP69
zWtC<>&j}4xZ7-+ay47X}VG(30LUU7AX;i}#ybR})GZq9*iD7MSPm-dWlHiec&nY)b
zec$k{@v*tn3)u1$+?f3%A<IGCQLU+!?q2Za$nw8y8Hd|F(=F2+hJ^W$)k-P+ea$A2
z7YeHsH%t~1^FuQ*BYifounVwNKJJAOYgh}o%%-z}JSGmW&_U0QNjd!Xy)OyO96lW0
zkA|f~@KKN_LJI1|kX_xmQfZHa+vhaKDd7RlkmgCcC&GMorPGX-Nr5Lq9&9HkKS2+y
z39RVMy7kQW(zOac9#OIics~*B*9W?+k@bueO%`s`uIufm=4V`w6|Ech3mu!Tiz=6{
zr|K5k*^X`R^Xir?k9PW&^fz}sxhATJeCIL^zAid}JN-5B<#i=i0p{|<S^@*p@;G50
zDq(iZa#m>WO<hl^>RY>aeez<}+NQ_Lc*~0~$ChYNZ`cP-V00NM+=Qr;vT@_}lFkl7
z(ej~)l^CvJCp(XW`NDn>m4zSoot1ub<3ABCTwb+rqJLMHe{|31zk0N~7Vheu*-$GY
z#k3Ns?;Ra(O~f0oN{ZgH>lVKi=R6#ht2$p|UcT?P`2i`*GiE<V04I%;oqiqs>hjqP
z*yiuXbpLT34e0U#)bfD7{5t6J;W<C~-y@(A+2gkzKA^%4{tg@<c9NTCqhR@Cgna=0
z0$=aGk`G?5{kY=ez7RNO`&zta{8>H8P-iXsR}7aU%@8C;L2%G6WL$h<cFb1NaXnT*
zQ>IN;-?kQ|qNh1Wfz=TM**h#!Ho7{-z{maB)q`M5)YeCbyU)t;(c^cu)$ISu07G?t
zb@faHZ0|H-y8EaB4DG3Sad86}s?*g&4KVb-$EWXVfT48wfC@J^>u_B?7XN2x2OGf9
z8?JPCKv;=<u&ebIV{)gl*2v8)#DI-+ol`Vj6vMeO`bN-AiD}?mOX%rSye|FOQ#{$D
zyJSs@Wr!~Q8r;lt>681I@vFg8JTa@!>JW;MYd80yK=J#I=X|HXIK&o34LV^Xb!KkD
z#8I*jIk2O>)rLf-rHgKMDu?LTAT7kYb}q6F&a9NZHVQ$EaHn1aYrfM!<qhsu;EQ(L
z%0;qPm-`lR4D%HA)GD&S3gxJ+rVFqhyiaRaDVWQbSeZ!R8DWb`qiLV6bKI6H(vGC`
z25x}c)=9H8w5m-im1iKowb?rLW({gfmxdpk)rRXM`^JJdD$-=7b^5)y@#*r@39lvj
zHf<_fR4gsnHB^0dj+NGp8SvhA>~O-FmlpK-Z3e6G)qL*Ya+b}EL2}DBYrRgxRuqDa
z=snSZdBn9Bvmj}OC2_#8T+jNWIySF<OXgn>Qk(NM+;GAL*ENf5t3iW^Wbtz2<gKc!
z;;Y?&y$SR+VqE~at9ScvdXhiPtOpZ0P$lI`PHFq*YMsVFQeVCp5l{133b$LzMsM|L
zTgw3lP(AAsfxt{q*9vW5OK?Hk-x(1E(^O0Kn5dvUNW8YLTG(ky;T9ez=vi>9lUYwW
z5ZOGn`*HPczbyti?1tg@=6k!=CEF8!KUf2KBi4aui>F?rj!mNHzwQBa*JR_?DT5g3
z!$`SgjnN3H3c-NciO6|+hbf%OHLl|zs9u#&Xa>B*%Cc4vuwwOV=>P)~vwT8(Z{OJH
zd+FHim{`%7`NuTiFdp>Lxyx<f1vd%z7y-{H9iphOVja<DK81=TdUE(buy0dPYDTUd
zhPBv>!m?dh6UqX?c(f3H$wf69{r#K)8Ym|iEyPXA((yL)(mtJFU?ix$gwu{w6v4PF
zHvI6|nd!g;x^PfP?}if%UIKbI)tChIZuhshTGMj{H(oQtHP*j8XwIS1-T40XDuN~p
z5P7DLE48X<Wo&7<Y?;#Hj@+oOGy?hR#tlcRI2mISTIPiEArey(bG1)B1uA6uG0_Rs
zn#%Wbq+nm?%?ytU>yv*J%tT%T--Pjhp=^Di;&laY?{u05Gbj%L@OF-bVzbj~E}UTA
z%Pc0|vOpjwt#QzMW-EQ97glBnr9`GWVHj#s!t-7CUltc^;m*&j^$~7ej5L%>9AFl@
zB)-CQaT4b4ij5xl)!E;b4svZ{oWBpErYh?zx3q#GpDOVSe)m;rm%D3G>t`V@0HdIA
zBXkrA)dz|+iVKx6lY)mvH@B;2{E|%PNOPN*g#0s{qTuva17}Wb{WQs0tvO?i`!`@5
zp+TnBqQ${CR4QBV9ho`p*EXA5sG`W>@VFQaovf95gAdC}JG6@P!t8{v+sxxPQMn4V
zY=W>ZU<C!L{!f!8=+2zfnV^ej?4nMSo|Mk4yw=IhMcQ4~)N(P1aD}TUGSqXnIpUg1
z*@S9O2tmU(*?cf<3R1d1R2b?!c1(Q$DO~&809d6jApbZGpZ;&BQpP@3rXp%uu|HP{
zJ*GNY=2sz&7%eE-s`$MD?A@RV0Y_e4@bK}b%amEAKK)wMwr$;+9Naz=p2aFSBJn>6
zKHK|$uvPN};8Qpfk4;P?hgJl@Re2A(Lx&Q}wKZAo9IDNRu=45bYX+DZDYs4Y3q2~p
zH+!dVU6O>?b>^@JN`qj__{Wt~n!sp51m)$mvx;lmFjWa62Mc@_q1_s=j(j$Dl6kCw
zB_YcQ$rR`OD|<*W5_me^9AIh$l-+YsR}JV$f>+l;gSrwRr$K|xv(RBxdFV+0N-l#$
ze03#Y`~g=GIU-U4`IX{lANW7+tH1kS)9S;#FO=$LI=kisWNJ|znu8q;Oar`#ZWQ1R
zjD|oBl!7(EHM-p}+;Mr7Y}*|mVB6TCWnD@e=fHSO+&kMLF0Vj58JV*32e?h>nn$PR
zrgGRgDFm{NaI8Xqd~+{7{7mJjZaUhg9(@niRWgXCEuSQsSxfEcZ4wb^!jc6>Vms!x
z;VWVf+q|L26FZ2Xs1aNI*h1K7!>S;Z(Ez)dp1VV~jV^=cX)?V&EbW%H;AzOkQkh23
zBF8L$P<6@uPeQ3M1N$(dEYrL|b<U*yW{w>rpABFY+-ZmJV1Gcyzi#WitcX#_3mlOL
zt3DE;FXnZg=&J2<tIG}-na~@-Sc%<SzsSMezddwsBjwTg7*~}eJ4dyHC`l&jR32H%
zy7lt2w@21KI6NMf=uW59u5#J+nu51IQMrw5x`6-!!P$%&p}ZG6)mcCtLOb$DAp>r}
z+g}E}{W_&*AtC{K5->q}lHh*%g%Ql|+u11G>h-q(PeZ}cv+(3xO6crsLe_@ev-U}u
z1gEw0rYJyE=s+a7I^sdz{W_jhCbrA!udgiT`D-`=DonFs$Y?6KrhTaF?6C*urs4O?
z8P!=6pXarliCNMQC7TpcVixDhKYu-a2sMJp+=B{RSTle}GV4%%_k9;wOh^4g^VZ0s
z$rhh8H1bitzS1m}ju)aaQ~K9D%iy9lcU~?Z?iJ|I72i*S1E+ic#AJL!8vA$nW*5tz
zRu{H8NAo9&(B$4LR&jI`RKGzp)3Ek26)M;vTa%Ibr6p;wF&xn5pq$u*R2gdf;4`YQ
z3oE#|u&ytev#1Vem?^9e)rKWUW>mz%#s!FpvtgVTj$BPy-tnwwvg!96D>i~BP@WsJ
ziDqmRIAb8vYUp9BF3KG^xAf+JsbjTk8O-6qLvvXNER*3B=vW{>*ZXW$Hki(IyntBg
zX57kHHfyEW@1oVpt_BFAII)N4d&POE9Z;N`5{TkP7M51zp*XQ7=TE;zn2K)%T2Gl}
z%%<f(54>mBMqS+tWmlG2A!oM_Ss_2~>V<l`>U9Gx=GODai>}lrQ)v3EsQWGG`c^_^
zFZVO08b@VX>ID3)@ha3nW4uTu06_Szh@6Y=g_Mk-Jg{ZGk?A5*l8U@e!*9YG9Et&j
z;T(#^G<$6m2#j-^z#Chael)?w0ika=Xun*ln()7#s%+xlsQZz=P#ckgr+51vdWKua
zsRpr_>FE6y5NNAbgT{?AZ3g}hB5AWq;d7P@U)Tkw<)0+sUWW?GW?B2wu^Su&nkbjc
ziD!<R*p8>5&*49o228h}&%C3(hUGk!8@@3&tYc%Rgt<CNCpNu7*RQpw)o458-=bnb
z!ZqM^8S1_{*tk2uCF|59I&d>4G86Ry$x-QbvExSKJ($OWtB+{ZJ90ADW&=;&aQ4aM
zBcrp~QeEg}4o>Q+BvmcjKF9cEvr~;NOP_ub!nym5$^q_zvme6#xi2A?+VVH>X5d}?
zg}=M_4Iu$qsK@WvZF~cO4p0#0>y-DAs2b%9IvQk`TlKY5&_z*YDRT(ks+sJ`UXR?z
z=6N;}xszq4W~(yA9v6#{1O&jOS<DP4&P?%?S(29U51U49%?xx+c$Rr2sF^WRayc09
zJ9ITfRvf3u%;|qcP<>)muE&vL$Dwjy`^~9n$|ddpNk}pN6k$=7C6yWrWJ(yJkOHHv
z;cR%rL8NAKiLfJIJup)?cQu)<xUj06bnaz+1<^OQh!8Y!OrP9EW|kW?C{KWPEndPN
z##y)EsQlh93-lV+7{>ocSAO~rg?tL`YY3bd(~Z!X&JN2H5K6NmqN8-=NU2glZ{H3x
zV1xq7v!=$i1?N??aG=Wdr2XMNw(!isa%C0s=l;=D2difH-6oh{!m+q0*is)D1naYb
z&>BSMkQJS6+nbBLGFfi=@U2Y=FZrm_SEF6RkZ_V;IbJh90?1gCSnw;vCGO|M8k6cT
zlY@x1L4`O%)8(RjBM11O5SE^5QtOz6ZI{HwZWARxXEzRoBjUoFr|OGhWUl%CTKbL!
z<P>TTW4ROh23?ISL$=rJ{Wo1F25tw9$5OAhh7vn6{FS)RphRvD#gRK^J1qXLfz}$b
zWi@0A$Sj<`4|^b&{N(G(3k?qMoS=o5HxAE&n1KZJ(TjMfg{b71oYQBKHu@RrzN;`~
zUAUx6B+}m^4)?3rmNsLwxCyIV*_$O2x*z^<HYJ5k-=FTSua+}5BZG}y8)@(vvCqn5
zrr<In9^)j9z+|~ksvpj?T2~$wUvQ^Y&sDiC>o2MwsVa}EAKT_TT2}-AC)hUE>pKB3
zabzdX#YW^aqMumG)I+2P+`%Z-a{}gQxsJ-QtN2@#D^8M(pDYzCpObW(b{5M^iIEa8
zkQ3ybZgEm}$^OaAd9h+W$Y-b6&Y$z<5vNV9^g75XDJM#$6$UIt|EmgqY>$7!9f@AC
zs}uzF+Nis2{^u1_-7T)RQ&4d;ca&QrxrX+ho`}7>#)<VuFQK0Ik(E+QP%nWA3Ly28
z9q%SH+GO~@yIz955dfW<3(HPwK=xu}rOXk0$?kTN|F5Tw1z$j)KC>TqI$s($9*#}H
z|MwFwAtC}d@Mm9yS9yS<;0=5oVAQ$$NZi1$fdEEa@HYPZhp;DLG)@5IFps?L?|3>L
zyO<=Qc{8&-YcHpoekVyh!P!bcnCBjjta&$cOE0H@67L9}PE=(xeaRoSSBs~ucGbL_
z<t3L3rdgK@b7-%YYN+@2oU7cLkF}Mr&EH;Ifaz!D>+-^TxHA8LGC(m{Q17Lo=Hu<~
zdgtWe{mb*h`+2LKZz7oAt0l*X#0M-${KH!3YwxPV$*T83{^Ap$eYe&DbWH~Eq5#0F
z+<7hQE&l)Wr<Q<C(@oVgoO^|rO_L2|*HU-O`U=4RfF1x1OyVM+I5D;Wt-)YtsP@j+
zNVEVJ^Icf$RQZHU4>{;EIf)Nuk{uFBKI#FeoR^cyW(@ujw7`VpisdmA)@$c>V!1nL
zV)Ky!wU`i;7-h#;wf0_u`!pL-yz1-L_ROx>4%vvETLJ%uD2SZz-xR#xmbYJ?U`%D0
zri){X`*24#yzJ>Nej`o#rX~MJ#04c_kd+MYWk`5%%P4S#pPVrpRL_h2+odXYK4ktJ
zHfL4wlqMP#CcC!wCNW{rB$*<23O+~n+aaMv^KTZkZZn5>%<AY<zF}|lo~V|UNNOEQ
zgqidj;Wb$|!oqy$YjP@tlELpZRjanUugbau&g^)lFuENbvuikO11`q=yrbu!U5E5$
zlb0O>!8?uxs<A+b{>Inmhz1*azVD;2p^gg&1-Vf`-U`|NqDm#ft8_V1B1<_?lXuxZ
z`@p$PxOID2NzrV7iR>v!^ZAQ%Qcg*~`h4YSx#P`#QfcE<SxGJ-wa&$w`v|?>dQi!U
zLMMEde<-XdpAmi?OHW&reMT~d{?IS)e8GqQl%Ho#AFB3(OcuAIIL-^CJTr_IZvRHI
z{4c^!r^>}ndDYmuW`{9*f2T0V8*NPwJ$-z{{CIur9e;WG@Vo<1Ccoy9fZ8|0m|$c9
z9;C9+fni+AmNrz$Cep24=^X)tckCLkspFmf;+L?unq|#y7YYGq0^&36U?PHHhjP|g
z1kx@)-xrP=t&Hlmc?Q(Wtc35`BR%Wt>YbgP&bGF13?{KeBycJ_7AT-96v9hZ)7^Ab
zbpJ_8dZXsjN$`u9jeAbv)S#)bwfy;_Wx2Y+?-j;p2GXz96yL08Q#HSU1U=V*%vRMg
zZTc<s*vSoJWkf$_$Niso4)EisUBM}H?2u!)`}~UDL5$=uo@O_5VJ)$5)W1fAuSApm
z<{;z;NwBU=Y}TZEmO>>rws+$7uM%W=&0Ay!ea*%N1ijWJHi*ogrCwFiIC6$C(^Al8
z|B@TY1~77*$k7c>w@&}!|3Us<GS|>GL>S|yV@b%oT`?_ICe-V3{o~Onme?cVMx;lQ
zNm{6I51L~UEr+MaV}B>G=2-falvnpMhW@wK`_AE2e$o7zU)#$yif(?<xrd%KEivut
zh*zjJcL#}((ggTXK!ZzwRMyAkGU_DAPS0igle_kjo@(Qt<<#Uk0x?}KRU{wAw5GAm
zn<+_Con*C;C5fmEif9Ny=-1LJ2-4MfE^({i)It>V4pWeSNlhG0gg-RtA2}4cx_)9W
zCh#f#zCIQKpDI3<Hu#;K?-Bf(pAUZdpHH<P?p6WW!_1d}UC{}D65?T{d%R^}pYh<g
zZSTBVsw30kqV~3`ZyMM3Pc_>?-IR-pW1%cgU)+-N=!8iLJY*EBz#aB<AnUqxGs>es
z3Pru3KyuF<-jjfcE&<y#%!;eAPZi~wB)L!LeccM?_TTJiE61%ActPkHwGI1qU9DY$
z4h<#ZVoE#%RkI(Q^*U;zXHy9cdM!xedP)1A>mWQTPuc%*^8<XJsu3~g4v!~cn54q(
z|AONjk(?O(`H~FB9BTsNNDPPOAq_C+dQg8#ajUJ%T`Gxs%5y$kn;_+pserzyihcLS
z?|(5f5@zoAbPCOP^<P#y0qoWhfhR?p()_Z-W8KGrc5}D1&Hxbg?dCpGY572M1Pu4_
z^21}RqY-d<I>i`D*vx`b$|(-)^<-3*$06R!cH;|m&ss_avC;1<5<(fFDp3$GS>JOS
z_`mK)_TFx$r@MVPKVSHN?l0wuUq^npezx9Xu4DAFb8@o0enwpMc6M}s(z1VEd8r@3
zA68;ab`mc5TW}6PKV5o4)h!R|b7f%LFw(8OqY@!lb_i~!PpA3$+NE2tnB|-u*dmGX
zpIy@k@11gjMhO5J61XBcry_AXBUGcc!@oXdXzf*sW+;?%#l${EZaoh_ypK5w>{c2y
zVs!OwC@*P)s`e)8QMS{BXEPuN@U~Wtkm~{!U|{_=K!PGbD#<yt3%iJGwMIi1s!+v2
z>BnIzVC7CuU*pP&q8u_-;xxr>W>&x{awBMj6Z?ihfg3Yt-pWB4&Dr|Nd=0DhPVB^z
zw;q&<%4!u7WyMdqzq;b2LnW1qVE&_o&v8wcQ_1TX*;h3VFqi=;a-#I6qk8)?1Oyfa
zl2++#?4)ZmhHTvl^<1%LWTY`jNh6C{1V+*^^NNzh@_{ecT!Di4WulNtXfYy(cHe(A
z7L{Qj*4Ybyhfh$~>t7X_kGqK5=8r)9)d{Nkg3z52KjjMUMWwYIg3{~=tV}lzxLcB~
z4M!~}3d;O~;0Pi>ey2>A)UI8(lv3(P$x`To)rQxO?Y(6lLhK70(`j(=#=YEU8P7$G
z!ErN1S+3Szk^1DFu!03#py2=7T<n4ia&UThYwy7%NkWvj=rZ1@dKuTVmwTBtO<1~p
z+t%@hKHBpzlAewVTf=TdnYosfGvYYMDsv<4CvO*(cN8|?%n{HPlK;#ur>#k!@#OZI
zp(WU5_NVxpU?L(JJ^JNRD;j$0Lz~v3Y*ALSG_(?1P3(a(0jV!qr5UyG6i7;6*x}@D
z{&GVxO3ni!vydjm$Iu4<KSa@8{#XQNcIuE<twjvff_pyc#GZM8kV~*8uQp2vN?!2G
zS)Ty7YwMdO*oR-y%@nukW9*f4vgD@DHvvh48#61`FwPL%h#nm>uxx2bsx!bW<9aRA
znt@m$ScX}CfvuL$Ysnz$tjMWQ;}9-*LJKtITuvWx7N1pjw%sX#@Kh}sz@cK9k(8<<
zS_9e(^Cx)^)}cZKLD)Snonnw?CYl9Vpcw`4Hn;=ePl<kl<03V_kTO3>B-({+c3D(s
z-B5=FSbV;Q`+sKaec`c8c-&%34a1F(K{<T{AZH?A<aBxs??zhQPipg5^K?T1c?#dD
zUkL<qBI3Tr$m1O;F73a<NOW0=PJhxw7MoOY;GXNskHC!JK4!PZT+E7{k0h?76vQxV
znKCpZDHb7Y;;R|2HK#y}lm$rBgC@Gd)FU%+rCMyOXV=am79LP5KFX3Sm<%xPMvv*$
zY6#7A4WZTF%(w)U9Wp|jOuwn6j<+|DmEmI#B_J=$XVc`LViGB?itL=<56*reCS?|g
zPs^d^ng(9CE%y<rD#~{4k{S%6v=iloN0KQULGKoZri?3#^-|G%Y=m6ME3eI(PL=8c
zsbG9Z)S{uC91cb9%1p`h;vZPPx)5;~hBALlAxh)9+}8}NGDI$}vxtAEJDv%DhkSf&
z)P!m7+qiE+j8KMV<DiPjw2sCMof>O{8T`5mn)vdQ2Ia~}oxyOF*`0cIT)}@kb`Jc`
zNO@-+am}PH$D(4QA~_O~_s&mC-7e=x$TT04c7XAZS*yl>dvMtdoB$*SC`j{4Gu><*
zehMZK7ucu!Qi%oPkRPmd){$57)aeQ8YxwfS!7TCrvroL<Ov3(Fl1CKvTcDQgvJ};+
zDhCgHBJf$AUQ-$xEo+zq*?>!v9jB_JoFvsw3^{YICjli1)P(IDeJ~hAnki5nsMwNq
zlB+~}p<*BB|FQOt?Xfjcw{UFRww)dA*vXD<+qP}&*tTukwrxAvZ$I~Q&h`F*^P#&}
z%{gjR_m^I)sz%Lmqj7g-X=<|a-UQzB+MqWn5hv#6KH~z9e-9|V?IfTt``Ew6>059y
zBdT1nY+3O4Kog!)kz|IX8G6qpG2CMc`9gpW9Fe*7SNN3QS;qGq^J_kj8iy}ufO>jd
zM46I&h-QAkU0dadh$+bFg+l?PsZyZsdAsjt=I+-ArvmAvS{X?jR!6(L-+gMQ9b>+w
z*qguCjD~;L92CcnkJYWdY0QRVMk1c-(~G5$WegF-X^(;q;S*`jU0aks6q^s6tdeOk
z8vfH1&-a&Ok%p!idw3<>S#$p)&Wyoda~TTlV8y32AYhe~O(ToiM6#@69hXub*2u;-
z>>f-9kT<}_$P;7C%$=~l<J8{A+qGJPIMvBT1fTFrOq@fsvf|eLQGU`mMVgK7xl$@t
z*y#6hwT3^%-&ew$%PI}1Q&GF@@*l(%@<5G90tsZAn|4h}qby!t!-T*`U|Q}HZ1!!V
zaH9CW$+q!)=4bQwA=)BB?fuEeqkzdl8evo!*1OWbGV@t$`o~3OU%z{5pIBM6vVHA|
z8Jn4D#42_zdLpr&PF&G)c-LUZs`U{;8qlL<b37P{ZZ!macNVmVghPnjA|avt@$o)P
zE8uUuNjK>~ANgv%G*K2Esq`nJHZv#u`f+nylD0@DjZeH)q9xuzcwbEnqI2xKlLLc?
z;L!r(@#<L1E}hTRNT$3clnt}uchJFIF6pI&cr=#Iq`*>GL1GTZC@YH6PcT?~@Clw}
zdC`9nmk|Xz`go<v6n`b;Gp8$3Z2u0XAF!bpA(huyPP6sX`~>oUnS%tvIs*k-5hMhv
zgZ=>W{|%If{satEh6rTdnDZM*9~aQD3cUm%gb0E5{s)B*K;_o>G$I122LjOG003@2
zBG4L)50F2k4^ZF9=zlbQ0syQjdAI)-1fXrkK*Von!O$QteF>SB`=xq!FDOm373h{h
zv4VUHsH}%E-@z;NY^-y(Kz^&_#Y^M%FF%R_>~y<Ri0(nOfBN6D#;b0JkADKkmm#cE
zW2;kr*z+K?Q|+kEwu0@mE!^jN+hT4M?YBqUeB7asAIPgm@*s_7UIa6&xV9IE)TJ*)
zc-B4L9?&QuU`1lSYwCGC{v&$91D&3N7Jht-W(2m>PeO@A0;YFS3+~y<)V*f5mM$qc
z-v8yze7x-WQlXhbNg!S7sp4Bd$MD~!9=NS)S{X08=#|dH^XR7ZEkpm54tesl2L~dl
zoOS4;<9a@0iamJA`QBWE*WwNzxJ(*HXukC+lA{;idmaJ@@#n*6SJka`n1flw;}Y$v
zx3+__ahokP!sip@-V$Jf!t2eJ02_dsD=9>y;UKkKg%^jC(>o_V{<Zt-@DP(LB@&AM
z_lA{G+8GyhX6(b0_fumo_#ZDLcn%JM<w`C{3|%c-dl@#^Lw$>Tnu<$K#KQbCD++CV
zSmj}oo5H=h>J$Slh8uDb>sYAu$U}#Hj#}HW`*NYC7pxp~YBkX?lWT-=7(~<!>{xV6
zZFKU|8@LLg{cqb=Fl860*b5Y_=Vbhx7c97E8PI%gY`a3xycP(47r1jS$Ic!oaZ&9#
zMdv<6?K(yGyoDPg@;##dKgV}K#S%hLYFZ@T3_4%*_}=u}ZTkv=@d$@{>xFhEalU`k
z@(N=owgLiUI>2#!n7NTmlohgc65tqbgbwu&++KWKh;*u=>KoXFBTd&hm=-H4B;A~U
zlhe)$z6E-O_4(&hzTV^&YCg(foFluvA$}p>N07i}E1bB#Zz(xjO<Dz0tHeEC6yv@)
zF_#D4t4~mJ`fs{iwfJum{+Xz<0Ow4(S4VxTtXM_y1g9-SU^k_1NZ-z#%n=JtVs8$o
z!Lg3%=LPEjYk_aTccO50jBg`(X;{ijt5B9xzg~id0lqA~Pdldo!!K5}C?^i%7i(Cg
z)^cDKfa>UF?J!uMNRx-ZtSCMVgGEeH(Gkha$<9Gxl0qNNRjD9HW*l^DR-{oE!~uHs
z{k+s*OWf8SAv&IRvg5Mr7jHvuKpYLwZHG&6FH_C8RuC-0cG<{OpQhU<%sI3Oux6=r
zdoz3HX_$sV3y$C`jF6k$+(b80cQJ7&CCPzHKG8{vG10;{vd}}*xl?aV6xe?Ho4=NA
z=9~nlUSOL`#j$2gd9TNuh>++)P!GVDPyLybz59ruRt>0X=$0dj)&H_h)isTEg39~~
z1Z<o8d3fD_Ubfn}J>yWa_HLjGW4)nnMX~ZyLKP;?6G~lL@mHGu;<t}C%@ZiJ>rV-5
z(Yo|V8yhKbkj(49NOTX{QLFg~N!So1%1BtTP*NkTxh3)|LMoBK5NYeDV#<{)WucW2
zKMSOvN)2^tihY|bQwFP{pe<<k4@^oWecOc|u%KyzQv(O3m`v!RKV@kk!Z#zBz*0aW
zUULk0<88(YfrZ+FJmE-^(ibgZ69g!017WHXu_x|9$hE^8n4oQ_Rokw$?b-y|jodQ!
z&!k^%ec&XfLBIVJsijHux;)?QdOu{P_t|<*z0vjH1Eh3Gh+HLXYZ)(){gEXmN;HDE
z2-e+td;`uf#sWU1eSmplh6yZnB`r%)wzoQzkV??~y_yx7WN=c_$KL25&d5IypP;`X
z&lr2*v3WUGX#WgmIh5Pl7IGf*Om{wE;Uq;CGB*p+z88h-|AHN;*e(xxJzRnH{nLbX
z1J$0+b~ub67Q?hm*rt37U#W2st2vtms%3juQRlH^K~vF5RFEvJo&}AVJD&&Yxy6cx
z!?F;P++y>Um<@_1LA!UJ*`%r<PJ|0FUAfErd=p0>cr-TF_%{YeLiaHOtZ`24d+t*w
z4J_b(U^oC`UI;CW3QUc6Uyy#j+8?}SpHyM6T8DxNS7!8Y#7}1BW`HiVGgD6|+;j2=
z&B^%p@%4Cs0)ZtyE=O@>i>v=2ho)Wwh9xqd<^X@ZsI&w1NpmQAvlzpCmvQVS8Uq?w
z>C?Cpnhvjfa|T0uBv)?I5*353_W#tzqBnYlj<(5@)8B&f0Wr$$Tcc#M^{SK8ze2_0
zJ440N63FdqgZ%&-`5kbdE~fJY9bFB;0+O79fCTb?iF$lMSc?D<bQ2=v?uPyV6I-HW
zstNlYfDFKXQ4g)Z0P_Fa4ITgmjKdgG8vtO$mfW9Jhz4~01QSC9aFGK>?3Ed&iC2Lk
zIo}<ppEYj?4`2V1AY&9QXa|Q2hQTUNJOE{!<tq~MdD0z|j(};KoWi|64LLYcZw-AF
zmm$1km8Hd_(#^J{;mn7?6crmJxkc`%)HLo-PpMT<Oa@I(%8JSxYm(^1JaZ;Cw#$PJ
z<<F4B-)PFyKwBT!@^g{03o*GsP|0(8Gi|_g7E}>N^q5^1r>*DfT=U6&5+<l<ZM^RG
z`11GT2|VDE-KaMm)I!9T_8WgJP%i2po6gC<AHe(6PjRbyd-<O#J(?CTqOsUHi3TCf
z2HDIn1<POiS={4H@X#FLrv#}?s71D`#KuUUTHUvKk@*Fo+0k2SC;Nh93b_X0LchT1
zs)zyizdA2m=uqqd4dy`?LLqT06y(s+^znNHhaYWvtQm`g@K=&acSE!o=>7^cFxh$%
z<VkkvrOTN|#eD}cv9pn*azFtZHXG@JtjEzr4KGt1yrKrxvp^sA2>amk!by!Z+AJn=
zj0|mC56@ES5@yG_7y{f>6x5^zc7kG#{In%yezGK1#lqsfbMt9QA#W7k(wxJT(vJqr
zA-hpYay%BIT0DM%IRe#YH2>2y(+r@XQf>MjBulHvrkUYjf3Pq==d%S&jJ|nx2gHzG
zomLTEF!tY$8!ar65Lq2y>6>Lic-FsSIdR2tV_^RuE?q#WAMIE-+{--B&&6VXmU*bf
z@&|xJoOT&c9BJc>*P{r?e4PmT?0BWT$>R~$D^z~pTMGDfZ3M_3sdMSC47FeTM?h77
zn<~yq{7-${$ReV4Lw<7SaWVaLATll^bL$&&=9Q8V{}6k2(t`x4IvRseb6sOHN|}BG
z0`6n*DZxU|=?Ddi@zUV<C5B7bQ>J~2EqNnVyl3Ah%7%>+X9!^?8x?Fm??5W)^Q;o`
znXe7{8WD+2`lqIPJVw=I#)&dL98-CZl)bPQp^9w?%KzrlE9A60_Q36p(u+h4S*sJN
zhncFaEv{uQXI2y<8r%EIs{GC=YM%`*-We3xLCPCRWYmDOTGBIU?@KIIM6pvh8A|L>
z)AXSC14p)u=wey-EYkVz!sC5LYp$hs6d5HlzBtxYSZXP$1E(TTsdBaH_jqQ()VC2@
zcg&xN*Q;;Eb>3y|XxJFM)#(ecVFYjC-il!?-u?X@=+1vwS;$ubhnbnCjM4@eIHur@
ziQFlk=K=2Xrfeg2u&$ZZC2*0S;2P{#Yzu9X&wthR^INytgW<z)oO0HsVAczCq2Za)
z{ILW7g(Qsjo_UaG7`tm8SDMGR;w7Nmr0xX%rXrR{2@Vil(e<ePV;(>Cae;?GoKluS
z5AXh^c8X-}<>By|+WD{Nb8>jOGxL@Bk7Z3bvJNjnwsNRN%=E-9%Yh@<3*i{8A+;Y|
zU)g@4=Ras$T>R8MkT?sm!6pAUQqW<JE-pb3=|#-)y%52msONBIQ;zHx-$2H>t0Jyv
zW&M&1uj&#81s2gk$AQ?EafcPzEZ1@<r-TwRn>_~esvD2^R9nm0xL8~Mt?jQ~eI?_h
zHw;njk(GptaH67F(Xi}Kb6D|budv@iI84j<e#v{UapYF2J2j=^TyjBcyEf>It9YYI
z%5_8%|AMI_8?E;zt0FTUWfT62`Q-5Tr+eo_^PIS@2rcvIHmtq96M2?V2vZwqYp{zm
z;zka@<PaGlJuFP)yqeC5`rPWwD0lF6Rj=p=`bbHppwoJBtx^;~BQn##1S-vq!B&}4
zl#`4;1QeYF)v4t*yx;~|UZwce)}P?@67gm}A=@*AX-vn;<OK+_|N8E07#5#d&a5cf
zU=DxgsZ?h#1Qz%+T31DE%~FS6yQcL^ZNBWQAuW<>J>*OCjzysEjN;DE#|fObrwMsR
zCIURUM*Er)IbY1zh;+!O#{UfLuS{Z|*Ac!hQI_OQ%a|A`-MV~MfS4cOiDipndOw{=
zyLNWJx^HxTUF>k7wFwFM?+>APz^Yux@*Fo#2m#|4-q{DASq3(KP=lSi6l#@rnn+SC
zamgSKJ`<L00Qz4Rx~F|pkQ5|g6hFFAvPE3s#;GN_(TTNx=CP$<1}gZV!^j2=Xs&S<
z5*Z>B5mi#^h7mpO?Lv(6>AL^8wo(D}%(7-sh&}SbDX=Y0UOK4PksQ^b5Q7%bp<jt6
zEKawQT$NXH9O4{v-J2KoggN)Vq!GU`cE3;ZyjL+h*>yP6{}PX9QDqs1(DS?UpS3@D
zzJatikl9hw@~5LU6{cg|))=TJx5)xOFrNdLH^Pg77jCmbdDIDV0jq|{!conmP@7WE
zs-+aGP@$|G_gy|L5yqSv=}(Vkfw3E^7u>aecy#NElQ0oY+@%FKmpULXQlOTgmXC_-
zJXA?zXT|XbRS%-GJo)ERGwjv7Yx@)D2f#9odFQlI1sM}IMZ?l_vpWDAj-G}`K^@kS
zNe(<7sNO-tbLnm~DDqh0AL(2BReE5ZBwGAnL3*~mXO)mGd%|rgF)V-ndt^}8kD6?)
z$z~)2nTpGqb6O+rDZ-7Q{1rrDn2#33P02ww3y-WWrWPsz^)@w$JfL6b^x`+7bTB+C
z@JDD5<VN;_Gx~x?*}Q!ays{{!9Zj6rh6ul_G9%r>8aYLg1Dy5&2s+WAjKbJsGDu-t
zZhxqayzTG+<ANpBa21$kXGj}Kxge?47W0p_Y(8L3;X9liATvi}AyS>}U)&1q4>q?~
zK+bib;gwI>$N+}_;`t0zK^1D<*E%ylz3*A=AD*bh7ak<VPmU8aa2UDScQuo4F0xJX
z9o$1ZbHgDSS&hbN1{bg7!8-DcZM(RJcQDR==V7f>+DDnDL^Dx3znuOxNrLZtiDu@e
zUJ=?=Iboth&J{oBO52^ANt0=j{yJwk$OiBMKTA~vKtv^G>6X&<{Jw8)3b=SAWH^)(
z`d*<*x&ETi4H)wtcKKKtfSPG(Q6Z9NPhh@4A+U4LAe(5QzrwcQmJ~JTi**r6Rd5FL
zwfNB5U~SOA$dpRSl8d(&s!<a)y^T7KW<J}YZK+zd>y2}3hax~<OgV59U^)CEZjc@g
zD#Ji^)l5cF0*VsgfZxHYM)+N+M8#uH$QLua)jh`2ZLoF%?~W|!Vzp9n!j~>10TS5Q
zdy_VCVK&zW|E13GD&(*V#Zj93l<~#&B|*MfV*R~(nh(`xpt7(naJWslBFarWefy0t
z;*Y!AQi%?&AeLa6mJ0KpQxQwapQhPwWpcW_T9YJ+a5^kx6&Q+mHZ63`r|H$aQCQlz
zMK~#f@#aro>~)7x@3zC6L!&tixAm~J^iVSaZ3e66!CQ2o*m%xysM`E06|gCmMZF-U
za{}k?kzi3@%Iw#d#T2>f;VQqHT9&c8!Ey}x#JOjwGN`Gx@z&zmb$$7=t+y(?``vu|
zW0`mRb1~=?_jTLZ3y6N+)K=%;{%pAU*?{}JuJ(LdS)Kjg1pWUep8roC8jxQ$19S+G
z_A~V<{kW+`=)uA-yZ!l4GFM!3^V<gbkDxLDKmr&lbzoIs_xt((JjedW$p@fj5CjA#
zm8${=nUyvg%-!&Yt;?{?NO!w6@edtYh(TuX=q$+tt11w$wgBt+Fe}iqOF&Xf>s_Vr
zNoy!1^1xb1(4x~=9Y1#^^uxpGb+GW*VatB{HiK9lH`^UYBAp?UBgL}hK+zPeQ&<ic
z*ed$0*r)?YjNuOVtyu)5lIv`wP_!XQ>k_qL?LL*HZ`YKH(1A{ket}168PLdoz*15E
zXA?vLenpj^BL03U@iEM{z>T$sRPlhi-R7D$d~;s27q}Hfm0&egTfTPJj@5m!ci5?M
zEyamDZnH2?3VDs2${eO<?wAB=nrS|TRsHCl)jVZf5!IKA!kmsOJr6nrN<KUjFOA!5
z?W{%7QYVR((yU$0x-;<hiibv_0nBT8npiFE&m39-YxU6m@}%ECdK|{5Yf#0E0~j+~
zsbpl1WiL?Y&6hH^2VvS|Vboti!D_vpSb!6!ZNYj)#y<m_Uj`$kkmrmICro%<xiOXG
z;ig~nP(_u>H{=%RT~w@0mj#?EC!W;fj)8`4kq7vGOcEOrDVdpR;d-r1wo1xXvQ;!F
zSb3CP{Tdu2<AZ#Dlcf)!ofv^pCtfD%G|5v^FZ!B_D&&H1OC1|Jx&g1h=}X=03?o$}
zL>`2ytt^Fq&ufC~ho7ksghDL~o>w<BIs5(FE$K{1B+G=8*-=z^d_%MCQkvWpdRUAl
z&6@I1JvoY;ve3T07<v3-GhG(E)aWph)KWfLjz199qjAGMj{qvDAd0&?97id{#Sn>9
ziAm-J^JR{tuLmCshE@i}p)`!8K3#Mjg7%sm7Uv1oS`Yq(OZO#sQu&u{h^Do2Ko&za
z&r(KTZEt|rUhnJ9yb1zi{RCpf076e0iMV`;bG22VyrkIK=8=mIM~FU5IL=p-9|cJr
zE&Y3qgKUfmluE^KF6XC}x7i8!mh~I-h0I#~<t6SkZ+At)ibeigk_nQ%5I@~+K#`|@
zS^yLBPVF;RmSSE09WKTlrAB2+tfWI_E;)nhitX&_`Mm$Vw7+~0JO{!x=Q4ET*yH;F
zK{LkxHU_%0u9w6@$I@&B^xkqS&h}N?Ng9ci@E*jVUm64JH-c;O1jUQ(dB~2FSVhT`
z;NcEuhCyt^zz2y3yXW(R$8Jg8P4VWF&ytO0+hqUl3Of)N#&mDvOGd{aqzn4PexbM^
z`u)dePJm-T+ubEQnCjixk}g#ZNEqFy+;|Z^CxmMK4peJ`p19G=5m<J*f}HG!>l}k9
za_#WLb16v~jSZ%Zo*xa9I%pK7(EIH;+${7_`yyPFb-sh28B)MVu~6`I`5qmm46%ed
zmKhi{3vnP*b^p)7)n-)O-XVXhDESrcUzCAAsjAoTugXmUTc77Kp;43FwYq+~6$?+K
zpUK9>MUTR))Aq83C>y_pMF%n5+6w67)VKCKo~Ue#vqS`#li0ZmXm3iCG>&6FilHG-
z)>@i57tUqY!-dokTt$UK3xpw8LIa`N_|99%`hgCtq+O|#QvDZoqTq^~I>lHnmp^%w
z^#h#foumurn=i=ywD^_Pv;#jvV>1B$5-v%R)CMB{N50QLwx?&YS<ymFBMZvhJ)Qsy
zZmiA~%mO7L9NeOZCPe|GKQE#t*2`}Yor&ql+gl`AB_IXP8w#GJT8NmU$A1^qSJEEz
z#)Nsa$E%Ue_bTXEEVt}_@?1p8&L%cYtAMOT%fg8L;~roBns?eY5+#~Fc2s!{y=;(z
z*=AUJ>C~@x+t3?G$v1RVpB4HBp~UL51Bz)uJ-i{wR}w(HNG)f+K`gfW>+jpbxp(HR
zLgiHyvk;sEe%hekbkv$BbVI!peJx#B=F1eSXnOa6@<Z{@_{j*5Ip%a<*5)2Ih-eqm
z2oW^Kc-6M5^C_GuNAd%nk|_(DsdfdiHXQaTqDg&iXWt)_jG>ztBQ~*b8M~mBrDT?M
z273~96w-+?JtoiWvc=FKwxx;5s^rLUPGt#~hEENpJ;Fbg%#}GGpx)xkQ>ylS_-wrk
ze*gYmb^ADxw$^ig{Ch{E8h)1GUWwx5lFYuEj*(7iYMJQN)RDB}Z;y>b`~{l$D+8D!
z2wQ6E`TIsLAGc3m!V=t{M9m6O5xtfSr8Y*a_p4(Qu1nfj)|IhXA2{?JoOrRDI2Mxs
zV=uj0p-O;_`HMKv)=suUn-6rd1l<aXz9>!KZjnKYo+5ovre`6%+36Or;WjfVy*f79
z`dsb-xyYMhz%d@b<LK~uR2*46|5%LdX+nkM(+?i#@XRA6-e6;mLUEk#(e_5jD{P;s
z!m{h5>8@@vqyTBI+@gxZjtL*aHfF}sX~a(bM3+kugV4Szor&xJ4b>XbU^yYBx;Q}n
zGV3c~H{E#<`e0y{)-!*^@%J5>OYgZnamHrEngIymsZS-Iv@Wro@MfJxm9Rrz2X(Im
zkAcao(3NH1&@mVhlQ%-Q8>m!lM{a$Q<D|;8sb9ZM>I70B>Co4&c&fg09?u3k#qg;r
zp8~iYNo0j06K>iGMSnxLe)jI#cGaF6;~G48$7gcWbvd>vZ+%7XGzQk2@sK<Tbv|Lp
z!mLgK$wX1Lq2$>c8L7adhyuIY0G75l(L*2m6TOJ#P!mg6l%BR6W34HE=!O^?N6kbj
zr8Okys;HP99expSxDEL94G9~>5!z2jWE#)k>Ek?TSAgNIZm2@+*MgqQHi_zTvT`83
z32P2}%O<n+HH_n=dF7lpD%0IxHf$x<5)Zq=4tUnPwmd0WhYgr&O56~mtfizDFzd1e
zmrmo0e4LqTdd}|3vGY#W%UsbjlT?dY3@6y@m(Nod_ITK8rHxWXdjxz~w#X`G;7)3d
zkjyBl-en>)caN+FYIIcD9J7XH>GuQJG}q||4x{`x@@Z`Awtmc!GHcXC!FKh(^Aila
zyTsnJdZ@lbv12osJGrigK;|m+&(5;EpjCBy@LNUry|eKCHYn(u@@gW=wpUG`E<4K<
z{u=lR((BG1tN1IFG^-7Mhck?Jwf_MB8wU@rZSIWs2R^Q;ff4HzjKN6_YSd&pBO?IC
zSv4ro?C_OW1$aV*DNK$6y@j(hEXO|AXvaB}^k=p$C~zCb@ACy|#kvcL!>tFM@2SOH
z#u)%H<BoQgo*mu`a`u5eexEp;SIkA5(Xh(2sdh_6TIbPlW$h*l7;8f?9J*5~h37F6
z?3Ew7Q5=r_Wt=~@tCd`U4ee30S<2AVL?Yu<re?}`>InoorB%7CLHdwUW+#Q$K*B#T
zEDfsPh^5F`L`Sryj7qF~1#v(4)jdX!Rv78WrVd8^eU(t;Zq~7}O-h?S)<UT+EFU}d
zR8VC$(vn8cGy*hplN+87n{w%?Ykr#WlhPahXLP8JC0yK{{2YDd!qvri1%BfApx*m$
zZg;sw>svkiUjH((j@knvTO(sOLHgG(!sjCWW-Y;+?{C`15G5ubYg>Kp7B-qz`Mz)u
zKih6mFvzYmI)}iF821g=jHOTh%Iy@rdHNeydr!F0QAjguP%=LVF_b5&hKUhc8jl}V
z1c5}<Oy;4s363r@18nlZC-qR5RsUAu9!nt$IqU`f#8nhv^AP>J_SKj}rd^8b^n1Vg
zy7k-sKJWeR?FWS!k@*KYp9InCAJ5ep{N5KQrp!CevK~3|1xzv;SE9&{sdh6ebrQud
zis_(z`hL+iw}IF9bXZYgtfV?}dPOPr=2J-BH&WJ7g#tpdwfI(#_v!?EGo>pk8E@-)
zdAC`wv$C-X?`8CYQ!A}3+f$Q2X5bP%Q|jvIB53MfqP0`v9D3RE>SWxxGW~Fp)VMn%
z+=8_Cogr|R@ZCA^M3MG7po|jHn+2%$ub|otSu$9d__raalQ3K9Ql7n`1U1}qVE@kQ
zhVskMPH1vh>{57TMRSGj<i#O^(YzDk(j^l|&k{?E-_G(h8r)z<r+_Rc?^y-4+k4Mg
zqzNcoLotq3v$8F@a&6_Hg)7&AywEVqT6%0S(k9!w>YD%svs;m=^~^^GGf4`S+@-j5
zU6>qwh!jT^iIHnxxf}9*`Hv7Gx($wM)ap_1%g_BWW7wzO?e+KD@_w%0hvO}w_+6ae
z?my3en4g2GpPvBJO5fL;%+1Qj+_xV_{>YZD!Cc?<&xGuMXlvs?KdX9VGB4Pb4El|m
z06)q)|J~J^S+@1*4W<_F^+l7=q2nH?1i|_$(`nNwi#4|=YF7_wS9Axdbu-HZCv=je
zmcX}HV5BASo?A09*qj&ML+>XzNa=ljYB<|o2I+lxfQ6zA*6Z@Ar#DIo5+Tr!<3M|Q
zS_luwYEZQL_QtFb_Q`52u<CZbhuUN7pjrNoUJV3QJSx=|A|j?U(l1@iyCBP!@%IT+
zPcDXc?~}m@;CmSL9YUmEUSaB*%Y6+t4Euf1>iFQSe*|EhDw3y=q^|<SiRMezLDHOr
zZ-GqX>$4*6EVp-!ilWsN(qSAKOgVylZ9xn5RW75SsN)4b2(WrvAfZ6GsQ<)s7*Zg0
zKYj);C`X2$;msu+JS1ALd6a)VY-41dQG={?46Hsv=`xC+ZG`syrL!)E(UgPMz@Hbp
zUG)r9sgVCmb;KLzue5AEMVOdA6md3H!fRHrZxrjmuQE-80nKkkX26y?U}doLg>Yra
zK2b){8qF&b;-XVyMfMYL4ABaBHOJI%WwH&<+r{qMs(S<xB~};h59Aj}U5f9_GvwW4
zjlgt9Ca8gW_E<(4!h#d&4_35L$xL~l^>kzQ5y|Dr&jGg^v#JutN8J}&*T_>#Qnv(b
zBmbtTZ9b^RS(t;SD$;Rf(|8R%Z?Lshx6;a0^)(yJK;#tXsZmq|S?+4yZC*3(%W1^Z
znO%t?Y}44j;QXssnpn|pVJ;Ih>)gIKfl%^FQ7GE)I53%boW)U<mT4*1WG5Do=9ZEf
zs1q$yJ_f5QoRCPBdYu?B@>hBaer+K1_aa@Ai!Duk=AA*B>(=wiH6L#gIlA*e-&3=)
zJrE5u)k0(_CPjN=7il_OB}k3Pkp8(_Wu?Ta`9JwtVSKOQi#<%_3-QRZ2?F&NvFq(e
z$P^FsuxD4XR6L5Z8n!0}79_ImV@&j&i`Hi!#nN9*)rAJ8LNE+iBXh!EmDJVqlsZkK
z498bZ`6SRu^@W$~ONt!EcCYSke&Z5bj9fsGDl7ED_YHwrb#$B4h){L|4d`?n)1AzG
zP*q!CKLkkRl1htNxXW0+mHbOf)#Kmwt)G)Ozy`7{ayP|mHu_PqW7SJE!Z7ip2z;sZ
zXkNoX4i;`~l;jOIOw2$w2SUl;u0MUaT0~N@<7(=}aSBFv3~$l+a@h14)CY^fXkq^h
zn}hvL4SrDg?UU(O?X22C55ew+Z$)XbGf4eVmE^MNc5dzL>}q??Rg}X{3oHz$4Ios{
zitE=g3ZodS|Kx;BR?`gq)Gu5d-8O{4G&w6zjq{<8m?j10t<4ABnp2d-U1*6psnYIY
zMT-rxuNHXNeX%3%H>t$XjW5wrc-UF<IgyQ#5;@>jYc#_Ak`rn*)zvx@k;X)SZLefc
z0z=9pd*s|;6dW-U#j&pIPf!W#Y(XfCr~>XLo(1bA9&xg6K@CDMq{FZ5cwA60RhH;y
z)x7ho$D^$!)kYr*jizyhs<8{0lJFp&%h1K8-p>XXFEUmAHM=xk9nmiv-txMcc)hv%
zbaWkyh<vk=@tF`AOI-ge{s&V@tqY=$LWcu{$w|m~&QV*Qv>9h6nM9Gy61DG=$?sJ)
zcU@{EP03n1__7vuMGv*2_qUoDr-H1AR;>EAsLaYV3jEMuuqWs~&<d-8C?X9-bk~B>
z_j#P(*C1h%r)vnBc(lAA!yg7Y-=6m$v_#$^x3?)IFDN4!{liPbYxwA@))tjC!GZ9d
zktS2=^x~^_yZaSPpD0e=YvNyE89SjR<uD@^>`zm;-`}G8%C;~{LpTf8T+78m!%WgF
zhDI8ricjIdz+8{lElp~}EYuG!E~U6v!<t+1x8z$uTrH>|-_mwwU*vu9RPMijo(Ln<
zsE*GiyM;}MH`~NyRkz2kZ0VC^**19>TN#AIMz7D&{|F>a9Di;yjG@kzW>=nT9irru
zP`Xt`qQ6>O<|0qu+*o7>JqB=i55ewC_4jD9hI68$2>)ifZf0ADRfvg{l{ju+?>ja~
z&SyRj@y(PSrU<H@ra67R$4}2qShsAQ?7ogxpjP}&I;jl)!&no0V6+VZ%vHu0<Zlgj
zxPfs>0CseW7O&UBmU>rQVagd3jRdr6e|9Jz*Y>E;qV;s@rTf}tk|xV%IF?iid)gb%
zH_JU@xTbsop3B^y%ndQ?11JcMnv>dM%G?%EVOkZu&2_dQbw<t{&}%Fk`bXk6B2Z|>
zRC*-g1(xyBLv}ftx?BFG4>x2`TTs7ZTl^bE&N72pu|7lk+q1P`{J5Kllw)6L-6=dX
zm`_uH)czQSIBa(X7zk+x0tl!D7^toS9>{-m0|*EU2uRQd2q+$qV#x&tx~t~^0#bG6
z1iS%Id(D8zJs{%S`7#aYGzS4BAb<-56bH!N%>&|HfEU5P|D{=j0P2fOhXZkx03aB(
z1$@^Rv<-C=_88Uq-&N?vsoxRyye4=N82L5@vz)l5>haW?$Y#p3Ui8Vil2(nB7)K($
z6!FFw2R*v*NAD@^aVXm@5_9j-jLbnAIoFCdEvA>0F_1BTeLwUZ2BzAS+l4N;CC}oC
zNpW=p<tv?eEf5}YRkFvGcFl>yX=s%=m)zD`Hb&Qn<D3}xCqIUfa#Bt?PNI9D@1&Q`
z{OrFbgrQRs{kfodrhh;AxLER%E~}G+#$?r)Iv7hbbkoFHe;Pz#Y<U$0r>}ph?m}II
zu42cWbmbtfE=fSt7(_9|=$#(@7)cIjd7+dmuR|}um8=MKb;;b%>H+`b!)>y@&Hiyo
z3b~^c-99CPx+AkWuRt+r<n#CLpI8VUeyTEi)$bV-)0~(=nYi)cqq3>jxS#7?lCW+j
zQy9?6r-i%#9n^G0Z06|!vNg=Erd7{l2e#y=sUce81Q>|{FEn^{7%*CmCh_RCEFfj6
zLx=m6oM(o^QV<G0QYvbN8Yu`;K6sHx$WdNsA*moV^6_#xp$G|Yg@w4j@D+csYEa0J
zWE1xsWRNGJeSWKSx+DXB!jP{jXybK9*=DduZyaSx?2;si`G~MnUifKX1e9y3n6P6q
z6rrw-#61i3(aE~dFati@HuSS;(=M3VGX-}sJ0X}QQ&|&RVWiCGJ@#H4{BYPEd(Eu+
zz!^KkdBSr_uXBbXQTM#R)rdvuib^I@l@(Y=X4_n1IiS68HN+?ssOi#gx+`uWMeW=*
zWIuYTl55h$c+@7gvl(IaNm{)7cE@}PhoR67qal39K63NdbhXeW%G<M*wbre<QIhD<
zqf$POpl#`+ix~Eg{SI1B)qCdHa_j-Uj^GYsv}pmIOUg$>L#%!bW*I;Q7gop!pv?pN
z1oizhO@GR6oM>Mj*li>$k%V*pQmM|mZ<U~hePb8h6}Ob2^}u`2+5wbG5r##nRr{G4
zrdO7m2cah92qUuG<%9Jg{aA((_zgI$($Sj*X@y*sfK$FF{&uBRxg~+G2FE|%+#0PF
z#U2rts!-G2od;J$n=}-LSj5-G)AHU0ts=b@9dd}a8@QTrtSK%d;=@@o7W*(YijJdE
z1J0<8*ql{@sc1dhA!w-TOvCx>!ow_lQmRZe8vth@@_=@0E1t%p)!!h8*-smfiQ_FE
zz!?kQ$!1D=u7~7GA}tD$_Hs0=pjDLa-y>+15~|oYs1l@Dy=3{qlphJyE9}v4AB~fl
zxw|=E*Izd7DwZ{O$gOsUv~T=cV&>G%M;h)y<)HFY-FiTzn#|RGnFQ3`XOxV0p$z%I
ze#7sub{{p;+Cn0sG1f((^yByp53mDogJR&E8Y+@W7)O}oc7l_s5yd3S@T^#xD7?r^
z4p-4>3KCRA(F#3w#d^kvchl<pb*&oHbwSDpeL#PQ^&s*C9)FT!&Mqx*UvP%3KGxAD
zC!9c3+7KZ0q{NjJ+X^SW$~S0+>XBWWlC<f<tI4^OE*N%4eI0I#1KYr2ACT7!=oL|I
zl#i^(Z3p-zUq4o~IRFGe4?9WPAaP=Qx5?r<bJsih>P&syMNjoXdUN{wq8xH<DQ`T-
zhv8X^);R1nx<)tMgqk4%0j16*7BkVH@?gozS<lG-qXdeMT;pDs_iPtCdo{O3_Ei9^
zL=abKa<C*Rphv{`z*PBa6@=2V%C1>6!Ehg5hBa1#@}W|tdOG1;f<FEY%idh9%!aq~
zsM<cPV^j&YbkD4I>e7d#X|v2DdBo3zjFhIH<aS=l_$8`sEGdjqzZ`wy4b`r>9vWY{
z#}TYe-$Z<53Du4xR0Fb!<j5YZ4Nt6wYy;IEX(2qejO2*E1;G7>fU*8BaNPR;w;tTW
z;w#6>dztD0qDqs^S}{lfjW6t2AMw!zDS!jessqpg`VocHngc#y69@DPu(<vkL>E`6
z24e%s@%d7@ibTU?8toruXCnCQ3AFl<l@gLpdaMLE9~brShkNf(q+BaILESRBAuUs>
zF8;~Dg(G#Iuu1xXgYUIpt&lO!tr?Z0EupF^{f9`$!CP&L9QLKlR*5Rtz|<PlmsG}@
z1>3OB9as&cEi(vuhk34>0IiS8Fy3x2!_(X~OKU340+%<lE||_;Nokn&#L0$)H6udO
zO_J|aYR4g*4`(Z)F~Ga9;Yb6^N^GZNJbo=Uzz<FChIDxRJ#sgYUR$LDmGicbdal5f
zEqAa_{(WNcFDJP4EX;(FKFIm&51JTB1`zihW}fTzZ~R|RsN!Pw#{Yu#euuXgDQ)yA
zfGp{=iO*bjYck8%Xa(&T1kM#?EYvKdcCSY=35tWe|1O9>G;<P^&e3?_>2F-68AzKi
zsm4y93niDqEG;|LNwE<Y2j?Nd#Nr|sWnR^6G>mcC6cOc*M{^&Sa)6#e7j8_OOO=cK
zMah9G%eQ*uNdAZ`%iNt)xO1Q^A_<dWtV1Sg_SL5^Nhm`Ne%T`07>mvsG3M};<{3?!
zereWW>f6tQAj1gxKy!}YcWu7dz3VLIkq^z}DS<f<Z|x=3R9WoLSrCA0wbUOOq+5k6
zC3c|Js%wrF5U5R#C_9yhJ8fe=sj?s%%kf@<>zy>+{r_;{EF$x;UR8enpTs9jbE&Jc
z2vMIWzt~!|kjsQ(vciT}aC*WUm#xBBG5UQ-oghw{<}4V$0~*g&?*5)4W&pyDTf0^l
zw?<8!l^9DJa|(-+-?je&%;(c^D`pHmf!q$KFjav+%}KD6Q^r3|0dIc-k^d?h1Q|79
zI(hk3JAf}7W?-^HpBxol`$V|1%b)nPEYnFWWQB5FctqW{<eB!A>3(EYomIIZ<u)@X
zB|7~>-(j@s8}auIi1Sfe-JLh4PAi241iad@jUf@Yp5iLTf{B54C^3u4HV;(><RMy1
zimh~gRka5z|K9=w!~om(rokH~IL>dunDqX<?djd{DkhkZ`66@m8owc;4$WNiGfCa(
z=XU)m%q-Y6J`757v#J`K=nhjrX;r3q_uV#--s*qFvgsiL2ptvg(U{f)Gb&=R`jneY
zXxY3h9C)Jiu*K~1(-F@uLVjfG>=enciWA&o;FVWQFgkf3{blCWt=k>k_XM#;bTXm-
zhC9>2qh<4XMU%PUo&PlAD#zOLP%*>u?QTdGNOpEV60U>h-cpb?w-(zkx~8|yd8G=x
znh`MrXb!}p%G-ZFeSi{ja<sp_A73+b<z{wtv`2pFnGD_;ysl*%1e$VY^Y2Skkk-Wt
zbVZLH`wYdB_${8!np1I3n~REf?KucJe*6s}L)l3q$~}5_(4B;7?Ki|yl=1N~Ya(oe
zVdJ?$<SQ>XuNq%2t?59AkBf5I*dQ)l|1t0RQ<9X#Yvy5hTkxUD-*dZ!aQz-OzWkXP
z^$*{s>=JdiODalaL(vyb=&4)%@Tf+E+H7z={bj)^vyIc2Ht*(A^^LLOE|ju(s&H-h
z?_j|5=e^SLO7vM=c<5q5+NYxtDKor+p{YdfX`DsAF2&&=kL+go=RYkZ=$Hheh_+0L
zti-s5&Sw_FD6^WTVAJHfSSq*M(Vk^?-J|KWUZHBX2vCL==t`A@r!)R6Da;hD8S{8c
zOOYH(a2QnO9Y$O~B(~7nF1jlA-0SDN7dnl$3P?H3bRgQb4jjewsODtq!6&z(%)KcM
z9*2q{HbLrsOpz+PY6y<pAr|-p#GqRDiD|=5=-q#N8A=pe4@7*FCOL%a)aCa6ogBcq
zdt1eK7L=d<Ju>&u(Te%fkDvXmM&vD{nXkUY^AI}&O`qH(ZtVRG>k4N@Ht$C;ZrWjt
zpHCvzu1x@3%^03}&19-g2fySG*;%16;z)7eC~OlW)CyS%(b1DE#9C-0{}M9hA%+V}
za<<4!L=Zh6AjHD2FIpW53ZWg{j}l0Buft;)@*7JRE$udg!#wDaJex@f*9{&=GELsb
zW+rX4@1N6nvh=hB`n$b@SPzMp=g;SzZY(t;Q5c+h7A734k-hEMFZ=V5_G*!pF>A!|
zc#-DyrJ5w^{VO?&7uJP$Z0B~)S$BRaRlBHL-!-b;=V4pfRUgw3GL44NlcxMo!c9at
zZ4Z}EbVrln9mo0Kd0|FY6eF2VSm;oA2;gIo2Db=R8DPsDXUGrzq!Z9}G*Pk3DAeff
zbg3oa{@ZO;PuoRdmG^;gRp6QRWkc_<Xg{icdb6vEP|gxC+=dRvB6K-eq`WI6&(1Oh
zbSsj#j`Xm<xGy+_-QLn~z`f~x82jSqHviM=c+HEA|2B4DY&u)og+=1|J=!h7gg~2O
z(oj`n$#ufKYSkUK6ulvcF!$1mSL`1r^KX!CVUXU8*Q|ZTXfL~gc<SGzmwo^}Lr;fk
z7nXN&oc^3q8iTJaW8#!KuxPF!b!Zj*rygFWeJL#{3W)Ei=$w4ryvAp5Jl7)=o&Q=~
zRv&#Rn{X}1V_*so++Or?cRfzTGbjn9$7!V8`L-d+sUe8!5vXEgpim0lpw^AN%Wep+
zQK^1y6riYJsbn_fn7ffTQ5y-5-8J=9nl@MJt(}iE2D%d%%z)bOuvMlEBnL*k`+TMS
z*r=_cf!CMa4b12aBrmvKVQ`kX*Y4Oq1J{3|@odivv<n9eW46Nx-CEkHt2xggfm;P?
z&*P!m3s#Fr*ED~3Q>{7;DB0<T(_c>U@0F>BOtR&gx1~|(+1+4@=%_igq?%|?E{NIC
z)5I`*+L7h+RX_RKR#@ko?8rvJCn?S^YBE;rH?@@;S_&pKzdv){+Wz?{3>q>%c*FY2
zp6fc23J^_;DNzhf4IFN1E$9fuEYEur!Ox_1FKac*wO9Cs#;|59QWy=-ZV*7`L>tV?
z;Q|2<XX61|*N|6|Slu;0iH4N9WLTd#d4VpP8l_n^SZ~Q_)CuNd%9H-3fH#w-NtxuQ
zcn-!&H;zr=YKUYdL?{{^G;4{uaGqX!Q!?6|gBJ3esiOV5<^fqyhgvpuGCO9J4zzzg
z*G+2Vj*m)WMLKRyLaVLu2+{M;4;HLwcL-Wo<-ab%PGHP|kRtpupV!W2iBqvhuU>$Y
zN{rp+a-_&MMS^8kYUEo^1-qRuTXW#*M091Y4sDY4Oq8gqe<<hKG|4_ewOR8<lAKxl
zZb}5*11yE;mHdKJIXpRE&?ev_A8-+tm?JDX+sBdogeT>RK+Z?HA-}*{^1q3G8>(}z
z{}K=_`9-Jl3yXFDY<`iMKCYA}gP$AKIX2fbrmBoN)w#ug4~$ZtKNvK#aO8aa3!(qR
zD`)*5{`9{mM#))BvXEX8X2<_Xp8(_h_XYg2BURWim`?++D;KFw5}Yj{UarY2u$m8<
zEB9ymi&Bt`8Mta(7{hSTqER#0A>(tW!M=G}!pC!g&vUIxhze7QPH%UE6}2^ATGYGP
zrhdAiLYS+(Tq{W)r;trUlp(|sc`{_nk)|rlx_~ps!<hw*hv$X~fANw>MoIQV+2CZz
z#yxol^R*)M*!mV`WXz+?)|!$Z|02rQp#Mu^qQ%zbm>qI43OC?Wu<#W|XefLMZKch=
zVL#@z;qXEI;?v&BquGW9C}xF8*+R3(Kg0JX+2vED@9#27?ATc8p*|l?-Qecn;wezW
zFayV{6q_oA2Eo`}`K3P;qq69r!QU<E?yzVYs>U*k)UK~Tbv=O#X4pj=FNBuT&Q5_e
z&Ce8bDrPC;uDH%qf|gxZsn5UMQB2WSEQ%{<=uf0w>u*o^>q<JF{11n{jI{16yB!XM
zH7LvYfChu<?wN2hs5n#RX<S~eRRZag+t66qiM7lK-rT7FI$s}{6WTS6R6S0VMnSY)
zDi(JT;S^402f8}S^3bDTJO^PCG*M7Y(<h<c_q&`i+iD`Bya_3;<{GhN|By&7{N0p1
z$2RPgixxujxjm}x_m3^wyLTXvdsgFmz1v$@NS5^_i*?sjtn7hA$pgXPd=r}2f<qdO
zX7Dz&G2B#^JQZtZ7B*eJml}So!D#_lxgf#J%?L?UT;r>H1|Fl}*pE<*;c!#8)`#k>
zve$#I8k223HGq7-!GiXtPBCS2n1mAIB%rv`GZXVymkzWkv_kM-6;`(l3r-BLz3dNa
zsKv%DIAjjo;#PgZua}owb)j;FDl9_%zBFl$ZrFvDntdDQfPhWpXtM@$Y1a``-fAq@
z+s_qaMSE~&zd|9?eCFNu^8sOB`jk(o%>XKq%|fgDdh4Ph6?7wq5UP!gokNJUVi)kv
zg5i3!!`}!v3`J{p9-s3r28b<zenD>36V4rET%96awsw(iQ~IP3r67nWp|IDZq`+RC
zR0Oq^c&FAx=#}VdAIBdAROqxiZZ9L#w!&4*A9IDdd$l6|8z_T+g!j$I;PS)-VD#X8
z&6*s8jeu_l2jJzPH;+p2`*nij_>s3V;vr6!j(=HH^5Uf>%y{<Rx^~WbJlhp$Fut^y
zgu*K6MD2=w9Q!k8vcI%j$*GAPJct+-&f^>WZYU#WS4cA$ySdzsVb$GQ)Kqmw(V(^O
zuGYa@l^e@{M!elnIZ^spSwE6c!fvlUV{I)pGq#+1bCo*{UTHv2U`EvcathsYgN5x#
z4s0j+RQTR`iF}Gv7k-9)x;R@_WBkM(St$KBdt*7r7Q1P<U*1Th-z<1{8<|^NHr{V3
z0sgw^Ie~w?K)(%86*9gyTMM6RZ%`F1Ys#Xo!1s}&uxVqii(Fpm6n}Sln7O%%=eu&j
zbV3lxRz$ha(E06GR`38-+qig&hz`zb_#DylWoIpA2A9Zs7q~L4efte>3x?ecZ(ulL
zMcwBPufS0ln2-^pF&(Vx)4TThbA;nh{iz-da5`7<|ErtUyt-Xl0B^WjiiktN(5cJ!
zufayMis&^Sz51Y0mUY@4eHhv%H$T*nB{A#1k2b}%{SRNH)<gixrJQF0&R~sW|BNro
zIA~W(eyG&%bPfoJ&b{!5irr*nf*=tas!0DqNzQmM(s0J)t0r|XMf-{z)hI)Y>&+S~
z2|Pxb5e3a(Mg;`;@TZt+C5cJoC=5T4`x1ZbYKTJcy^qK1=L`65$`+SSPhcjGgbhgL
z%K>)<CB|1R@<&RQ3xVukKaL&rq)HlC(OJyOmi1pb%z_Lx`h!nd%vny)E%|2f56$V7
zC`>)A!*wBYdXc}XH)Od3I(;rNtncrg$;{whNM|qgtu>PcNk94{jb3@{VD#-sJHWMY
z>By=f62l&MfM_?7PTSkKeQawU``@OWUppi3XfFNX<m_Zl^Ii=#1Dn$9r-u(YGWFX<
z^mjAN(vCnzJfUoBrB1}7GL3tX8x=UZp&OjX^h_Pt|5jy!*MQX!My<t4Y`3iow{`s5
zWO`QN^@~_~6$CHpRd+g%A931l4trOXt@-ol0c8;n&%8W?i09}9J_Cbg=2rswaq95d
zbSkx5hR}NLf3>7S03jGOL&YdS{WM^h8p@`gMmb7HHqD%I7P}mXUX<*im8X)G^?&Cj
zyWRYscN|0rAo;;nqz#}#5&Ex8JirZ#rYINf;cV|m#W96LNRN7S#5+$;|I!q$v^>!F
zl(echoClDf%*MyBh{(@Ixtc7pfXeV&w1DH7s5sSZ6t?QBOyxRj4LPq3^Z$*Kxz08L
zYuHVNiKhM@N@yk|&}|k44yHYMA<`F}5C*q5aY!{#>v7|bY#(ovDpsZj({o68#GcjC
z>=O}CV+$9yv?L-5NbTnuCk1}a?!3WT{pQK~$%+~${t}a$s@ju}6!v^;dUP|ggi;pr
zKpfa<=Ci9bryU5krc_e*)=^A~NkOX$2+oBNMlG@XWjPUJeNJh0t+eP=NwOas#)dmt
zJnA&X5+v)HFa(%Q<~X?eSr7FHf8*gDgjN`>^&jr``+<!1`uM#7?10Ce4r>Q6k@-aa
zuhs$J+WmjD4*cZ{^+@At3m0=|#4&X5N+HlfDi{pzkSczz7+))O>Pg=L|6p%Z!f5g9
z0sfAuMx=Xu6h}gLC8-94Q*-gS*j45YGsIpzsV=h?<)cAY6=_$%hJVW3HLH)i?}1Rt
zxvAk2+&EIURl(~tbePc}k|Xhar&u&j1&c_a?T9o*<uDQ|p>9H2abRufXW+nwJFfC~
zV-g>Z{Hyo=S!3rHFV$))>*S!d_#7MvR8;J(gP7zsu&3IDhpdy`E-Kc6DuK-_;Q19l
z8y8|_CV4KT0KKuh<<rU{p~lzi|K3qKdfHBZE+B1akv_19A`3;h`+npO-UH!gRNBMq
zSP)}ZYDm+tSdkrvvC~$zF;Z_#C1J=^WS(#RC)46dt>+EASfjCHN{5yc`oOGshdJ_O
z=Y$VZBWcpqF!|~xF)b=gsEg{0X1?wxxzb&h{ASU**Ht+R+{jIm+Hl_1*}11cy`r`o
z^*FhC*{j#x+t!6&GiuNG`ypiRvVX`rNo_Dvsgn0ecVeXp3{wkIDJN?EwTXhA)s+5l
z+d&%Eb$};6@Ei(OE5{a8wjE<-a<x<y-vVzazmmY~<8gTX{rGw~GwSg&M%cW-DXRuF
zC&Hjs0pG2vtztcTQWc=b>Gpnh(F$!8!;mj9ym=U^#WM`}t~I<;0JZ%_W*W4;rmnL&
zg{{rR*H%%H=5s;SM5v^92km>r|F^i=&SYn)L7|s{yS{?$gmHzIBFWp*ZnaQ~_b%t3
z5ORQekJAr*aAWww!Vb<cV74=V!NbvOnqX0b!I^?iw|I-xZsas{mb-Cd#L8WrwD1`#
z+HYZ_HGxyD2CNvMyRy=#=QlBQbeTr;d98%Y@M+^@I_0Z%xmOK1SUo7-x|+4+hAo}w
zI;~?E2wZ2+Ty?wC^)Q}^rU#!?^;iBocDRU|^3qsLZx(FZPN3kD<qXVr?%w(T<Le%S
zGwJ@l(Z{xJOeS_RnOGCswr$(S#MZ>NZQHhOJlEX!f7jXjJZGO5opi0Wy1P<!RbA<|
zKELmZgs@WszFT5r4Y3d6$Yput{}SDs`m}i(^N&`|^<MuNb2;+)I=htly7+=8kag^K
zBMi-ADIi8>GD&72e4Ysnr&OcRm`UN~d;Ub;jb4xWJ&x%UPN&y8dADGf+ra62GW1(%
zw5U9iew9D+`b|W^7aq;Igd3~?``6x({kjZ9E3*eWIe+U)MW4-(vzmns`+3xgMLV6G
zFlSpZNr*#Un|w8;3Z`MON$Y`?xJk3M2d`*j8LMywZTrjq`O>5z)#xW{Z}|BZ`e6z`
zTm%2xfX*cM`Tn=ERnWN|xe;--sf`%A+vk6c4N>3!W^9hy5zZ!d>!Ketc<pNIa&sB3
z=;Tmjre8~;iFuD@Idp-M>Iw)<>Xq#{lWQsltQ>gu#6<=oR+3^vvDbc_q`YyH(YY7u
zTHlza)KUJX5I=>fstXbS9(uu2PNZ$$TjGv*Tb3Ef^L>@29HVN)=i*~;Ob6kqYjf@G
zrmT<m>;7PqHyW_taOc;<C;ejx{nOLaqxbve278mr5%0~1jyIZ>TL|w*?Gq{27gcq_
z$46DyuatA<B&{CfCLga)J1au1C6lysV=F9;&hrx{!CiZuz+vCmj)|1H>Z@ag^Z23j
zQUu<oRP}w$u;qdZqE9bh(;d>SCr~-vFp{>cm@I&<!J`T4xmYry5-NVyrFa*Lk?BR-
z4LH$}HvNfOXDhnx9*bP2@m9ju_rA)ARK~@274Gfwi+28PYyk+|ULGwF7EWgoA1wMv
zKO3ubh3%(nQSx41%FpTKlAFPS{(U^rmOyUXpc?|VRM%~=@@W4RuAE?CC2?a}5`?{E
z%|?YfaE7DcP2h1N15VVPgV(Ml(tGhz1^&r_@ucZtjlh|_*qX^-*&xsbSAI7Z9==4e
z3A<osq{bjKTwOBXqzXerCxP*)=;%j+Gm}f{x2$@?vPgU@s6Dx3wjb;RE3Ke3M|zb@
za~=|77m%&)y(=hH3t^PP1SapGIFu#^--%PjGF*Ei{?#?Y$7N|sG$`JSzj{sCf|h#Q
zU+|X)%oF9ft+CxgVa{4Lmwvs2j=@_44s%?C7Iw4X{4Kn$4M0*6KbeM@S+F4R(6Vgv
zg*=T*_2iL>np2DdDe{&?k!M~>qb{>D7Jq7@;xu&9pjm-L0fj{#wlIEHtru|yBnyYe
zKK!TZSe|YJ33!*mexy=RMl!`X5hXjk6(F7ny3!eK1WMC6fOZ}a__la8j|e?D48r@S
z!}n+#>@*KQR)Wpo0k{QAXY>$8sXFnMZW({a;I=gfUIE_h7;OHEuEVd~qtEe0oxMDt
zM=%K#YwCals*NhHeh&uKnq`%x?<aEQpq~pP<5kE63yd)s-LDBn@*w?>pVQX0rtT|_
zw~wxFW&g^Zg?&f<vrz;Hxt;oNs?x4%wHb54=ne|JF^?DW6qHd^e#4U0%~8xTZdRDI
z+Lb_7*3;A!w;d6JI-$%l`$VlBkR$#1S%pkEvN}R>$}H^+*p~bFBZg||wr3;|5?!5I
zQ8J=6A?^gH%hX@cU7^!Q@`gT--L<TxsoA{M<7GPtYM=%Y&8YKV_XE)hUvpl?a&dj$
z8e1bS;eu<Y48{}%+aRi`(6o<t^&I|udzbP8YPcQ=4A@+)SyHq{f{)HIE>Fqjm#{%B
z)*WsR!yB6Xz4}QPhme65)(H%l6F!ViSmo>eiiH1xI(7*ELLE1jM`xcE)&<<F|0o^W
z0vz#_FkE*!jo}}`kP7HO_oNshrNs>+uxIWA(9u6Gn(iPsmupSzB|Cf5@>5VF%>gA^
z(SIT_CeVO=1j74#YSaY+n;Cq<2suVME}I(O%j|F_cAxSZ*e2q-^pLM;)J8+yJv<)Z
zEij(bFWGzSVDkQup_dKSBG7$=(q_&`6^5?^-_mFzpc>82hMV{sxxaXMwo0iv*f|M(
z(rFZ*NQn-tAIQpy#U|o&KSvwuzZQ2Iu`Gor9|Gjgp3eU*ci>Fe!Q8;etow8<l!1@L
zju*!*A~H-*@^*P#f@0&5FcS?wMc#rQT+4q2z_W4GMtdwR@`uH-R!i=uUQ6~j?@l=9
z*-;ES)|YZ^77~pY$NHPpZ-41?no(21{S6-aOLtU3{?Z-BgMaCc)5^7NR!M>e>U>6Q
zXSa>SB$&@!LK7FyVXKA3rRewd(0&k$R~<>M8=TNW#}%mQ9q3%;F+b&~d2<djZo~=W
zu4UgPD&;Bp%4wW_`4KFKaI3Hz#4{1za_qNi0N&}+_!sX4<@|$p_A39uI|~N?H{Lnm
z{~vg#*7z^pVT47(OzR$8;$6kXTA6~i6tbZ&EL?<=e_UrTJ&WiZz|DF@!UK`A5u8&5
zH}DIhusnNHdU(Q&Gj`J$O2l!IsD`*Nyj}Y*yu)%xbur$wHmi+3RxrG@kZE0wX<;YW
znQRNXzbp-iAnM4xNd__)-+p<X^C8pDP5eXofRKuAvxmc~=0sZ8)*#6?V|gdJ)e47C
z(DX-z16b-iU=FgaSk3n?zG+eMtHLf!HZFlnc_7?_O=T7^W$;u#+4I7O%d-n^!%$&8
zA?c+bncL%8KU)wW#QL4BFZpN$G&w{rcrX!jTc*!mAEG=%Y4U3CO`MmsZoyjRx)(cN
zzTlN|LIpZgTN8f(5)lE!Ue*Hwcm-;Z_2x_+4&;^@dYE1#P2yQzsV-ea1j^Tf<KC`V
zbp7Sq8tv=f2%=4Yd!(RLu9jBYPuP{aas%54stVA~@Bf?Kxpn*>cIW%qKXxa=x~(>?
zluE%p_uP*iCZxsxmrh&ED|yyDi$Q@tYx3)ZwQ$0i2fv7AZ&2+K5<9d<y|2jj=s^lX
z7r<>3wZj7eS%L!TD*Yum0Gh)91mq8}H$;FgLmp6|Z36)0DL=Lb`~ZyVwg9y30b1Uj
zFVX=Q<pRKu?_aKC1!&I)w7UY1pP&EUrW(+R&WsJV9}5_v-R%2bTiDVsMBAfN?R{IO
z9?g~}zXQ`g_mer=mGiPttXmB1kErd|If~ZmHsBpH#No;2$BBUBdWTehUNm*s*OKst
z$Ic_N$m(+l?c@Z(p?*wR2<nlxj7Mw2`so?tIp&_U4^`!T@{Y(>H0%dz^Hc(!@(74j
zxEjaK3iG#$|Bd>nOLD?P>!9EFo*>?4EYO5Zosb5<vnu?Uds1mo8&nl?^Q_gKf9;D)
zN2QQG3~z_I8do^~x_$$oVbtH0PQPE1JRQ88PCLjIm;VGtq|zAM?TgiL(I#8H>V>K3
zz9Jydwmn^J0HhC%0oGsX)AZ-B^r0~PSNbSoH6?M#bkq(E{Ud$Id;XjBA;Bd1D}6ZC
z?0VD9xPFWpx|LU<d~OxT=I_Oq1}~_4vP=!?6%Fm{+bbTviGDrW#Pw-o1w;WCyK^3O
z_gc)tN2eI;q0rE3i#T=Ma^Q%&8}BaE{8FOX;SLYB2Jda8xg-~{l=ihOylHk#Uvf{r
zQQ)u7LIzkB74p8?tYE`|zQC+NgF?Tu`2BfGekHQb%?nW=B@5sDMPL!HQ5cyis9^V8
zzT$?+rV*gx82{|Wz<bLUO&$My68QQ=I8|{_>H*N-SrAmfkYUc>hd>iipoz7u#I9S)
z_iWVqmTC#u*I}T{m_L7;+*ka}*C7XYtS@3}BCeis=gZfLLg)v#;h>#V<v(Jt;Yhhp
z=y1fG)z_LHT?|2!DxuOXQc{9*splalodWg*UP6M#dfnf|uT`=j5Q($C3GDj)BovKH
zF-(B@nE1pk+*H?2ks|NJTh&>+;Y~-O#6Up(Fap1AOdzAtJpnmnHPhsuZ}f8k>~nNM
zouo<^;!<8A4i$Cfqb0)(B%{1an1f{*Ccv#9f@|(aZtGOV^4L;6c}1_Zn{u8i_nuw4
zJRXdBY;W>vn*1|ctaKMX)jN53oc3zCjd@y4nN<XC(r*qvu9E_UAs8@&&{AhChw&Ol
z>j?em!*Xq&xD?RN%v$eWgiXlhx4RR=jnbq;@=6V2mZ!_p&j8D^lu*6E`eZ(#o3Krk
zkJ3{f?rkd@Q|?LCMQlQJ2d2WHvIB_`e0rEUsd3}=Y6va)XJ<@#N!=c_5MxC2vHNdo
zfVErdjMOBs!`h0A@p$bwsCtiCizx|;wL@@I@h62WDX*2NWJ%-|5vpG9l5x1|tnCL}
zg}*4HS%xS|_uV{M+c4S*%D}T{<zQmUM&{G`lkHw{%8c!yjvHFQkGH3dqmWtTn;H0*
ziG}Bdhjriwd;kk6IL-$Qg!bx#_*5SsL<9wT07x0^E_{n)<twN71rd^zn(gxZ%G(`o
zC}D}YWIQ+&`!V=npY8Vyes3Y^e!Q>H3{tEc725>{*R;q`V_<MD9sHgzXQ+ug^)Xun
zxD;9vH_#ygwb&RKn=vp8AY!cL0j|_^{2)j`_|S7&Nl_7e`gLStc@~5G3`Kf;{G=Gg
zS!)GD4(%U!c>J@daxt@&Ok<AMnGUrm;1k!JFPTckvH6>_s?WP8A2>AWIg3dyPgbDc
z?R<RZ?3|i9^V~qBvYL|NU@hD=m!3_&`zXV4uM$r{8c_q9<|kwgTEcXd=d_`7Fx?%e
zXmD_Sy?)asc6^;AKE#Oo^f_JcR7H1+<tk~xoWDz3n#Fk%30baYy^b?2$*}E6>uW=T
z7yL2g+RUZR_a2%b0(DSm2e}032EE#s2aAz|UzJM_QPd^`oaU|fQI_pvR0g8%q!r{;
zz~lB&bnT!Jvu}%GTQ|7SV6oLg5_z1jVVx0ViK2Y}=*&tBbAzlfm}_<nu6ywEko+RZ
z{ds0N&v%<9W2o4VaT>CE#R>rxd58gtBMd8smse^;%8adqvH_*4i@S-!s+nrmYaDR0
zoO;Zgp@n~($_KueKBp>EQl)>no~3<Z={jamVG!a~LNbp~y&`Z1yC^{GFDUlR#fFHM
zET80bT+C`0-aH&1Oh#9ZJ@G<`C|B=l%bxC}k1oM!!1<l7QHSDI+@96|5jc|A3QE_r
z9v(PS5NHpn`?-c5;qPhwQZUe<FB=#G&jR3t*!LzVj}CB>184#C$20(1X8t|b16=<;
zj2QwnNVx`->0J)ElOdF@=0-4(h$-NfHozuaU<}>`|2%-Sk=WM`N*Ax-8vXB6`Q@J_
z&`1GS68p|r0LBX7f?)k!T_P(hPu=~}SE=1z`3YR-Hj!v~Cg}is9I7~-kg!WiIAsDA
z)cT0AA0#B)Zq%H2q$Zn&XK`fPGH?ydJ3D{DPr6ZYcv@4DtE6<zvCmD+UMYmJZuXF7
zsN}&Xt~~k!CN;_Q2_%y)_`If~u5XE>c!Q1BR9T5}=&1_!#HnrkqA=VMK_?QEAG7`B
zggCjjg$-pbqVMvpfbg#Hl0$H7;sW$j3Nebt4P!7ZuE`oj!sk1HyQs#*?WM-e;8l6C
zjICjGawq7IQ;MW<)0O0)Iv+b<R7YTOA>i<4DVTsCFzN<4UfRKs@*g`x5`&&sX<YgB
z$=VrGiayFb9|WY7@f5;C?EtB&@<TEDR%--+<^QXa5ONDyg#j6HAO`IQ8NC0hq+M<*
znAF@nM&o)j3lWNXJ?Oass#CXQqqS+dp6Frl!4fgKaaJqpMb)Di;yPPn9C&#(D#xA{
zeIh*6*HdxiBN!6^IY`s2H1y7=Dq3=wkH`v_5bG%@j}SeP{DzfwD#%o*yV0n~#H((X
z5Q--nQ!>;X-{O64ahSZf4?~9?t0Hy<R4<w?4FlK!7FNo4Mv#uuCbWT-T>VI%h-l_I
zhPCv50GMMDex3BDOoJXNhA%oMKEzmLChCxl@9_Hxi70OL+{ECB$X+-beA$4-tqx$L
zwcF&rkE*|u3a8goyk0F&F@W6Ut}CC8uZWMGv5$|A4#F;vr-_S&7a7m5WI|z$%^jJp
z^N-<4ADDAP!1ND23B`*g+lnK_3x?@XACLK_(kx_k_q2RtUQdcdB3>qt|MNuDYkRiZ
zE~%Mke~xm<*@8vi1B?Yltig#tHtNw3ooZ%IgHB`{atlfAzEq!mtY!%zN~<m@gCvlD
z1{E6HlRp;MoIt;jA+yl~w~DS(p8s|2chwOg(Bzlt@ASF|KTZ!ba+yX5m<H{cD|9$R
z!q|5Paq4D^pH>NnP18ql;Ckv0NZj{RZ2z4~es0mQ43C{A1!ND!PbMeQ(=}(~9Cib;
zhXM}yPuC&1C<nMR%eE8IZ4BXS>R|hj)HJGo(+@pWSm!zyE3GXdhBCDR7BvX#lT_-K
z5weTKOh{87(Z*KO*zXjma2}DMsDF{xrGLtD3)IaK)%Gr51oek1tYC1G*_eX6!U@W}
z>X)0r?9FZS^)%OVpmQ2HS?!&$GH1>BhYh|BqCcm6&~sPal;xgQ?#Z85$GZ(BMqfO3
zS1k+HQT1VJmY1bXx%N<;YZ}!91-HN}ERT>HfMU<r%D$SPHi<Cf+^_j>7z?xjN}lDE
z;h7@^RBF6YsMXI%o9OiRWl5=E6U1^;T$pzlgFzSshyS}|s><WsBq1T+r2ha&CNvOQ
zQZ!Y=qu)=rfg&U2RgXI;^1|z;Zv9I>U5L7Ca|vbHHlN;icOxrp5o1`C4VGBpbObSz
z8G7nhMR#p@VoreUp-^g+miCxsx&8dtcWij!A*1>{QtfLFR-%tlzFK%2$=L4OcaAEf
zpf%kZ0;<9B&bdv*Yw$Gur;x09MV5`WMLCs?@Zh0=K&y+`x$<-t9ZJ%1v8=lGCKoxc
z3PMOX^N`2)<Nec*iGi<ZHsQxG8|^}2ODn1vDB@S`ay$Da3cGn*=Y8g3;JwY~3g4|N
zjhU(T4R{&xRMDC)>X78Kr#-6g^~ORzLM#~=1MA6ZxM3%0D9ll>KYb)&ADFORM$gKF
zN?mHvOP*i8x!VTBWk9cBv5Lyz#`i8Vk(wgi_D;B88P5xPopDcUt}wUTJMdM@lr87!
z8xb5$3b7<HiVOfK6U*&i%2fK_D3iB=Y}CcQ%|oTy5Ixis77xhe0Y}+N5;O~nqTt<A
zUW$&yO1mA^LL+}UFV;Y53<MBoW^X;hPOM*r>&WJAOZeuf4yHnhhFxA~i4iWbYB}Y#
zkAoe=&rVh-lbLykUs^4iG9>%}%Y?N1|6!S?p<vn2EOP#1nNt5_nP_=UznxdR{$rV9
zI{#ytO#iV=ypaDd%aj1HOu9b+mdSqyLshP9HwO{ZpgNF9%yS7aAB-4`34SQ^2Y&U-
zRg5xndQdAs1cgFTBc1t>Q4giXaI~<xAl$Q=gH$JuoBPYlm3}A@Gu8qUt{XNum9g2z
z5D)69cU_sp!mtri=vUsVrTNlGq3t6jDk<*CCVcC9x=A}BT3OS83$JD3)vJC}(HT#j
zKs=3_pu?(cU(5w0L}h#H2TV(?zD<iMAp@Azzn1B@;iIgtC&N#orp6vJhE?I1SVRIj
zX<sF|eqScqIQh6Sdoy+QAbmR}g!b<;eG9If5R3j3s*1$H;4nUAT~$XGVqibW!0~IE
zZvg-!DvrS-&i%)!JjPi;PfHRw9==n0F4w!{6G&%LC#LSN;|p*sL!PM)(|kk1+Gb33
z$I~nDQ2gvYZ8EG7^f4wiWt9fJyOgtrO+j;!3qAzXH;w4NZqcGIJ)D!BB<8F-%`?Vp
z=@r?luLJJtZVXHvEoN;vka1C&V@65Lt|Ck^<9c5b{TejEMFdM#JX|Ez;(tBU0F>N+
zd8TV-qy!{RKMlB#U~Q{l7+M$AYVl3nvN*CLxB{yyO-AMp4at2?$?kAZK67Q+VG2Xn
zG5pfYHd}*pv~#B#)COe1k~<)5n@B`36~m(n?jZaGh2z_giWt>={b<=?sPZJM>_gT_
z3ZZpaQO{$=<~<U2PEhwZn+sSGsZj3VtK7WIp*L+&N@^EM5rig3xk@>`n!(Gy7%q+V
z#6{fu0AG!qCC6WZnll!&$d<HMx`}6;J0<M&{Yg%Tgtm%hy+&y=ESi#uRqS(lzZ{<{
z<TEae?7-cUe~-~g*#G~5CgcABnn=*G|0ig|7;Jo+K^YARmzl3=@egt5dW6Od>ih7&
z5MdczmPN(*#ndFgVW7}7+dZAs1VpW5{(WT>w?h)RW`q}mdb3<x&QYymz@5D8k*QHa
z)}&G4254X>vc%~-0om^qhQ9a=JrEj*8J2sw`XA5b&cqivFQ?Y-`<G&J$DsKX*4=_&
zPK9b(lOAjYb#P!NKATjj3r{(=xX(3~=fb2`#LMx#$DA()&%ekOiYy<ppA6Wy0h?2_
zfp%PZH({Ktn|fcVFa&qpShcCg6|a%WN8QOIZz(h!PQ(-`U#q9uJ=9qk#ZS1^48u%c
zLv*N-t>-_KD|_6Y&^)a%#R+@&6wGe8hArdT;K`snrT9^&8qnD!OE;&ijqfpHC%+0e
z1+kQNB*Uzu?T&{jpTbylQ<n)uaCh904hCwskJdqIc|)tTFBVYo5`BScPN0`Jltfjn
zF9{}dDf(z_1fNz3KB!m%j;;>J{V&-Mr{d2aiazkxf)7i%uNJbnrCkUMIsixYUmbv<
zfR3`Qe=c0=W&_;h^HTPM)&7*e{BmCQW1$i74$PwH^FfP7g;UxE_#bvbC*-th`QP#U
zFgi1UGx}eDD@gYLx#?*`?(3NV;5nZ^(929Yj3+@8od3v;lVb0|-ENF6Fq#h;DEDOs
zh|v-cYkKRRX(O<H!=hxdKp+y%4D)a|L`o0<W71uc<d<jWpWNz#E^Mv`bFPWCOZo6X
zhA~imI#&j#Od}nKDUtjJd~V8CD8Nvbbpv5ZK{^N)hc1ZevwfZTjgA7GwBF2=jeGVE
z`EmURSl3IGxw(kM&#tuJiF>|*#tn+$iB>b$qfQv5gv_C?F#GQ{A;%q&S1Iz2y_No6
z;AWJoC+yqGIZ;Cm#2E8sPiv4iuT`#L3GjGx?(3Hpn=EkA2q<a()Q*hMLWC4J9R4dm
zeZVG|grl#=kV*5?>KL&d_<TXEZ-MSI<mRn@&$bq!DNoi)z-9Iz8b?WOgh#rsOb{!l
z#EgJVr;6-8$5eg3Q!=HUEkPF4i?G#K3&#70h4J9#tWB5AMj!&PlJNF_u+m8HHZsrT
z%K0+ad!K+bo4k(UfYGumH*UH_tmFYVOu?AqCAgVVtvM{iSv)(PeFwlR@iA%(-vGQ4
z*#uw2fE3b=1to=4Xn0Ln3z;9XdoQj!8fn_b#%Pm$-e$yIYm$?X7Pu1pNKr*|U%Vn6
zd1wZfN?R25^&;wDuS8KM3-C&HrN!_7tpr2#-?Wn6@n5a9QT&fqT8|%dYlo%Z{Hv92
z%+`>ljsHt4IXhjwDO=Gt`%l-&5!X#m@2xxT<l11ANe5o=p_LxbG(5YK$j_FB*SPaD
zm`GjOfsW5^i}U%1n=&hf`=LX^W6Ga5wSOG9Rzqs^boKNS8g;6}2s+ki{q;&<O8@an
zXS+lBHSPefM6Ziya!vmKcqIvO7q;xbUg_ZaU#|odfs#)sNX$PBN2K&20+_lUS&sy7
zM?8c4nNXdny2hIs;Jsy~p6z$KCFCG`ZZ+nKTGWcM7U^gQ<il!l&ODMe8p5(G)-1xv
z)qAciCup9>&=<S0)P{SM-TbGa{FtovcHLd0jiWMqlfMl4+J!|=<xqj<O8!F9XumV>
zZ6+&=)*4!WpF0y(eN0)Xcc>?N*HZrq1H+LD+(Gyx|Fz=+y$`P@_%vjHVWzA~`_TgC
zPTN(AK0#YypAJ{2f)=QjHqFQ6oK-6b(VBU`uL|(NWT@)ABKU?WwCLR#JPb!*@f%Zo
ztUGsg=8xfQFfM4Bs#Tyzq7LQN`6R+hpSBC5C)a6WeCX2o?TaA#@88aunE<2oO%=3E
zrvAXkK;ef0($OTWI;KO%6MHkV;XGSl7<N_Rw^UOoFq%jh5py<UR#f$X5B;mR1dHpN
ztMmdCW8n&r<&)m>j!PbNE2K6aujy;sm50-pWUD!S?%I%YQ}k@BG_yeq9BI=xICS`g
z^_@sa?V9>Ar&GCg`5$4Sh7{ELLdok=ZKDHGuO-lk*Q>#+xG#pQSVFl{kZokdg0s2s
z7J_nMc+#zYWLW&3xrUU6lLEEM11PJ7Czz<Q>8|{toa03_Hn7G_JHr{jDz;|nVv4d*
zp2Mxgne3n*5B{9h1}Mzj>#VJlJz|>c3040%sX>5JDy5CX7knUO0%X#~8EKfv5JqsC
zOw?yPazLQQX05<eZ%gwyaj@y&&{mQpu0yFyb9!;P6#yCe^e(M}>~v$E=k%fc)HXmU
zq@_aXO)%IfKgM1FKG##x8}(@5m@Fp6NZ49M>Yp<ZAyJ@N0%5&K`944ia@ut^lT~_8
zV0Yrt-3`dp2!;jJ_YlfFe9JCKRz+z(0k7-oQe%4iKBbCnJ6g*k%eM1dtl{9T!BC!A
zY7_`!PYVaM*zCy>CorNWvq&L83WI-`B*JD*6(gt}a{dQ`MG0289k{JqLu_4TcC%}R
zSz0B+Vm8^~OwfHgrU@fqSM!gkmuJX<(?1*ghp-V`OY{ket7E8J5j9xBtBmqsY;VzY
zMMN`o`A8j$W0MPutf*1mFRP{TNVj0mT<sKmQ??O#Fw_~%l!Lx6;y;!Y56CqLn`ArD
z>As=A#>gMH1dG*D$7c?Qhed1Q;riXm5*pEeK-VtiGks|(O&imk-A==xhHx+9vc%2#
zgW`3YMu##C7#5Szr#vmUTA_0q-;h)kt5Hyb_^(dr_>FPC;V7joq0B(EG?Qc<%jz-z
znuqgt*pFOL5Xr`4l@fr4vj~MZ3Wd`tHl3?hZ>RWbc#5I-;avZ6x49asLil>0OZNEU
z@b`It`&@eKS|;pV-`WB!<+r(Pt!rm~^*{N%$kiX<f8LL6#+<+Z>6U(c>iXOrDXGAQ
zMjDIUOrN{_K1ZE^07h;kilCmCge@db^4zCCOVz$3D-|I590{!fSX#{?=CGQQzZjLN
zk8%Ve6u_n5;_SwUx9uhzdJ8?IZ=ivp89^=3`?-Qjq+f0Sz~4lEjo`s~#u!CA0;Frq
zT988vmFn-Oa0=UQjzvn-W;wgjgU*`&GFKGttKQQiSx}m)eBF$uH(aAy+o68E)meB*
zDHY`mqn`(@NIZjaOTg4?UlJ7jN9K_Gr^|l)gsPXWs8<<R3(RF-(_Y0XakIPwLqy$~
z$EDU#nt<`*H3mW4mDz+*S!6rNien)Vn}0E@OA9}|Q1;5)`wGHtZ;w4Fr*pdVZsqXF
zsRoYhO;hR0xO79Ksw2(I&IF!O^>39~rjkDcN;agrSZxT+SIPX)u0(}!*{Wz9=e*{O
zn*egnMFBzbPF0Da^01D!EOT>y6c0hNqO<`Ki%%vtJ&ahF#{M&ZKw5Uu_HCiuw1MN)
zr_H#aC7A<OJr;m$lAWwusxsw}e)rXs3`(am_Z7%8R!Ar(AlK0a1tCtw42RKbqZf>D
z6wXLoLDEBY?r^)a;B8I@v-wfwDX+yexNg(cd+k;Lt1W`n?eq#)VW&Z6<BfQJtZ)>0
z6SwG!d*zRq)hSBsV6*SVK_?wBt@Yklh$Q-Z_Zn_`0XCKA^`o~1-%2%L$R>zn|JX&)
zRh!A?Xz^Ud(cM1(c2?#c?TLo=Mh*PZmy^H3s{!LQ>tcPDbWyOpP0`NT`X<BB&B$0t
zBA9-DgI_jZvzs93cR&*T^_;Ea_c1YXWQ)?B0-7reo2q$dk*#^Ysot}~0r(!{H!Cn{
z>H(HfhT9)`@W9n{s?64z{^FsN+9~fdiL79T(+5X;XCevnoAC9*OwqC>?~HP@c3*p>
z(&SKn0|7g(tII#rzB=TureE$Q)N*YD?&tk*md{PaFywFubF<_Jt9+Mdi5&+mq;A{(
z15PzYC6UG~U;<cB%!a&*QRFsYq5GB~&_F((>sk9Wv;Nab2G`mqiZjieLPM&g0ix$t
z$`J@E{}9|qT_y!q{dSz7TTHJ^FP<@9H)IZv*42D6V|=XE>YjqzsZ2gaFSY}fqexVl
zC(WOGx}54zSM}VdICZf$Qxcl|`VRh`Dv()|CGfC?WS$&;2R@wfuYyx!q{RDf%&8;d
zqgy50rxZ%sch{L-N+E02y<f@jYfF@kPi7)iP5l-crEYiA*Oo&Y=N3qErHnnvg+L{q
z*4ipI21)}GCQ!Z3B$=JJi~D8mWi6^7f5#Km84h~BPdGi#3)!8%k)Xt~6i4zZER5Rz
zH^Nt|HlE`QqyXk+n4D1Lea`M|yg<@QxG~(^D2Y4~-dbXy<t>HJ*l1~v6cR?h#Z-OE
z=eCSx?T2Z<?AXxlvhh$sS;(^nb1FeCl<$)1MS)QD+vhv{<u|rL)BfRKjU=KFR)-NH
z6d~XJET6$G%D=DSvg^|%i~zxAr4q3J3Y80OoC2P$-^Q3x2lXYsTz(e|#$-7=xU@4T
zugF4~Z$N6pCVgUcmM)zv?m*ML+^*v<pGc{bA^I~2>_)$-8+i+?-W)R=L?oU>;s2T|
z2MI=Wm{{ywkW#{4JYcy8%}TcyzCdo{AG$g=6FTSWY&tm<KZy4=nXyc4eOk8?^Ydzg
z;yh~!_T$O%ChM$tDh>E8@DY`%#7INUc!gf)^FFh2fs!^`NJGcRl=94vZmLz3a%nbO
zK9dvaIoB>@!HTct3wDo$xOQ;Z@!aB%E^69@%j=ygusCZt4t>ol=Hw7W4KL@9!QOzZ
zNMl$<ibS=%2BTF=n$Yi1q55y39cL|2b9$8QHc?mjmEK3qrM^hri|g138;OgI->L}u
zvxKgZYTkwi3`sF|)4iX9HI0P7R-AVpgO5n^7S`PBu#qA*Cz#)rriYq;c5b>}m9|K!
zz-MYa&StX}m{_GmMS866oZEIp6Hbf3`bHG%V|<sOvo<JVm*dqP<d?x^Y4YFd%YjDF
z?UXI7OJwejI>oeEuYS#1YzeOg*DJ_uSi;gN7@*c1X;05#CZ<<);o*_Z>uBwwXP85n
z$lZ!%AdUV!E+}+DpbLsN=8;GUqJ3S^N{I!nzQ{Ngt^d-h%3x>3K%Q?Q`M&gZnun}i
ze%$Gc=j9yTDa-5rJp#}0Paj}bV<&itrs^=ik+HZ>GN}+4J0+3@>K9aOLR+Lh&pw#z
zb6gfufZ&}9$d4c|mWex(p+K`;1d`Ph4{qfxQ)owp*j3b{1QjbK^li!laPf|3<Jr>h
z97TGn)A>XneARYPzGoCza#zK6=0IF8mH1{41T+{5!}M^f<sRJQi7LZRrUsn^gDBnR
zIc>J|V&r#Aenr1kj&<XnfEM2l0dJqut@-TiwiNu_9|Ruq<*C;hkqn8VU8NrW8wQUs
z28DK$JE;@bzND?JDSA%<gCBy!CH=;3Q31&~v)n<b@KZra0)y1S_5?pv3gx2XTJPhW
z>kC&PO?N{Tm=HC=3bAeQ{iT-$$!kP#QqHT$fO20|rO<wt!uXp81RrbR=7*CMZB%AN
z785MeT2yt>pkuwb>-nSZaAL$)->9Aq$RjCBsg0Pc-%}dcBXurjv=~qLK}*t@p(nk_
z$e_AfO@gAPc*?+Tg5F-WV=l?FT{VNi<5Y_qLQarziBi`Szcr=cA={ydP)oCoHL^;~
zXpX31)i1Bl--+AL&`>6Yi+{cM>`y{etn)bJno3w+9j{|s!}q)F7>R0xzTlDpYkIy4
zBAI}Zp9fVDIR5J5xiz*64c=rFE=@C{K?KW2Lj5V4zTD51i~?j`e<K%_8qv9+0lZ8K
zH63^Q3yV-l$Z^zog;VySFmSAqs<rdFI*bBSU34Jlo2mVu?ZTv8q|t|_@Apu2mXnA&
zhd|!!bCLsqWR_>MiicH+oCE&c)wGr7Wd>Rari1WT1z{e|jJT>{f_-A!5<2`m1IA$7
zJZ~q=9tnpco?mSCIV<e8CUtBd&1!MI^RO^Zf50@4bj@L<%s}QJ`D=2XzZ5ZE^#p0=
zm&jP$9#@cNRYq{q=7Mn+&3PFZmbYjEE{5!_<1cL{^~lbunMP5}-Ct^pF#G(ohW+(2
zTj}I1rG)9m3bD;dbaTxnxdg&Gu=PMbNt;Zf(vgdL>DIH7J(=}$S#&4GMvI;?;P^E;
z<N3#s3fO#wAxOb~j)}-;7MKR|(?;k@O4v*+0rqDRI?r=b$sR~c*M)n~mu_=ws5Y+d
z^Fpw&1|7htZ8oO8x?h5u?Hki^KywzUp-C`uQW|4KY(px!%D@JsfXG{otPP;8YFWBh
zv)+-{DyGhW%qj)i(5QiOHF0ENs){`9@3?5IgN3Wz8imxTb}IxLv@sN*h*m?Xd`LTs
z)x68$K#z3vw)q_K)w$cG3=`uevCaKcYS<&=P;)68(SHrc)lAOC1z53+$p-#KWw7t5
z8JF4QJmn(UGd1?q^yuL0SUY2d3{1Rcc#6CqWZ_H}q&&q%XRpv)*3?G_K_I+*9VKFs
zcYs)LoJ#<*v2GUI7nRW7bE-<TyhFO%(6F>JQh@Np55#@ugoi?`a*x@v5XXX%aDg<Z
z`tyzY;H9rSsf{t}ykAeL`=ZEG814*b0jU=T0*XP|)^Ah9<r9+6%1y|2C0y}TX+lDM
zYJ?rrgkmb;hW7lWIn^uBJ13;t@Bj)QLGRG}%DQ}5?HDDY;iu0!NL{fh1UyYacGcje
z1H77L<S6x_oxZ$~!1J?tc#YGYeyv4m%V?TD;Li=%2)N3U6<tF(&02#d65o&zaVcOm
z2W7Af8e2tUDZOy8k!!9ix7#9{s#jj}ZzM_Y#4@AzPkX&#uC_ipFWCR5&>@eNRt;4<
zcurl?pNEi;6E%6Oy{TUU(@!rrXumI4f!vIrO1Doe<N8VWYvnR>Zx&Rv;FY_-B6M55
zN6gP4MVVK4o8tE%p=|*jV%Y$SRWF}8`P6|uL7Vx=;jv(SK!|5A_;tqN#{`qYujMA_
z0XO;Y?toCFo`M0Xfm*3EwypLy&XX9ZDsT}VY3%onu}p_45d|tii(us1CX$dG$R`EQ
zyyyw9AM+7gl$vPQo;35okx*Uz!g1pjFq2bYOeyScZY#-gd{bb9&7Q4{xj`MM-iDvr
zIl9-z*eA{hS-HQ>4RG}(+0>IZSu%ar;15(%cMP&;+<p`~Twa~ppxiBNxZaTyQwsah
zU;mcM(zEiy-&_vTBN-2yQneY}xyrKkV3Tm!GqGT3J_Jlht~__VwHOH@*ak27M1NDa
zouTrBbWi?3=<x3Y`Lqq=)V1aHOiopXClzNJO#W`y`LUml#UHSJ#BOjRI?i*Ie*KmJ
zzQuc7n|}S3uz=-z(DZ)XA`7(d76+8QiHQ6zH*ktQwJer2qWqI<_apK|Di?mt#(ggb
z_ghGpem^uV$H4l<hfMH6&)Fa_`&@77_<<~ZzKp!C>;2L!(i9<Gb$jT+{WL7DMFw9)
zPpS+828QgKtkV*Ct4XZZm>ufXld%H=)#P`Y7q96e_OzC>hwNhZuc?&-h+a&s9d}7d
zR@ObvkA8<BS>CantV!UK5-MWJxHpW*Jg3leH@jTms?8uGd{eNkQP7`L@p8HC1&MIM
zjmo0zI*QzIzp>gzvKr=}cyrTQCvaxj#J@gAMuNJ+%*8E?H;*MONIV`rn7|b%<uoN>
z4kbsl9>b6=E>p!kn`(LZb#p|Mp?ZZl%ZpE}nPnz8+8}2{Z^CkdGSQi-glD1_yuL<i
zKH719k0WYU^mKlBjyP{dlnth#(Ey0M$^OC|>?g(;sIFVFlIRJG#>exnL?%)Knx-I~
z|MjXIoy2H%IaiCf=Up>xIOmIr1Z*N=rD5kdi}R<x&%;uFSM$in!!iBuaW3(Xv$!-P
zQ6EMsk+7HP$yNTDR~r%KAs#(zG{YAY52TLQ+bsa0Qz<_rk{65P^{}lkB#uun_)5D)
zk3LwW!y1#5XH_sT%rk+YbOs}#*w-F07hx<PAk(jbuFu|dWeHZN?@)FCOV2^vXl7>+
zfC>5~X>r=#SsI7FV>Dt<3kncCdorRMAnYMI7KSt)0w~a(fy%Z9;hBx_fT%4fH)Ba;
z^o$(k8&|t&2|XYUk?$N6-Y{8wao-1d(Jryg4STMS_d+d<{Qb2Ko}NbHcQ;mRg<plN
zHv;+8t#M$e;8{5LbclX9O0#6Mx13AHM<FTckN#4)E7jencd_*LP0gQ?zgDR-&z0y2
zQ~G5n^{M~$uyllQGdRPJz3&wbtn-04)9gcmQ6AU4Pil_<%_F<W6jT(R_q3zi@B(RZ
zeNp@24?X~U*P2K{kj*dt!dTX})qUqdHASep7%Y-6YM$gmQ>|*X+UYZ-$>zP@4Z!gF
zx~=I)z;8U>KrS?7Vn~g!)WCgslCLnLlSxk5ytWI)U$9l$fbGTHM#sTuw7T)y{TW_|
zu1AEj!ZY_NVh%etpsJQ37bI4dAP^|Ph2n7n5R0AxIr_UXwonC*>!!=?4zw)z50>K3
zWz%PoT6V+VCrs*fdlg5%-$pJTd$Dug{H6joji-i8#&2wIB;_&k%&xa~UBsxTNK2OV
zw=f^X@mjxtLMyB;l<T|L)s0})jl{}n_!bTA_;J>@ME!=zQG};)c;>q9r&8W}LRpy!
zrB>&;<pGMX!b#%eaN^x-%N*!vZ1t_t`p~Abo%1EyD#~cWxSYbHrC*Z+5EJ|+y8pFc
zuhm>J6BZgA*L>`ON+pB-5`NBq)alx6!!1>WunY@)B%}*H8+z+Oo#qVbH+u^5(1K>b
zbZcfC1FRDK=bol(($8QEK{WjfbP`;?4*D9neGYdU1b4V+c32$4o~f(ETm-QAuBZU&
z;_(Q=7z4j=G>|#!Apn0Y9bLl~11SEId<D}XV<{sqkRH6uO6ugFQ4(bXPGk*g#*=4&
z!ScC0Szq`3vCFAI5V$GLmNV<`O-P_s=KUf~H<k71TX2jKV^x#DsTUHkiPN?weHo&a
zSIF`Tq<mL<=4lNNB)~5)wo|zrs+)AXNH}aPZfln65rKF>4s>}|&*0g_&^Vwpu%H;L
z=jYCy;((Jc*F`H@-gr;=>g}f%yF`}Y1i<vjlQxLM>;6*Yk-@*Scuk@CgFuq2AEK>l
zaPJYYO^s}m4egpdz|*C~{4Uv%KOl5AD}{jwY6_2BAwnPWsdb9S&LLHC@?(DR`4LKu
z#_CW143T401JiX6LLI5^Ead8E>~*0FLZ|_!uF*QXc-8t-xa+M>%UY|Tkh`w+D*Y$w
z{2TCc7_GG3`RWg$;~3mLNqPNv$RSjyMy1h%AP%DB+L^DL`*G%x`9jNWb`362&BaEU
zZsq&|95QtnmQU`F?<twu<d51=Bo=i}V*8htYVN<b2(0ZVxWAj9*?oYz5AIA%$L7L(
zfh<s#g4n*gX&7WO)6%k9-U?mZD^(ai1S0=p!<A5(K?G|ww2$l~b)iLYi@K22c`2UK
zs11FVC&O9$k{>7VwFKGK?>8%4;MdMD-lzIghhP)+jV=-GzWQs*4dT;BUQWA=)Ly^i
z{BtYPX7!B1{MvlQUld#qE34?J<{KeFtj8~osx1=}?9~>7yUc)ZlJqAv`I)dab1e%V
za0AeivFp~5pN(}i@<mYLGlqB{LE237@yZmK->nR>`)^wfJ^&kvQa7@wdoJOQh*w6*
zh5g8t)N2<5Mo2H2**}o9cvg=<#Dizm`T*lFM5JY+VTdw;6+B^XSk)sw(9%#_1tJpV
z=&*|$nKk|0jKRQ+Ex;pWfcn`<N~VyvtfCSCzx0X0xdt<5Q?78{CiQmg42ED9u<`yo
z4J^0bkszg}T=eHuPo(dh-Sq@G$h1q%pOO%*vf@9iHL>E)sJE(gyP<DSwhlv=>>f9|
zP*Wr!K)zxV3_U=yP_mIFmoqSI25H!bnyH!tJ(7s)xnEwqM!NyB^*iR{C&jv7PpR#R
zQ4Nb9PkuEMdt<lVV~ywL;jtMpeHP{@!v^74)t!ZfHit}Cs(|u-pn)j(0UqcCfoM~H
zak_iMUfAEX-g6bB@6T~3-CV<zo{9_xqtH&J_vXj$f;5hhnvK3`jtbw0x#%V%H&_<i
zt_?>_Eo(M|W+zPZF}tH?$L?x81tQikh3{lC`UNHwB)nY?Y0srg))HimPQ(u<#U-aD
zBR468onQM~KsPBVAya=j-=U<S^>$M?hfCG}8V(y~e6@<o^abh7VU_OIQvP!p2I-L|
zzc2-fr!eGec|ZV_T9?46n4TJ9k}h2tT+Nc^LSJ;7wT^2_iWC<naQnx#+$S_q)t3pc
z1e<>Zztc{#n9JG6aNCEXP)zkIWM6~I@B_!lm79AZZaH58QY<o}+|+@-M$iS{AG@2l
z1!(Ev?9ZS8<P-99f^CwF3^7Z|*q$zLvWTY``kYTtCNt|08;JchYzMf^inHk&;aPrS
z6jjo6NYk%uzdftq@HiHh{6s4QV^=;?Vt!wnqG#%)bVTzRyuxN-U~b!ODj_=O&Bp)&
zwW1A>wi;l^E;pQ^Fst}sT4c{AwdxHk_Q>BX4Tt1I%}2$01U;+_2oj+1q93h*l6UL=
zxn2<EmkHCIJ{)G~-yr6S*`no`gGiUcgO7qsgb<uS_UIvR)FO+Qk*nv?tc%eKpm?q3
zxJ-HA=&79uL{5Q%36W%#N=n>hkA#c{l3KgIPaIN+T!TU8_v1*47)|7H_e}+MR`D=C
zs(6-u6aH`MIQD|F+R5me=WJkIIO2YMio+UQ^CBE7rzKg2QzB+@!RSG^76LUmzB=Bt
zOazS4_`5>mS0|oEPt>CsxfC2OsgJ!{WciK6s62D!-lLQXq0dgxF2G_4_k*;Q&5*@&
ziRkDhf6GTlvtX)L?-Z;h#i$Kvpq~qdqCj~%99?+8jV(G_)plT`b*#;MXv-UK&r|A}
z8h?;D+sGm+9%B}>Jg3jBBW~d`(sJfDiusq3i74kPMU|ff;-{N&&v?P0oO_gO&pC7%
z#G@!Ii8#dj;)e5o^ECo-Ae<m_MRu-87N7iitf$4pt{J&mcIRIjY~n+0=<G5#EX)7n
zLP~>G+olSf^JOPE!_H|5y>lQB=L0A!mUOyetP94CL!z`nX>rBalDh~iZJ?3h;4^xY
zI+zQXT;w6UFDuN|a!PeWWZyt*2tJ%tEfqUF8F(5eq2W>7WT#}(NaB*J6scQTpAV?1
z-Cb(3qnEl2;vl?P$PeQ;Oo4B-#6*>T_xAE6p{W|WWCsP;dG1S0CTQ&)gYqkH9=4zy
zl>$o3bn8vZLgsU{&M)cHo0H?o^Ov`}rz-yU@j~VMvb2eMnBi0P#mUbre30g6fL3Xs
zX~9H;d}5d#!abOTga<Ztg$=xdsH?yF5co;Ipc5G;gelECoJhTtS>(W+1ttDD(-2*|
zHN5I<|2N`d^rQ?l<wyL5r(ULFT&4=J-=bFA4mrK4R*L$tadqWTP5H(&5dE`x$oUA)
zVUBQ|{|cEDT?EPYZxR%e0gX&C|ASOtC~1I+3hh=YQpm?2gK(R#s2PqT@BCB#7Aoc6
z6NK!wX$BJxg6b_Ejh3xB8a|F`vc>_!g+a7m<9aiY>IF@$OkIgH!F!k0-zNvR%0+e3
zRX}v))5eG|9Q!E2kqm!G*?`*y-H-U8qQOiXKoQz|*%qN+@yX4ZFIBt`<3+@ktfh@Z
zQ-(l{!KNnH>_x2F8kNk*>^e<(WtjEd^wM2xSp}{3J#+Vp6sl{!jwl&WI&D8;D$VkT
z`RhIR5T0vwqhLSx%3kuYH7KfDrzw4VNolI@WN5M<hA3YkI<#dkUHc>CEP@r|Yv;AM
zQtL}0T5sk0PiTXU+e)^;h<jbmSwU!m7Hxv?gc+*&+{_|+QDA=i9tlYKhKatcZy>iK
zjm7H;714_V8brHg1jK9v5VXZ9WP2#Nu|88Dvi;yREz&|8FmYR_ipxhd%#W}$ECN3H
zUCg$0iANyT?w}6^$z%W`{Q)Qg;?v#WtyM?dRn@a#AD!h5yT3GX^4-@q1Qhl@YxC;8
ziC$;*KoZkCQf`Yz7FInx)Rllhr)rZH^1QK$c)s^N3=A6fv-cR)Cm9KSZ2V@*`xM+x
zN+17Ctgj!4X&a!wOW7j&QuRfEtf1oqFqLQBFgkQ%-#@9$x!$qV$j)%@8kbqhdX})#
zDUOju^V0=>CWN>cX5!axHQ|QJ5WoM>FO<Wrv*T_fjhLoi)>;NznowoM|FfO)fVs7P
zzv2F;JT0D`eV7E)W&Nmz@1R;U=s7}57>36f9#PX%pcRP9mGo?$1=x<!%9uuKVkyad
znCq%3(XjTLs<GTeb?&3Z8Fpz(jUeI12W3iWq}(YM^!D@X`~LaHi(KlL_4g}8T({-#
z&RD80*#-U46a%P(L*mNysYRs(uWhf2t^3u4iDT7xPM61<RfU#Gb&N4<dA<SBEA44D
zpj&cw?`Nos9=KmCVwc&w2t^W{JNoQuXSQuKuR|VlZ``dtX(c@8Tx^s`sJuz6iocH&
zxGk8LJNA@oUcafAzbcxbQ405zR<5{uP&!TwmLUwk<JkNCXwJeITQv^<rQzCK9kW0g
z{DP=`k6d`*9!A|Hx;R<3gIhD<Cq#)721sQ{U5sA&xalarYEHr1yfbzW%`5s59Jw>p
z74RiA3Cf5>>1J&|{m-Tid&djNx#(Y63ouBZE}Hw01qUxnat7tZRzgJ%s_gZdLP>Qx
zA<^mzAKI@V(pGA=QVu28%&)Q@ODTs&w(FEHKe4RJ2{6f%hRlsL_jAc&o!>bGbiA0m
zn5&T?5egQMgOoPmfvRJ^G(h*7enB2+e$;XFx8Nzei9+Gd0_nh{TphfnX`=~Uxs3#S
ziiFRYn0RfRz7!VoW(zc4ZfX_>{IUGxM9RF$t%lGE4X<A)Y-`U+MI#Ym@_VPgqNcFM
zN&6st+-w+$T3aUMsk)<*O;^0QWE2yNrVo<_6hSM;*HOl|i?%tR{*0D^oAf2CW$t$M
z-3br7+sGDRXTaQa_9bpf{Fzy*Dq#-<M;F!k-uhPgar<y<OOLoj;11^YEO#ArnWBeO
zB7CGwOg&r@oe1rn!@y5t@DyxJ{0a4R9xr*uV|`HxjtSO}XUr6!sleuntL-TxP~0)c
zmGjZg=2p>msFj!|GpMQ36seEnfVc8<SUz@m5ez7GZaBHIg=j<x3EK=aSF1?K{q_Dt
zLH1{s_sc=D(4lN9^X|zh;*Lr-uZ0|EW!_hZ>mAPS5K{%i7-n=2%fhh;{IJiK=iMSc
zO2a*EO7key9X9_)*2jIs6wjS|(ot-BKwWLPml<OrXP^IYEZd;iS3AvwYb2ky%#z%5
zWk_^VeJt?cw93jQ)2J30v2R2=E49SjAH>zuT0<$iD6OP1pY2yZET0QwKUGhMYD*q5
zIkzrucgL_wD<ii*_WHRQtOtWAmE*cZsd4!EqBa(rMc<_?8w-2aA%j#;AS3wPAHd5$
zWYwm&rX}@$Xp;sC-daJApw!2-MK?Q$UoiRTmJD5ZtU2+hww}(Pv1#7H0FRU^c#wPV
zxsb1h^Mx&ql5n3&h2B3u5zoHH=O!^P8YQ`ph;CT}c3v%rJ%b-X4Dp?JqUU-C(bj}s
zbn!>Lu!4AkON<*cKl-T)J149*se<%FnTd+U8GSQ_)myPPYOK@q2To=%dl}0_!`Qce
zJQGAS=GZEHz$@z!yi?BjfwxHR^~cr%mLptn&IgVk2%Aj_c`$8`M|-4mXEtL*;4Lx`
zwVwK6|N1DAWa}+V%Bp!b+g`xYj~FyW#*lB)lXPQ=-w>!h$yvrIS@Z#p60eXk$cQ<q
zcD+2uYT^JnRSuc5!o;hc2zkt}sqQK5z*t6eQ!|d^$RUZ^{*lsno=(Imt|@8?zPg#u
z29mLnPv(*YgLP4{qd~&m<WO$mLW)Q8Oddvw?9pChm_(G_D-{&~)J_;Dgb#gWW&YT}
zjW&o<*=@^$VY%m{qR_xeqB%pfO!?P@J?BwPf*kOo;(^O}ap^&KuJ}l3z(~2eT?_%E
z7{ze=#H}SltenfI__xb_;2IcJ0b&DZtw_{LWA+fooQg9{y*cXGdZ}m@dY4Su^`r^W
zLO+RbNV>{P4+^}!D6_SEHQsN(V}|8B(kD`a$QunFD~55hMOnn!6U){_TGU+-^Q8uj
z=6d1BCpMiOAb;^DDrr@a*_a&7f_#e?AEzY?MYH~$^V;l@qbU}7+n+GcMXhpzWvDm{
z_<bzLK&+&s1Ve~G%!ZYz6I3C5-Vfx{vkQFxp^c2gu?lNN?e5u*UX`SSR$y6le!)~v
zjkmy&Q9+<%KeC#+Pn#7jeu4}p`hKk#rz#>m8d%vV8$@$g5r6DO))A1pCZU{V5O&bf
z{Kw7HZi5L?lo?X=!BH#Mo-iTetPxgZC{}&raQnlEqiiX4w}Itp{Qm&5Kuy0^XLMy)
z@7P!G3GY4O$L|ThLg#j^N_7Z-A>~B`d-_0L))y6jL>*@-m4lbGxTLJ%5v|-EL8@Sx
z#sS6J19)$tA1}2UsTsjqMHyp37X%mhy#bO-uqR_%t%eFAQ7TXaS31zURkTEj82+I$
z8ZkJxrHJ8?Rtzb0x(!vDivP3AIj^xDH)|@IvDD`ps>nS4%B<M6b><nFTQkgp%JS4#
zTSJnQK?6p9GWSa~T8=Kf^sn9G*8zS}vOL|_4WA}U;`ZrTnq;d}x{4qrh{XtQb6nE{
zPg97ukbp2;PH&J~(^GLq+J*Xz^cc{OP{_xi^gcC3IPU@UkdGenvEll5+~3m(i`2w^
z)E!V301~iMo$6!NEQkJZ&=0S&=}2|F$LZ;4bb5*al2Sn`^kn!u?`D~ZWbCRZPk630
z2&<L#73U@lT$8$Yuc1nC?7o6a@D<@w9KYIyz!<<aE5Wi%wrr=iEXZLcM)$oU2~WAk
zTFQp4Fy$%Y8#=>AMp0G_Y=fher7~X(%0|tXjb7|8&an_!k>^b4WKokh4=8Sy)8m&Q
ztD+{asC@n4%qRtiAUSAKrm9zi3b<iDWnv!G;+*En_e_wk5@yWjTuBcne??R*zVSXw
z1dAF4-x$pn0$+M*W89RU0dpp0p|iqQtV6;})E#bD=A}H;{>mSzOo^z3JUa<!Bcocg
zTs$ZLclNhWejc8Gb$0gs)8X%b_~h(wBlyREo_}@zv-{(d^YgQ_@Bi}V>)Y#>Kk)OP
zzZXS%hkyNi_C0&~L(4|a&%gRjz+f8!G8cL%^C2$tb0{hhaJA#~cjq6Ktl`=W(^p-I
z{{tWPa6KvTb&o(z3PX|}BQn&p696l`;CoGw;reKX6Ka-bGN<{1#Mbt_*qXKQK(()6
zurY6U+XN&@WHB$&gQQ4=p6YXc4|S+)wJQfav_G@1uQ848P#rH9#Sb3SsQGhpVgXkv
zqoVXQ0d!Bs>{OM%#X$tRdJu18(dSihPnnZ9Afg_yEQ#0VA%Qu}_&?ceBcyw{@BJjO
zP`N8m+Uk%6!cB!kglY+f7n^c=0wq-|jICqx7QVq1dFeQlKaj(0b<;m8OyDg_6e0$B
z1Ql_?oC7;BV1M62A+q;8EmBe_GkPhStyP1^vaVx1St%FrP{X|Cb4kq@xhdzhvfDxi
z6kD2*r~<TpJ07cp$_aqaYGpSeOwXfiAz5W1f+tNL;%e!Y(_RRRRNvh>Z{5%bATjSm
zPWBZl9K3z6QbmcOZ-^E3T6Ptl9x9tUOm@i-EMBK&hqt9Q)k-DNBC=UFd80}vc8<GJ
z5w6M5{GYSBI-tXtO%T9|&w$yhwd#kq<%F4r?q^I?wWJlvSt{pkkAuGigHv#sP@dkh
zG)t&H2z2GIHKTRS8BNW^iFim8DHyr_?$Sor&N+Au!$5ksRbg)AJ$PBT4Tp~P8(R)d
z5tfcw9GjJ}WAw8u%X`6cXAHRh?s7o*h>hG|WutDnwVYzGj|;r>aiPn2gs)dOUDtd0
z@ek(3&9{FX{-IW<@sB^6edd)b{>P=~>rop}dDHy$<F$-$G8T<+Qq_-ML2v}D(%MJH
z3$rt(Ow*WZdPrpR8(LOkwx|F&_BFJCt?KR=i_CaEalrL=m!3TWCxL?nNy_wyyp<M;
zj2L7v_R=Jg_cocK>pN#QZ9!ZFSRCdw;W50DpVc_rW?Y-Z0CYn~G_0dew#g1glL;3z
z;s0blsrnsxqmvx%;AMR|gCRUPzq~c}55pkcMq9#;4%lnp{1~O?kc|Ac0>DJg_<`%P
z$m(~MRE7RkCN$4kE$xhFr}j1|L^Pvfx^yq##W7`CRk&Nck-huTRtCgTE4bY4U11f#
zwJ+(*ui@TN60ZtSMh|vXL=jW!jf_JWKv$P=qx&lK3nLa47&Gt(031<u#D}%$&FDNJ
zlS;59tSTEkENk_`0EaNZ;j@qa#xY{zO`s>K`*x{%xA47)in`k5G6pbi#JZ4a{ZDcs
z2z$>J2#Hn~5;RjYS;i=yDf_|5?hBWdvHA11k@K6oH@xg@ErSVZ`)cAUwxjxJ)Uq5*
z%r3azoWNWr3Cm$(E!trT;s|vm(GwQp%5}DaQo|MO-W}>ORhT;5p+dmw;jppmM&N(;
zyC5+D`ulY*i<WsOm#O;!Fm!Q!1!Hh3=M?^Mmu?BJ88fqmsyuWdY?9!%srR@BgjcQ1
zU!d-xbzZns0fyCHTwmchLr3unw(7#_YkJ1>c$m>#FMyY+L1T<%G;)|{x*Mp%uZC@%
z8ruV=(i#32S(uX@;P@MN#AD1(nB-2DXQy84PxzHHtkZGLPAD`1(mrwFKjLB7+;vdg
zb_xBiivt08#@)&z@7SakTMY;*6c#}9uy$5i556o#S+I1PmIj1R%!Me$5L~SR19EAn
zl@p*xnAE{0ZvYNj8&|Efibaz%A$@#mj)2i)>*okYUn{!UpM>z{zoIXoo}{976*(b-
zi`blGkTL*Is){ILMn{~K+?2>kh|Jx%?CeCQR7W$Wh?0=+TWOjkEOw)@3ob#{iWh?V
z?{b1tixb*<k*61VdXZ-f9oMDai#*$@gJqTMjK91sqe^QNj34ZLz6g0MwRPcxON!Qd
zYu;#-OsQt~bTJZ4+jKn6*6_}a;_IA>(lk-y1dbWGv_Z9Av_v--4x;@0R9SDW`5q#^
znyJi3<c2X@@~6@HYVMDiY0CYQPu1z{BFSd-yq=J%3@d}gCAn0pTr?CeUes(um=X|X
z&sLUVf{v3%VUNE6slLSaKZXomMGMuCGIgw2^@H8nkFO@=9gF0g<+%A?zR##I^4TlO
z6SMW)7UarpJt&aa^fA{gmL-p|+a>i*XMj{@`Y}D&;?Y^o=3Exaq2>yW0*lhtzdhsA
zveI-!Ga7MiMij|BF8N5nSd^x^P|dms5%_=})nZ@nhXV`J2qX-<=62<<C0!zx$WEe`
z$Sxw6$cF(>Y|_qyddSWMpw|d;#m2^#RXT)jg*c96niZPWSgK`Zp%=a9scz({dy-N?
zr)*dbW>|r9pLDqA0}WfG3?A)|cz?u??})#%yL0)FTPbPVA@62fu+oz4ohu?!uC)zR
zpcSHiK)7zid0M6fW;?_?v-f4?*h)<bRfP47<@a2nIwS~BGpri{%w=d{_pTIDIsOR1
zb%ebKlOhhW=YCxt#xT&3=<CM8aLw4%W^~LF@>9X`5Hq?F>|I>Dt)QxS%yQVW*1&vd
zJ1p3lU%odgjtWC|lI1B|ZZdEiH*(40#Jj}^Y_YBcA@r)FT0|_$>f-H-P&O8f)FC@#
z;e=c)&2N2Pa2?8TfM=GNDwm>%k~_8-Sg5rv^KE||JSa$w!m0{jrg7htuTAQ9Qjh}5
zn$>ATiL(wZTDUG2PjZ1?9S;f;gyjLJ3Y~D$-H?mqcGS+MzQbXukEa<%b;lN`%BJ*@
zLd|&Qs%ird>$Z83z5^(y>mKbsS7JckN^So0@;z5Jv&{?1)LW_HlSf}aeDz~lJ)1hr
zFgAg3MGWqSU}(Ea4%b$$G*{$G5SiPl?lge17^bq_J5OKfH(%SoU0s<s7I#lWvBLmc
zIer6PfGnX=8M1<<DXC`DAop`cDa)sjA1n%}*j7=e%M@uR+r0}E)={{DAIZ07Tk~1B
z?E)L<X!7Vfe;|Rr4vb<UJGPp1-ch?@eYH73kuIf~VSE2Fk{fV<e?#$MH6j;8aWPF;
z<2&p3t2Glm5P%k#?LDW7kuXtHcJ&qIWJQA**lNT^#wjs6CwFXdGUy;Z)miJwl{guc
zq52JmSPHv<`Z<B`PFB^2u8P28>B+mr&RGY^WkS)D`WUXe<uR-)eRfm(P37B$9PLNp
zO^VFG0s=oeFq`E9Adk9+8wcYshxN?3X3f4^_W=INW!?{7*42XLwX$3FumhQsB8%4n
zF`*7yRa?ckPGm(D7A$8flL$&&`|?(Hn?XtUm`^NTBP;SuDq93=`KSbjUf6gU7d1yG
zn&s6=GUv~wYd!pi_A3+OXjeNJatFJt7L8m|6{dD)?B_dh#LEeJRTbpp3QW-4<-8D5
z6E32pus(QPA+x<7VQqH6U8;s0o41D4AWz#;6~ASqaX_168r_*A+JyrhHrCf)@fgDX
zY5jBWQF%TvX&I>8*hiD7Y0G)V$2lXHGb#j2e3LXf#}d_=Ml-yqC^4cy!t|*kGpRI5
zX*A=aZIf0s6=mkrDs|4jlGYr&QmQ?`^>U((0;(P@mZ|PmTC3`ZS#}GHfx3V>sQ6o-
zzBZS2C0A+bS>$5E@*Ed#%<Kb%Pe>t3;leB54%9uI$$Jt@a?b#cW$t&D=MvM1EzKo_
zW<)a0a+z|4Jc)Vk!XRFh6dn~#npt6!LYQ4ql}31VNi@x;Oq*6cW=j<5nC0!0!XB>Z
z(xcRCY|QBc<rT?0_Y|bF19^8M{W8`fy4Mwp#0pqui+*Q?q(b<(yF=<Y;;#AYU*Con
zxH_#`*svu%=Hp)GNqo;^3kfG@rrGoM+tb_7*`bE1j}h+vp2wjR?6s4jqvj$wb<0dG
zfw|=|6WTD=T#++)!Y9D}CC7|m(38v!>l|}|V01aDZ78^#4X1LZbH(%k@UT#pLh2b&
zJS`GU1(SvHDUN-d>+CC!CG0&O^nIo_ta@n*a#JQ)&Lg)yN<_4k(OR}%MasobN~x}Z
zTNF|qu*jwv$dY2pTc+d+D18Ywhrk174Hj#xVcsR-ZC2tkC#-L}zz?Br|Hmhd-mb6N
zAG3^!7>Y{0stys(-d>j!D|>uUC6!O@n42O%6+G-Qn3+ssMc8|tQ**bZ<`yYipAae*
z9_0rEH2udHJmX)2;Hg-YGwqd0phI$R*I9F-8y~M&x$s*T>laj@R577A)c9H|f0|LH
zN>c?~jh3;fMhXFst}v|tpAaFJMqZC{Eb$YKpLldrdi_#NI7|hR!ZkO5q}}*$wWb0(
zzNydr**R(bNEnpOKW4a_9sF%g#&7|nzUEI)pPHPre9qbZ6C2n%yytp0#N}5{K-+rq
zYxs}nIMCj55yv)izEEsZBsOo~s8+po0P&RrQt<ez0BdcK?C!a}yL)_(r!@W~k<ndS
znYd~4#V42SzV<_p3ihOxo!9a^D{QrukkE?f24yp;5oPvx6**pr*6cb!<)E4>ru|$s
z;cTPUonh#84r0ForzMLCRb_^0GW?^}XGG(dMnAE0=fjL=t~P`N=wolO*(VXz9)8<^
zBW=h2?YCDiLiN0=1*gQozi}G<*TU{xC>z0lD(ZF>s9)jHqT9%}<^9d0Cli@Qtn&4}
z;OcIlmWq|mnjGls%a_D{+B8)(*-XpM)-$8-?xfCTf2I+ua4#`ecOQ`#Ygx;;46I&e
zV<8K2PZ9j)ZBMx6*>mzzs3K<-=6|_UBM$Gux<Jz`Ve0uKc)T8E!`TV{V4Q6k%{ACa
z4zc6Q&fGmy`#|h=%U?}gfakzwaxTjqx#r9!uT{?o+t#nj(zE1A%;ry2OrH&4=q{&5
z^F65|C(llN`nusMPiUSj8nwo&7LCy2x&~<K(-U$ga~MNJ1xXm4GnaGMFvA7v#OEKx
zSvs6!HH!}=vtmy*0jW_a=0$apb75}x5&72MxK@zDJ!PiR{o+Gd$pGf`C?>}x<Kd1?
zf@IZw{sFC?k15kv<;PR87ipdAcPx{8mC><_C08QX<^!oX6kes8P~_WDk<gsv3|)k6
z*Z;-K>vu0NFK%DHcuu~y{qee*IU=|9x?HuS1_&yyMl`TDU~8*%SqBj+Tu?!-1lLs!
zcZ~8)q_FX~rVs1xoN_%t)d9OSU%S>?c3xH0fMT`fTkXwj>dLYn#DGy2=5;wI5wBEz
z?kk*t_fW{vG*4uXmG5vDoQ_7PBM^{IN2gBePfDn|l`pF9!wRl7_x^~GZ(O1a$S=Hv
zk1wI`Rc%Ymu-ZI9UN&;9p*gO<hy~V9`J4&QX$`u)+`t3(QT@%WUFO~E{f-z}NAP$p
z=dq)WWSVkKW>n40UFy4bWpZ0zMj7z#zL!<CG<&(Qu!iQOCC3W9vRo%i=A`mtn~FzN
zmViB#4rf-Ia!Ez4wDP1J;gfeSFJ8QPIZE4EQvEqT6LBWF@JX5#&hg96+&OU{pdMfg
zn?mN&+G=Q-$wW@OR@(NM>tACK&X5i>xmOc*M)mA4<_A4<b6!nssZeXLSn>~KZjVNV
zTA6UP@&S{9vaWgt4GbY{He-3pF_`x;b*lrd=swk|lH0UZ!>FF^<4!Xd$aU+39<~Wx
zAI%#r%h|9jW;Njn#9dZmVeNuz*^P6GI6n)vl`NK>BbB03dc*)-N|U55KpFy4Cq{rr
zJ29PNF{<363bLHfdBUcq(-{|2Ri)mwIWb#y1fj94y6Q_W^c(Y6t=>Ew>$l(B62Y+3
z)(3P4_2B()_JiIn&hfl%Z+RN8(Q1tM6(wqsCS2SN%DQC}X)~uYV!m)YE@w2^#ZBg8
zQ!+2tnrV=*TTCCwB?pc$bKL&yIEi;4XZ;E~Ir*5D!P}s>r<;VUNb!AMBhW$P4iV()
z=JMw1L-n(75@X;+_pV$;Gn!o#diH`V$W<RIi>|a&3zUay{XUo-TU3&}Wwk9{{`umX
z(84T%wuOZED9crIbAy>{I?jx3WoPr^+B@{D982s*kHa_u90o9{j}m*q1=pNvnIFpW
z+~}~h(iTd~)Smb&_X|K$ddjRT%~vK|Q14+SuY^&YX~dR-90yQ>7e~R}Z#??{gY}!3
zgF}-)KL0}v+VRKIiBVQ!w?*3`DFlo3evQk7@Sj3iJO4>6IfihG{->Y`Os&Th`7LS4
zYc>}6AUnFbrR+?V`v>vBz-kM{K#;@f(>WE&Y?V;!(y0X$osu&hWgb|XgC;~s3Q?D1
z@!fB6AH5Dph|vBu4~W}=1Ah?9z3r;pX7%a3hVRI0t~5qY;*TM9Ax4H9E#jKUobc@L
zG>-G<C}~+;U*<mHMqHHz8L242ZD)Fs@rWkLg4|wSLz{~H?u)0OR{ZwUFP?hr)8h;!
zKO%$nkzj%zBgU{19|-yFjDm0jpZW;j<}4sP#xrELX(>d6Dja>NTOaCHd+6YyZZ3BW
zUI+)VTGsl51b(ac5?)EyANG~BcZ((esU4dcw$3IsY%I<`tfB20SJ(!tW0U>Tc2rp`
zUc9~e`|FE8y?hO;Zb8q6`&ease^Ep`=6RkwQ0y1MBbKl`g1mio;|bf@&$KVwaKxnD
z{2sY~uT}u8VV*P7u2??zD~o@iIVB%BaKub5PWT4_8QJd=`pWrvc={*LL?U@DSCrv8
zcyHuJzA%ynQ_9^UAKz)&n`d-rCu$#pL$;Kx_%fk9-RE_+wnO~qjjK9cgY7i(&a`!_
zE@xoA#DwB_87i9AYU=MfZh1|T{^}$A1kyY2>tck)59L@WJ6p~cM}1a=Q02ry8$1$}
zEbd5_jC?@%?qBzA+S<Qa%a;k4dv-6(btbhGopVI2Yo@^^+p<My=MvMwBrLD-VvHj#
zAuLq1^(Z+pObQ2P2}o4_VdQ7{$nrYw&DS4-{f~q5)|f}#>Ri3B%9%?w<730b(?K>L
zk0X*C<Es~Y;a4)(_c9O9yW4DF34m?CYdMY9abIUi8<|a8UiGoCq#IyKwb|Xqnm!cH
zbX*+iQ3SAGL~2t!*unhXJ#G!iX0L>BdkSt4!;k!u_8ow`yEohmhtH+?W!u3tnY()y
zQ32q%rAcCTj}%po^tP*D6QK@BB*lbJQ<^EPr5MY5aZmG@TwGu6iC5c$=2zvbLv(-D
z9R%e7ve5i7=2|t1($&nD=9VjgYK9#f)@xe|5;p~rk){dOsU%~j?->*1>C>m^hI{(u
zmtPXIq$Fk$Pgj2kzxw>yGoQ}?_u|cKLL<<yv8Vx#0oJ+RjT(^uzWL^@J1lDHTi9&n
zlzC~MHVlU|)o?aZJ%hCnQWH9v;Kp`E|14uXMxc{DWTBW1eA)@j30Jx*E9c_~L0(|?
zY3rxFu|$oLUza_ijBhJCmQ2YDNk9`Rrsz6AZ*?W#IGFb$^SV#M@Fs*r7(;rS7fS!B
z5OLyN+OBKS!ON8qV9=oT5`x_|ikQM3^WzAr{^{!1KYHh|N0O6uU0bKDxm2hiw9s-0
z#W7vf=IB?y^6u#($!2swrnDx%u6AA9U=v1lku!KAq{A)m6;a_}7f|yhDH)HTDH|9D
zj3e~!bg9ye;#0wLG{G8fOG!e<EU{fmFRu&fu)z&M&o{Q?kc!y5C}xfQgT%7BKFTo_
z9nJ6xSeh+DQ1GT<1*{p|Fp%>G)}_S8Gd(g_v@U3pEQaj8;Rk$f>%T&B8UWQ7Lb1S_
z{Q!f`a;7mK@d>`8kPs<+g3TMzV_axV2{>5)NZ5PNS-!A61vJoQ(-Bv`yjBuCv>JP3
z|1CEf*e1cCUUvmI_giqA_2S~I<;H`X?O3Kf;PP+MZmQWEx>%a&`ux~1YxfQ2Gjk;!
zoR~_<9b2HLVnk|J4&MB@!?1FeP;K+3-LVBUk3ELYc=ywTbjLi5AnT~HcIMqs`0UiC
zy;GpMGKQ}6;X$I12u%?!!>68fD|B2Zx5IY02%Qd4eN0UY?;Ts5D%{D2FV1*|r47vO
zVw8-I+ZpLQn((+B0M=2t5(Dy9YV)6$@43=gT<?Ws>aEo9$x*B%PQWp(qgAdszy=}y
z0z^l6QMX<$4@J4=T#+kCCx}ztaR`7Y#bMw8Ts=e~#Sr9?wIi_WEc3=P?`<%4AdtWX
zzk!-aSwbTglemBhqh{u)X4BRf@lBMnd<r&-$Sa4(Ds{Yek#@BGL*jf^$-mI}G7Sx*
z>hQGNhQUn)g(R$NB77!6hJ9_W(BR$CwX9x~cCg2G#TsjKg92enGs71DW#m5K4*w<@
z<+&P>3!=D~Cam$DwJ_G2=`fTGkj6h1d`=UF2?wYkEJ1lyPFA#$0lA+^g+e44W*{5<
z9b23XI!Rr1=6iA_P6jSZNt0og;xeFdPvE<gRYjz`LecRMb$omm0YVk|hn*qq(k$Y3
z@*3OKc;SlWS%bu?y&|Y<uyNGvAy5&yZYm1d8=V-5bj1%JX)%nTlNW42Vku5F87DHj
z10yVCZZ0wxlvSc)<2CDb=2ft|BAPSPDV<ZE&~f4{PXNJ0<0RxHa=^}YUAHfdywo*j
zsRL(>mIU(j)w{1YNo^2KgJ)2`+cqEYemgELt!eO|ESEt&tuZ-<?`}VbdqsX>G8Hwp
z_B+t;=GKKa$z>WeA+?k`xx{4$m;-z<h8a5e@vpYSV{_w{M(Uc8KkOcT!18=+^H*ZJ
z$%!psn)o~19IbmPmzAXum?Z{%!*P)%919v8b{m8$7#;x~6$OhS2%309vrg{9vXw>!
zUOJYAzffco>Dcz5z@nDUKYKuDQ?Sari}Q=fm?lnbKp2f?Mj#&|qQWQ-PD^-U<_YC=
zxqP>Wov?BV+_|dZc3cS!2d-2W>SuKZQN?Zq_3aGTmSs4U0lYO>ah3``BwU$c-LXZ<
z1%mor^M+N@DRU|<vZxR%JsOE4xL2@zhOnm&W|_t=eM2*aW+x*hg_||NObhq9g~-r=
zc$<p4J03bY9X2=|I+=Y)jhTg;<aS`?NWCy?%d|W5F@Uie_2OG0+CXeUAV+xLj|yp9
zrpJf4Ez{Km*xLH)I&~~!DS4@IJ4`6{ZJ9!_aLW{`-yrSoY}89k<PCMn-tlnff>N24
z9^Y>6#y50f?=o=ZjFn6Z?O)GgQ?vDQOz<Mk0tt1bcF;ksG!<Omc%yY|y)(D%=4%M|
zGX$v;NINl$hWQm9(~7x^L|RD4l1>Y0|4Frwj>Br|8Y-*i`lqh02vDA-G9+_iBoh$)
z)1r0ASd+%gCe;p6&AOQGI-Kg=c`967#>MqjC!<5Hox0h<drHAffu%NTEq>^Rhby!o
z)S!VuTlGaXB{mq-$Q+NTs;&&^RoHk4)>JH$+1Bh<TH1h_P%YR=W>(s9Nx*$dIW;K^
z8BcbiLPOtP**%x3v3{rToG@gK)Zt!jLY7QknT(%<!?;V6LP(9kvjIAC)Br@1PHo2Z
zyd-%o4t8`J-0p5*nbp<5LqM5rF_h_41TuUyV=0AyzA~$Q9V*jS#1%M+G!tMyWw}Qd
zmh~hjgGSix$=t6l|0?YWEj4jdw!`JUu2j&D(}u?vOg!MQLe;Qiqm|9pT;y}yi$|~+
zyMUZcI-h_YpvHEMTR}P&i)5%Ja!{f?oA$&GL+LG%NWCR8h&Bmc9dA&s$QqMmM;U3!
zqFGf}>1^P4=1gbH>=f8hH(;Kgjz*`a-EE_mYZQ7i{2gH;k}-<`>e%Vp&y@zHt1@Td
zYIU_or*2LwQ)`DNaSp?U;2m7dF5$$h-6}er?jWlgLE=hVAJ8siSv(arohn@hNqEX_
z$ckaeOm$MN&ak;rlobQp^eAPi%ol^QdGlqXKl_Vw&~c(7&zaE4qNeRUva(Z7UMM!J
zq9$*>bPabDUBUKU3W{)n+T@X4LsCkcsA-dlIhoU3g`YdJI}Ih~bFR9^rBSi?ro+i4
zm|cGdH+HkF9R#~HHrkDqfV!%y5C&D~tk722*^R31>Wr35sq3z7sMODV3gE6%Mzv<S
zcuxNB>~Ej^JUsvE?Ckre!{7h#$=TmV@Q?pI|LXi__s1va=Vxc%|K-isx7RO!;O9So
zFN*XI|N8mtd-n2&mW`aBfAyPA!)~ZrT<D?9hq$et1IW8W<8GOD$qC<eR&twTtBeCj
zz^rzm!Mhjx*cAA#PVNuSRUO<hrY!5^{K6)71h=(~edsQ)4;E{Swa$8=Z4b0<OFhu`
zVd{alE92;aw!L}#BQ<aLK-)&MJ<!&ldZ2AP>VdYK=@$yLMQzB!ZG$GxLUdt6SbeC%
z+6J}gyz#$asI4-4Jz^J8BnzQ$<sI`zc`aETR@w_m)v#i<uvUnb#=Tp9JQD^jV$MXE
zEp-<R)%EYh7$ca8n8no>mfLDGu_JOpau)H7+w?yaKMy}>wtB+C99fo3P%@yRs;ZFJ
zRD3I#EDbH}{xrizYXNZFd#)H!Gg%}t$r)suslD}Wz1O;PA+-D2>)H9G8TYS8S-wpd
zw$9#XJcm<t!y+l-N3*D{45X5+!B32-?#dL?bDHp&>xG*^%Lu}b0dkLWm#b>^3C*%x
z(rCt1ZG@<6*)l->3G6G%l48mQs%X%UQ6iEB$)%<?9f^Ih<w4%o24Ef!>K^5Boi6}w
zF6-Um+w)2N4@G1WyYlM4dup`)2w6d(4OJ1%Q_ztTqdb|rdvk}Menw`p$knJ`FZUUI
z7PjgluE2MiB#bIeo;@Wg7ljVXkW*8VzxXWpB!{ZUJISyUczWx~F#NmJh^?s>Yl3Hz
z<JD2ukL|tNjhll}xX;$Io5y?=M9)rsD&%;fLu$O)C!48%|HpplQ*msk#p(S;z-cZE
zkL)?&CloqzMkwbHvK2Lal8Lz*s$3Bvu~pCAbo>?2)|GyDd&^a3Ij-{WA-ZPHrd;X#
zKvRo-HP5R}_9%0b7K!FrQcd$a_kfjpeAL8BQ=m0>8O17%&!KuhIAqVtUYXEPnhAod
zSVnVNu4*LHlzQbdyr1!CMkoL<@g6j?QBIR;7HY`6eI6do1Qi}gf$;Uko`}3J!xg7|
z&cyPmv6|bTXmrO~7xy*vt#a!TF9c0_L=$t)ayjSbn6Y@NCpECXAFOWT>g}MEz0WBx
z6!X9$hEKTZXLsCOq5Cf9^N2b1!t}7unVNf)cO~oVFWO2Oc)sECE};}&RTu@KiQ(Rh
zveezuzO{vs_E_uFw>+a`B`tsMp_zJ$aQQf-ieu}&o{!_^o$-#wQjtGFPTCg?6k^mU
z+6r=Q7jcbefW4<_mM}HC`yKcOEU$TzkK-rrUS7O-^Kz87<7!7;*mrBKajUX9G005x
zLKftnVp?$TI^?%Jdrn>oRphLyp|aem;o^I!{fn#l{NT08z1>bq%bZS`+i<_m$3B-Q
zdX;AKp2U*eGm_<O&V(i`&t<OMrCgiyNiI_(_++_ExpFtUPvL43b|>(ZP7kujp`+5S
z2rLCZ@=anJ$|Zh1llMa{hlOH8?yHY`&FLLm0Nnckvue9)n18ecxC4A{#NKy*dhxCD
zGjG>a&L>PqPa>Ahp4h%VuC+>~;9BOPbyd9<%k_mqR3wwc)}53Sa>=q;`GX^#VsBt&
zkd4nDC6P(#;T{iPL(@-_i@_(pOssam@^ROD?8uJP(HM|+SMR=)rRb5?%+EB1Aq8I1
zwBf5(b_O=h8nTEMdd7t25&9Z!oJ0K*BUckNLd0GO5jkgh&SR!Xz%5oc!1CmX7d{LR
z;SVe8=C#@dl<ZhQWc!DYb+|u0Jx{xUF&)$x*SLn^lMdG~jZ^NGbm-VGVqg0fXk#sZ
z>jc$(n733!6L$4YfQidK*|c8W*bg&v4wYuD-IUJ8t2K>gwmgaRK1o6TQl1qeWZV|B
z@ZnmaLM%;X7|BX&`>-vIHdvLy_yM%BNAoiwQ>xiL4Hc8^({8z7{%9QMOesH55CC}X
zA-TA|B41;}dwumRml}277c!;X1LWG6gXL!2WO$}Fva*PqgzK_ZVw;^noo}Beu^>*7
zvzS;*;$G+TQB<xKm57{~@18(8uk%r*el6){o_lk5THFVu7gb(02jZ&fLT;mi$WsDo
zz4{S~1468Z?6&2Wxk8|cF4e37c`c{hmAp5{0@srI=t8|}(yJ!5haN#SQ7U;U=s5Ag
z3^v8fvH|icp;N-(k0&u#=D!{@cXRU^KrV%Fh7Q14*o(K!OY0-L8TPwhK8Uy28?WH#
z4xF&+j&Kn}K|s}rIkLY1hUkLnT^zxfk=q%M?yhTS6`7mQMD3$M!7#X$fa79c@;cnO
zU2DNfNACK#!LK}K0a~F-$%t2QE$};4B2x?^(|%_Kl!MR-K`o>vDVAXj-t%GGqN*<M
zap7iouakf~-Y+j+_<5{)Tb{Y{>@5R&tdraAHk>Oj*^i=OW@W!|Ri1aq%ydK`A*+?O
z{B<eswf%kjIrKHUcw{&V+eKD>ZK6@}Gm9Mp)}6_$NH7qlT;>k=As>hbj%H70oLW|h
zL!8%o5(@tuBJK!-)rO20uDKxF&ts$z*;UFA9}%pPT%@5KKmFpf&%A^Uo<k*a4n>k7
zT~G<`pg9BOj7}z)kO}N(h`H5Xeyy;qA|YW?o|u6S7$e9Gc6IQ~U<b|zcGxUnhs^!u
zo$<>Xj<P+wSCyyBOA+pn(<?NDJs^MAmaJVJa&HC4@P*{r>KZP2_?%itkV)%U@@E|+
zYgU(BS>YkTA>qGW_wvDVVC^*X)t>TQ?LNy@AYTiKOZLrU<sHL(kU->+G(|0v69v=)
zU7M0f1?LwEcN-nbI#czw)~@AJ54)Osr>a)nPD{gQ4;V?|p=OhibLeaNz~RZ3^4B`!
z>Nht_kQ4WDk2KlV)5nK2*<bw9hk^-+drZJu+65-SZ5vhR>d3x9G?(Lg@!FCJk&Ejq
zALL5TAVn5U)M%Z|Zdcgp1Ws0`TC+6sDjC#60(wY5?V(421U$A6ZC0dI3=M;%<D@CH
zRma!bl!#?;o<{{UY(S2bLhzpoRvD{G8Sp@UO6cpb6OAJ7661{IN>H_(lXB7>=kuLx
z=#HzJfmF{J%H7vXa(BbXLCEclD?*b*-uqgE>*Ar=K<52yPPs87DbI76Ti<E@6%o|P
zr!&oRw0R)7%ZIn!Fl~1w>}o9u6_~fd{M*IcV5xq4ZH(EB&bchS!clMVqC2sTfEcxq
zMd=JFAY!_lTeZ5LN26}cRc1t=?>tg*G}Ca@pKq!i^BeeTH%f=iZ-^OuS~lquuKr=D
zC%tO&Fm-`7B|KVOz32*U!dBd+>JQ_=7RaBdVljC`1)ZWP^6cjNPjAl6Rs~b))eDa{
z*P*0t>H~he-|RL^liWeZS!rkQ6TRoeKaThL71>{t4C#6~@g_o+T!vvE>D=;e$Cc-4
ze7C;|@C7whZ@c>&vHe(v?ZP@ddT(dpZZpDRRjGE{s<#;113%gN^}{#b1vrD`gj~}&
zPS`tU?gR?A-I;0n+*}Fv)0>P%<P6mO^HEjE6opxMoJ2{XjQHr#j~fNZS28CyIC6c3
z(SL22j*~ak^l<XLIbt)KO{Gdt{wni3pGW?^^68dY&I^HDY;`+4JpJ$7!-R>5W(tsQ
zip*)wWuZ*lkdrwxzcEv7m6Vv9!#ys{WukMm@vLe6A96gvYQZ?ukbg)^5+#fZQe?H#
z(?-}c-zL&pi~b?UB%*>Sz4k0%a_rTW-7dx9Q!f~e6E4`+9OvzXwdN))Q<8JY6aab4
zms1~uKk$~PwM<v$Ra3eEku2I$V13LcGPilat<VODEYmW}Q!c1xgzNvZj(X=^%48W@
z1AgT77umzvsvmMjk7;x#CzIDa<r{FDjX8CQ2O^4ejLGkFhA(7aG^Jo{La@U><aooh
zOejw_iH8q6-yeD_*sIqv-gL%R-fQDtxoos#oqqPN#*eflcaZ#D#){C1wt)q36r?#o
zTQZTmcmOTQTPZe3D-T@E%IIB1!o{@p+ukfavhKCu2v{gf`SVT8l8vS#GNocVtbV)p
zrw{9EDHj)W$`d+HwuqYT@EL887%3O;97EgOAB|&<JO8?s#`$1f^7d87Th|mn%0kz{
zWvp8WIa$tS&h_Flp=!%&w3xo13RY~{ZLJod@upDQ0<M)U0~?Z*DMhEI?TkgEQYaWL
zpXm_{&?pH!O$+@%pjcicrb(7e$p8C)L?-bKOE$#@*q)fV++?92tRS+hgZIGlszPN<
zY!H^M{qFgec(r!S-S$$m?AAlW{u?;B(78+!mb=IT1htcE!|i2GgxqMwxtb6Pjc`>$
z;X#QnyG47XIR*nFB(_O&R{natNugLB-l)-??SaMiLV^a3jC00EY_!EPJW1%3OeIs8
zN)mmqc8uqPb<+X{=$M&nj?j%oOi)C!Zzy8(kFRrCWE<jg{#%YW&FZ&`<rah!GsUN1
z7Uwy+m-$^HDO_07oJMR?B*}uzs4yyqX?5G}y4iE9bz%?2g_+7%TyQnpq{g+|cDJ{$
z*EQ*E0JpcV8}jx)<anb1aiu{B)%1=L_Fm_dyfZCFJYm-?=Q1uuTAO?Tn=P^dQCw_v
znCGq$GG$tkh$ab(Nd_%q3hx#Y4HpwGxZWVubQSV8GLZF(_K;-DYFtyr-q4=XR2NJ9
zaQiC1kxH8hWI`tkBF9h_Dz*(dT?}=~HQW4MS&QH-l`%ShtXUV;hx6tWn*}N>d~zua
zZx7NlE4KhBl=sdFWn|lX2v<b;HXfOcXyg5-1<k3@3}nZ38V3W$#|4?uEMr0qt>z%}
znB{~<xm2o5=3k`?SbGMr+tPo5@q+JOUH<mBzx_RIG2k{Fa^-$|d%4<#+lDdKY`C^u
z$d=3BoGiZKl5b4!W%)x0MHFZ)GMgbP@*D~<xqX6qgZugFfH#IJG&=lmIWGIO-;AB(
z5(-4weQ0{4nott4T+<C1_Mzm@y4in7nop?Gw>gC@5u3K*n!&%OO53thhGCWOq06RN
zjQ5ii%pR=GqKG6^08U{O%X)YV*p?oW0?q4wo0(=>zv}Ib!DH@qxvIUdIbsF0x6zNX
zv#~o#w9TL|5OF|C#DRU-h1eVQKW3WpL}8uB&5JW*wN>5pk`E3(XH?0J*?(3h9DiQj
zh;G79m0gSOBU*QDY#7l^<6<ZWGl0!4C*&5y!&gQU8<20sosjq8<I-DvpUru)DdQXL
zD6rdYrtjhA^NWhFul0JfHQuakDIM+LPOQ%D%Eeg9PruZgF}GqCtnIq%p{+rsu_Ev4
zt=3TsaB`M!Qn={W?${EC2hD}tY^cw)<~WtLw5ktT2mo1TGTtcNw^6nqR<+U88ZcI{
zXkt;MoFTj;n^DEct1ZUcU5z@SW0u^o1VWfw4gU0n*$|PrE}t7Uk+`P`7fLf4pKi1x
zJ#5lTsg7nZ-<ut$wp(?UMz#DPW^GTnf+C9WmPFZsZfUdRqN&;NBYTfkpMc%q;_Zv=
zkc$>^u6}rzi={WHkI5GKao>RF#QHZ?87WA~9a~`JFLk-W?2jMl8V%G{?5Sx2Tix#T
zZx0!26&$-M92VyVg5{jcsMRtf(JV{QOY|^;!NYOy=GXJJTEU*mwQHcs?%3kg`O~CO
zGoE2^w7KZ82JnLmhV&gxcwBaZ`~6A`$Xlt+e_p=lN~3M*g=Ffj)bPnpXAcLvkGZob
z_$A%Yh8@~D!n}H{nrE)al^`;=Q_!NDGQ3~ePMo(<NHJt-rWb2_v2!c)#?*G|&~}D!
zRrm&lm4rrEB^nC<nHiv(O<N(cQ<hHwKohlyCv6?@?}dtK8|&B(t@3a@=dfI+tv_pt
zWoa{dxXoT0*0$aK<>@YKJ<mQzt2S1=iY#d5U*^VvUHNaw;-N<5!d0}ae`g~dYt1~+
zU1qv5OFO3t!>U?Tlo82tvLXu%Z2k^&OJKArSLEc5ElvgxqPOb@^yEsM;2pYh;K~aZ
zY>FrF-ASnU&>eV0f<i8oj~KXRS6tLYLXg7Xj{d1&`2t|()xA_=T-;QtBB_?pZYsK^
z66T87S4}Xv5Xk?k(ZH`6AouOu!KM_&ma6b84+~j78*H{HqKL70x7xyuYjmFqLq|m0
zyQaQswuj{wb#R+GVU1s|y91ZPL`v%p<PX}Ya&8%a2|n734WCALLf$7Vo>rcQe>7c-
z8?6f~Mvafhgt2x#Rz5^aLk-Db!OZnfigCV-FM$dJ)oM0WU4Rpl5$>DOk{xA)pv2LN
zCSf+6-I>a@kg;gA>hy9=*p{n14SQT}Wa}^*z&C61B>(#Num1I~Az>mW|8D&AKYIEQ
z$Xw2oMBWdhJXTLMOEb{3pE$_q&`BOo+%HEmpZ+~tXqiVda8@s9nr!Xk>C>lAzxeDk
z`0vxFPaFUJ^x0=${`SjH|Kr)`Pe1?d)6YNq^4XXF@$}QrKl}94{~%8fF#&~Pxc~9A
zb6?9Z_koZ(v3x?#xQLP>X5_>z^JN~Zk=q5|*iA6P^wseR8Ihj}`-z+w&UbQ7hW7CD
z2^oEd8m!q+qm&Dt@_#a53B%#=S5>(1b3!xD-fJeX0>3MN^Xyl5T*S}GWudf89a`@N
z19$<K;#VotG^UywmP&<?x{kc6F0$d2iII7malw<A<<Pk6dj53u?6c9+Us-l+ABHz*
zHxc+4&V%40HZuQb<|S>gIr-PW+BRj+(yJm#-qMtrHvj$aUm1pOMm5c4k@++S57<U*
zgekrqPV4pJ*7Ww@7OR_ZrT?<@#cOV(_p+qOX%g@**YIHNZQ#n_Vp=3L4`}bkKH6vz
zVsf98GGy0?=XQbNjfV}z)CiOLrA&&{ZIvPUhmxXs^;N$3?}yKx|1hfgq;OepYHo%V
zaiY<p+omH2$1*~l(lpH)4PH!}&Bd;L{CfTj=PsJDlsX|oW=vdMUw!x6o5sgW5@NNW
zb-9q%KX<aqXtU5mmUTF2DW9`pf!@g>W&)@SK}Rnq;jTKgpoHR4qFB!iduG@(!{cX$
z>zzlnQ`=A?x2xx7i1<_^{=%*ii|t#Xx4NzfQ&;Vo3d@(5Ro@%KZ*x^*mZg}p98igJ
zDnR(cw#%|WAmVGVujIm|>Kv@GaHVuXa%TD@g{ZZ+-jTB=W6hLn$IEQ-61{i=Y>AHx
zEpzoGW^<N2QG7b2c{JmiMY_n@6PocMyof-9K^p(MyfD_N?khSyoNtfiF~{DzFl&C8
zY870Dq<1fGZp)p5D}{?vbA)YLA2XW}MsIV&<}!sgnTP>&XA!&HuuoNtQ?3=5ZJE;R
ze1n(3?;#z?df3>NAeS^{$t7LQ)wk!hGOMD7W)WJgR{a)R{_!eE*Iou2me$7mMdi7{
zOd^Ws4kc2;a?7*d7G=v4sx*%_g<frUHmCHx6C+yS$%`ywIZ1fRb%|YDGQXmaoeFD*
z+h9wzRz6y22@+QRU*;LRb5u$J*RN+(kT+bo0hTGdHhDp`1bg+qLi%8?z!bV+u6ED`
z(>aeig_gd-CMvf}EzddbKW8JSIV*ETM>L6Cxr$9*AGcqvgh?V<2u;q=L-n4gMY{Br
zwYAbDaW4k38k_b6j^-S42(b;laa9e~hHIonqIs4qEH~WHIv9D&B-DWVr1_ND^lzo-
z%0akn&gw<|!woGr55S1L%%^ftzA#L%jTJF+hJxJrHh*dPQX87)0w0OdwKnGw8yc>?
z7BKdJOS!Fw3il7h%vXK{8-NXGm5d?lg%svqLZ2nR?8YX~!1MQ`+5A6ZnLoj7;x_Oc
znU%Ata?7$;ifKYMks@N}o4ht{a5QB)1E;67hD|--+g)iGlj<o1mz1|LP7OIzg*kC%
z<)y0E9oPVPcT`@rX4-)9s&fJ=uIZ<iG0P(CEocFkr5xfzy?|rL>_-Oywx<Bs+a8oN
z2(i7q{+7s`q%4*B;(SDI%zL@bP9I3xWE4Hj-&-F$ZtfYK+j*f0bZlM)Gbv;0dYR$y
z<O2obsEgf&`@pc|gk&rqn)j<trIVdb%%MGLQGcl|Xsev`hp-)u%~o5g)x5{$mk+c^
zYN?S+IJcWhT*U`kXpJ>#lf1I=f?`8X=klO%L13%5$lTU?l=#kG<FuQ-=|XK>6>V$i
zPWhaPhgc($PYy9UXE~j+Z#7T&KjA)a10o8^A-39+TfoMA*oCyewtu$jV3|qQ<b|9i
zY)*xStvqOWV4?I(#`4JMq0nKg&a}mwFevTP7<xGlC(~|2L^tUYIc2gybPEJsLo@G|
z-pwgz>*EQQ$+!4}U%>~vRNxb7vw0p&CE%!iN`d7kS|@$#u#w??cf5rk*tz5kcI!_C
z6`JeCd5boWGKYer;9LrhwnhKcsmYTUStCPaJw(10f35m9%U@$?1M(f3nPg5bYP+QM
zk!!hc=O6r0n?H1TJQiZ<P_*H+AM>ebn>lV{G+LcnB5gf$!EOE31KI3`4~w3y2F>21
zWq4N#oNKS4w@ni{rp{bZR&Iqlg=LnAt*wGdf{I05H?tOUa;05jWM}v?f_bS<*Gkww
zpkbt-G3PRc_;)FQE4pwlS!l&$IF~l9-PYF5>WS78CZ<?-$)<Y|BuZov+xS|@<;wCo
zkAP)vZTEk!Z*Yi-r16+0R75P_GRUoLpsj$6>*gi!+oi6OUDi3A{c>X#l!`#7p^#Fg
zRfvs`$ltb7Kr4mILoFe`*W5!W>5YSJDaffBcDkyHHDn@^F^dt936-3crXr?!Oe)5_
z946*ueb4zI<gYU(h+=v`I53BdDrMCYQFCaLjOH|Dkc>^%Zb*etgxnUP%PZq-^#e?N
z-cAF7;S>S}^p8U6T33+cww|6HGSg5rykTFh?q1If*FJ%Yb@B~bY}qVX8ydJFfU$L(
z4@N4~>0otZA2ArRPN9L3bqXu0;$2O&UGSt=lcW)9=@m%XXe6v|U;6;dI&~{8v**Ce
zI_)b6vrd6C-!?e2PTl7HKtY>zI(PtQtIqcj%vmR|z|J~(S9K;`3K9Dkx(q4v=~v{l
zWq@d%0;(wazIn?a(mMGEl&%iYYfVF0!-0cNn_V9?0JTn!5sX?V&rR$3^DZ^Q+MAbJ
zlqG0A?%wsb_8oiITkm@7U2nbXt#`fkuD31JyWW23uD1u*bXRUQ{CZbTwKDFYa;aH9
zy$+ywx9lTp?Wr1&8P{r<v3!W>#Q~2h$d#BH&B8Xf6Q7dHT^xV&;7qN|*3z>}vTg0B
z59?Uq*TB~rI4~*HHb&1=8UM3Od3QrlQHvL^9(9cC;`+)37WoOPSgCr~*TQNnPK&oX
zy|WQHVAwYQUaF`4U#;HhaB(i1@=XR$TaYXAbTjy~<FxIj`1p=zsr{v5*65&GdG8<Z
z{o}oVy!VecsrQff{_#!J`^SNL|9Fjh|M+I={o_6l_WtqSKVBPP?;r2|<3T^~{o}oV
zy!VecsrQf9srQff{_*Y9`^UG_(H^zlKfakhTL1WxXZ1LI>4vZF%99Q}db=OJOxt5s
zl67f&JUr@9bd*M5j2dRSjF?g^uKCzqYA&lWSj+j=9_+mp6D_C68ErL&F*9!v$uy%m
z8s3*rZyyi3t?l05)%&|P52yEcZKK}b)%&|PQSa{p>iu0c>iu1tsrPsJJlOlYdVg1K
zfW5z~_jd*Ty!UtY{;uBN)ui6vRj1zH)%&})Q}6HEPDgvxdVkku`e^-K2lHX&JFb(F
zA6t2hC9m1m_B#~9s297~+DDf{7*(;0?ZWqC6vF6BMD%(|ub1?CNt1fLq}NNfQ?Hk7
zr=vY;y<W1JK3cuxK*b*(VhTPy-yL$;rsm&r(!7F4gk0%bEkY<)I3XvO%O(F#2IS<W
zEhBNV-FbO}I7RcsH3-@=CnvRbKr2aUmVrDDc)w<8MC*oGUv0TbZ>46>*A2IP^{Pgm
z6oyw~+Y?50k+b2ns-V4|{(OB=Hty<;az&UhO>WC*(Sp4^wC%QT@dx+PcE?~^6`So+
zg0<F62_KR7TPo+e0{>>=u{JC0O<QZ7{KJ-lU!{l&tDDC1Uf{lUMRNCD4p&^~GP-8@
zTN!USn(b!mZ8;71GQVTFGLkzHGG_lpRFP#eFQswyoP19UEe9mZiUFCL|Kmdcu<1Cw
zFakkDHH)7k7U1Ig%B)CSer}G{{MqQsPd2phtzu+kG`*3?s@El4D9z{wXJGfK&EtR0
z|3srZwkb!^1Lw#*e<{TVDWS0}?_T_W-<h9Qp3oX(F=rxX|D4ML$_Y>Sw8*!Wr#bt>
z9a}v6<Nx~uEY`C>4$R-5y1zgD<6txzZMe#}0wdb!z7GJsTFEsJieN2T>Bxc1%KcfY
z4F-u8%YGHUW3FYsq2KO18UeV86rEVbji$LKlq52uNv+NLMjhk1DQh>??E>Qkq2%(}
z)0o^|UK6F|Mu4Xj#4sN6>F+;#`gCO2z@$j<rc7ud@M1==#L%#+0hXa2A`3Gd8(>eR
zA#>AZHZ&9ecRS{R``Z=YFF)Whm=q1~8&akCRIvEJpv)9|Z>|omlLg@DkWFsr%{0NM
zLgt%b47iG8DHBFl5BZj@U1yG~3;gin?&%JAWg*prdY-jeF&;%SeUdG-%%fTP-*F<x
zPd@!(^5x{SFQ3MfFFuQZ|CBxb{ijcV_l*7a_n$xgl6^*_FF$`a`TX<vizoO@%oS#6
zWAT%`5Tk7I>(^g=`upMQFFya>x&ghY-Oc7DR)4eQoZ5j}(c&g!>k7rUg(WpFfvQP_
z2-Uu=EMV}PHBCLlp7X6DReRZeS*CIo;@8Mgjo1dw(k!8Ri&6V(LJCoy)j>mqdba7Y
zHU_wd74V!X!_=;2!lR8hSo;}*#z+ROfuM=@COa+nT+gf?VK~&rcD_M{=OVeM3pF6$
zh*y*+g*iuW*_`Fzrg-_D>q{ALnN_>l%_PEOn|}G=t?CxA>-5~(cH9QC$x7j-aPeeS
zZT_t|Zx=-o<qX6~l<6(Vlt*;r)&dvSh?&<ib^|a6?ZKwyoaH=b=F(bet9D>J$V@5I
zG^U#FO0m9iQ8qZSr>g8>yS}>Te3)(!JMd{yA*4q5`a`CeFnp+o{jD|hZo&mk_&-_x
zVE--Q$=-u}7>Jv+!rmUwoVIapw(b{_kY;qd&)uWNR&QahyPX|;8?i>~0)xAr$81LD
zT;}fcOg;dj-7`BdFFvFq9x6?Bu?@`Jnkz(_&)Ew`<Ae)#1F^CX?n_@U)i;?{%44g9
zn|lD`a;rNlr3-U);D7)uFk>J_+pwECdkBp{oSJpZQ|5woA%1D0G)wVz!uFE|(fPt$
z?<vji2-jpndBS245ANW1WzF2GlyD2LDSF{tEC(f-R2;@`1*wNxs7YpDeAennwQ-Tq
z$%LDI=e4kP9dO{5=~NLF%~)I{7_7bXcPGK}KO8$7+qP}nwr$(Cjg4*F*=S?iwv&yY
z_r3S|{0HA3db+x*x_ajH^f@!#Rj&f2L(P1D5*hHW$27ufj!7rc$9j%Y#tiN~-05Mz
zK&L}a#(-9FOL*fil3^J@JErvqR^sD0Myyv{97!<fvrw8xhZf=%)!E7}4mL65%0tI3
z<f6ENb^QdPrhte_u`a4Ov0mU$gy@;KH`1hIYy(k<!=OwF1~n2K4P%d3x{I_VFSRC+
z6>=gN;5^keW~A^GvmI|TyKXfygcEzle2v6TlGd2ihPezja<Wsr61-B+t^gtKxy8z#
zX~9P1--y<;Mm7~Fn6F`<N@a?Z_x_M>4cUN#;&O>hT<O&^ohW#6q;*(po#Y~vl^Da&
zpk@41*CyK<wLq&d?>BO#YrNp5E09+-@|Pal>tg;kOUqy=&f4hZNYVV1#2MH=9$f^f
z2{+1a98O`Ps&+*LI!1iPcIYF5te2b({Q{)j2CZZI!F8^U_lr8sf;!o2MwML5mi!mS
z7(*A6t+HeUDli(IT#^jjTqgCcxYXlR0><1<<uu+tUNtV}j}-S9I0>CY?)DJ~6gG@&
zLre`2T9^Yr>8&g<8XNj)n@v+-w0kmp!HTXWZewwSDhS%OF$xMR*ezGJpjhn#EL`>k
z`1mSz!i0?igtpRYD~uGs;(VR@#et#~6t(wKC>ULMqZgEc&El60Uj-lTRzR%^6eXpN
z{rcKv5O_AHP4j%<BdtZ3tlpCH`i^XEGehX9N(JRVbFmBGouMW=)uVimLgIcnxaU)D
z-2-4PtaO53Su}~L23TP)XJMj>-9AK(7|221M2&dQ!p1fiVSnc6eTa}MFpzrz#qV4x
z^v|Arx2akc%7#2orsq#|`hE5XYE270@gEm*jks>{Ki!SY!*r7>2EWXiOu5ih#Pi_u
z`TQ<Ci2Y17Y;F&*=EG5wm+G39eRxA@c6TD$f2Q1Xa^(^Z@mevo&(Ewa<#BK`2<4!m
zC)%ST3UpsV?o-otJbI>OLk|C{;h<32YMVErEp?=DL}RK=NfwwuMcdv+EQ?Mo^?+k+
zY$u(hW$Fm#<Py_o%C%~kGA&>EDh@lgc>KZ6qK){;JZ~~YV7Cy)V3k4-o%Sl3^!k0o
zOr}dyj|DeBp1z*3n$`#AJG#iU5yd8$(^znb^9{}On&WYu0+Gy!RhmO+zg^DUPQR^o
zdw>mjk&PNfmqM#rVnO??P;)l^6hOn0HGW>yhh-aUl1)bMMxr#bM(u50-KV#~*PGD%
z>hy9_9Z|ty&|19XyPWO)sAieb`vwDGcquvbJ(TW@X(`_xUWNUEti(XxRAL})E7O;R
zyKegLT+GLK6U}G%XYtGb1bxt7IWEuK9+Ny~=hiJAESr%Z;)R-<GwWkyMJZ*}>f`u{
zCE=1Y7iAYlRH-Xy&ZBM{fj%fuX?F7jo?Dt?QgBw0k{V5$`j*XXlHFew3+N~je633a
z(5qyeDKzW4V;34bvw@#|JVsHAKEcG))38IvbG4uu5;t?cSTmcvA!bM=L$`-*rMpMJ
zeap5^<lAk+!S37ksX|KFZNKWC9{1@lmEO(51OLve#b^ISnF8a$9~sJ7(vxy=OAesc
z><gTdNjtcT@7iYo(XtjzQveSn*OOxm)IybF9(YMth<<DzR)(?aLpZC-A*$%^&gNAe
z=20Eis{Gs@X^={f&8Z#_9}o{of|vaL)bTruF22~`GsWG8o{WbvE7{&$rK$7AGXi}g
z`MK3d?0U)G1D19@uC%b5EdA=PA#qrp-(i91qJYDS;&OGGTgJV|J3&#PS4zUTd7C?x
zZ&lr4;TK#{Nw-q!m36lVTYPdng!00mq;wayw3LPk)j4kfu-i_~QtgFL3ioZrc0->;
z4MIO}qC_?NZpm03-fjurKMW9powWKuR`+#-wIZ4tGRyjYtJnc6hK5>ZER7-NOmijq
zwmPAP)tyID=rgye$TAPOo=9Y8zK2XB5QQ!3x#D%=FyqE^?xcsh@h$a`g6M|YDKSzN
z45DDmn;<$I?=f@{+Uc<TVW7Rb)|X-egH<_Z0pzOjgn~3EX9$G6AIt-48VdC3jwT@a
z;n)^q$g1>H-%U6OxIwex8ig4uZ@!s|xzC=KVLZg8rE~H#XA*XK&!My%*FT-y!76>c
zk>3T7c&<cl0W0lu44*X_RFer))(PzNqCH(iRewLh=WVyAH0Zk!{=u|>MF2cbBDLQi
zwO>7drRy~T`|&WT!juhw%t#yf)$&;K9W4|7Y8cXr_T*x2xB#8Hr79LqLV?8LR9j|{
z7k+1G{+n*X`LWtRi<4zqP4x7QDA6l$By{mbq`&kb(o^vo!ONMqL$DC<9UvLv9Wajk
z{GEsfkoF3IRlY_%eJA?y_s9fDmX7m>AD7tYHUv5;>a#BMRvCwH*WVc=*ojx-@Vc9c
zR_2(i+iDN8r^cbDER;1Ztj5Pt5oCKQZ_3ICK+j`$=SS#ZycL-@Ng7vNT?`o;JD*Jb
zIW;#6TbgDFI~l&fAp69w*$AS-i9+MV88~C6Er+|WXv;AAq;-hRra^9o#=soQ#1O_5
zQiZ{pMPelG(V6>gm_SjrbT?C=p)skMeH~~s4y{T93D=Lha^t{1=nev*lBb(#q2FgT
zUg!rM(aP^xXZYJHdHf?WhWa07m{jxd`(AGzTn{2oIp;Hf+3TiDQQd@d7i!f!1(#mg
z{sXEP@45x|w!B~2;;=b)ZRg7+mBQvMQF=R{=-<T<H7j4>)c}<5g7K^*?Bp<TDAs=#
zB3pN773#W}y<fgFqGZ2wD<56Td1)uL@Oxd8#(gvU>q%QlF}$8y#Dm{Ou8DsRhnZ6)
zEIdVZ4Q=d1RGU;TSB7v!@rFLT$~yRDJ$HqKKjO(jubo{A{z6LbUh1vNQMeX_8ELqe
zOUP@uo64Uiuo!3^n~uKS9K7kfG4i-*Iad31HIF%w6RaeCCYA8`sE*wyamEqs8f{si
zTsB9wmdMBN>2U?|T&LgETvFopOYA@K;YT>!Ie9*TdFcrobzL71Lw4~gUrjoJcknq6
zO!fuq1(OCE%Hw;7T+?=xnjq?orF>ux+7Qg|U!%6H<nM0i`Zk=ln;34)Tu*(#OZwCp
zw(vm|@tGrT;DgS2SNri?)V}mCe**)m+KTp#SM`rXr6=`|9qV14>#zSYcB~B+B5Ya_
z;3qHI5(qeOFP(%NUogVmz=$*ng6HWtkE%BH1=<v=4`G_Qvk|NH!ZfbgTd2<>L%~Kv
zLshQ%Mn}5GGv|CY!bUGB>d_q+F8B(Gv*K0@TqaDC(X>tG2CYXL)#X;IlAqDWerY(>
zG{U|&nS7g#y<_Y7#nttRYZw$yD&?m%(LHlfam>wgVM_rTe1L`yfXf{Do}20?|CgV_
zOq1n*b$*Jo8KK198L7na6)Az7{9lraoyClsa~s!ZHy`Y!)w2r(Z-e4$flGk(mH#vW
zg6~A2|1PK!J^)DwAkzVB?H1wuizo-M{8RzU5YYY&SbNOR--spuy{Ahe?qDFM2jFaq
z4{SX^G{>OHQ6|W^B*3!N|K0W_rj09G(FT8>u-<q5vc{!$X`i-+K`m@${mOFsyR{zK
zvzNf8QvPf6?8h4rfCfC!e`qY`X#QJ^|B~ktemk@Lx2MJ30SRNzANwa?SJiHQiQob6
z)&i3$pTMN}*VS&%5$*LWtwwnPTBiU4FwRA_8(U@jhL5sCYd|7kl4<@s$$j9@|C!j^
z|IKRplFqeHwVzn;a^HXZa7P=~APk<ZXj~3iaaILZ7eluJ%=pbMcWM8mqHC8mA-;zn
zyWls*P%;N>|K)ixY>^E?(zUgUbVPD-(Zx@%y|IA1uv02(z!PpHDk?0Ewiy_o2A4`X
z+FuVT<m=gX+!<9SkF|f@(`1T1MtJZt0OYybc~wI&okFH6Lo6f08}s>hq^k}ustUwH
z_mB(yo7NEIFmnV9j-@iUoh!P1;4@cTmQ4zi%>=CmyT&L#Rkt0R;FtB3?f6VcLQ9W&
z&c_1u7vYAep?y^xy5^}cI$iuOpI9e916YHJ=e#=Xz6EXRTTAH`qC1Mg(ISYLZ+BMa
z+#3jS?S}K=rk2Tw3b$E#v~Hi5Q3p>))Ek(X$mDgi?u^$~-gbb5i~LxWk`y_u#ZaU}
zKi9|2!S?PhARN}~*I#I#d?lkc$HFQ_MV>MhvCPazU6{u*L#`rIdmKBi@QSTGE*0ji
zX3XKszeHS8K`}LRGx8@}Lt&BTs<K+V#0;iJ`o|poK}M&v^hGOfb90o@JpVXAJ*soM
zRe~lnD<jQso-bKS(1jOYXE!sFACt9u8I1dL=##Ca#U^ohu26euIr!qOMFEH!!?1KS
zK)*V&8%fXI>Gk`1{a*W5cXfMvuM;E!c-wgAUOX9@c2DOWK_u;BQgen6;#+jKoMl?K
zyLK}8lUJWO^gl{710-^GD3k(PR~~wEK#XyOrA`+-K!kbA#X+By7I0AR(#zDW7TIJj
z%7c5I76>{&KbB)M931NP^?H3z7sV5iA*r42P(8J&eAlWqhS6wdoY_yC6eo&U32FrF
zCr@J)_g5*<Vw5wqH%E{^493>JQlCT&K-xA#^uXig{Z(vE{-jB#o1a+<4YkX4m~+XE
zOMR_Ia52_9pR3ihIa%5h(szN8hd0P7o8*+EZ!lLG0IQ=1Gknt4P;wS(tQ<}#Zb|<q
zif?!Bioy0iUe4F9dpZhyGh0k3aC>Hpc&(@2uNL+f1!73EvM}~^@`@?uLG#U#@KY}i
z-ZcoDQolCcBrI4`Pg18*GRj--RLjiLBZUHW!b;>MMPuwziez-8nKoaN%kcdASBg*8
zt`id;wx3z#3;#11+=_xf{0}tt^fd=VpO-xS!J2wM18NRxRP8YzG3()OqplMb#8G^V
zryvY|fZJJE23A)+55qUS<~v5|H503axmRS=6cJ4<7v_w%xx?F@l(k8UZmA-v7*uo-
zD3q}W7rRl6yV)G@R>8sf*;KnMQOdnbQ8aBzr#h)w_NeM&5?5BpN&cQ8b|S$f0@KU>
z$D+XJ@$t|1{Zj<N<?bMO^myk6LJwpu02?bbc3lS(;j<F^#OEUnfR<C7rTTu+^~sWQ
z|6s5a*-O8wF%rh@0<<Zgg-4Oy$O?uUH*`zW3|d#2hedVFf2th<3zmCj^r<Ni5gs&0
zEL43x@u{U)n<oG1exP6d=sLW$);W4uWH#5c7Wf-2;d<m5E$c8F-!pp%%bu&3fOykQ
zD^;J5`@@aI>7!aTH=ks$a_UtSInNmuguQxHRWK=s#nu$nY-E6)Q(BAqQS6Ok(wvqJ
zW>3*7Ymo{kb$j3B*x;X`iD0!t@pGZ`(fZ^FLD_QHb9&0VJI2tfm6eEyQ6I0U5bxkw
zwM!N%l}d=RxF~F3CS)sTc_%j?YkS;VZZ+c*KU$1Kj{>34mWU$q!ZJF*SHcF&#Xdyc
zw6K|&_65ATDP4T-HA|JYuGAmay2Xh|;Qu||T?Y97;oTLvC_KVfZewk~jq!M#r`v^3
z*w2JJ?G5A8vw-#8C`H0Wi*YS}FqIo^?o?YIkCR=ULRu%$u=qj9fm@0GQE<+Rzv#>7
zlJi`9jy+@|xuOf}Ep1@)(@h`3;RWl>n!BCX)8hvgx%*v6<cP!25jp1Bvrl}D7qm@C
zBHzA}Y|2c7T*blpJLI0kOdR`^y*^R9;<fw|80Lsr3JSx~NeGng!=>*cw=i3d5=8Rk
z#O=nycAak)O)2{%JLWv{bJ;h+8G2Yyjb2ilG~1%qN!`r*f;riy6c-{Kn)12~Xtd@W
zZvc)Modv1Y-7X-a(b(R74EC{&VFcHwh?E{tJVsbNBM%=G+H@x9*=7|;h>+q9dO>|E
zRL<btZ{wyC5vkEt&?kD5rpf5I)cUUnq+?M8l%ZZ&{Wg^T7>O&M@E#0$n=p87L}-om
zqW7!@#~`(81q`aQJIS6YSI*t*pzMLLs<{e2OW|8+j#*;aeyrEfYzt|uIA*u`?I+CD
z0jqR9IzlY3Xjm)FYAbTUth0^^pv>=R-pFO{pJ9wSyw>yxAx`kCwNIM&z&OUXl`lWW
zsw2fI6x6p#+_zCvj;gtFSw;QRXFgPEwn1UHh(b%1k_P{6`~pw+yFPpzcY*n&$IbLb
znG?a%F?@tHdGyYVJ|*-xn)EY134>PVXo!3ck*RZD7029Zc%y9i(G-la;*wbEKO2nc
zD~Ann&fuFQG|8c+b6T5v4{?E)d;i;4{Lg+Os56@v%`;n-p`DJml1rzNOQ^!Qi==IN
zRGErmKOUT^VS4ut{KKtJ-Aiq;y8u>y`1cgwiIXz#tNaiJt+wcd{`#aC7-K87j?}f`
zMv)JD8O{`xE+Xwolo@FCqQ)<DIfmLK^B|ft1_v|ca~wIBg!hX5;FZ?PSi#;VQX{5)
ztG~wbY%=Jf@~mL<99POpGln3#_^nuIPD9Rs;Pd;3pnA<7R)8bt0Abh}8e>paf05)#
zBfRdZc4s{=S7f1sAamt)o>?Hme?l--N)WRt{sk-VBuSQOft1e_H{TuVe7k7gtQBHK
zct2cT(EJ+^$%jq)TK7SBle~I(;ES<dk1Y7MKuuiLmf>8B_?v!-#-&?+Bi|=;wNXma
zN<svUG4R*cl4(DYq^HwuzQcwM1Njk`d7f7H3II5%dz;uLCM`E3pP!poueq%dr<=xT
z`iBIkU$-y(z$%^A@TmMg&~exfWYqYdgFe*j3458hU@9qhIXx_%zqNnK<B&eKMY%x!
zFQ~<NfD_|^>M&~Dcr7cp=78kiI*ca5V51_M7k(MfKW>2EPifOaCKixo|M^`v@3%Y~
z*f{ps3#u!aqyA8ABd3|XDNMO1IN$)`=zRe#dLm)nHHTlB4;?81Y^)(h1uN#9534mY
zcn<=*JNg0BPsjl**ASfYLQkorCU2rA=Y^QtvedI!ggpDs0qN2q@s=Yjz-TC@DET)R
zBnEm3<3E3gdQJeIz+zb<V&Fo`^0KEC;Za$o?<~cQN<DC6hEIvd?^3-#@iC5ClyoZ0
z%?v2K9CeO-_TxylP8i?W&2XFwg3a!_32DCDJ>WCVU%t4JDutv~3N3U}@%QC@#PG<n
z4eM({Bp2BNe5jM6?wJf5lCbXF^PGn!+}f+S^;K1(s*-~w*>?d=nW$N)=s&Q=BBE$G
zAnAgZIq=QVR2&~_GSIKIp6>9?Lr(nm!MDF_Rv$_r71{%)+{Exsi*@`h5DeuW2j@8a
zORi?L6f2gk3)0fX;Vq<*s6bkw_uQh79}`KIjG9ds#&QoR8NUl{o<zphB5riCzU;Y>
z#JJ79(1Nos)A;rhx~*M9@i;XSQ1~h`nIEQ}o<~mee_kF7(x+)sq3DI`=y&u#zfQVk
z#<TZ#_u@^^3F%n_<2(#DaL(3c?Ft#mBG7tmxQOD!5t&cjio3YZAbIzVFa{A{o`_iG
z(iqd-=2#r29w#N6JD{i$HL&MsLdw~4hbbpA<xFq7i^t&D6|MUCQeUbxNyWC*Jh}$e
zb4TFc^ar35Q8)<a`lnpq2|!|*LM{(uW<dbRv&$&n;a4~W2bkxS-2kj1ij+8xO<yB<
zz0h9?o0B%Uf$P)`{hhT%=D;&D`aCLM`L!~k(V1I~QyN<?oynuDUESqga5IoqZ<!Rh
z)ng60LO}J2m?9x>md7ROlDj;^8q+C|fQ)W%a+C@K`RY*9D&~WKmDJz;F8US_#%<l+
z<3f5=M=KC3zl9#v1dBCRNq+VQ^#$$4cn}k74P%{7dINh*fZsYwI|Cz{a<?tdiGbW4
z&rCFMw%#Z=={_E9^j|v+HJ!(cCu1(F7XpZI^4#F;mBd(G`lts}y+QImh((GibQ#2E
zd>uixW;9`%St=e}Gc}As1WdVwDNL`UgL|IcrG06%R2R{XRi`mgqfKr*)z_xkMBlr-
zSUK)l%aKU1COcW%J&0UsZ^5yesWAT5hU^k<Er4JLRWpydek^W)0&S=u00~|I16@`?
z0@)Vf1I>W~X)7TB5%K{QOnZ6*4X^`bHrbbeOC==G(tni7@qz9pTOD420?7a}y8p0B
z@PQiAynzJc03A-o0L1@n+K4Z}j@tnga61Eiw-$5_i_%vRI0fF^=*N8IDjnf>tnjrY
ze0x=WxguB2k^WLti)PS!=5HP<b$z`4b{*uo*&#DlQecky(Gc5S9lGX=ZTZH?$<OKi
z9kX4JAD{2TcXjd0x!S{IP2x~q0A1tVsbe1DP&feW)hltBTC)I}2^Lb<2ffsdXEG~$
z;?E&a1i=o6?p=%I^n~I`?1NVnx=LwyXgiGe{uF}Olr#G9?G&=ecQ)4VoX2Va%H&ir
zFTWPE^_RP9JTwZWi&$Q(LrvM*&x^|J$OB4Rxfi;3hVR$Sdy{*H;(i@6{Rwl{hn+(7
zG*+kWE=Ej0$fBzw=6bKyZQhWqA(n_iTQfo@pY2EDFLt7jhlrjU2iq_wi>T^Kjk<pw
z>7+82YRI@N=d%Nq3>LIqJ`v;Kv+=X2CZ#o;$KL9(5=pZ8nZ=<$9P&s1q@>f#JCO*k
zTbW{I^L1q<tbF<3m+N`Edz&C|U=?eRb3tM2<v2La!^5N+T9%lrayVW$MTAyk`?*gl
zqrtZ%cIIl+8|Wf@?vZjp33ZHkXLe7PuNnE#MQtMPY6Lr}G1H$JNhb-&p9pbj;B?VQ
z%lV<Ih`*oh+kvXM1B<(Wit(F=7Jm&YO2C9(nD)R!2-<-QxP?C9cIX-e78Ap@pu%aw
zfYQ8yrr|?S0Yl!qQ-6S_f^Y=)Zy@ivoF6!x@7bJ>!XtnPZzKemMf9cNy{iceO5mk+
z@&(0p0mt!U<3+;Oamnd7gwoslIx+6ke6;Z<{<;iSZzC_U6t@FrDXuc^D1M~U^7^$0
z`|np?V4=k8O=5`lBV+VaAkC+Rm%@=Ki_lDmW3{ioiYv{eO(4~B%i~q0&5H<AW$?Xb
zr36RdrW3C%aJxV*s?;J(eEPj2%D?8O6=W|65=sO%G^WO+ZGykq5Caq0+M-bqIwp*-
znR^Q@@)cH(gf9>AZ6$7NmDy?I8nbJ*Di0z;&&vN`+){@Sf?VH^CHKcD#a9;8eSa@T
z>JeyfIo6bbwWLU2P-+Dk!YM72jpDl4%0`oF6>wE2Dg3bra<Hh$Y6#%~etEuEZL&|7
z@j*EaLk#!PaQhKzQ<MG2D7+y_SoCj6HmXxiE{AQ;uGnUAR`djkfC84eSPB3zlgyJx
z+J==s(P4zGr|juLp)9)}M&&-eV?oQ@D+*m)H123Bj;uLO>_GzCb<H<-Bh=2PkVX51
zWGVg1f<JxHgrkr}+;pcLildx$U68Z)469PZt7YbsFSr(7snJ~{cETCKIEvBZ>GSxy
ziV@)b)^%OgS2ACdcP)ho^9g-3g7uq4Sc>SMLfCU_ei~oyEmp}n)m)}d!*SuYx;H*|
zlO}5=CaR_$vcvf1f?B^|B_3E2mJJ^J^FdAq2ckgoaV9A&qWv7qQ^dY1XRxOz{U4Bi
z(V2Pd`wYiYEL}NuQJ28rlyZ`PyU>6P&p23hV4&iYk~`^sg|y>iQg(mA76TD&*Z<&P
zZDNJNLTy2M<^Z55rptJV0jQR-rT|FT<OT33(>x3;h?Wu6#Wug*WG*SZZWg#P-7bzx
zCPFlXnx7OJHOA+o^~GJkcQ2WJ)}9mJsCtM3Wje&fE-CwZhHUgeBue@+slY9KO^-hB
zpgrXAymuKlV4k=Ud}}RfYrtNJUbo6#Ia;7kt12TS94wD;{zxD%Spebf1c6|{+fezv
zVvR;-I9H0afgU8oUjz7CX1mO+rR3O7H0^btX=fpndaYKP)>rQ>^MSDzj4wPQjTCZy
zTZe9>uJ>luce<wR(u)eUS*nI(i28@i)3|jpH8fFVnZOYuUf<E)UuQ<Mi43MClj<97
zcQWq36bWksE$kPh#qfe`&z9@G#yZ>sY>`MMC}-2zt=AsH6+~74p<hI7+;Txc#bW$|
zylBM;<`hkrp(8n0L*9nbG{oVbv+rmd4xNBlbh0Y?c^P>ghy|m@+|_;emcFDunYccF
zp2#cTTIFW9l}59>2Ku0D=`*EcCFV>G?Kg=@KTsaGfuG#Q<`ngvNNtnS&1AuTlt55&
z^}KUt)iXv@;j&<&rmxc@Kah1MF?j`!wW~ld+>-PIG9egPgJiV#X+SW%0>!jhf@Ewf
z;19efx&X!e02(C`(|ZDrtp(@;gd9o)106~4K%@MDfCES1SRH%-lb{5jyEp0`NPGd3
zv96py5DB3BNw#MT=u8JN_5vLH{|_RwZvzkkUXV}Bk#T?p1jCyD*c0^wIvlIi^lJK>
zOZBbbPKSa|2f~<ho0%+zk7W-Gp9H5(UFtbI=>l1(cx%m|3LEv%F?ko~{wQqZT!S;b
z2^x;DL?SoIHP^(utZSEzooxpFDzby(tdc$+%u<_|LP-Nb3V>7SO|%MfXP7(pZR1nU
z!19my-DSlRY@SXA+w)VExZ|AO$)lP#vtK>Id=`8ej{l&3;h}EK!+quNclp7qN@ua@
z^LQ5+uo;|Am9WuhepLJMXTjhvD-Ej+qq8mxv;JP=tGQRiP`iY(?7t=HW(8&HvsCy=
zEgW?u69w((+u6$EP-lV$A<oy1&^$ud?%+h=mv-M>p{T-xae46@8eh*nmn93;5X4`B
zVQe^qkcjR!NrtM3*`_So%S5g|a!BN7oP(GS1gEnxVFgqPTPMAe$XJC%Oh&30TqG)0
zS_6(wk>*=g+Lqk%YmvG}x!I@_LsxbqEiT_{b}M;V-XW?hFnSGjm{4P(TwTilI)}36
z-iB;5Y_N7S@fI!DFU1i?N<$5myAG77QDDN$R*15c8?3dNu@Y8tNr@?T{IdD$%xvjD
za+fEaoWUdD+BBqZfm$To$iU~gj-%ECcl7GW9qwA$z_m|>2?=-Z5`L+@e*)p^fxbrm
zY`VezAxS(WIksad#w==tP3-)|J-!ou=-BMkFwgn_4xm47jL^e81>PdL-spCzAtBtO
z^odW?(2^Rqkm&@OY)lzQ=<`J1Z-*!SA0Xv+W5x2fCtHPp{`EM7a}6$|&A}ERN*t*6
z%Ubz)94(1zHG71xbHQ8kEIDp~85qjBOmVFT{f}lAIxhtAf1#0s)S_U90AQ0;DA>Oq
z=cpJAe_^Yc#4Bc*-ja+O^VB5d4*$z>^o!H_5%6)?-4eGyO85z=2Pw7nBip_hl&7zZ
zp>flRCiPLXnf#P$dTnF(@!5luJYWTtg}{`Sy^i@o!$t@pqJkZWY`MZKu{Mz+#m9;B
z|L5v~{jC26ie;yw8A6oVrYnk&Px#lFyWA@TR=^`h4hh*iG>={VU?loM4C`5C7?*Pv
z*>{dtvUbz(w4`Gg7Ad#sfUTa$-Q5cFkIiN4!|}hmWxAzbt@a;Xz)IpCYiKtiD-YJ_
zn+J=i=eDGad4yUjDxI9ivdJHUnnKuFdL9uMh}pj(4$|Vc^`&Du59N|X9>T+e#u%SU
z7|5f`Tz#=|DKRzD%ZE-&>g;%XjYnN{5y^WUVh6^q0?w`C43J|s(`Ax|qfhBnxZ5^C
z`-xwjRl*rMG>fxmtc1#rbWJ;e!aLzr)+RtrK(Us35HGB&+Qpf$uiL@9r%_cPCccVl
zu+1?G^+qnFY8-3hx4J^vBCuWbGi6~$ihe`KF`))x1^@gV->$dT4I&56>+(b!xlc!;
zy7xa<uq7x#w1gTOAl9kx$)I4BHuvj9$UuZW5}zdL`yTTH+RV#~_3!;Ye_u^$_Q1$s
zlDDRhLf7NP|IIbrvLScs!F6x|btQnP@yFR8qp>(Uq3V%>6BRFGA11*{=x{0Ui3W6n
zy@yE%Wb*N_=Ok?hBIa3=$=v<-i+>=)+*JwBQ_HAq+pV^Yp4%{KTnzN)22r^dhtm!P
z$&^%HN>8(glHYSe2yd&1kH0IccYxph?tIxe{XJb(OJptGF_Mtvb__m+hZ(X2yhTJ`
zATHxg+%C+&uPUSMsm<%ViX$)74;-!@-F5;6r9n2K3ldpnT~t^D^EBOZ8|f+5i^orB
z`ah4RTU7PU$W=S{;iU(s#b<-?;m$)Htk&__?4)6}Ug0f5<FFi;JvmAU&vCDuDn_%8
zM<)e?{BeYn(P>_}Iw<p@W0+_*!7g*-G_)4n6-9pz(vRLToMZ}$o^e8~ZOa3S-KV+z
zg*;dGN%nN(o3rh*1WAP0I0I&*N6=0mT4gHR;EliLDb@8@fyU1<%iN$M;A}@^UeIUN
zmel?AWJ~SWqC8a|$%PxvDDL_@IYIGvF+*8Wo<Wo~>Q+)D6-fjzLpx^C5PuhhLnA-O
z_YA{^!VX>|VX+P+!;fHFF6EEu&ZyI}WR6f~RFhavCa|NnY4ZM6he+NluD4E3%5CVt
z)z&GVyB?eks$<|%nX<%5^&51~HnK88*5ihdjbP$7WZVLwu@=RB+BXJCN0dVrU^P*$
z2q_dRd@MJqybfsjqY~WUx+>@_nrUh6GRjIWOMEKYfts#afPi6f2EL*4xEt~69Bc*L
z={^9|W15*2_z^x9<j62(C)Tqv^#a5cFPbua#Z6@~^KEKuO0wN8l;QIj`x-*{-1hG#
zBJM%Y;7Z+f+e|&1REF3oo{ar-&EIhE@8zb(cpA8ujFwBi$XuJbaSwlll9D+B__#y_
z<k1RyCYX5l8REkr=wIjt>Kdj3QK^#5;~w3tbmc-x-89hpzl)A+c?m(Sgf7Txkw#HN
zyH&T<Z`#N~zm$T;Nb7h3!LOH+nffJp@m)t^`K+88J%Po;_AIIq250&Ms|&9naL~Vd
zfkLJ-Ix*x@uR_vag`?!Rdx07cWwv6#4jTxyMklRRAEDzq^}q0yS*&55=i2(0IpMy>
zT?JxE__loIU6N_|Aa<y5F1~(xAko(j9;$6dV}t_V&Y;=C&kt<8lRU#=DT&c#m?}IB
zhac7g2Nt@R35oVR^kWeraDKP`u;ig22!Jv{C!uuA7w*ngPb(H4{eo4W;4zVkH~uTQ
z@iK$PqS7s<DZh?dGY(ln4jyhR9NxZVz3hi!ANxDFm)^aI-I&r1pYTxb2~-Gt!^=j&
zXzU2J%QxVVWQ9@3lF}4ReX?!#5nCLkXa`opccao#M$6tA!u4f$10yyY(Fcy8u;};L
zhrSpEjR!^euXb0Zx|Sj1xb291_qGnIXPhU{5S@Y**GNo*MVkdATe@4r)Jv}YN)CoU
z>24<k&lT!nlc@QLsd8cU9EU}cuK#LPa<9#tz`ZomCfQ}2NelVvp8Tz<Yzs|y<YM3#
zmG>64>7<o)bv2mSniU=VzfQKFr94~{Gi6JNgZfEwGgP4(pi=H*AMX~1x~~12LLUkX
z0MI#gdxabEexh3Yj{Sz+M#`8t)<YmlC+biZwioKym>U=9XVPiW(rpjo^~!>_4++Q7
z9G4oXdg?Zv`V(EfvDe5;S=Xw(a|e#%qWRH~Qe@;)4U`nz!017i*q?;jc)sf0iSBd0
zZXA5huO*aAK}IMXdqlw-3pMnod|9%R5W&p?x2aPXK8hXipPKA1!p=HSZ6&YP^52;J
z$`h$nIzOjhYw#V0^k+AM*WJ6dV%#z#w_h-$4IF)T8dS(`DWX+Q`qW20Ro*+Fme%0)
zX;>P3-Rk7)xfrmu!0--pIblP5+6vaK68W>v{d6c=M;Nly+i@9@y)UEps!9=9nD@G;
z5ANroF=5lZ_$f}6I<7fR#T!1A19C(&xKyQe4G=v|)TwKWSOUhfXCu|TK657-jw3d5
z*$<#k0RzjrgW5S8o=1K7U0a3km+$PV0eDsY7l7({(?#MNVc8(!qF&^Ab?<)yh*p4-
z;ul*7{Qn6C{wH|1tN7+t4S=@==q}&>S~egl|DL*#2dLS7Si2SgdfgUE&MSUBqx?^C
z`F|B&$sHSjdXFu+JEar{bOVg0k5ko8|DSPID>cQ2nOv|lTX^D(@y9VO5^weE;+<Hs
z60vV^Wv#)5P98vYUY#q12006(cmq-0$ZyVrgk)im#sl?GfB{)~xC4H;Qx6u9*G7a#
zjb3iGC}Rt6*K1+rStT;jbTbt}*5+-)u}IYUiji%}O@uKI(B|pC2lkneQ{`ZT8&WxQ
z@G9RJeeCIicR$6)v-gzq4dkR{p97&R*f2oS<cO?}xnY+RphbDXoxj&ap7cjOM4@=e
ziVY2fHlo_z;XBY8o;uk71baXGckjvlpfNm~f{wM|w|8etOYNNz7E*NxXQT+a8WjbR
zWKKUyDAJ}JWBYTFTk5JX3!%V3DGtctpYd8~UbYES>ZP#ISgezU&+JJwi)(Sv4(q$S
zM52|Uu!6gmC2@Wqju`v|kHS8`2d0vD{t3fFMhlf&UI*F^*H4r8t=M#?1S#j(KPGS(
zOQMCt-#^TqO6VOHp#A4c@+`KZ8y>gX+}H^=AG>Q6<eK)km#{WkLk`$n?`cD<jw6^B
zl5(_~a_1Q`qy)>dvm;9Ub0f+LrO4RUm|n^-H17@@V+7Npo#T@(Kl=5mr_O6zPa`Ny
zbiKx?y^AzW270J`blLt8rso;#mxD%8iW-#YU+Fp;YmpnPY7j=zC0Y)VQ0L+&bXvIW
zt<REb94VpbiJ*8LXRZW~{gF+!9y)S<JD#D5Tnss>nep7R<+>Z+-Ktt}G(>N9dQWt0
z@7x@E-lu8j<){X{NMSU-4s-&AP-$H?CUpj=699na4p1{|2XbNo@rG=gvEgz^I4sqR
z&W?YJ-dafQ-mc+(0y7|xkEm;nzMVr%H@J!^NF@l;W!UZha9;Dbo+$zbV?4{hqUfby
zm}h4{FzIEoQk|Sx^LC;YXV0^Fg*y%6K(VO#gu+C^X*fc)FL9gq1W)@>ke%{NNZzD|
z-<q2OzeD_OIcg^bmmP|@DsJp1eNoCbV(i4bI0O5$+1#^CC5{(a52QN8nRph~Ym35F
zMUBFRy6fFJW(1z|R(ggO$N#!~wYhug3iO63lkDAYgz9A}B=yL(vK%ITRBb1`JlQ(Q
zAd=kPf$V2<&?58ya!0j5@o8@<keP|3ktSHal`F?Q$&{?YPtK5FFyOsiMLp?#%GM|E
zEz9n<^=)kf8gH}w{@u9Rg2rDloruuiRb5G{@3+gRNRL?m<qMyL#p|7hAw4-jlzo3{
zx)6>7TCM32>XT?daeFoMYh$tZ=Hl+ULPeTbzj^ZXRZUfWgP+IG-@vE=LOtJV@<-m>
zQ=V|<H##5@iS=#$vv`3M36hbEwu?G4IT9FcENrkfGZCASbjX+a?coI4zkjcC%FxY4
z;y_ofRxA1*`7!K?dimUzo*h@-%b%0t>|OZle(J2jGaS>bhivc^Eq+1K;Ziq_;-K}K
z8^_$wl=fu5MMarY*qDlFZp!rb55&KgLLuKb!Z&cvUCH5#=E_3!k`jr|=fYbHDM5Zw
zYzrdC680%JO=fY1@%h;%H>SF8L!0w;_lTp_IaQk47qWE~Xg?Ic$k>gNjXPLYR+2uq
z&?z&K#V!$c=IiMTY;==R)FQ?<&Sk~V($}{l95%j<oTVa;LKN}}!C3yC=64!ZZ{0Q2
zSRg5iK^pSX2bHFXUErDb?x@PukiTx)pb8M$X&X+#?Fs7o&88;Q`Z0amG93w~rX}(o
z-Jt%*8<Y4SC&H}g=1-;#u_u$mViyH&eW&nVnbVj}$~6D_JTkeBw0Z)XUL_i<BlvcK
zt31%rJwLGqpX(JMaPuF8UT5ImMjvKFSB06V;<7S!!spe4_M=8GVhV$ht33VPM3WE7
z46jo1I*mM;K~;W@K~J3ed~9rI96piqpBN*!;63h~Fg&q<nF0wBE(RtuZef$rFy7FJ
z!oAP7%Df9YMv-&kMukx(?q2`GdLc%(W7$w(iXt*5;?_^_-u57FBHWT<^*r>r#1elw
z8zK+<pE~(Fgm$$YHIJ`f{w2=l%pEuQu0JLI?4Y;A`o-HaGm?Qu-csYP4v~k02>hPr
zHegh&*_hvmLhT&nYIWH`W{bg+p|CS$UF}*qwdxdEi&?&%NH!QdNPOJ685!~q5$(^7
zUXY7D^uxBvM7^a~FY_{JGR3DfB(8rIEuX;6uw$!tlz30#TBI^VElvurex9&`H){^w
zZVrcrxk=(V=furyN|9j6nM#EC57+4`l?u(@IIUX7d*wH_fUYDu=u%Z#l#{VB<QoGX
zKmiGw&^S^NbQS@pt@bK;1ci@o`PBDA=2K;GdxEd3U|b+Hc^~_EafHu>u*+<~_Cxz1
zF3k32Du2r)-uHtk=BqLGmd3lWytYPjm%(K4;56<(f#8gnZtIUaZ|r;K+Q4L(tXC9M
zfb<yu*rdoooN~c1+SRXH{B!TN@#aRq1`plwpWJkxk4-CBUrIQQgY{)NBuhbAN&aJH
z(}09%rmWsG`fQAaSmaqkjMZu+Lql-S+YtMOt(>Jo23KF4-l_^~o9$%!iU=M@(}XpV
zBP{2>v4_nfg(|^hKM>|02?yL6+D{KSvKrueej0Qj#PHQLRwKc!tnadCQ(sP14W=V=
z$(Gu@25WPN?=<T`+VDkTyo=0<t;AC5(TH{*hU2BLP*%xp3%)!T-^ZkQZlMCku{Pai
z&+@JacQKiiyM=LmznOZsV0&tsZn22z40Hdux6*?@6FyIUIfu;^nFNU=wvipMmsZ~|
zt5J4f8^_YeFSiX}S4}#_a#&LCdxI#`OX-=Ar1Y0^g21uAi({hR3^i4xS2yiwntb(;
z>_4qX<Rg}_JjJ<H;9&x4sXDRlBF_U>*Hnb&uo}B{0X57K9bsQWLrTNpx%U6v-U@A~
zE^(GT$$r~4{4RQ|{o=6oc09eTQ2dIK!7)7I6OVBl(~TNB&EZ9qo7yW+WW~Z>Hq!2Z
z2jn?(LePjTT9pmuDV|m`PfxcNdWw5lMxwWI>xu(4p#QH#hCynuizLovvi+GwA)uF&
zr@yDu)6dDj)oD$_HF}soFah%gd)a9+x;lG`%0aZzaUy2bpj{2h+!PvX3Y}i=X@e+z
z?T335pKWi20GQ=!B@bkCW!y%AHYzKP%ph}>jUk0$x>Y^5rj$L*j5xvWCi@Cn;v2=#
zwD2EquDD}xVtr<>>~vtY-_xz*GpLqs(l{;0Bn~Wueh_098SJ$rPwVy=x$Ak#{A;?X
zkf5E86n3>buyT<0%1X+v|4h%H??r1({RIe7i>y7Dk@<=3Mqqh7YPw^^505`g0~ql?
zKtCC*IXSNuw+4kNyc~-6;)zl!mX2+l!W~5fQgj9EJ9K7mz}A-E+ieJWIyvsU!~N`i
z3Ek{QLJM`BGO?~#WV&!Uwi7)M6FH~`2#C*r%Y9{xn^24SqmnY5rP4aMS>F?n$l|Jh
z!H{lb2vInOq?cbpL1duP284;KsP&`|r4ff73_xxZh=s8@2Y#=9H4T_3N9KF{ybQl7
z{Iq^d{=5f-K%&NGeM1&e!21J_x;R5W1`)(ncqW_m7%hAP6OSdB>yF1HeKa1tJt)kJ
z;ePNM&|zFm1Ir53RY|jxnEB55n}+VLMuXVKR!ve55)Sdj5j;w9VC>C&nx%rBo3BRf
z%3n2kJ8)dZt=stN6<I&D%EjQSk6HRzQxwCpu3B^*+euq=*!%R0w%Kgc)(h}_*zuXl
z0PoZzhT^aH!~Wh8J?&*o6Fp!!&AU0Gtj-2q+*gv4)@RsCn5lH5B(1+kEy{axe7Cuw
z_!^lBRqwB@MbJ{A(Q4LQ8zbv0up?NxWM}JJYOvq#sjOu|5B2hhO7;w1(2#q22ueX}
z1rMA~@y<Qe{!^;ET#L~@eVz-0k9KIPBaE-U{cdV<{gT*m)*9R?c6;f{RLQDjtl^!#
zrJ*axTVw=&pPZ6c^-9>kC3RLjq@0}HEBw>^n&1$?v-M-|aC?dYNDg|u*&Bd6DDds~
z)BUx3g|K^bdwc!$Io!>`QT%9d_U$0hT-LKJ@YVLp!u3Pekn;6)+b5NIg`%!EH*Fsf
z@NER#U$2{Q)s)j}Wc$`sJ_#2!>4#1nLZ~HoWIkopb$g~_`<M=JzesIjSRy{97A3a>
zf4BuDtVr<PoyEmqz4lspRARxU4GSq{?C{e|AF}a-hF~$;(#XHKm&z3O1^V|0eM)YN
ze*<*|iPhNEnjgkIRgVW+(?u53cH$5-yWkzriC+*XU*IUft2-yO=V>>Ppx!Juqrt2(
z=`?Z5LLd(psWI^IT@lpWjx9q&O1pW2{3|zbS;=)2TGA*!Y%gmRxqA;uvc;+m=!Ev3
zZUBxs83kRx_M<pH^`4sABz$Il%Y1Iu&JeYxYF08I6uRUl=-$RBkT5aj0L+TS9AuuS
zUx8AtG%|7q7>|m+emuN3ql#wNZZIm3IPe**FHii=n_qa99jwmOh(>MBTXx(!iru^a
z9a_CoSgk1WkrhN<Ed{z)!5o>QhAn3ymr;sBb?i%(tx}ToQ`TA3kv(K}sOODtZNxfN
ziO(L(s{(DMPj^-F6Lb>Z9#E`tOgdMs!i#tD`nMY%AcRPDq=ri)qN!^Myd*XQM@=wk
zuBgTJ;m^F5P)E>V1P8*^<diZq-{$;$W&?%t1Pcp5U8PP+_ysXiWauTdsidgd3cE#I
zgY~IKbR<ddQBfDzd9dqwhFi2aIBHs-%hLqb8cv3%=i{rF(gfKYu0813u^LWESL-Y;
zM-jGa+@Ev))~h%X)sw|n-e=Kc#9kR%J22~_l1jADO362pjtr^#4C%4J{OL*ALcJok
z4A;_6#EwoC?X=Z^W3AIQwjV%ef5NiBs&`R|+73k+ZaJ)Lx4zvcqGK9X0V%6b3kFq;
z5-JFn(#|}Z`9wGCse$Q0MhYq2t!*RzUHm1&hTwFCRvls>T0uZnMBPcDm9Wu$`bzpp
z{j2&qmYyrNrHlC9&XiEHYm$MwXW8M)Pr2ONQb%HV3Jfh32~Py!zP_wQJj1n>&Y8@j
z93D+7GZs&8y6i-^sCWBt`wNZ4sr?9uQeCSXPG}Owc_`VILqJe9+>A!kKHB5*iLk*L
z<)2R=m_*Yk7h4t6r@EiyO5DU(WBbSE4KOkDri4fCwe(sMiR*CM-$an3MiB;2&=LLT
z!HyQ5=oI1|$={ejlO2d={l9lrtYAg&p}h-fj*x8OcEEq99AXWI<y!e-A70%Vl$;>W
zO-&gbK*l#6zt?8)Fv<fNeCxL)7ji!2WO`p%zWE0PxUhIHR#yC)4NGl2VFaalT3EA<
znIFkemrxiwUO_YdQMGb=LUAYnp~J_3b&besTrVM{bYI%ziH@o)e$U&>T>{~R7@T*U
z)@Qwq+kHfo$072HGB;<M@G-f}vI*t|L2jSVW~&T*Bz3hpX%&-iaaMZfZ*MhE1_Hq}
z`xgHo8@H^HEXJ{QG+o|rdj@7J#Gk`?61~GQ<sCEUahns0Ej7{e(C7XO$1-CX4*SlK
zeEIhhyAH-!BpjRzY?WhiO45^PE?S@L^lm1YM45?(Z+2<o`OhA?=;nvr$jh~Z_k;Ub
z1XO$Nseeh4i6ZT<l8=!kv{#_Dl1XtObNNU(?Ks$E-O7DYs6Sdo?7%(pr?)#7EIRj?
zF41;Tj$eI-UwMjO-@01eQPzL5on<fBjhoVGSP>CWF5pTa8}guOybamO&PuT_83Mi^
z^S^VKnrTWn$)Q+Wot(WME}zF#Bp(oW_fbTyh+>(7;$8(dY%sO#>_}W8ph>)O7PINh
z(wk2EMs)O^=yvW}BK8n1y>YV3D4{C7&$3o8J|+h$wouC=*-F-(t7yWajnXY;$$R2U
z&zOKgoKH6Gtm=bJbC3Pp%5An|T05-zG8{qw{gH=yVrcz+pCK3_I{0{>@gvzIOr@Z3
zfyYd<Gs>2%<u={CsZX9`+2&PduUCeL&rwdo2P{UNaqF-_s34f%R#$c#Cj-`uyPZs}
zzSUgmH_F-FJM8vr29owX6J3>lpidhmlEX|l!uPCYb<31t$y(J`n0j^^f*zq5PL7do
zY15XP9n02EovT0LcKkDVO1<0e#?B&EI_ZLd&4A3+n~6I*!3_uOsNe+*qzNh3Mkm(?
zF)?3R(0^w^cPOJOTUQ332<XM}?6MHw@ziGBem(!zYx^<$%=Q9FBrlde_b1qc_mUfZ
zxJ;ShESHh^50mFjjx-M6zL%9XatKa^wXpQs?-2IdP;F$R_Y6_<4d`<|CB^X#+X>PI
z|9vyQ`o>J8LUieyN>uMmB(Sm#KUIeNmQgGrv`Q+CdXHh#nOjWk6e_c!JdrKZt9gLO
z5=;gZ*Js-=pujtJARt#9AfU?)ARx~Qc%VRFAjBmIARufYAfiVsAfS9}P#{A&55UC^
zprsEe`Szedd#^UTxIjQMc0fR2Ex<r`hX3K)f&vZL0A&01|20#v2?V6ck|HGd%L>5E
zf*qgL$(EU-LH-24q##)K%}u@q>Z6!CyxVHV`@@wnj63NhCUcPc*9t*BnWd8;$D3XL
z==4C)AAjcXnloM?WRY`1F6A?}98&}(vv-hud&-*FyeG0_;5_3M&#c8(+KnZ&tJw91
zQF-Vb9Gkn;PvIhjm7?|FJ`?>SlE`KfZg%+#O)eb?S!o!TF3b7b_2{Iec}qD+KiuP_
zvN_=0<j80QI&!f~+D~RjH%`8{9gO88RgwL4gg2hI@kU;XB*$O#VC1E)qJVUzF3kgm
zr_g44r0KVuWVO{%h_|Nj)Is~3ra=z#+{*V66<V8c%TWcjqfR^4%(>6rQaMZVw!T$>
z-_d|iFk(iQrSx$P7J*q0ueyfRkA?2ty;D>e>9f-e%cCu>xwS0d=gO=v;K|_!o$D%$
zNd;50ECT}mDm(kFfJuoqHpFjG#-~;tUqVD`R<;KjxiXNnM`Av(RInjg%;!(!G_+tT
zD?Wz9`MC#{00!eZw2)Mkvl=tzxf7u>FXxF8qB3>~rIfrMs&wc<OtL?S_!21c66CKZ
zuE{%IBCxZpp#bkJ+7u&!{Ls%QuqNBiGVNe5e)y^sxJ9Xuvp>Tw_z@>SkWucXqr=X~
z&_w!nQg^IR_smasj8BK*Izc<Oqt$nz_+b=J<RyZ3-qbEQ!D~+;tG;a9h-RwFy17Xp
z40R^+1m_e!=kz6Fo|ZH^7?Lc*Wq(tZ)!Y*E-A*yRetj}~!zVFjjq471^z_kj&Wt#X
zJO^yZ4(Y?}OH#S`tnlLTbdI2W=j{^lCxsUB{k@{P^@+B(@seXKt@79JYuNUuB3EO?
zhrM5i-!sQg&>5J9q>!6$4Yrx|tb+b5rHKsDAA;K|9i^2Z&wG>MS_DH>(};1ztYCw9
zjD&YDa|>0=*J;dnZ6T`_f%8%?(&Rfd%2CFBu}B=!&{m-G#rc=Fn}GU_J0i)THJpQO
zVcKHnG~9#?c_?1Hw66(FB5D$a*Q5<damy;!ICoMbj~<r^+Lx7NpAEASmiF;zWwu>)
zaza*zGm83ZAJZISO9K^S6xxx(E;3iSf&5%m#n0DaWnsxS6S|6phXKnv97fX-Jx@mm
zvnV%Zu8UHsr~H0R&zUn6+=vhOz9m&DHU%H7seGDBC2iP~v$IHl+K@2pNzwPwM&22>
zD4^P&wq$=a;{cozd7_j;d6Y1-2nq~ddX#C3HT`wW7sMX?M+S|@J)a=kSZ5ShFVNld
z{d_&KJG&dMQCcP}aPT5$i}__Cf=J()%nR$l=mZqq`3h?&YEy>hxkyrq@q7fnGlzyc
zb~@-&mf`C@at#!G0M2goCsI{|Ru@H)?@ahGRW1fBinj5}r91ElrX(rZYErwFR{Dm9
zJ~B;=W?aOLNtkmM;4BHf-o2o1wTiZ0jZW+us9(@u=<~#pDEouF=tUh(A?Kl}y)#1j
zrs$t*1npPxI~6ys5=mmbmy`{*Pp&H~Wy6yTkmmAKH0GZCCPoSax`oL)v@jJUpi*mE
znQGMi2zk<W<yg(>ut!DpsF#8Z62CU6p9R}ZsNE;Rco4`>@>~V7zhrPI#x~E9?7sc)
z7!vo`I<2*C>*$t`Kq?F<=<J>Dd@dGb0hG3~(~1P4*9Zmkl<}ph$oa9hNdMUXN83F|
zN7lW20*`Imb~?6g+qRu_(6MdXHab?PW7|$T>KHxM{k}ikJ97tXX8uU()ZY8-leLnp
zs`J!me>ZH@byQ&p8G_QH?rpS$8X5Zob^VK71dh0QX8o!mn(N3iqD2uX8!A<rw;#?q
z=v_)!PS*VFRA?LT(hsMV6dGZ+?#U%C{YFr9Rmt)(Um1+RJ>_qW2>2}&@=A=2L&Om)
z)<G`Z!MZheB4cWfxWcumYe>#)!MgCo8i96D9XP_Zq48DW?7_Oj&BO=RP#rM#B4dkx
zMu4~eX}Deg*R%UBz$6C?dDts1P#ukzRkMMBlea-XIYM>3hyvygji=oNv;fYFA6N#=
zcZMysJFOIr_ot^0a7h`!C11GFt0dL6P=$VpiFfC(k^o0}n!yyp&LdamQ&J8~@aHNZ
z?YSJ%kHOwYcuvShJW^^YX5!f#J9da^b`#<rKL|Q|R8@Fd+BmAAvmz+P&a}{)fqH0n
z3u`Un<tHY0#|oE{uk{F)MG^aKzFb_V5G>edp|Dm}YMwmS!SlIx$zGO3x*{0JrV3%I
zy8n!qVW^89dbnUZ<v$(ut>BxQ@o;$+bf5onKt4I3*>qHs1s7q5{X}_lz^{y#QwO+>
z7!WJrcDh5z24S!cx&w!UOR3}4^HQn*S>4A9K@tD?O2LS%7%Cs!AJ}^Naz0Q*Kxq;x
z_9E|R8lo}7DVz+abO25?W~PfzojP3d`G{dVlSq5Hd3()IGly2e;9V!++&HR(r`4d{
zMDx@)`Jbz_=tjczw$?$Vnu)=uXVjHmX=bE1?L-nM!V>aM>U7CVbm7hRS>-2?$smkc
zv<&?nXESsI3y1r3QxS6M)tHgG;=H};X!ECBXY}%7$;J6nFC<dh`(X&FKl_uj6Wn#s
z&NW?<kn%+1Dn<YwpYhGJ-N0@s8G3WYYeYBz+lQIGe%|LQ4I$|}A=ZNuX}qMKtxW~l
z3Wu=&S^fnbvgZU>I&@ECnUNJvNT@b3l)_vQ{+PYlEZH@oNbc(?#I~u6Lr4i3n@`Ax
z#TDW9hkN_4&8@9zM!<$J6Ky`fID`D(UOzludshj+0#+!lzdna~IM|CH_s+a;e>Ru%
zs`7uayRvZpkTIlueckp$Wge$&DlKIhZxiGpuvWUMMcMvx36|Dvr0n!9I!%p~PiXR+
zFD`4PX|~+Sf+j(n%=hbLyiRDmR)w1zikJZi2X5UudE8nJO%`G-TFmcQlmc%3XJCG>
z#&fZf;CtjLb0=mih)23}Kj2aGQR!n9cf$x<#RJ159JxsE@zD(t2jFHKX(R!4(+OY8
z6ilWAycU-!CY2Ymj%ldz$>y)l2&fLeF>E5_HqT#At%lPp5Y(^ITYmMA>IER=5uxN>
z6<#ipP4?|pcFVy9W73|jDR<K0rx}IIYCgtdOnz~K(UEB*mt0y<Wsv7eI^dt7&vRd)
z58dtLDQ9NEYVLZ*1z4M)&rH;r49fx(NP0E$tUt*ZDb93Vzhh>@rt_sz4*#Y$(VfOg
z|DZMw=l)hI=EU(|#MyG@gJj1$#vFk!OmRaClORVzi^{!-lOZZO8#?9J2%*(us7v8e
zx?`34X?UV%7!>afRom6q?e%hA2x7SyWkUmuXQzTk%4hS7?+mazUe#h~XNvn&FvAM$
ze|(xF+1h@IxcoBn6iTGKu^VF9GkIyrDqZN)frtqVU^P({9lu#k!hd2lQyL5rpI7+Y
zEz<K><&G6N0jj2&6p3;0FICf90Z=u`S?28nCfYNc#9Z&+1W}+JWaAZX-#F{MO4|C3
zv6N-~^embQ+hJIFP7wfmmnAJ7oT+GRGD+<l=d`+yS+xpeKaRUPCmxesUFfMAyzjrt
zU(V$EW5sM47`%Bj7u3r5M$yotSjjvyBPl-?j*jakBu<Alv0Qc>vpYGwsS9puz~33D
z9>K>+=Snp6CJY9;z22xCE`e3VF-bWo(fM{LIp>5@F|!m;-%++BO(!{(bx%o`dynF#
zM#9DwLULezgWjK`!na<FA8I<no;yNejIO-17w22x*xHv3;TufI`U26w8WesX=VBw6
zagCLvBj<=<Z5?tb3kjR7xsj;*i^LvUwOL=yk$d%YyIilyUI{7JO%tqLf8SPGhhj#u
z9%^d4$=GSQ!}n4-#O{lxKWn7gvIc@Pcc>Nq05Pb}O=9}63wle60j5d?t~<%rLU#lb
z-3#=a1H)9nC<jExglSJX=VI#emh}PT7vF~tkV4c2CZWQu1P{+ZN8)xqlKm=!MiWia
zh?l$ciPcCquqLcSXE!iAzuERx3={EH!0&{2MNRH^xhD<R+6JwYPm^utp4=i5+wMyv
zqozCy9esGd%xHiolQ<;Y_*(!v8wmoIBQvl}I7I|uCNuRy|4iY`b8W){JE!&@wUB0~
z4G|ZKENcsw2@dG5X)a_2Hd2g}!C`Fgz=wsm$K9T6Lv29>?0QZ{Y;%g8jUA_*Ian7R
z<T|z{KEY_xSyPrS`EMCb0vRjQlE)S^hg-b+??jS4^j}|%ihP$byU_JKGEykU6D6}v
zBH#sD39;I5Umnn%&4jj;mo{t=N0(%ymyelfkT~&R;^RVlc<QZDRL=`V#vl=?DElhu
zxYhp_H5fqd`;BvLNd&bcET8HzOyvtvjv1AnbngAw3}i@Vh-t3Vhf+`*JdN>pXQLM8
znIpPSlC};bF&$l3>_X43VK-r)v|scChzpu94db6bJr+hJ`pw+xQ_WU%VG_CfM))Kc
z;$e_YcxuI1^A|8LS8a<}i`x-Hu06Ejl;jg;{0MU@4$GRhl6Ni{?c*^MN&l7i*axDc
z``K;Mllh5?us?r<NzYe~5oOvDSS-(&8sa|moiQ$^d_Dyj8o2k4#FA;{r20MYCfgGW
zL-0aEen&ivRiuvnE+~-)ZYTO6r-5ww9+U*q>o`)OVv~ff%oaxd08}*zL?jh&P{+RI
z>?<tCh<v|3CXW)XLJ~J({0+rRU_QuYcS~8liSwcE*WR01t#o=;MWnB{<lUjO!R3zw
z$a(HG8_KC!nom<7I<G-WsK#--q^d-Bp4(L?WE($*W_D8<zNM&ZRyVv}&re}+lzjg3
z+0YSoArk?4-^N>xJE-PxKFXPolK1{7WTkQHt%zW;(lKKXHL<bc`u@mXXyI#QQx9EI
zW*WP-jh2<`sy`|8rBlhHjEWg7`JKJCZF(w5-jcOa;@)0oWCeJL_uV<iRjop2(U&39
zy(g$Q{N3(i;Q+DpXp8Kyw4g;h2RS!zMrEOy3Ql&7Yel<J{=#ZUD&6``ChBN-Hlsi)
z7usMJb~nHd&~|RHu4Y1F<T_qO8q`GW6~oTtY4@~|445stVJ4gUBks^=-`zhw+c<HO
z7AjEuDxQNj*GxvuS&0y=hW?DijKE)|Cs}6kwKI!g*;^Uytgn8rwQE2EtfhoikHO<p
zMm!vth5r^c_TXbakrpLi&_S!Ch1Atz_8W6*q&LeH!tyUK0e4V_bXX}K#n&GmHVIS8
zH$J_4bQduW>uQmrn`8;r*=aD(xs|yb0-4(VHfAGg)3qs5fV)y*8^J-`pXLRQaZ5?s
zm$S!B8x9kq7|-BIB<@tF9dn_Hx&3y4g9X3=;6AaS*uoH3+8cqKFDx+^8PI_}|5wKj
zd-6}bKOLa!igPYhr>AWN#m9<sEcNi@d>Xwx$v>mBUsz}<Sd)J?|9P{RnA;onjRi2J
zLi3-2Du0c4`TcGY(7=*7kXMAo^=DG=fBXOjWya_+V&AO{N6uIyy@>QO1O0p=XhtSY
zg{|9Nm@3f0GGt<HHYW-o!1seGZh>x_GV=2vA()?8h~8b~z)XJ{pS-=FD@MvpY+*#D
zg|7Bm6flK;wP<7bG>vDZ?r7xrv%Y8*jzzrMTbz7Fb|jc-h_+DgEpX6;j4BHQ%!t~F
zok#i3=wU<qsq;A|o~^%xzc({E{R|j+%9;U;CQEqkn;S+YAu7~kg!CQZ=Wvu|6%swR
zHODcZHK!Nq2fvOsKJ9j_Qt50=%2tN?-dvySB+om+exUQ%`LW5?Bcl)&l9{dHlb=8_
z3{!BtNeb%HXb_A&HE)JPF>dotT7ZNjPp5hFP}1CUqz*&F?~`k|V8-3F@j<~1E;h16
zk^U#FxwsX~yHaLX;Ygm+;{Bg1zm`z+m4uW~G7BQrY6!N&;ysX$DJ!r$%F5__u%#pd
ztp~_9I;Kvna&#gc_91^idL}JD&OF3<;rR!+IWg(GAUFYY(Og#xCTd|YuQ2oN8k)g=
zvs|J&4?RsRr^rPNYCZ*%1ID&3-u&fxv)r41BP_))n35=?yF#oaw4#~=fBjvNeG~e-
zn+`(D=}(I8H$V~Q_8AQLnv?R*<mws`mVa}}Y{fGJKWhki@+n6>RJ~#&Dz?gV5p73V
zuukt=fO!1j*o^1>O4o-W90w>pA3TJeJ>`g;ZG6LM=S4I!_nD0@no0KN)^(dN%~sQ0
z=aHL-9ykVySySldnY0!ICTt!~dKiP=;%ax_?xnPADpH`N)_BOg?0Ul(pWUKDXn5wK
zdAOo|@>US|O;%Q(D>ON^Bs13xunEKJPX<YyuF$q&FbI1Irrf(i>T&Fh`DWvloGYCq
zDIxHow;0&mkP+YGQdq?27Tq7DwvdHLc8ImZqm2b98fwwQ=!KRxzGWPJbT#xV==8BA
zSdaJlyTXz0scnRIm=A`uPaK|Ug|cO|iA^#?=MSaf6L9Pljx^VX_U$vDc~R<{qAqqj
zzd21os3vGD7U<W;308E@x!E{uT(A#m*C6t}Kz~SsmD4j{u%gA5W&kfhN$y7VUqvg&
z{?zPyb=?ge4YqULjNWA!7$t<Zmy-l_IdjftRU<(7E@{z2xW4(rS^qxEa;eH^{nKDb
z#lv1(!e=hS@8&UjKh|c^*_^xz8)i>pUHKc!iP4qPjb?sSZN{+Z_mr{KU9&c-8}`=d
z5iBc=75qfJT2nhxIa^vikYpj~s9UqJSC}4K;ND-y*C*1w3l$sT4Y--ccHX9^KS^ZS
zi@cDy_nD`j6QDq;!aO;goxlWy#w?X6bWLBI&9PK>OpIvQ$h6u<9c^QaDCi`GtYt!6
zR{?a`-XiT5XbsrS+H^f~hD(WtP<eAUbs@IDJcV65bA9CfQWxa2+wIhki+sM#^V%sc
zBsXcPAshGSx37`kNH;9Xrmtw>%!kfc?4GyB;ijR<Eb_r?qe9kRZF-O`HzY+@vX`<0
zZ*U52N5F;HGU79tN?txUJ>DF^1W><rLS^YGkpj{7u-ephO^e}<)hgh#^6I+xSbvz2
z;_3<g;HSkAI?giByrGFiUHd8sKWs|IRTQW}cj=ttjn<Y3O1_l$Q<5!IZ#O9C-8Atx
zz`>#U4RGMx$B_@!dZ|fyAtKfk(SXB}?1`YokqoF-sT&@O^EG*EF^1>X9_^OnIde0j
zi`pGWMA<sovkjtU$th*XlHc<}Nx6DDg3#QrQzS;0FfOHJa!UC*&^u-M(bz#!GM(Hx
z@0@$pc>PsN5Edf#8Ozo`vF?ZTk70|HpiEpr8J!q|;g%j%4{|L#WIa?1ePwr10~vX2
z#cI92kwGp~>yn~$Y`fYFqUR@wd(Q6reBgy2Ef@94QdB_G=^__G9r(glw9C-uOGxpe
z;H~2puAv$39xrCmeAy8<Vf41FTQ4nAO(VwG_0vc*f;VF+xnvadvM#TE6Le}+`VXBO
zxFp>^O~n37wVO9fucYrB#_ZopIcDkbZ_~7N<%VrKhEn?OO_0}-D{wh{po*fJ;8hI7
z?v5q>2t@^7qH<-zSabcB366BwI=Cl~iHieeOe=E;IS(FiveB8Qe#jy&OeY;VO{a7!
z(c7;BuQpWi!UaL(nrH_opM(t8!dcZb#l>nlW}jOY>L{})=O-S^71ZpV{51V}ey_0H
z`_;$)Vb@L&FE|t>F?9?9Nj!R^{{m}FIzy`bm}Ks$D2+W9MdZ7GL$K%O<hzM@gTo<J
zUs<bui&Y5e$#i1Us!((@;qgqV6G*=Miaj{*K>kK_W??&pmK=eH!La?>u<|cNsf%1I
z(8jHF#3pvXa8erq-frti5U4cz3!%Qq;4ql{fjx%7THj+=FsCG^6zK*e9A7al`D0cG
zM_^Q7y;&lJhKj&^=x(?vDFWznhfTLp?@j-ic>_guzToZhhzxW*XZLVKLXQu7S@=L{
zsw<(DuEt|Kbh|*P{Yh7ds5%+j#@WIkNy#TGCRU@D(4x|fvDD9vOAKs$Ei@=UJSCeN
zbiH{;=~z~ZF{N~U<<GdtJx0YZcvPqR3$_%U;CMXWAfI~sZXCAqdi+D=Z#SN*enyq^
ziS9w|Mt&x12}nL`OFo1wFL?IIQ#;j+JfL-Qv;2uPF7u*k6r`9E@@Y+YF)tgumyK@8
z)Ia~%oX5mqN~~1>>cT_=@-+deYk&EL=?WwZ>w!1~El!=w*p|H4rjvH%4N+I6Jb=to
zrt{S<%}sd%MWEH7l_q$wr*5i)*K6sy(Hvl#bG@aTbx(bf3?Zc<))tdfC)HqU$K0~k
zbF}d?C!$(1gM7D7PL_cDM>W!WvGDA+xc(9q6H-|Xd@_|vgjNT3D_ApK?v|e%oQFva
z34i!TLsx+#vVp6jOb$B0zy)({4vZNXTjpqAFHn9vM~ksje5qB6*Dhgb2AH3}Mg)o>
z|Lzm`Q~|x6Dr$dJM~eAoa`m;i)}rKKW)GUvDqK@V=etF>lFaiFZo0eNEd^=8H7h-#
z4a~<#`iEVuNFQ4SoQC`J2SNmR($fcep+sQn`?2X}lypR%JM7fDHy%?Jsq47e#O5Y=
z93V9JLqFSKOZOeHJjBV1MK^BO+jkGPVEIe^Geun}dfAfKNl$W(6*NODLMgAsU0l03
z8?!n6{-%=*tor~@e9);RW-IR|L}nxA(!_Gv622AQP(clW&&&DnDuDY8pGVzQ#fVrI
zx@129PY=~Em&fX;>n@tgdyz(lOz408=&TvgB88;_q)2(~Eh97xeJnFSlmoYYK&2bC
zJ)o_$-o-3W#_Fr7xv;sRY9mz9mxJv*$NoCK)csrOusNJXbHcjAOo$S!Z?K)J#J*AX
zjS1gGc*g92Ie9SqWMqQq3|egMo<TOYlO$NxrgEgBk*QoE0h~_EtN_62n7f`O&Aq0I
z_FLKMjN{b&?R1(9{HKNv{A5!$A3EUEHe0z^%-im{J<p9!{hrn?TLeAqMiPtlT+*;k
zfi&B(mOLEvpAY0B>p~;E$yIyFnXSGl<$XVSmz~*!_!qIUL`p+v@;6g)fzk*^l{O)C
z^=JLK_~q71cb$&5cf8sA?)Wk9fBA9S`?0+PyokVg1v;A)%1Rb}e1LKUDuAPO1GtMD
zEPe(Jz9O{R_=l|_m;E<eQ?2~l*32UOZEN!DWiI=PCIxW>j*{#@&Ez~!P(ja4)*|-i
zteD+z*{|R>Ex&Y%q9593VQ^)mZl(nBVe930@XymbsBjOut-q2t>XlH_*zMk1SoFG6
z&?-IDu~v_L=$+uP;E34Ge7;F@QSfk1R+|hwy)GvsufzNyf$8P@2iK5{{g=2V+l6o`
zYuEz+yw!fs)Iwx_pu0;{idX2giX!+eUu-wvpSI>ucj=$DhS6L{n8bYZrP$=h-?nDB
z=ro(}kFD{{`E6@#%l?1bnpC~nKeoonj8JdcBJ;xB4om0j#px%JJ?FfTv3z2mEatM)
zuSE(Cas*AZ+HV_})(I};#!0Op&yT=`Aplu}C>lr}d11|O9r~rju^tVgt!_fOykPH3
z#x)BcKeS3XVyQoW!A<bwAb#LG5vh9HgGylNbBhU)dYkDi#=Cujw)Pd{GAP=NloHW5
z*QdraB1c}#SJCE7yTLEV)?5sc<Dh;SI1b5ja#K$9Y4JWZuH9jB6a<{WRYfNk_=<x-
zu>CAl$YuL!x~(cr;7k^PYOHxYVC~Yi^E=@pR8HbqdVvdj8#(K(_@HG={H#UsbRd}W
zW8YH?pCHnhlv7YMGE3k|&NgLosj{f(aX>6unuh7%lFVYtRqKwZ0&?FAjDZ5FCm&&f
z4K9dAV|@yZB_D-pizsf7!8=%$Y5|SXm=_LkS><@}79~prDx+t@QLq$uK_`@-T2iFw
zz%-czm<5X`{r9ZxAiZjF?8W`mgfMNR%L%ubA%Xgh9rpT-{8r{vpB!_}m(81Xcv=S}
z(Z-Zyb8o60EL@m2y@*4ErRO)gsvk~?y8Aw}(emhvfI12cDOC{)3-4ly6PZWEf@cg`
zQTd=sD`UuA0E9(UcR!(xK3XwGd43yMPD15Q)Lbz3!HKqUMf$LtV@r{w_)a6PZNU*#
zyu>0Jc%^H)<qqaHizkA7KEoPtCz*>fVSdy&c^YX=P|1SF>?Sd{P#p|iM7-o4b@{fP
zH>kcxsMTGIy{3d80QxiKPB<aCtB_cYqEl>GHd~e6iMHcFZVfMZ3D}k@F_9{UT9eRB
zft?-&x+g7`rpZw{#HF>-FdVcDF{>rbgV!YB!xauVDaGT>Hj;4-C!)cs2q1b~DpOF#
zPzOrN*0;y7#Ch4J(d*X&+1by~Qrz~$h!{k&#2pY-_CSsg73HRU!cjC3{eyJi*#Aa4
zZUCfXu-!URR<!a5>7@J$HV{2=p>7oTjdZM!ej^?0c9EsN6_Ov4=l*BLqvO9$`4`H^
zjC$`qZgb8G?A)+eP*oKns=o(gyn1Ql30dy{kQUa$^+{sF=IP9oo9qzv=^E{NrB#0{
z5ys)z>ZU%huO%{K9(TV36-958N{`y><#xlW-WXCPB<fG7c9M_bgzQx#Oms6Li0Rqf
zc9**!;hAzLx1B}q3{(|?W^ww>bF@Z(_N#(VmeXPMNg+G9inHDuii!EZUcTi@>pVm&
z%)sios2+n2N^55SO?3JQ|0X)bQ-6rgr`Xq;G=DbvA}s*XSt{kc#YMT9Dolwk2iQ6e
zQHC3iMTek$G*N|E8f67feBBqNHdk?ueG+HLnIuQ994gc_bzT!Pm5HmpdAo0!QM1S|
z5gdy1xN%V-69puRMASUi*Z9Lj3rc<pj<slv!^}{zBfSrWUJh@$VUBB1<1(x)QBqsD
zgRAgD1i%sN*UOozeO@S?Y<FuUl-eET-g)c7l2YNY(VzT_-Uqx{)r)80**P0yeb!&{
zhZGU%P`ycbQ9spsHs!2wqW+E-!nadFGEa9BXVIPUPrzeCw}AK^FZ3Jj&;kEOJIsfF
zp`A`!Pw(7{q;qI%c}atvHgt=i-qZ1Qd_tGa*4)<w7!KivzRVw(DjFN04ap3+z}&pV
z3)XBi(#|EJB6D{$wht5Vo;gJKyoWINM5&RZ=_<A|(f%j6?=vh91p*pNpWAR6O7W69
z;e~1rVc>`MYq>#Bfvc-VBMH*wpuH<bUMBK>y_E@2-d}wC5(_;5r<bjp`{w<AgVtz1
z<nc7b42y)B**Ee^c*z!haSYC0*p@b@Yz0Q`^8<HrQEYn;Ucm<nA+WTqz$!8*zE2pn
z)$P3!pmrpix+_eiW4g#SL0_bw?b69{lA!BMsI`x&?IzpS=k&qHIVWDv<d-`!ZJg$P
z8FwMBBXW>V46J$f83SXPzZ~x~{z~u+QO?a>;4xM2j<F$YI?J?Z>yc%jwY`(w?3Cr<
zwU?Lh28mQ<*xqhdY63bIbEv8K@YzS{r;}(ajzoX7tu1DrvcGc7`Emy=!(9rV!d+u8
zC+la7FH&?j>zst3T&2{2{gqdNpq)4R6Kj7nkbfovrFq{st;09|uXR6RKj~byf-`0_
z(}-32FZia+oDQE*@q0QV#eZ2tg&GrQs!cFhHU_XA$^Ql0fk^&B^?hUfWZ;?6bF``U
zi;k=n{<RwOf2DR5!v2HWG28s3c4qB0)J>R4h3S(wRH%P4k%s?lc`eu9vx;E}qES|<
z)xQcI&)#NcrBL}6%oo-!wNeDm3WCls>iT4d4+OLefHx-qxwF&)z&DBjd;<zZ1i(8$
ztUy4*M=U@<{EHAkfIl$6w>7}1Zon7+Cg91{@>eb(pi}_$fwBacoc`bKs}Mi|%YeQ?
zgFn*<wgCgxn^SxVz?%a!vS7yNwXvq9my<uiE-CO=K6@5Xql@q4lx8>$-APf(1?7r5
zdV@Vqvd@;lZ<QT+b9($LO=1uo-CP%?+iTx@5wKh6!L%ndDvt4A+1t1<Vt8ox=5+dT
z-(1EsUb7WvB!KJj;^I^yfXMOUu6vT#@0WW}FO6ZT{Cxm=I#<Z*zd}AU#sgN8FKV;;
zocBVRNtp-NTy8`0z2>3EXCILi6HpOUadD~9+Wy?mE_2Yy6@rX|Ja=fX0`JVX^?Ra+
zR(d60$sKCN%eHiaGW?{evhIutByu%9$_^Uk1n6#HWS9F3Odo4|d;rF00&4_de8w(+
z8=sZnzl{&f{u0V@g+}XB`yb<jg7<I6=Ro+6@u8%ZugGTGFN#hZJ)=4O6%EVJ&(IKG
ztiD&|#g4$jMqxHz^l4k*rOiJI?_mJT7EW++f(sHuKgr%v77cda(CX$>WmU@PET9mJ
zS{Ex;X$*a(#Og|m)N1C$$ZYHaVoDn`I=tTfqBk-PKI<*)sa~j?0yp7}mxzvt>Wvng
z0#PfSs6q&?R`BHAmItJI4<vC9Ebcc2qo4p4>Rl>Wu0OJF3ba7kufRvlr^B$Ewo@(%
zN>2`&I@c$CBUmyjB;6-enDgxhs6<paTtf%Nm%;Cip3j&5y?s|*P%`VLj<>+!5c-{l
zI=?9Q+Xf&K{yjk4AO=AcI|U8XqPQ>WToX_BWn8}#)~bPF?b}ia+GIVoVX3Mb{trt(
zY4KdpryzY1GQ*Q5ACDRJ8ZYih*C@(2zFrYu5@->h<W-feN3_kQ+e|}gwfAmcqpo*l
z*-ArRjJ+n@KESHbwty@|`OHEa@a5DSRn#XL4IAj5VC;687_C@Y)5kRDQfSA<T8!Np
zLmRjwWZVncbEqo*He<#sD;e#uoZD*A2JewU_7YCC1)`9;=3M0`_IUYTLh3iJ$OQeh
zNDj8CG0XM6P&0CbnON<L!3GfVaB(%B=#HrdW~)f!f=R6$UlL|WUl!8MVEks-`p4t>
zZ=GtBlQOy-(bPXSm);>))sZj;p`0iK!}C>I$j{W&{Ji_tr)I3Pq3c+<8886WQ)2?N
zNJks3G%J0wokF>*_~*KwBYOzA2_I`mon)!_I82b1%4r6*lwp6?+7#VsOPpXAWzR!1
zS$D#;ph{=ftnJZ+eKQ%z4TUuF4@oogfX_k8SF#O}rYXDpfviC{ReIhDTua2&`><0C
zb^d-nw~u#i1!dl`O&NKY5yWtB&|AaUxv0TPgC_#G`!?Gyq!$iY#n{v{<r+-aa}Tt9
zh@jYXIGA8C)eI3FCvzQVnA+BmftKPygQZhjc?KeHl4|E<S^<t<^bL9O<x4E$2@6nL
zXZ#nkNwID;6o~;lMT?6z1q9__N?iBi2j6w8f64|0H3uXO^))opNsflJnMF$qLP5CS
z#2%YV>;i*427aClu5KVx$t*}*Pzj=;Yr>|v0Ws^Y&60*}KGfWsY0$sJNlD$L4lN?s
zJio_^PlbH>RV>UZir4FVljr~DlJA(Q@3OU91zdgr4r1IjzWY*m28<P$Z>vo<b{XMz
zybey5CK$V5um-teO?Ra1LRoPM<I3FFMkG%Q^jN9F<cgI_Ao)s%Fa!IO!!_;$;$_0X
zm|J1kyTmG;h2h{2I#TVHxi4^6c4jRVw<Lc|T!6z=>av!%-oI~O49-KPAK?*ZpwR1H
z87W5&eaVIO`mK)K769sK#W_r4IOa}XNl6DB`4G?035S5cND0%m%YzEz(_C0GzuR9y
zLooqm`g7`Hd?2e#f1@LQVo3rkucg)UzytKWF{UW`1;mzZ8+;-reN8+|G<q_p@XDh^
z3*JhyPUQMN_HJ@(tPHCG^Dn0>87BhSF$fE?`9U}LR@G$-8q6Mm*Hj+dty|6W6(fyG
zs1{J$)|r>Y7R87iMU;<JI*{R#WHWqjYq{(~ebWdL6wD>C<DX4oRNB1lS#o)r!->;U
zwdk1Zj7DC=6^RXDKqK+&U`+fgp+F<V0ZvecZwr`!HsXL;8xbHAL0k|lLcqa3Qs0xT
z5+<NU5zqqY4_gDY82)u!4><qxUKC(dkzIhiz(OdHI4c-at%C><X)|%a&0|0lJ_we;
z?4JuLwf(sW-tUFgP=>zZ%1<t6r2o9$zA|9OUio2~M71SRz`HSIM$1;oK3jd{{w!{l
z4G?Z&^q&XCPh+EZ(82|^-QZrtO2`fw`m^(NRC2K`F6|q}PXUBhXa5l+dBp)RQUdt@
zE=D?a`!6t3{p-JBqyYba!$?DOdAE($WT#Bde&&|lGt2y$hjy^rxlZf_Dx{MHY3aMv
zT&`X2E8@}kkTHbQ6-^-XSoK2OkDMV1fTW=iK+@21&10WYdAT{I#Dl`i1SGSDUnn`$
zE|8|C2o!TbJ?<B<LAc$*%-vRmf)chssKI^VQO{9M|0xW(G}fjeA7wP&`N)xA!_@^a
zxdt-m`9&4gJBA7IJtv{qnUGkO{c26BH4IVh<2d3bM{^u_Wi47)fJhSL99UR9q?<yQ
z|BoU`OkudB*iiXpPe~g!5<%{sIODfSqRAz!>5vLnC>&KaiT11|c+Gq|<g5sgfjCgx
z(*e3PT9pR&jI}C&V)7naJb-U#Efqc2g#jbO`Is$|Hoyxga@Zk=G|=l6<OSp6m&VD&
z7Guj^2g*>I6N_cXE6a*WiWxyqO<cG@e*u&+eP7piKRkSV1bR8&&Kb9VyzfJO++4kG
zU;Z-pe{%Qt2dwWQ-0JDT&iN($=>M9*c3AUq+SZdd{>&Jdb8+SWC^tlw_njhZifkL?
z(sM;(xJ%j>5d%y2HdG4VrGi|7GQjffNZfBrf$pY&mETygYViK7dDlCH4Rx%+xj#DM
zP6e}CerAo4;xb&7NMD&+3L%m9K}0ys7AzE6FrFoJ;7A|I#6~+j9V(4Qd0Poso%}lz
zeN|9$uvGi^Fm*3rml-9VV_8~&79u6%n1A`kCEE?nv6P-7-lOp$D87!iWC&GCk2yO?
z8Qz#ZWwo_4FuiH45*$oWP!^No*-+@K1Xvr)1Uc0NM#ze&e9peYMg8Mi7_6+?bJ8X}
zM-K<$X3e|Cm+PyI8*Gb6&H7h+!Q@$d_mJ28mhQ~q)+bgmZrt%^%72k1B=vZ4^X1I~
z?qKt>K+h7BwloydDNmJy`0fIu9cDPb)2N6-YWzG1NSKk7!-{LJ3L9L7y7U`7%wVZ2
zT+(aiR|9YD{j{OI)<flk`aQ3S<k-uHzPhoVjpSWehNbdS7wvdzE=+8O03-WBH22%S
z6+s9##^BD(vl^vn@mITkdzRs3A?IGIs!(ikON|C^6k6RX(l!R8$%2t=Oo}Ao21^TJ
z6F6|g(4F2-&W}|%8u?OzWeoaaPTgjr(%l9xsOyl_U^qcc^<zu4SBKCsiCP9f2FZs&
zI%aRf>wW<?#A+?0EHbF`@BFwwxY!&vi%!avDHOwuldza#s&Sux){AZD1bIaqLT||4
z7P}}vDmr_EMi3h{`^zw~5djQSBRs$`_5IT@@hL}V=#}*l?!f-TFkN;nDgR}d27Vi+
zB{_g$f^zwnVIooh7$!pezYP<0;~&FhY$M|(`nO@q7*ZNsEnp;qjP}`Y1Nq!*t;uoc
z&cjRNMKJs!j=;ElIjW-SC>Q?%m4t>lJdmbEzI>XA!V>es>mLMr!;9_l?Yug;(xcm`
z;^~>n+wn_5HWNckW>G1;l#xv?u^rOwz$EvT`GSbwKHrq;3JYEbmu0;I=~$z&8Nu<A
zDC;h>_;BV99_ua4L<T}7RYN;@$A{PkO1b6xNIuT`AH)=E06<JnP@HM|)#kqulOp`T
z5L4yfhzS!O=-&`i&;JZD?S41y30O#}x+g<f7(;|0{^0^HN?C3cB--;Q4?x(_M-(Ea
z-c+Ok0_XmiIjsqO0?wTI+u<41+HDbh2t7tzV@e>|(@9mPDH$alL)g+1m8;LSOa8gc
z6dKDKgqcBowz;Nux@cM~@Vrqp0v23bUnCAPq+fe_0J&(=5aMJy+L@uH(#hMYru8c!
z{Y^3v-6mT+9x_GdS~hbGbkZ0=F@=!-cZ#VNp9$!XV*0x4M6~fgR7_Z_l8^TPhl=SO
zsktTtt8UszHF;G8_;z*|xT6K0B5;<0JJ|O+z!{_(#s-c`35D96i&3MrM3o9f<FK#l
zmQ^?A*u;>2EL#-aShMiD?d;Y1YpQ6zi0Te=1g(Mz@;o<6DP~1k5rfw(CHxdR<IYL_
zI^5zeW+&!#%g-Jl5n&6)KB7CbA7ZHFula{PiiIj3jDi<WD32uloOF_@H;p)pzQQK8
z8ogl)(Q83?&6f^r2qFTXHWBwF5jpbavk#=>0zJNkdjAr*3IuO$e>=;(F-9`v_ZE&Z
z>U_%7C(GRhi3}fBhC9Pwspn-Us&B4^lZ1N8!6Xgt7q__l6@5H3I4vkEd;n(edcyJ3
znnjhWV=zeVc1km`DE(7>YmdwD_XT_8R26n`+FRgCsX*ea_+9!oZMW?ZT$3`xx~QD;
z7%b@=$T3gUcR|HK_pLRR6=tpwKpEjFob5XX4h(kSV&moAf3i&3z&Y=258y=<Lj;2o
z<(9`cUo~dOzimbo4ASc*)7I2$nmq27<<Q$pzeBwD?O>F%;ggIk|IBm+)0yDGI`o$J
zJe!1VFw1$C;Hy;I{WMHTW~Q=xKG{x%g8%s(&B8}ZS7=M^uyHaGPs%cmw#OioMu#fH
zW8QeM8SSZAJt`3mb6HJxl5Qc(px4X8Zw?=yi~_Yna_0)_m>eC1ZorgxpSQcY-rgsV
zuE3Y-L=`WK*0a3TgiuMHbAxfkJ{@f&G_zhXxdVLwJF7DVBDA#=yi>WPFtMh4wh9d?
z>&>KNZ}J6QENxM{R-@6L(WDE^&721vv6(X)dA4j%NI3$Uh3;E~e1I5HCWJt^I%M7=
zLoq(9!KPf?1|Kzyo8ih3yk~fRD{Iw+mjVT9V&KljG!J>x3jvxvs6c8=Py7Z(5dCRS
zW|BZ?oa!gDZ%hA>Or8HOnSz-AFC>$+$3D4nU5^v5+JX^;IPY>tw;uPdu@Ot$sHyH5
z#-{m3`GY=<qe?i7gmeXMHE>-u4EclWNE{Zb_YKW7LGv@Y?u~X*=^M~Hp(C3{{Zc7A
zfH{OQc$9y1e*G))rxWn-{;-ko3y|~kAEJPS{tf`L|7S=2UuS#<#Q6Y%eE?SK-3=h=
z@0Z6a1e!WkMD8`#zvAFq0>XcMsFYb%{oh6Z8tC@d10=Pt9N>tb^v`|fpGm8hL(l4D
ze#Zs5(WuWle$R%WxRftShx{~xebALwWwIelQ5?zxnWQZg-|^PB)PrZO$Ruw`f=DEm
z6XD}+h?FD@_Q`NrR8W~EbZWa7p`^VT%)KGrDgE6C1IFaU$NfAAbrRVe9Frm$$elII
zXe3;1x*RNPJRK?2Q>-~kz|k`r3=l*?L`OblE@938Jy$1chocv{k)nO!SR)BVg^y@J
zYcfR8Ohr<=V@mkm1O!<jFk9dOsVD6Q9~nepoN7fQ-o3EqGpIc{9bYYcL%x2`HiPH9
z|F8_-Y9DjW=w)rGG72ZRq$N!4%pn<)9-x>HWq$XDj5cA~5o!<%jkBCAI};27g65b6
z$vus|)LDZhy?pTfo0fY-0n5{DwbBy&M19&Oo^i-;rj%nv7W)sT)Wc6yBE{fj6ebF8
zq~gXd*jAuXf=YPSiWk{;D(Cq;y6!{<`$gjEUrb5TFM%!1X#d{UmO+Sh-$R>7uf&;A
zvT9FFB|r<a$35X3kctN!2|yqo@BKtp5ZVm(g~+|`#v8%qSXt>ZC|CuQ-6LYmBdeG2
z{u5<;d^~kF`X0+_hQvzjHY+s@QisYx*A-4J>+K*8e1U`ODJQ1rAPJ3$=aFmiK5Lag
zaL8;ElSl;{R6XFZA{-n7r)T2I@y5>i`>DE9`+A-??(hy#5en<Ej-QUjR1#S}m07h^
z@ocwQ+X#UN=l*s|p#;C3l3$aq8wtQEDT@7eN~nLF(jsgS*I!Nvz7~wEJe*yn1WWTj
zOC`;xqVF2CM&S&t6PI$xY5CT&JE}YV8;*K!o~-H?n5%=}(fe>;%Sl@Dg?n@f1C`yR
zPM40FR_(%D@CdwrqQ0d-87dk7G@&AsWC4{_>z&Q~AkEEc2zWew0ahThrCfSYIL;?r
zmplKY2tY{)l>n5q9bEBXoRz?Uuu}&>NffI}&#W<?D78x8V_n^={tYGFDg2F+Zgu}c
zNmuy`P)~qF1&t#WG6$8*?|>jL>&GHKKAjDep)sCr!S*BgsNlFS_`|D1TYsyhxj!l?
zlnbDe!VdmYNo*lrj6J1kQgsza47dh0^gxaDnf?|RY<3}t)+`5ubw8|WA~d!=5R+kt
zYy=EMOd;a*4@2fYIfk3Rab+~`j`Yzi;qDR~ERXYaHGO$-t?T0U<vB}E3}3#uefC37
zNok#y&)e3(st#PVSi9{_0@PB%UCRDDl#~)I1qKYeAC#XdD=C*gXV|;?>gf#5|KXRU
zI#6AX48)_C*|NNOTnKNvT!w%{z|f`7_Ny@=rdGl|4?QOTPL5^LQ*IF2&LF?gD3K?7
zwvRT|y+fWaQb&psIpMphT=Yp~mz73)yOIFgZs6C}f(LQ#9H}o<&8LPMWTukb%|>=q
zkpY8J9PwbJ;f%=_SkqFHOO=|!U99hCU<VZXNX7_FfV7mLbXiVb3Ek7S_Q|4(Qn0Va
zS&7m3L4MCSofkW*tnbV091-s!nmEYS^48U$!6BB?ld%Oah?$De`lee8tNWwIQ(DZI
z68N$GV8!O{axm>larm*5X`xX{!HKv+6Vzo6ly%gCD|tU{>;fHkVBKeo5D4m^L*`O7
zQ3r}l^y*Hvsz5u#^a@nAq7I!#=o`}CmO_aL2w6}vj5{#OtwuGWxXl!Q>BT%~mOO^b
zYy(520#Y<|1#c5Sb1#zmC+iza?R27k|M>78zM$nbG3%qgn-g43*PvKTz0ydOl0%~g
z#fomVg3B-6+_yqvpm5KWhiBIUBaW*6yiU<g^@N|lbYGtuS%9Shl!ht8b>0~f<s&!m
z>New_$Q{Q}yxq+i_53t^!g{n%2v$Mpk(9+qcct4Vt8C2}=gT-^jAcD4iM(>b)0rJ4
zI*B0iQ=5`ULuENw>i(8ZZJ77~`r6|q6Nqn+K9Z)|aW5AO^oaIGSScmV)^ASmS-m|!
zy+Xjb^azJyyjIG6fObIJ-N_d0n}}O-&QHqB9)gr-!b*?{=(-6JT3I}IO@|p#c~}@n
zpdv2o;0pQBZ?{37aW(7espoY1<wk7dPsu`xUC*?RTowj{!Z+GOnM9ZxL#X&Pwh$4S
z{SF9uN#5euMMb4jRDnkD4FzxsyRiT7?w==%RL-%XktU+IvgYk+=V6l&L}k9k;w6ht
zvV<2e>>x%-jb4X}u)(vIxD42eh0KG5?KJbrw9pF7O8x-ihmv93=IX<TckCk^eGT7Z
zWMhQUOQe(>^lYXS96I^72zi;>$8&L5y=-Nx1OdcSMGS5yG=>J3t*p1>Hi%`kYL;Y=
zSX&M~MaZEBwg7`*PNF8493;U7D-t`LcxhST|C*YahsL%>U0*?>SP;>=;}MUX>P*hc
z`}xz=Zih&ksr(rz&za8RI8{61c5GX1*pBpMKiyRARfUJ%GTNu6(6(zRzah567^Yho
z)A>WVm2mNz4nW>S{zC@eRNf^K10Eemyh)oC<&Vhh+TIdibbmnj&84bMl-M%4KzD`>
zw(Vs~v+S9Z)8aZ5)<`Yrk5@BA5CTbRkunT$gx9(jtSf+?#zzH3{y@{1sPeXkxhVB~
zaFGH{xQKKIor$H8ni)fE%9PIBHKwGpX@9p?XO+gg@6|&kyK2t`XPBYa+PL9v+gP5W
z3jemd65Om(I>ba>lfFb=F`KTLHZT{4DRDA{Q3o?;nmu<?^7sW)w09TZn-y<s3Sy!U
zP3in{RGQZjbB+IIDd4+JantUASX~4=B0qQH^GlMG?7gtEc(7;Dm{pT%)Gjv1enADp
zgjs7yxlWA|%o+5)*X#Ib+b^)Mg5bUu1z(;Q3{~BucmmAC{PqrRoooUEn{2cUTwM-q
zgc`a~;sxNiGvAu}6)F9WOYO(xBjN3(4`(m^gMee}vCT7D#|gF*rSV|7`Aj=?hi>wI
z-GQ%cZ}=jV0Y`Ho!L%fgv-RGN5C5n^&yFc#62&|a_jbp{yEYvb%+>AX=vO=Ld<K8N
zIxm6dJHN(0U&4WK14nx|iy?zx2Yt{pbnj1jVn6CQwOv1U+||5<Maoy0imm1D$%5?v
zYAECHx_b$M^y_IoBEwiae)l{1Q3E(~`L)cf;3q_Sy;X1l21zY>t-Wj_-qB{DU%a0F
z?I&18_d%bgL{$dxzDf8HGJaQiY~OttNiS+JZd`=Zu|cBS7KIF8vev&Iy$=Q-B%izh
z&PHp+p~ysnbLSkM4JteOKHf}+Tfu(Xpp!BH_vIp|kD0IWb{6e`z@kwzz^LJsn5)W*
zC5JeA=h)^+1<Im59_qM5aD^PcKskyTzUY^&WP>0YjX9TrxQAh#;vm&f!mii0oEmC5
zyP>lNR`C@mZhoox5FPn5ScI07gCHj!BfJ+->BT*+j7}Wwx70TFF^OUwSeRh#CW|zH
zndEzZeO`|l!asecxJai^M8vd<d=NY7>2#AcQ&}|RR*=<AsB(Q;UcAkp;796qRfr}r
zE`~%-OGRt^uFgryT~jR%6Ks-|7%#VV;2^1mt_fkpy!IfPb&mKkMzJ0z4%gyMhiK<6
z+vy$N%a(LX6b0m2Q<H<m?7W=Q+mAmyf)xXea~FD;DU|hWO`0T<BFO$0Bw6*%eIy2J
z!t~P&__S;sF4+*3=z1EEm9}#fRSj?-Qk&@w)gWx<z4fEFHF+%o>Ou-q7dGi*$`3rX
z8YLg{_KkjvFPd4*7I}j5F`z$ldzP5LL9Pw>1v6lwbh9EaJSyW61*DshWi}9%Zsnsi
z#ZWG^N7E{&sX`#Pq!lSC?2i|4<w@hXyg|Achk2{yeFqp?2X>>!Ztb()q9_kt3B4t_
z6-qk+q4`XX6tmRL+rzkRD;>YNTPeHqbA(G%zL`U**OLS37t}&FNDu+m*rrZssz-k#
zU9#|H?oWD;Eh_QUQy4s(Ue&-QIASrWoiAy*aq!0euCDm7h~ACtI+kX_>EzlvrIRCt
zO5ngswt4j)eCS5p7Y9c*H#vi9S9s{?NFXbjI)epS%7kBTUxY5Czz~tU;*#Y!jETSg
zaCaC>(Rj*}!?kzttQBwe)^T75HJ)Af3hjkC!_pYlz`fFAYdaO*3o&Edv=Z@Fm$Eh8
z*hjDkJ9m2nk|76TD2kLSr|amB$ygJ;55R`xOI_Q5`Hc95f-~S*IAtnv8knO}zdM5L
z9>3NF*$j3r!F@^J#5Vz>j%m+}N6120zww8!cfP2Pn}>m6DSf6$53!Lr-u<lAmvcN_
z82U-y1PWN4pH)3f#E^#TT<UR_k6rp)4z_e8+Q*UQy1y31NO^T;{h+yC4)FXcKL3oy
z<QkI?1J6hrfUnckmm7^?Egy_dD*?t%k7mV*M<SwZ!yfh>gTB5dWg`X&JE{Y7g?Y8i
zJPuJnQX0Y+ZDxM-CfTBbc2$XALp@Hylv6|Bp&SZH^}f%FsH)88h968M06&EciV*?Q
z<>(K$mWWXST^UE5)U0?kY)BXSY}9AGSz%<}Jf{mOb9c{_3ZxFY7~&&EliLf!TGPFN
zfbkj9u!jTFLf%ywzvpWx3-sA(TqmW_LGqDhwTRb3Rp;nf&Xm4UHR}`?ZyPqj&v1Kq
z^Og5}r(bB!G!0t%`#U9}t_r)NgDwRn@i&<T*<n*^RtKnZdS{Y4Yswd(tWGg1pAdDy
zO0XSrAadegBhPWH3>yiZfP~!|GPPAJX`l+>aSC1RqG>9bFWnC<qZjM#wR|?sBKpRb
zVNtW8rkVG{WhtZ?kKhul#if<^3wf}UzFep5eP>I6q+n_oQqw#VV3XTv;ewYnyhX-r
z20hsJny%$cyDA5Q$ElaLl*p2Dk6p49d2nFnBH1I04$ZMmwWCcfY)@=rqH54uii%XB
z&_I<DEAjs@bhh}SZlBko*j!?Nbq&~i5q`+y)NHvG>5fAZr2Xw@7|~RGYJJ*Q?-`Q!
z&atdRVzRH~AZl#mk_1rvLKL0|6DvbJX?Q^PnlI%e-^BpQs6ZFUU?+}FL(zyNB;00A
z7kK3_iGybAXnF>oE22rTH6_N1XlNZK*UB#LP=_zL$lhR>?8jk@E<n9mw57&(YQk^L
zbKaNainm0la&or1fE8rJ5sqT-4T6LWQ!}v5kX}%_l`>%`nz6f~<pzsl*K^qwh>0<H
zR1feQtJQLR_Ugq<_d&v&)WFMJ>1)C&nLsUmNMuwW0x2P%SCC-u*`UR8_1KF~tH@A}
zHH`<gFCifyUc1cdH#Mi^=HBnQqD}GD#kJ-#^}kl04%g>PG#YA_)ykmhn55o0n~6t4
zNm^#!r79Xbh^Ghq>bpF3Vi{0fDOtbEb`YmahWO4UwTiYKL>vwy@oDW7SOvUcLO&Gn
zbYp@lB{hzb;vEUr{G8SuI-@KIa+l@eB4&d*c65RMlvP`K>JprLJEPI0T>eT>>T>l#
z&W}tXZ_f{#*nuf1Ku}z@I9uLKJ#50uR7L{QvO*=jS68-hSBxBDt2w_!>Ngf$!OqC*
z7%{$jmx+C^Kr>A_g3re#Vtw2){0__*GM<r+wrL0z3#6LCRo;~A#hM>fi6YK**FUzo
zW~$e42b`h8hMnC5td$L^o~#&_YL-acJVWs}5_572LyAYIfr^tOj(k<~bK2aeJ!Jc*
zCmuN-TmoDhXYG)IiPuffkPk|hFC?XP_#CJw<aTSP5W28D=?6j`np-KfKLTt}&WIH!
zb0D}kILC3TW5I*)`HA#(d~$MR&m0M{W}37|iH&{b{1bHWrA(Mt5!`U1DE&)#{jpY@
zIZ6|9H~}eHo56MAr=8+#!SzAFAkpZ_Rt`lxzd-X_c}d!B<!J6JOUY|7PbP;m#_vph
zVSV`R%?(5Zn#1bJ4mEl32EM;<ZE7Yp&5%>rSbo%ln`_O&;iNkW7{qKI<20^drKHjC
z4Hbt6U*9aEnVcUDn=YflCX5@K9Qf9BL2mO6#J1uu@U@}NP`NQ;Zzjx@!}rx2G1#cg
zl($aznC(tAj`$_<&TH$zZq(a8*cSIdS)Ywe_jTqpp%(pF=m4|aPWGuAuB;^;%#WYn
znS!C$%OWC;0b~#kc05d^EOIVLxi2({b2rZL*Xobx{W(yH;upRJ9pwI&pd^q{rW*Um
zJ~^5gfwP1)-f9e)W@ylg6kd%9uZu|ZtRlo&1OmW6f1gU`Bgcd+vC%dK+OZY&wUrzZ
z1S;k-`Z#;ddiS3KC9*y&{xc`(wFjfe6h8JeCt?kD=*(6oUJ${C!ta%qkEe?Cp8@sB
zzPkohNG6guWkwh?do{<;6!HDt<5d%1qrto>m_`=oW1#6Tvadn!9znpra7;+H**wbX
zRIs-akC+yjp32QXKVB++PQm8B!OkgD;XeMTeWCbduo=T)K;o*5_5x0@dVsyOw7eIi
zhgBNNHOqDSo%3x|#ctaCH1%^U#1|U|Kv6PgyDLv8^bp8G^Ve~BAvk6Yif6w2>eUP_
z=l31NG;YY~EyQiJQq{rm#ORw6>1+pqXA1EdqNnFc%`;@cZrBuWAC}{fh@BS{Z@(=0
zAPn#61-xm{fV{QI`i>t(!2DI?z2#Y)f9EbL#Ci&lTC3EPJ-b=pT|#`@t>fMU!$dpZ
zxZG3-J?ys`1?HHatNeb5l(-{7&BXg+V-{Y9h^eVJWbJ)Y62m5+f4K8q0umOsJVkS(
zHR1=f>9X_2&}+|Xwn()Fdg>d$<$Q_p59@czz58Dt?j3>GVjAuGl%<&&H`$-}I)v-<
z%oOF0ffiQ)VZE8J7+^N%NNaa{!l3#+u%X&B;h$*{e|n{YvFwtUkTEs4aCbgiFAge3
zG-O?9$@o2@3NOh~D3OM|ycZ?G`lAlREf00irY(s+96Xvrl*<2JJ2{k*xPF0ZLUI)@
z<=fWEFJzc6kp(p%%2i!)YR{rDN!<ZDD=|Yo7?Oj|OfA-eTlM}?Wb*382Ke~5UHgmP
z>vQB~H>yUBjdDC5U}@yc#3<%l4+CQUgh&mKblGa<s7CJsG_zDc+W`qw9rkhe(9hY<
zr1$+SN;xIE839~f%V)!(JGIh=JC4_?U)(QQSsVWN?=^c~G8Mnv$c|QLw`C)hO!=GV
zd8oACC&$h@71D7bv_8fOMC-o3{m$hPwT2-<w|Gv1l+eKu?vQ$^qcS*Y*jU3R?nqUg
zT!6}~%;=B64-ALy&}hsw#9uN-X;=aKZvb{ciND&9Z@e~!S}(m)a~PRwAG&dG=m;q-
zMC!Dr&g&~AuMjOuk}DagSfDw5Jn9y>IRss6#<Isa;^0eY82$g*d-vu>Zewpaf9F%6
zlvGJNA*tOH=W_PR6PGM$9Ubp#^{iyO&g<mF;0#D2ngPZG47E(0@BS9Lfw}M^4KO4n
z*@INYE0P0XfJUP)zwWlC*jb@TEbm2|YsMB)!3i1_k0*mh3IkX&lEH2^Q}DDDseJrH
z?L9+UCJeXUkGR$*C^%I0{+=u;-mNQJWOn4XoDfLMT2n}AV8|K2f#}c$F?`<Uva?Ax
z+NcsUMs&`zgpohpvBdy0N28_S&$X(BWeQHLLLzhWC-<*EZ#%>rN8e?T_XP%gHFHGc
z`q@}8E%B8{<N^|WpsZyJO(jX=$F0@oZ=J!n%JvHulv<eAm9+8r3{uKZSYCYs*YB0Q
z_{5^3Z8W;4W_ib27OM?g_pex)jUN~AjxDMfnCj%!fPD{dz#VIoBnaE3lYn6kHho1&
z&W?3oeBw&0|AR*_lIhr9Wp)CNE?^F|f-vUK_LK446*tLUZp{a`5Vc|-)V$K6vT!gd
zAd=J?d@#j-%g!DC2!}vQ$AyN)yD&o2s9{sWkJ=t*?21EHX+Eb36ShiL5=S&g@4L;3
zuWTtmn_Rhd*<r_PE8<hu_epcjqavX>F}!5jx~8VD(Wg8eEk!A8VbpNDJlJv#7%K)C
zEsA3T-TLu8YLxwJIi{RA=3DZ(L9JM|ZYHjs3YoL`xONAYTxCSQDAWD4!_5#<nYE$V
zx}Cp0@^<Gdwl$GCo3or8#S(Mj%z31bN96xAa$S2{V<{q9Mp8!K+emq;$SZOLo!7;~
zW9MnIb-<npIL8A^5Jr^WIMKA)2$WWrsIN>hCOxl)@-pDc@|1?<w{+mRyQ8Gde}Hp=
z<ZKFj0MGOexWEo_uxOddL{1ksS<YyDCWX>DaJQ`&h}kqyEi3L!-V<s;cXEQYd1Nu2
zVbUjfkkBZXkUAN=dtCYkMOTen0w`w+DRW4{C}8}#rwe=X>6ph%)gbh4vMnktnEPSl
zyPBKt^y>U^4@ih^v1y4*nG;sH)m`IOyOjH3m1ruhK7iG{+<R_Y1AtJFw&ifwEJSOT
z@~%FR%al;2Wp2EDTV4X-zDf(jdkbS*%Br}A3L-2}Zw4!!#%R<p(lN^&{kOfpz%0mf
z63IMgDw7E3cN=6+!LAZU!<$}wG7^Gn3tYn1*tX?v&^u(Im94uZ%d6ce*lbG*RG)bC
z+xqZU%>(d=Ej-6FK&&^u`BGixdVr-h`lta4{Af~!6od9U^oq$M0MkoKk<92@rb8T~
z{mO;VA-2{^Y}Fd8ephL!xSmc+_3YGEC@&9vrPF$L6aehR=BGGTtqT#>$8DobQeu+_
z`x6MZb;{+X7?3Ne&3|fo=DB3*N^1CIZ+n2RweKBp)o8H>iID=Wf6v?scBR*ey_bT>
z+%8=ZxtF#qGi2Q!Zgb6T6t&H`^$ptM@OEg(P=((>^@%J2oPJ#7Sm(@0OPWm|shz&A
zr7WK^0?B55>B{?pz!pr7et6`n`5~{d4b74F`n@9ykB2<b*!72e)&OJ^5EngmE36Lk
z@-#hnIh=LW-Vw!xl!6}iuhKK{Z<0}-s}VVMUiSKT);C@2#%u6w)q+O_VHlof=CLdv
z4#+(uoHzG#X&E}WV~c}<7p9jq*wMkIIH=s}4Te$*Opx5}0KPj|6)8gmMQ<|pexQ*I
zHKm!&g-W$dTd}-qTfb_NpA}meExvDz<Rn*ZRia8LQy6cOfWu~HHF-HV8otruTaJdB
zuDJqAWDiXuEHI6G3qzSbb=qMf<z10E+5jL&dwSy{lBv}y@m;{oWC?kQ#wPr{A|zX)
zxUR0YHeA=2sI;vxbH|p7eYI#0E=S8DU9emIO>KfunwB1ziOk15j=_w8(<$MbO9Wuf
zVnb7JcdWdw*1$q4?XQqcxrjZ^-=~{9cE8($2Sd~>atHvJ<_r@I0EGa>*y<jIU~^`e
zVa%1yRot5Cfjjj3`xz5o3q>_o6Hdno`@iS%N@{1V`+i_;^LVp-;%SjqHAP6wC+%x$
z63AnU7_g?LrD^7}_n4;n6oBH^hT^V-X(GooAt@JTGVKeMEk9YlmHqR9>A*e6r+l0+
zYszWsRB6=Etqrl%9dOwMYSPW9An&<2w{}xs@4}-cqp|sV7t(S@J3Rp9D2+THt2?y3
zd|ovF$WAQPJay!EXYaylm#Q^st1Mm1xU>=zG!vt@Ns)slaUOv8sg#3kB)h!{YzkrE
z6<qlyS|sFD#2Ee7VI`n|FldcaaF^wwYf^(f&8TYT1NNz7K=yJDgpAqg1ggy}+Gm>%
zu7<EOTJ2oS<UP5!&_*C48--M#;)(ggQ(^(iC`ru<O6BHT$Ar3L_ah7cvnfs5^*$tj
zkwWHgP=+_tQx%DAoH|HiTtrC`*AhEa$DuU?7?MkHUB7v3EOc;>z@LP(e0&ORle%mM
z`;}?LS5z_cEv%faIkpp!gL%<g@RaR`w(Da(NZFWT34M6W^x1N}-B2--hGCSl&~}Cc
zLK6uByq@7lEVe&1qB%-&%L01KfoBl8Sb5tA4YCY71#V$m(EaXd94EF*B6mda)o#Id
zx79FC(lnZvoZy<HhB<;`U>%kg8jkvPRe89*5zhz<SmigONgdW0NvIT%qxw8%jWCAx
zUSw?FR{dd+10Yv%xIbfL?ZLQ+?wEFVoE+fLS)s|8CR9Y`IDpjA9-3q&aigl5A+djt
z8Dr{_5_pf(tYOEvP}<B4L1lhR;z@ri8rLqV@Z06Vme?$~zo{iR1m#s(!Ns8__-I=S
z1foLTTA?=DbESsrNse5U7SSw8RJ|q?%K`XRuSLc^#&JWOip4!$tnGeHnKRS`7iFfs
z_AZifp~;lb4XdB==?o%%%Y?gtBnNuqjuYGi)M>_&jN~jXBIadJg<Ea=l<QN{${I^r
z{IbT4Tl{+E>^uc#t6SZy_Al)Jx}gQPu-eMjF=y{wbwupmq8_L)H&ANvH{(S;d~eK*
z<b>KLX<a4JvkI-!GN)5^VyE>;_aR8IZ?Jkz!~Kp)N^D&l!%144Pz*u=EEAafXavEF
zuxgD|a`r-R*X6e1V)R~JBvff0eUZrM?ncYDf^^uOwr;$}S_^Xe?F~8S>aHq$i$yh>
z0X%KCz_cp=D&*lzsnJ$hWt(yJn0#m!TQ|!66}?vsR{~0mny=ek6aLtqiMsX3$J)gW
ziX%Ch8H$$y&>EAqHcDsVt}bLj?kTDez*c-f0Jl7QLoRBCSJn;66)6)1I#eo<0y-`Y
zzw!ZtW4ri7(=1`?4LM++^k)YHa`0)Q%zuQQKv5}M5;-xt@r31-_>K<*C-rzby0dHk
z;rzoJ5I<vS6#Xn`bE5*XJePTC|F3NVxcDNOX1PpxEhrAop{I}6%bgDz0?_at2)`W6
z(SGd%v0bXaoDhjFoMw<IS7mpG&h2=jRq~IjRh0c!=B|^In9WaAOkWRR>PWVWrT3(Y
z9K3E3XkE1%p7Mm|iLHff2djFV$h;gH;03P^$dSxp4n`D7m`l=BW>EyZl1D-$f2%VI
zusjnG!D;+KBp&$6aB6g8xgd|cuok(A#QT(0KXFMgxUizndqY89V8W;5NdC#CoXC86
zzK^YNV*x@Qix*#>yPGg$x#CJ2{uwtU9*$zr(P>KmDFwOs;>LF5LE6t@Uv`+E)Gh2T
z5I^*vMb3;28XyXn&n}C#=5umRbz8|5`apIrtGqN=RvkhtT(Y9}_J!8ct-p*J!G%73
zFXK=_^RU*1yG0?(-x+@HLHMbe1-X)f4ai4EV`4a+{pYti*KBmSOUc8WWuMG-OAFy1
zcZ*Q3s~)$fA2$;xfQ%D4CiaZ)`t85|c-i6Qzy5gX-rf9DPT;lSE01^I^J_nalJ#~;
z*9j3Pt6C<@n$s@SrqSLNrhu)y<H7^1-DF}=fP{U@SfrcjDIoci7X~~n5)J7^fP@Y8
z175@tGqIWB2svly7Vzrbf{@F;*LVG%3Oe=c7%o7P;)B)6B}af7;KF_7)8(A<gpPT_
zH3+Q7Bd7Hsjun=6r!4(Rr1yGO2T1Nkj?8x__vQ*a9>IMEKZLx{m4NRtmO0iRx26gN
zWP0_K`rO^<@$;`gUhYgreA~K=)~bwXo?R;=nlD-|xy@YJMojeZ0`5>ue3Ek%|Mbrh
zvGw&kh@DjjPWUR5q~cdz%TbS!MY6uJcZ*B2+WHt{GX&kn(O6EwpUJ~L(q#qR^KJq0
zDuj<c-qdShcCKevWYP8kw+g%9x)IA}lMo!UdGPH`)2(;LvKe`MgDkS;ir0B8P&vG=
zLj1*{A_<=`&0D^FK)L`axR!ZnngG9;HanJ~=8ukQ$otx-lteN~SmaR6u%Pa-ZiXsm
z?a-sUKZ2>s8l_H<08Tz$oSwhG7^U&AX7YZh<*-m}*s|_E35gvIiYN4smCUG~g{mIr
zS+grua@em`nPJ&$-_gCFOQ~10F;9vlfsOWAyqvK?-BEG!(-YPk3;*II_oq06;Zja}
zv72<-+-kJu_TDr;M>m+Bna#dq3j#6m6PZI*i6+@I9l`3I6pG~|Z?WpB_Q+3)g17p}
zCi~l=k8HATgY3tU3$%pm8L_O;Gep|L#f5#W-!aU8@T|8eEZ2))xjoW3uSVU7Z8yX_
zk%*^1OU{jU%<fO_Wq!xSba>D8Y>1+!I)RMgC%=OKc+LYc5T|i$bI=!xO^O8L=+%hO
zjDN#&1qlB;F5&?xc>KB77#*Yy&vXu5L)(dGIr}bjRM_hGvM%7{js@p5mI{AkHnnk#
zX`Hr>`y?-e(faCfUShegR>no#mIT7KA4h1aZ}u|_8!5qo)ET|7%DV*sHt~NQFn-H)
zkS^2@$q?r<%;Jg=cBBD57ck%R_cc8$h~9R|hP)uf=*3xI_qu-}>d#Zi*43R0b?}tS
zKL?^SUKGyY3sI4-x^$HnG?GI2NG6bf<wM5Aji%9E`|a!H;a(oDJ@f?f@RQ&R-7&);
zQj5;5LROGdJyRz5LScef#_m1MLi`c#*(I6Qecakz3oZzVIm~1Rxu$IJHoW+bgiw2@
zcR>4j5qWL6=3SJUPsUtVw~S&Ma~#<`$WoBV)&u~V)5w>$yCBI`5E*F~p<Sj#diCnn
zD^NUM{oxOPATo!_oDok~e+a+&-Rl;W<Er*Qr|;iE{8*+HX8FQ7n64Vbr~&!!n-5p+
zkf^0^!NgTAna>RB_Uu=`|LilbXL$~}IXEk;*q0Vlnlmhj3~6JW^v}!EjL#9s@98=U
zr+OG@NedZZ41JaDE~DH<5CXWkS+lY<efprS&Pvwg(%5CW{0Ht2gz?vI7Kp_+2g~M@
z6qWbeV?>we+E$i#Dkm1oSyOH-;mS+~k{Q`KdW^Q_ZK~45hAb84J}AV>I9LSIYb;>x
z`^tL$o@NTu@fsl<l5a~$mY{vyb;O-hYPb1?r5?BMZTER^>8ew&+i=Y*1SG3Y?Une!
z?@F{4ffBEs#rC8(A-1Q#53#K;8EQFWU1q75eDobA>|(<fa=l^m!y#bnO3MzvfEQPS
z^_}2Ddz-;M17+m0+Bpv(VY(>G`3geEN+yNIp~5?}#*a$2aoLv-N29~=Zk49Fb{U13
z<Ln`Q2J*H2WH0x;q4t!y+|MW!PXAqvLC?Vuv|A%k0P&VuV%P?{$IEEv`x&!HC?5f^
z5~gKN%&iQ<q${t0sjYTtGv0fy^GNX!bBN;P=&VeM;;_P(LbH5ABX-={!%-SjST<uR
z%gqkj-drA$85METdez4Z60sb3JNu+rZfN4{=90uYpR-(%qc50IyBO6)-Znlrz~Ta<
z?ZwyvBe{!M)L2vX)-LItSw~g3H~Da_GbvP&*voApiyYnbWe#+x#}#Ru0#zhuQ=^aN
zwG^IM<$b5YV0-tsmX6g2!sR@AwL)r^%Q=soj0&)(D!*e!RV@b&RZ2!2OlH-NdyI%l
zGC}5TmS=N-jJoqzLUAV#h*iKA3K_HOVw`X_yV<7$ZQZyCn_hvWZE~b}x$A`DwroBs
z4O~Kj0JFPpoca-#kd_6C_1mv}M3(B^Y{o1su^qFoMb`K{qDkVVT-`Rx)w+8aZ89#K
z77{QwwC&aokbWqux>`xz&d#L`P$ZR@TSyQo+%7@&arZ#ElNjZRC#iQ<uD0hOqmtfP
zxze5l6H--GrSRbpVuR87RoGg@P7LrDEFMAM?-Zedvpv<eqQ_6S;??qtf|Sjay<LWO
zhoc&Yv(@8EE?K*iyv5T|DLsPVh#wv*63eJana~vpRmd{mDv91l(mR;By=3J%mssA5
zdz#0m*DdpKG;?rNPuCSH_c1xWZo6T045`&^4&I-KvwEE=UQ2V&Jm`$B4C@`o>OJAT
zC;a()!Y|ReU8_<Z!e2;v5dlr_$;*0P@ki8gmQp!*NsCL$8XnQg-4Ub;mT4SNtlfk6
z7RK>XtFbjBSgR;wEa-yZ0>3xF<`V45*jB5dLP(Sf)WDSv^zIccQ6h$asEkGo&TT1T
zc%&7>7P{P~Rho+bv&%WJu^+c;Dw?s>=NhV-dHk)}v1{whGcvbkm<5&Psjs$%O-=?4
z82Q26FVSc@yYSM#mc*|E{Gw!exvv{OO_s#%)3Y?2txoAGf|MW@Be>0RPxrh`A>Kj)
z!f?5~L2gY?#TnZ+)Mso@0sRPtd<;tOQ&WWVo<I-z=pi2)u5ZWvJ&mx~n%IxJ1IhwG
z0w~p~K32_g=nn_|@G6^*t&aCNJRFS<4-r68DoBN%4FBleEfbN9UG?M%&y@yYwX(kA
z+Ju2?QuppPR0+=AS8xfwB3z2&x7!dH1Gr`-SeD6_?b4P7IjqF!zE>pSDc4v_*{~I+
zJVkudj<AzalobQp;V5OP%ol^QQ}bnG6#I)~ECg2MITJcr)a1=Qiks!~_$A1yT9a2)
zzJ73Kl!8N$95g9Y)vG}T+%TUqF%Rl-PIKjZCP-HaGv;%yq=%EgYE&#fc%LPLMU8@Q
zjAjpkFTF$<H>GF5oJm>etnd}<u;C@@4!0}wQXXo5<&RXRL{vgv9|ZJ~QLR}n-jM%2
z`s;6g93FpuboAY;;eY+@H%EUR!9V`v`19i*-5<X>K0Z47?yL7--d<n)jUWH`ohZ^f
z{OiY~@7TrPT6S`L{Q0i~Cfg8@xzIzI4{@8{Kv98!s~wlWJO8L;4cBLwzUoT+@A<HY
z>q&vH`wY~iFeK@7M230}0$_!6zS9I5Zj5F)p=N0&bDA$mY;Dhr2eTILsrD62Hs<Ya
zn}8&VEapYJmlTOGQhm+up$?U;cIAMF_Gi}hHKx%Ws^jIR_`zcuHGd8cEZ{0-RFs}3
zfbPkd9jfxTIEg@458`bs`n)RcDRc53MASW&CGjF25}3n`|C7BlLb`|h-cJGxmAe9^
ztqxfr+)_A1sFq-Ou_>n~P*SzR*g7U};Tv3$3&)xKfgFa^&G@J=fww48h#2G%RKx{y
z4p3kKecwVMvQIoMQc@^0dnuZ|Rg=fEu46n|DHrfi!@T8lNzE9!Dc7~K+d>8uTbhul
z0<?ZRAFG4P34qUPWj7&A&!cQ1S!E%DCruvWYU!2BUI>d+-`+WI-O&q>n71M)`wA5f
z-o8_*qQuZQ#EN<?y9!Sal}#NcyJQF!uhVkC+tQk9rIKh7*({s9QKb_HN2*kWYce$d
z=d7*{=rCpz1aRUrVD@UQ`k`$(VWy+|85314X+?6D%6Z%4;4i`85}YNJr?)K45~}wC
zUHP_Vw5~a$saZG?4{0I=BiG-Y+34Ci2d`lmNbj~P%#FMUFAGO-=vcq8<<Jyi>6pc_
z*$F#GKg+Vb7c6(ifa`D02855;$o*Az>b6_UDF*wvz&jrox{OEodUexveU$J2WM15S
z`{&`GYIPd_{Jo(wuUzrpFFjw6+JMTN=CALsWqgydXoQQZzV`}(BVd)*J~CdIoiSya
z##GaNBAegSvJ$gJ1;DYdp#^MJcgI*{#_Nd#uD?0+91%DP94tsurbpyTS|~DNkipnX
zlSJOzWQK0+oY}MmaS>o~nA3#E@JfDG<8YgCZ4m>|4IR<2u643ab}*VuxS$FDC-X_w
z@0vF{$+a!KtS@IU4G+%GZ;$=MFi5xAmawBejvBZ=Myc5+BfqTxFi|sp;JPfb`b{NO
zp?{SL&2v^uJL5U1y$uQx&8V0z-3xeeOqo^{?iO!k?{T!10ddv}E_ZuZSOswHOZxI_
zxObGqs{)kKy<HVi#FTn3;}8bW)g{~*z6$-qh(!g)4EzBAM^qj0VJ&(yIuFRC5^M>p
z$_5Y1TD>sAAxv=i`X_(m7%}lC(38}iT&mG6d@rJ+t~R-h0gM~5E@WB%gPaP&K5+#?
zqSb{2&D2bmF^WgZelW6h;j%I|f8I87e)I5#mmRHTFd=<kPF%%yR3D96mV=4e1=pJs
zn9C$#IV`M2J1jvQp{^u)!a`iR&Q?%rxPslgLp`PnQ-?cL2v|KFHg??%{Lg+DBnCi#
zzszOPGVkPa>wW-CJH5VyIXIPb3V*muw*=RWnIWMn4_yeGBuF;(5!Zn5s-5`?>K<C>
zg-aD+SncWcCC)Q+7H@%67gk@>GoHu8jOKa)yi5%mb1b8g!#va7Kox#9Z0oH-9<Y?o
z@W05yoa_L{-$)Tpu{vRrJ6T?xdaXa<SI)5Bp4aMxLK7hE6Bqt79)_)52gPlh(C@l9
z5P)agt~~OQO=_{#fS^KQ0W=S5XO;Ef%TkmDOQ-2+K={O5h*Au})fzA%mv&k?0eXZ<
z9c=Oj;Gng6)ds6rG&vH|$EW5RFna9$7{TakMHl;%5Z?SP`U2`nDr#4e6C${X%}E9+
z1MsA(h$3cm#7W6biJXMU+>Oi5E@Vn|G-HY=3HiR2rb)tLHygX*5@fA-A*er<6O>w<
z(AJAQy~xvxJP)+zb*c9v&%>>QWtD7=zg(43rL_gd54OHugj`8&UHIUVqP5YQHyR~V
zs@XkVj0Dp*9gnj$d~~z;GN+<6P1HDnV@57*P;C?~(anXEC_g_`)>~`7hlsCcD)SM!
zVa%5NX$-!a`y*zWa=+wL^>%ccWHWkPPe@gUl|kZ?Tq;#=8VVQZHQNxT1ccSIm8F=V
z<K#)$<Ig~<FR}ekA%j=ZLN%mJ9V=G-V0-rC%L)0&A~|O{65qwAj0z*4y`?-cq~}PG
zD@S@zAhGFVu30Qg9%IQR^-gDit<3aeMzF=Bvz*PjER;jd6&eK=rLBK^#;0Ya>4;`D
z;@Zq8l6hS6k$|}<O?9D~brB-)0X?b3zNCje3(^QA47=vG<*+4PB9_QjqL#=uBA3X^
zfG0NF)`NP;)&!t;2y(^F#+Fq&gl>g6j%1n@n$=jUWo4lkz2~WJ<f%JJsi0FfEGILp
zz_}+K?)gB&7Ab>A`y<{T@#lBMKU(TsKIB$PdgzdMGcH(Z$&Styktx^O1}e}BQ9mGD
zH{v`kQv$Oc;+@&2vT|&tCWR`(ddBj5u23Bkgr^zSjR58{w6J?u3aOlb1mHTtK7mOQ
zr`U79E)QcEXh`&R<6yXMY-%$)W(oPBV0nlc-3azBuH9BpRXk=nkgPQ@@7oRwcIJyu
zM#WKK$WF4nWXoL!l5r!K94@@ujKCi2N)SS?I;us)qO4A@&O_N)Fj9wXjfE3(y0pIa
zb-{fozX6_EVyaw<9!l=mVql@xw#>Kvaqy%dH43XLfSJyHQ@%D^x08Y`psZQFZ76Zp
zp+^hX#o|dW(5vG?!3JS@z^OtPoOCzjVsjL=wWaTHSnBg>hEd(I#i6n(eWXw`p1G>p
zz{9!`FSc(0%IStjyU(Q<kSnRpe=a_8Wi#8HOQx=*hEJY+|M1nH%kJ6KVTQ2@gezij
zHv~i5U2?d#a;Lc>mx9RLE_J5~l*KTW9o~8RO27Hq@$K%)ys^1Enu?tU*vj!6@B(BB
zjmnS}EKNx@n+Ca`tCq5S3i-jJfQoHZ>vWl7+X}gNfx@~LZs5n}TeGeCtRuU?4mz4V
zx~?Bcpzi{sSjd*GCY>p2JFKs^CMeRSG&5}PUq*5R4)AX%KCDLMlqfEy32S_3{eHD>
zf+qsd0z=+&nivTaHDy;{QBGDgh=Hv}Y-F4gqjPY_76*e4(o>za9$bopK^dywV2Gu#
z3#gw1`0ij;edwwPJe8ijUF@87kenqHJ*iLOx?7&Zy3%Jiwck{}ZOGC7EWAmPnOH#J
zM+auJTma-r_i*E69Okf|8Q1LDH|rk2U%AZt!P~l8u)J1ws~&bBb5dmSIv^(0VXJDZ
z_|}Q6T7?D6naU)B64$=GmEC4g(mm!Ai`U4CJd?^6!CF2lfuR>RUdBbu(TQexb&|~a
zbLm?5Ptbm4LR{Mx1w-y&m(`+?ORB=uZjJqX1CDq(A#baKd|ZJEn!B7ALTbWAloZwn
zk2_?@`w8}D3*4pZ$gz2ANDcC|EmiSbMj8k7Ii}H_Iig)S(0*fm{S}WP&`;~1d(X=A
zfl13i<pv#1qNXk9Eg$EMoXw~ZEb&d!=p0K_YZ}e)qN2oz0twTHip-?aB&E@ei?&@_
z(NvU~Ppi~9yGmNK_e!bu0N2ZjHVUYE^jN04Tj{N;A7<GtYzFEA=Ahzlea6~c)|FhQ
zrDu_g3CnZbxG}R25I!M=D1{5Jd^=G0a3=3bEXh3sIF`BJS)NNwBet}b5SkImG|Oem
z74jtJNrgeYC@DNDnl!V*CWSCmQI$q`dqy<Pr%an(JyuH;>6qp1lfv$==+cwaYiz9P
zBjpvzNB0z@vjcf|BK<PfBD&WVi^K|8hD5)yLQ)}o+}$B{9Fc0i{q`!fz|~>Z!v>P{
zSdV*|C-FUxEhL;AnQo8Ulc%?#vqKG2A0yoTJ&!{d*o%^3pynnxb;~R*fwko^6WTD=
zT#+Mq!Y9D}f@8)o7)j=ab&k0}FuI)72nz0I!>OF<TroWWJS>!@ka|WGPm4rT!DOL)
zieo>|efE{d67~rX`Yux&R--fpxhWGY=aD0i5)o}>w3fYBk#g}#Db*Eli$bac7TGid
zSyD`S%amLJr7ywe5O~0>!D5Xy%)2DK%}QM6g!N4q_!8>&|MaBM+x0d3W0o-yLs6->
z)gi*w+v%2KWsetCQu)x%xhVov!NVStnaLzpgniOEHFryDZjrM0387-)QGPH$(|>xw
zGyXXUo{B{|(_WbbIwbdYgEber@$rh43%_--enACF6%&d>jjyHhrx{hMG*!UWXc>!Y
zq!92J3eyVk2@!H>=JhDY5<k)SiN`Rd*Du9{!&DF{Tz3OV+KvBKYbv1QoBFJuU6a<2
zghAQ-V}`rg!LMpEh6@<=HGg{g)a0DybI$HhY+&o~p6l5Vw_lxrwsrC=_>bp2(B5(y
z$2M}lP;62pHgDgkR=srq@s$Ho@c8opYi*G1?n&O=J-*MUH2x%!(Op}axM}jmCztHL
z_Ct>f_N0}a*YZ0nY_*k;(2D0KWizP}WoW#L94|y`b{(K{P)!xney*Buwox0-F!VYH
zv0s7HlEs9oGQ%_({@Lm?qVY?kpV+nYVa7988^QtfakSXbNkp}W-!|Y#+qr-J_2qe}
zo>%qYlo<FoE~EcmSjvU65&VauZdZZ&6&^i0Lbg5cZXG?D$TVV=ukW0zyIoo;Rt9Tw
zpfArZi2bx_s%WyAmV>QlM%~>>oy-1ABUa&FVy^CfLSC$8E#ES*dYO%dEXX}Y@SC?i
z;g)A_$c0cv&MM6R@}Nc>-hp+2rdh(&n<wyiJqf|t1%ENlwv6T)Y$W@j_;N6J&(uB;
z+a>wSi3{)?*i6o4xg*z|A@W-Fj4-l(Tb7<BCo!9!sF=PUz|>t%jpln&MGjsc_>6VK
zQ=ZT~Su|>mS3Me`#SIP6)K>@ONaiqyhzgQ0I%h8Du3?4?)QOK@#97*(V>OHSC9~p4
zH36wnDCWGn$hk1L`-psPZ(J)#Ax)WObia5BI~l;7p2Xz1WIWumNsz3%&tK5)`Is_&
zRen4bJCWA8{>U=9QyCqHSaKzDZ9b5SL*Z4b2}Qmg6$#Br&d^2JcK^>Wu0LL!o!(xY
zzad}R@pxU$9Fg04U9MVE0|XUUGaA?%u(egXtb+&@E~p@vg6pb=J4X2?QrP%gGlq3{
zPPrbS>VQL<uU&5~2d}DXK(X5Lt#;-$b!A!iV!$X1^SYdqh*zpU_Z3dSdnjaSnkO>H
z%6CWwhojNq2n3|V(V>(2lM<?K<%??gu!3t%+8+_}!6mwY{K8B4_!9bF)waY8tIZSS
zWh2KLn&bM5SYZ8>&zbOC)}Y(VO+1i}>ThoCG9TaVcE-p$g6C^FkDYBK)0As6qiSaE
zQs2ERliT_-%7AzGy{xLO*~x{4H8dwJIac76<px<YCzT)DR6L@x1nj7EIJ4T6ODbxm
zm6LLYCm%0P&);8+(sq_qe~!;YoJlTxl4gZ-{BkgNPTU8m2iU@<kh!$B8(L;Ek<+e~
zwmsJRR~Updq{B?^)P$W;J=>4@LC@TpR|{Jz)Y>bS{DrLTvr(Z|796d7z+|ATtDZpz
zLkOGASe|kW=6y=tYEL`5OSP)xHf_}~s%N{n)64~O-TI)15uqESd81`H8<xeaCOm<-
z%StS)U2rXjaZVBEXTiRb#j<mxQdCNh7@$jOlC%X#LqO`p2=Hhprc*3Nm0MInmh(AJ
z*whR<<6^3+)Vnq(X3K#fG?rCYed&dMZ~m&)n}=h4_2HHXhJ&^~pj)U1?|-xJ^=@&F
z=XJE@X}m_OG2T~{s70D^aW^RImQAG1oX&{(!ckn#XtIr)%*Uo=UamFMAYr$d-jhoX
z9AW0T{l#$-??BG_6?Aa$Q`!b^gWisA60Rb}cX^G#0F66DkjtC1o6DE#XWt~oz>Dr&
zxr$~qJ1z9=oGZvxA1aHk^ivCzhid&km>pYGlDloSJ)ZsL^qSDZY=O3ggm);*RcmvD
znQJ<(jO}G>>*D&`_o_UX*o_{C@eFVnz@&bX*b6SW=2XjkUykR-fTfkTP+F$;#9z8!
z0Fu&EW?kvNGU0-H4?B4&jN(iqwiM(zfD*ho3+{g7G5(*d-^3gon*90ApK8#KKbKC7
zvJ$&3+7?M6SfqDrTqcD75X##54`RtNgiG}Q3Yx&udMuIOmWI4$V}tiX(M^)FD^=1D
z;(>wH7K(u&hs&pPDwH9WQ0vm61r!~UBOPTPSem^iL`Vuzmt*nWZ;_7P1tdgh|C)Qm
z?ZAQGi{;)9RgzhKIj`Y6@{TKwk(2miNL`4L;YN$NCNd{H`#X)}{0&N4R@axgPq-0R
zWkE(NN^skeUSvF?NwOffXV=iDB7gk-D^M$b`=7sm<w2*<GnD)p8ML1XCg>?*3>)!*
zkl)TI2siMlkMM2I0<vQ~LxxOCAtF@a=tJH5P`BDcdk=MUxnuA`*o)P&HXbDKTfLX?
zO1gg8SJKWcmi&iyY-ZRxo7AweIlHiiwr5;n1Xjl;`=#xuvRIs7-TeLC=@%F8VAn0^
z*>E4LjPEXrXv;j$lLEzV5j<iEyCcZe+Z#{V&Tf`{*@hz~?bi31`}b-Ez#8T`v+RoH
zbHB3qds<WS!hs`ZadE+41Y~5lTj(q2=i%v}JQIoJwOmn#>)^eS8~MUW7ECF3i~RIX
z%g#KbL%UGB5FE0lWW{F*<>@Z3tF;5-KW|*s=^AXOk$0x8TXi`D^BE=-$IDRBv{qAp
z$8pPRlJr*};U|#Zc~=)BbiOagLOIxSwm9muBZMj^4%*<6pk#5+WXs44x_7_bxoK<n
zW-VVPT+-}LnCnbxDLUtfSl3O1OSWZ;(9apBgGpFk<HZ<9T0&T;XzNjOVwe;T%o32O
z{AJ{4_=)9p+?lUG1p6Nc=dCf1y4|@vx5}AIHREH$#M41GACG4wImVagJK<L{*Y`3H
z&%4{~U<rV2ziYXS)^T5FNgJ6>TVC~3VM#Z@l4`5_5NmoVoauRSq$d%;eio@s@n8q@
zd-u3CARAf<;r0~VAci0LCGFb-cXw~N6AqtC^UJoAX)<^BETRIyaZ8iLP>&Q<j`X&>
zU=yJZNF>FCPg9yHtfd&sdvQ<mn4Df;?ub|0gXUM|t3z~uH5>%x0J6~hG3Ht|iqh50
zm*$o$fog^w8`f)k3KBO3k&&he)~O_8rtcXO<khQJ=!Sdshd=y*m@OqSi+H;FL-^J2
zUcdGk{C`g0zaumP4I7IZ;2dC|>%*u4`R|(#SMIQ=rEh`Q$|dvCJZ%^bXR6_BqIw2<
zA*3dBGC{(2MgJ^ge2zdTd&ojD8~C&nm=msaRaVZ&5rVwH&}r+Zys<=$nO~P9qKt1V
zI+jey3rRo|DW>Q;KyP&=-#D1}BJ;XW!tf@9L>NPQn-@xdQHVJ4E^XJf=-}DP3@~WW
zdI`bq8bwSY#e6@4s(-rr_4nR6?6Jwox}mL8)?6x75L#$CgyNVkYIF3<UwV&pnq)IN
zAX8eCUss2&5!i%LUE~a&2pRB!_ll@+unVa9l9Y@`(3A}f1I8J854u!oM)9d&IhtS%
zx1}VZW0u$<rI*)*bRclkVB{M+a7ab$Z4|S{@j+r)-5=$cijHP@1uU%=At-p$umaW$
zZWzdU1N%~9<Cz|rD_R#cNftx)$?yX{xAk8kISqj73!zwG&3=GEXF1cDkN5!JQAmgs
zKEUpc=rJxdrUV?Ue<bX^=PX~?kpepCLUhEHFRzsZ53R=Dpugo#1N$Tx)a$O`CcOps
zSuZZWT5deJ+m2<*11|q&+fFrm(@vLGy1qU(%-Vf}`OI8N2PdXda>o{^sTh&km4i1w
z?l7&KB~;tIX?JV^-Q$R%E8hL|V7p@;Mv!%_v3KU(Q26ZBr@d34yE2BZ^WnipArYD)
zT81w@=~n2t-W-K(aT7Wnp!%Ge7T!CyI8;c<hA+-|hNTV6?P8RSj^vE(8=COAoB-BQ
zxfBC(CAIm_#V4*b7S}tMOkGJ0pFE45#07Xx`)HMG4zNLpzW~t@UexWE%R^D_IalNo
z(h1^{cbozsN^u%E0ap)ENHGL?WbF*>KFhqZ%{!Znod_gw!Ec}@QkKw&#Uw6Z!Khg|
zs@b$PMtoCCSw00DMdX#kW3_d>cCl@V{6pe=R-1pJ@#Qu&jH<)ajtqml2ntD9*G2eB
zf(-l4T%p0#(Y35zvu%OKw#6E2Yl8w|N;AV2|7GMp;12&L8RfYekyE0$m?o_8owYF5
zy6G^L43Ne@6nst-h6x9#AS^+7RZdp4kpa1%Nrgfr7-k?F{2f~y3_3|&b>@3;DGmlM
zOG%Sqmf|v?aS!0TgH=VOyF$_N5OsWf8v#O9^A9`2woS8$qvSQVtMS4W%d-ZFReMFy
z&|u@J*+ZZra@|xELK~eJiFCyepJ+3TppzGDKw>ElH5n%|x&tFDWNt1p7nD_^V&gUY
zb>vmBx@t6MW>7k(JfY*nS)KrbiN;CDN#uZ?>xOP$8hL4G%u)x=7%d6p>8lT45lL+l
zO@n99xDOE@@P0clEv;$rpDdR_BdswxhEunn!@X*LVKP-~koHH=@8;HpHpyigv>>&V
zI=RGc2bcqVF@_b|`|+>H;i<WCOCxp7$RBo(K4N*kwfQSC-Q>g;Fird&Zmz9+DVLR{
z5SS$feZz5)B^(PH?3WBe6%3Dnj;aNVAqbjyPqR+$!m^h}1ztLqg}+c_6Y1FgpunP*
z&Of_HXH&4syN&aU$e1QhZ9o`}W=0?%BBH`54^B%sH|vCQx?H~7!%kSa1@2tca67Jq
zh67hB3-z-)gQ#LRg2r}+Ys)em$^hOPtT;;r9}=$2wC>oV<N`tCu6e^M>6AH@7Fkq?
zl@X1^5j-kbK10}32eV9rO5f8=q1nkuN#SM<Fw??)ZXq%>Al{~G-5n2|oDLft4xP+C
zq{hs`O>$eXa-?3EwdJ-w^D%(28uj8^A=*G}K_Ex?*iQ;+TW(Jeaa(Se6JTrWtLxOU
zh^6GE!tF4j*tg{tf`wadq52KB?VXK!iHW?SF4;RC?p#nRv(n?+&E5E(F6><fuAH%w
zNumAgS#0XIUXBS~#91Jrj?@+gsFkLI>l<&hZoPNrw%vRU;eLi7RRY^q%%Wj_g{QP)
zZX=Nvw&#*g3)}9KYGHdGR#VqeSvA)`b#>JM<yk62GABkd0l_~lT8E4^+nCv;+99f0
z7t>vbQ@uS;g^SBLy}s;Zbg1=HH#>MQDVQm+)JCnxmu`5tL<>R<8W=>X=hc$fU`!)(
zJfW((GNHF&^C4JMu}o%Lvs-Ct17<?CU?-VbX~!i2_bKJnY+=ZFvK18?#`enYx!fB2
zclgl>L)J(g?$st_$>f#E_zgIWyL2gp)CfEqpd&{OKqTqZXI#%qlGoy3M~A`vZU>fG
zUHw}Gl-V9bnNHO}hL2_}rSQ+UX1A|HW!kE71x_N(1lUhm?vaIMeUp<xBkcBI?pK$8
zwQUJ4HE~O}#qGVWRM3vghQ}97Jm9cG)v#lymCe>%<a4COXRsODfSgS_pMWi(#<q=H
z!S-A%lA)H!L5cEg+7mlWrME<4>n)K%ZIj^D@do9JtT9P;l#!M!npJg`&IW#G&UCiS
zPJtbD1Loo3Xmohk-8O2uMxiIeKN2P)8M7Fmj-9UkTxn3cDsvX@R#$s;>ejR}wRY$d
z*DzcN-onM~5>C9`uA<ZF4zj8dB(Aje0qr)H#Zyt!snTVTgs0qwtQdyOR43Ky2)i3a
zSuwC(k5ZP(d@(4yH(xf!v%fe79VaUCoC%#QYTC{dD?8=lg<`X+*5s{cuH%lPE7-nE
zK@l!cn>?~>NJ?oFHGMKMCv%#s@N-ADr=i4r&Q;gAG%6M!I-FdB+4Z+@V>kQSLa<AN
z&~B^*)Ky)DFsMRjg|@=Zc2sp&XS8HWU8%OAQor^ofV<i<sx`~S8}h$LfBnsm!{g77
zj=p;}{I9?L=IE~@_{V=7e}4R<`{Osq$45usef9p!+v|(J@#7!A6GeK5fBks$9lQ8j
z%TA7uKmT>7X*X0YF7#05LnNy=0P^n8x!a~~a>9?DmE7jsD&xR2U{>4E;N6S;)D-xx
zPVSfIstz6)Q<imdeqk3|g4^28Ub@Tc#bRx-)>#j<?SZy!TMx8-y!Alam3j0)+upqW
z6E$!5K-)&QJ<!&_^+4Nptq0m}Za-6?Eows+ZX2|47NQFTVfCR3Ya7&~^Tz*-p|;A<
zdc;nnNESlh$~)$b@>;Swtn?R>s$s=yVXY7=oqPBEbS4a1#GHvRTk19#svF;lF-9;G
zF^j7&EVtEWVMpYY<SgPDx9NW<eja|%Z1seNIkGI7pkzQrRaGIcsrXhfS(;kd{b{C+
z)&k(T_gpceX0k|Pk~7FQQ+w;%`lxm1Lg?_d*R$(OGwxrHvV5B^Y@L0|cn+uPhDB1u
zPi9eDnMfsDgP#~v-IXb(=QQCl*9*6TmJx&<1LPhhm8)v^3C*%x(rCt1ZHB08*)l->
z3GAzuCB>8rRMB7@qeLVNl1oi(IuiS0%agpVO~5=JG(5`VI$r?VT-Jxhx95}kABxB%
zcIDOo_{wPg5we0n8>%9jr=TMxMtL%K_vQir^D{D&MXpBmdbzLRv#?zkaRt89Bw<u(
z^7<7?xhQm4hMby`{QJ*>PjaYwyp;?)fv2~w48y-mjo6xMu_kyXIbI!g{n*~S-MBdz
zh5KwR+j-1aLG&EtheD1QI;6&%eX^PQ_y5@seJYM^wK%=M2sq7U;gLNj{Di_l&Isik
zLbjrYPckuALzOEcB=+h_P0zmq+Pc#3j<#H7mgiOeJw(^c*_11t?`dgqtmb*O$sT1+
z(jw73OR8o5=pL|AkB^#IX$rLFE~8kb@eNe(2Z!uYIVuwxN;5%l70YN&%Uz9Rno_S^
zhW9fb%?JemCf<WaHp*#ItwIf%x68w$nV`Z0DG<KDI1-WfWw_#$&zV?0HCA)`f<||&
zb#Y(QzE*BO;)S3ok7#1fSuW??95WU#jid(F_k-0<T)iEXvUj=Ug<>99#P9_-<7|(c
zD|FxGd>%2UUYHSfxl(hF@~&ik{Y6_T1J5^H-X)a6s|uqaG%?(JQI@(}qFY-SX@|8w
zeakaCR?_n49-67A2$zpTsyMc$^?V#R?~IQ$mWq4<Icd)sD8#5yv=!vqZsHox0Q*GK
zEMaPN_ebyzSYC6IkK>b%7pLd%FGguQuJ)`8`#xA}+^TF&3^EJ7kOjG?m=@f-4*4z5
z-jEBSikww7RF(%dTzm($e{nb8?7cR*x7$f+nbRqA1ox|a>~nddS7|2iNi4}dBU#So
zOlZRLT;|GM%C$A0<T5paPnOG+D|e&&6s{&=cLGo8bT2dx1C@3~U@7>KZxY*3F7d0G
zydP>gEEF4ZUwzzbP4CzO;NE*!RXbF}{G%nn9pG~#_I~{0{A=ZB-ma;fCrn2t5zA&L
zcC4S)UZqlSE%VU2s$QGr#zG+~l1XCgPRa>6W7(|y!82ZBZ(wDRjn5w?kxA*{9uMC`
zGftC>!6&{<taiZiao2n7nH{NTV?f$oz57m<q9@ujKhqS36nI6`hVNQA7}zvx$Rb+k
z855dE=xelb4)sfnTu#sk5qlv-<ecR>kC`F?w^-c(%adok@nLufe^^;Juhll7WX}ae
zwtM(khx^mh^Rx{Z(_W2njcXV_>2M9xIOSeRho1XI>}%fwZLH;QouIl4^OlNe!Y)4q
zn7HhdP3zT-{V+4<P-)iMP3dgBTGMD|%ab_olN98u@~jXc<F=TEmurOzu{4!oBrCn`
z!nQQpU{wm^2hhh3&Ci5Psb=>yR7|!{yX}JYqj8)wrTjoa0N}NU<n;QIe2E?J^wqOm
zYSewtWlFgR$hENs%iXxe@JwxFWf8Xs*JZE7b~}MO-#%SpL7XCIF|n4!ov!DTs9Y;5
z5jis7oj^IS<58u4E$L>Sw7ESk?gi;Zl~>JyxN5qPBUBK1N+7M*I6`qih}DqYw%jsT
z2sF{9nl&Kr<dnOT_vTpOUQ!=js8>yT)ui^&6R0LiB^QE@6CccAQ@kuYAa4^oB@F&J
ziMcZW^;o%^n|A<mDTFh00M5c*yk%ZmAJNUQ-`(;-yv5#o1xI(_gw=3_ix>(5sz%I_
z{RJ>Y7fkQs2*!-u&UkcpT|=wL+<Yc#9|a1A!My|=7yFXe;l}M+4^BFA*T)Th<*^FT
z3sp)+yn<_i->DLrVi1{jyDFd@gf0kbAvH;{3}f(K58D@2b$O2qx57JJ1f+Psym;Z~
zu^Mf8<;t_S4Ct{=ZbxmnR$j6nMZ?Sry>V5ZcgW22j6gzGD{J}dQr>I(`}S+-Yjp9*
za1=&GR(@@wQSmd29Rk*!$*f2)5T@Mb4)`G-hzHJQM`oN_R)~F^*Lo5P{~RLj2!qvz
zj2EuEAluJVq!8Iw$`BtBtdU%#p&Y;Z{b!$f2^&0zO5_}hBtyEO65K&^2Fe+oOfVr6
z*v}AitG)bMVOd2&!lXPg1066%kQwZ9@0r2&oDXcjS-|$0`^!7ymp2^c;p|>jo-Qv%
zxI<2_&=B^3{9O-Z?dp(wD>#NPB+pjYaLN7W)OrS)w4O`;ti5E->XIufJOnr-{I@GD
z?=1(`Rx@AiDBsogvs?x8wUD@E-#k{{G0b}jL=H())FL@iKrPU<DT!2YexY!;(Y~xR
z)o5$&S}ygltGRcmYSrzuG<<fCkrW<kHVHY0zLpQ1o@^<9tuwBExLJanxQ~0J$wMRk
z^pGaIi(h&vn1Hy)1gve_zyvt5QFX44>>EULIj$G4EtwEGy}tB8uH+0-WYI*8*2(O4
zhn-H~WOb@FOEa&MK|Lg(hXm9fdICtmQ~S_nMM}lcFi1L1nnGK3e63B1SO({LR4~H^
z<VYz5|Dj-&v8t2-_vEL9vG%*rDB><L&Pc8VRogWw7u|6_-^GUExT+aQ^^Bq1eZ3@i
zH;f#F+|IZnG)d&WuQj+X9vT8N?`Lz$jTuRKp3B_&PV29TphiBOX_lkS1HoNByzPc*
zOO-&?S`sQSZ-e=_i@Cv4{r1`zvl*RpS$Kt`-rz-dU^@XZY9Wi#8B##Rbh)-_bw8ht
zx-nOo5q-Y#NX5}i!%=^}sdmh7;H&K@9X7uqX7Fj*rBAr}%TP~x)#UNk1=f`CXmNSo
z721ToxJ%U^#)CbOFQ{TMc~1qMqABv|=K72G$A(nFlzMsY(dRmp)J=WDSG&z_v$V(^
zWSo_LcD~R%PW<C|pI?#vHOY{!mlJOyWXWY1_L0sl?{-{yp2l~(TL52BQ}wpnzY*Kd
zW!NsP!(;Sz7Vb7P99ETTAKLX6b9>|`4}Sgljdu#pAUPq|i(8pTvyaSN3KXupBh&Y>
zxfATCHyMk_5$O5HqpFfAO0)PpiIPGY0n*_gH;RyNWln5(<oX(;|Jtx12k)sF;o!~E
zoXvbTRVzLCR_1qJ&-{Dk(+5^MF9dS3Rg!po3qHDs2@?^`6rkM{nbVxhLYclHFLP#o
zV^-TLDls<)d|a3dMdxVeS=0MJ<amG;gK@1P2a%Q}N*EQS$ZF-MjlgHVO{BFL{X>pP
zL<LcL?Rmfi*{gf|uq201oiiFIT(Af8oVOF$nsivECFhVW0CJZvr#}Xt;4M#U*{;m1
zrgQ;fS@b}W^)Z{s+~xwef*YW+OwTM&xuBX6uK$m9);kYVCd=>|@FlOm%pT8J{g^{~
zOrtwFnY`mE-+<k0tf@mi5K*LKOn{#=d?EXyDFuTQ0v`S$#~YSqLV2=DM10%<|JYjr
ztzOG`(-~WNuZ^^F*67JP{_K5?A8ASMAOXCL6`>PtgA3p&NOOQ5$VTpB0<<JoQf!b|
z9=V*A(Y=a<i)rh(y;*u>-D|-SuyB_0=bN}C8%;-KO2u?o{dVn7AJ^GZE>7o^Cv==V
zAa1t9XtY6Nq+EP-3~lpxG>$n^{&g#@^U>Pm?JJMBt}Fg5i(LnovTh;hWI2~P*Nd}+
zst0zX#q#}7u;Kw~YqbH5H--8ZaIHKru^~yBQgmwi&R8@mg@V!YnI6FejiSKQw9t<P
zi{(XPx@5_O{NMjeWD?)7WK(>A9f_ICO&0pmDk9rDc#mwaDpbbA27%ey@ZLNSv(}Ee
z+fi!P-FkS~e**^>I+sbpau;2Iz;<$NxV_AYkQ*&ImlHyv6Rt`)JSg(zuxOJs$6!E&
z#6D@x%3qH+DHW^J8#RWrBe2+BNYJ5?agO+ijUKQLPZByMQ^^#jlSKcko#XLf-LilY
zI%ejYBXnaS6BLo`8;aQc<I7wY*@oDh|CZxTtNOKKxdr0HOz|n0#(7TeWqy}P3K!Ni
zrxBYJNwOd_D&hn~K_0qYH+yfjPVAvLHB0%H3$A9HRJnF!cYFJ8U6;-daC`f%A#eXf
zjyDPrml}jnP45_CpL9;iN7Hk}6L!sVF5^<9wFwBY+aenf#l=RadG0zPQ>GP(Xp*p)
zWY8m~@opi}a53S6>kU#(S0QgB16i+Z4@tJrOL|;W&)(3X(o`2q4DsP@elL|aE69XS
z7DSGrG*oOma>|(1D%TMD$Fd^9Q7U6}0a@cNDiFubCpL>zR{Z2r815dVX;#hwP$}=7
zE6PZ>_Yky*5^g*)q-dl5rv=Ta&<v!<bvg$F*2e{z(JW&^4Xy4V^O)s?M!8g~OzB@G
z4On{$aM;p|fl-4W-=6*Ux4-=_ATr=L95Uv9eS5arg(Jk6YBpS3G~|Kn-<&PJRK0U_
zCe8B)8r!yQXJcz)+cr0Lvayqm&5dmvPi)(Evf+Kc@9*4m&;4VjtE;-Yo-=)Bo|)>Z
zPwizoGTdnY6N8b)uwrLhM8WhzGEXNc$Uolo@8R8x1%;0V{nm{GuwHSSp7eyWDW{@L
zS*fA_BulmJAe|A!_|k5Diywc0Re$3uOQ1JF$F0fu;Hzk2WHQ&%_(#-n88z%FCewd8
zzRnOMEee^B$pyq`mFataOee51c)6H#TX<7<v_v3stp%uG`AwnH=l8~Lr&LdEjThQe
z`9-yXtL!6P4l>Q=M$<-Sl=3TUT{%A-Piom~a(5pVCC}ihyO<*7|A8FM)AT6Ry%jTm
zDSVGv-onSXa9e1@oft<5Y&#0w3=Vu<9y0;IZ*D`s7xXoF14XuS&9U2mh2n!FcqRpZ
zb$a+Gv9z)h*1bmM_}r2b-{M5AapHbt!a(^q?_w%lmk0jYed}p<xp;mxG5*QmViocS
z4}hCi&&`&$Mf^a-gOnTJhNGHC!JN6eLL3V$KQ$wUd*a1@@oMysJx2@FB&J=a79Oo7
z%>9^!8teTt=)+ZuMb0d%tb-O<&}21LfTsft8QaPcei04Y3&)<QwdBEIY-;gntT*k_
z+~t09!H=gpeM@T%0J6#Tb0|Gc35=smO3o>`U#cDlCxlSLi`EmY77{Qjix|qFDZ>3p
ztUH^jTf|SHWikF8%9nZ>P(I-)0*uN6I|wKTpjZTajLljV){rU5W3OHe)_gzr6=;w)
zWCfcz>ywyG^Tg`dvvXyd!@flljk0>S-E6&i_h``Hs<wL|%B=zYsl4%-7&as92#H+S
zgc@M}Zi97xV(3I^Atc>~QK0Qf>mMik=$d%dvL{L9^yPcW)ip#4?%1}L^|!Je1&D%8
zwxMfJTFujXiLxSQ4r%$rEanNl4Iw`QiV{r5=H-}|<4jgGj$=!%IPwV*L@I9);pkyw
z>oho0zS-%8IkQ>@Ov@PZz+$LuP}SFYFL&Va7r6H82`!H9{!SaW%OihPQ5Kd=UG8!D
zSZZwyBC#ljYhV0&=Fw?x-&Z#)p#Ns$Mp8QJB~1$lx{@_l8oqL3fgg$wV@?^kBX(EW
zR0y`V%E}{@fbl2>mO5?zNyZ@7O1;Dopkp0}KWeXrcs4}VInd*DB8Z+@ua1_e&jY$(
zU(Dkb6&9{bNzh~$T+LYr9aaP`gzqgp_y`^(OY=n~(#2V}B&v8_R95XV$UB|h#IU*V
zP>tlf(gM8KB5<eG7FwJ(3fg9{mY>1wpIzNrVFcO8{*?_pcg=!69Ri`VJ#p4s1t~Is
z@f?QRbpWqd&jXqXGCF0MaEz=;`N-Gki}J&Yn#&h&3)U;I&Qr$=SjWPR$)Sm<3Ww95
zmnx?Dz5bq52hT<e3f{UVKqcnEJQQ{j_pf_n!8zF9^q2$(Nm=(4)O|E5`pi&LUfGO^
zr-XW|rje_ow>o{zG(4pCO+d(lmC;VsRPx8gPVdJ`Z&+w#`bX#8jN#)IcJJ%&_7AGa
zE@DZqDg_Q%_E}R!0vgv-hiCK`K;mRszzX^;1hZ8pzu-uvX05^JSL4iXZ>>SM&Bu$7
zq2F`(N}k_y^h&SKQ|C_4+m>a3=V!QK*W1jD|NDl}M{w8rC>Taq!RNmENqwr}^=}SW
zlGjiIXH-gw$+4h~<3@fBaw$k+2Gkf988=^H$wR3De-h}hMgoH50s&oLQOTYBFe@0F
z6qkP0FGVP7haUuA4R8~FVpbz-)Kd`4?H&>q2H*E_(XWU+^eL(3gM&HjPP?wO{uylY
zrWNJJ+G;T67ptY`g*XZsI2o<D*!+>&NI9JaC$*BbLipWpCFUN_#-1VW@Imo=yf92A
z<f;J{2J>NV$pN30_L|=JEz(K!nQRMNz2Bd*gY;9OrR@xCdAYlw8<B{6L)e3u-G1*o
zSm0SsCA}4bKBM+ZdZ`#Z@*h+Ih%<|&$eU@=)`_#5wUzkqYDMfYPJUt&ubSjX>wclF
z_*{>C<jF^tY_uv;sABiXloAhM<$CKoh=#rYHvS&3_iuHUYhP$O97)E<;YlH_n3<86
zSZ8wb^5<}MM(cmSK7DX9>2jFT{_?1wOb0rcKaN|uW8>3~3>rh^+0)*wc=B#_SPKh4
zM5zB|Bf`5~A+o0TFo{6G;V%7(NpmXHnnCx@oqY(UK8C#@L}?~pQxYfAxSJfhEr*KQ
zxkiY->dXh$q?1$D<W7eJ<fbl_;SajIsFN9%q&E`e+q=*S_x1Gvz}QJfY-Z<N_mTvW
zmbGM5I!JifO_M|y-*j&fw36S=CYnvvS`fkvvO#9{4nzTZIYV~SN$A66VwqCxHQL3|
z**UW@$a@kHbUD@^l}U~@%HJA~qCfhHHcS;-e}ydB{aa#c)8iv%c5smW*`G5YU#`4Z
z`pH@e3%bSyuwqg@O^(C~)Wv!kM|4yh{&A!ebQVwBJ>BaDHA#RbTNO^E59cDOnwmYg
zROQIGP2WgwW5rdl<girx_lUTbOn|X-r>>dHhJkJd@wixt-$NSwg_PjEg+xB(dImeV
zlwY*u4V8X|R{2FwN~we}kBU_giR3g^YwZc=L=dfhOE3|5ju(Fns1!uI>u<dxN5wyQ
zN{sNMFd>dyl_GooAGv@20z3ht#G9<(N(L~ivb>@3%>>C$G`y(`D!`npeD>Bm2nZ1D
z_6NQFB?g;T>>j{1<8v3c0J>psmJFicKd&|@KfW@7;FLGnH=XqPV?2PZL}#d=4h@q4
z;}iZPSE`7IHwP$P#+Cevli_Wx0du~w_w1m|e+d{jjiOr0gJ=vGy7Eaj+BQeyU-cPl
zXuuTq0)=Fs4kd8lcYg^#tqT{4rkz8j77#4wO>P9a%0_>NHU9Ug@*3i02Y)Lt#Z-9t
z9D3c4-Htu^Zt$;X8gffjH}%8(F?>3CD|Tv*ld*#kH?aB)(Us0L?x86mv&MS`;cBdj
zOEgP#GgW6@Gv}40D(V7%3%t+Y2~?sHn48svGpf4;tR=J`o%=pMyJg#d_4dO99ddXb
z2O#BNg|xp;Um1hex08JdigWm*T&QMj<TnnR9R+HvvK%_i<Eyt#mLPWQ44}VBeY&Se
zb2?|(|4DbO6E=cB?2FOu?~&JE66qCmSM%EW$<xQyUC6CmPur}P)?*QcuyOo4crFs#
zN(sAB=i}N`FxM-Yrms)8wcUZd1F0(F<gA@&`{&s;#*J9?!`>RJcKrbAzM{F7Oo}>x
zjUTUMd3AN^K38k5yx}SRkMeHDTzpCX)A)cr*JsmFjHZR30i2jH-}Tfux%>7J)Vh3m
zh@kiNry*Lv42#e+53nAr#x<Zk;b;^)PfP6-GvNCeD>MEB%LXgoYieD_DU36VSFANC
zRf}{&W3e=|Qs#ZY#X<%UYuvmVUXd9@&xJrz28xTlPM|VKUYL=BA7gcaC&3%&HQg>g
zLvAKFCIc7fYIfCZZA2sWgyWcJ$n)o?=7tX3MX-8%dl`v4y}VjtX8#Rt-gFZlis1d2
z1mc$h-jvOP9PR=a+fb@$C6Wz!=*bw5xNf|KF-Qm-iG7CAio;1D3t_WgN%tQIrVyJ7
z`wGSs3$G5Q38<I&jm2m8g)#bg=eeZuSQ}$27n(*>?2ZK!I`zr8i!nLH@rv4IRoKd~
zls``uez`jR6d>&y1=|dY(9M<0m6j?w<<iGIsu>vd+CMf4dgo;dmJ&a~zE)aGC|yXu
zV@vL@n=+vLZdDhE&1zWBqXPC+Z@^Y-elZHkl91HO{MZ;LLgB!~A>k<Nd&5%jT?PB;
z*4aWet|mYzVpLn4IMPQi(;s#%Y8%kGELhP0)`CbzHO11&c+9W0qhl_L!?8e;z|2XM
z?6KW^qIc1yX}>^S<+!n4zMxN~rM2^%>)!8*msNI4i6QJ?2HhMUGFpqsTjW|Kv61hC
zPbyS5H#ohHAiU3DDXCeOfLm13(B0lV&Apc<Z{i2vqh0??(2*3g?Siowt=+Z<bG-6|
zS8rd$oFof5yb4n~%8}LPBm+LOMahzx;#t&$nWDv^J7KlsNz~*tp*sPl8XK)!hneE7
zg&Gwt1bRy{(Pd%QeZ7C^ol$2bO}T;O{cT~p!g(dalL>N~5uj>_WWj32gQ+TMfNa?7
zedIy5u{XZbBWvqn-~BHy%XmuT<__iB*M~S)sN{_(N`AVu>@IE{zS_-=lcNkV4$$D>
zIl*y<l5$}{lG`x<9@m<I*!hcSEnV7p@M|a}f26ugd5DJWa&)pw-AAa3>ZfP|HTL>e
z;_;vK4Ph4uWo>8Ui_VQUljwaZ1Sub>s>E@Z*LZCv_-7+mDmRg2Gm+J7sSZ6&7@}Pr
zuWF+R$(G5Uu9`>6UH06#IgKjN^+`y=om<8HO=M!f30LTGnk@+D3&B6_zs_pBu~#Ss
z^yF=5xh3%JZM;Y3-OE{4IN86dC(X#pqIp@3>fLiKB4t}-)L2`ha!HpeDbLURvb*CO
zxeW!Dy&u#&m$PbhTDN^MdCeSqf`Oeb9mk$~d*A>&;DL=sY!AHXHNcC0u?!zsAoeUu
z)?^_4Xw#i=y5XNIsPG;6?r`a}G<|bK{-Bdx1K8&@qdH&=wXk3_z|M$NPOCP+_mfB@
zpkgarFCF0A()q3_r0oEDz4BD*+&w@R=3vkc#!^seARRjRRYt1|E8k9M+^gfiE{lZH
zbkj~18};3BNfo`CAx_^PBI(2*;i7BlxuD~CnlJ<Rg%4IM0Wn8nn^ZDXo2lEng%}T?
ziM$S5wni|P4<)=mY%Y3Ec$r_G3YmTfIKZ4fUjFLc%d4JHbadGI)3m^~1PkrS>>@!{
zu^Q4mL~N6Wj$ni(k%Um!dz8HYaaH$+ORD%=X$wJQYisGS{(Q3lPr*q3X6kCsW+x~I
ziX6Z0*Ze_?MT=)g)IrvU`&5Y;JeBJFl-*A*O|F|+@-r<=Ki3O~Aj*w;4!72!Bt{~v
zhWC!ktc@DF7Dor&wO)s1?S`YR4OR2ksjG}tJL2pKq>6E%ge4;BT2i@z(dEX5fRYfg
zxHu#+#f>v1sb)lF-s@9GV{vD5fK92!@xM$9$C*Fx#F=9Twr`FOipp03t{cGtq_=za
z|KOxUCVEVwYwA)-bOLtLgBA>$s!I)F0Y;e;JZl|L^{awAS|_^&Towss#9a|+E&}(f
zsm4+&L8yq47;x}66e`=88RVRr#!N<5Ok^1yFsS0LS*pe}02Eopy%QGDHrwjY(|3<w
z$&)XkboT;Ql)(i3A)`CtZ4(o}CD>~i0vA}wt5+i{jyMCXAi+y_8<dx^Pf)svq|~hZ
z_15>Efk>Nf=x*((_|*J+KRtN&^#npxd-x;2@}UXcNPh(^6I%&AG#ZpL1XyVJG&z&*
zFUc#bA2UZ-Tv+tD%=z_c=9jHv#xRI8etOw^@<Rid)&lEuaOfaajX*6+YJ0c{9*OR4
zP@uK;7$mv~aJ6DVk6%)h3&w&%5D6;Iv7t#1(zMM1JOrN?JEO634NDl_0TH&{LWgt9
z?_ym#H^_H3|LgpF{7P`IehKFQa<qXQvy!K;gl*zrAPXn~`c&luq)WyGe;*Y)WYYkQ
zviPEGh}2mJuQgw5%eaab5s5a~3K!+s>A9+n@FygrWvo@Tacu!3DQOnDi(JVInxs0W
zFAq)^WQKO#FRYaVCMGV2lS88|uRag51^?>aBw%}?D&37HBuyZvp;$T)0JLKKboXpA
zc}KC@uIABNVg#lJFvbwdw08VbeKEHVA|Am4xqnp#`9ciz?M<y)z-vgUL*cS?<=|{z
zxbuvJK$B?|nX1^CcUTT*4f>3$6?5rVEi)<Z1rH111SO5<FY5%oYN^4Qho)&2y5rA2
z2YHlN%y{(SmQItinOgVm(Y*NAEP4Ifo-!0(vd)^0*K5o8?R&$tw%v(o6<;(;?g(nW
zsXjy!$;mk>;NelMZfC;U_E?pw+gQBc|7A!1<mFKr9aZqsN^RtqJR?i|#}Z&DV<W?K
zk7FGR@l>`h@pUq4P7~jM8`0Lcj3=Vjpn9=AKp;*y@X=A)wx#H~V<7sTD-X4PbS?Y`
zIiY8zvnEU7R2Y7+<x)X0yXG>3Cnq5D-vk{sdyNP7%u7YcS_UB4=V~EGAeP;$H|{V`
zx}%Z$7l9CZ+1&zP%)6b5A6I>9buzi9uEMUu;(X380r=6IMyEGH;&8`XXU}^GFMUzt
zj=B3U@U2{$=OZu3HUZ~8KuxfIFh!t|0+Dx!J!4ymDT?lB@;gSqtx&<>2CY@KP;Yay
zXZ=a5snPoK)nq54v`>Xm6CqTgfH}%K68NllrC;Z=?v+pFCwX=2daF(MQcvr8_+(-0
z`isW<w$057aDZd;P4%<6PrJtZY+aRu+eg!$mLhsob0<rcB}(uUT8u+Kspgi|XZvp*
zfm)VIOLUXw>f4H|Fbzn;#Du=|1gDCe(Kb(P;C7*7<*e4{;S!jFPB*n0MdKZw8<Uq@
zgQzV6uU7Ss<qCj~IxvlX^@}c!^KU*g-?5>4Rqfo;%IUeS+Y@Jp-i515i@l%11me{i
z51ve3a)aOhI5t2|{_;ujrK`#_5A9&b*?;YOb_zYZ7gU_WeN}eOA$4-{J+9i#ne59W
zXUAKIK<qMbQe<z#qDr9)zu21P>i;wINecRZ_t7)3foR?)HqpI7KKmpE-e#&7pQP%*
zqg$wW+dE*)1xT*G;pqdFN7vb5P{^5Q`PWuXb*yLTJ!AOGK-lJ2PHkFxBsGC1YUiE^
zY~45u*Zp~acYGLD)-E@%zuD;fH8a`yHP^IM*DkBK2;NwBE}wi}KKKjHzjftR>*T!v
z!Dn&VqJe_{$g>q7+i!b@+T&Z0c;yB#^}eQg;hhK>@Ma?fi2eXWi+^6~cpKc%yjZWB
z7OH&!66ck_o|ZZ?fvf7%vTgHiby59Xt@GbfGX7sv^Yp(J-f8%+F>D5s|0xMX8&#zl
zxm{HL+GFFd3<R#H-4f8&+){_mcM6tHX#>hz*pVwy{Q?bJz}5ucvsIH^2x_+AEb1QF
z@o^hJlkV0G&f-R)xUo>EiIljQBIZh9MizV$)%Zarw5m_`rqkAl3RR5YWq-X127vhJ
zq37d1r~9T7bu67yMUGTXj5qG(b)2V?H{vgdh0cEf2z_89tkJMI7AicBt{9F%|9E24
zZIW1Qj_I^GwFd=h+Z{NCvKQ0W5^|)7t-Y$b&gNl1N!G=U94e-;v`$2^7~^&XB-#a;
zA?i#$=QQy5EE!7vHI-bVxTEJCFMvt-%F4-|`hq5E*tg$ZRn;HR<}`>&01F)BUn4n~
z2#U<jy1X-_xe~QnzU<6qFF2d1CBXtRSoSw+<9m2MUtcO0Ua&{=v+ERbF~dUP)qe-C
z^AOSv3}v6Fq;o?8P$^wEtN}dYlwQYj<7U$)2(|QOhZK-Z4WfK}8LsfyWSPpW=64a<
zfPt=w+5p6bX>C36>WlmWWenQa6>yKrtWMP+KzezE#r4w#eKD5kf}-PkTGB(3b~m$0
zZx&OM^-l=^KHnvVUW#~pBVHnXxxHt>Fm4~HCVMKy*7Wf3($(m9`<Ii~uMOh(FHink
z;f;g-A>TBqL0A$_G}_3){kW!$&7|V>q?(tK_$k|e__cnd$2+s7FEWdU)y=*)se!9;
zO7lDq`hh4j<#WP*DUTyydUH*5_8k_opK5h43UB0=0loaaZ5`ddK3;coW$`4GNNW4L
zl($VPuXUQWar7G5M|RWZ1xXUtf?5HasWZ3*1CDZZSS3u&?h%yFy>a#Lv}f-<5SMj6
zop5@5ufM9ZfT4=ondL>0usd9PnMWL?&`*XpCw*O0C7Si?BL(e2ZKr7II0I}lvGznd
zR)D|$kXqU>J-3Z@g}b2!+VRw4&h&{G=z@NVjkT-$<XNxl?pg5gEu7K8Ae}kw5_LX?
z?>g873M5dLC7~Rdl-1)bLzY|PzfXO*J6aGI#XoJD8JJPT?+uQ_WE2kZ*%o+J9TgPl
z;+G=;$y$=<6iH+z85-0s4nKH1h1%2p5n?YC%xQ*M-KbI<)d~K?{GhhtY9*c)>LLY#
zMpf?o4>W3M`JM<h^UhJLrVSYMJ1W6X0vRu~^D+WJ*jmZq{)S@sjGlkS$z*Tj9}+)K
zz#Jh!uw-m(^}Qu)u9vB4QKFE5i7Et#G4bKy3KH*RI|Xr2x^r_o)-6o{1_>%lq>k&+
zC;iV!b~cthDe|D`#DX~Xaukm9e!I1o*VFNuCq(>p_5SAJ6h!7y^9+6?QyC*cPHO57
z`4A+eKIrS%JFA9m!;$>c&>$@U_;&mSz^`99daGztvP3d^r)@kCXHN|aEL48=v!&V1
zJkLl}xpuALY!mJqCmM-AGBd(~VMJ?MCz>>bUeY-ma-_a)=4Ixtiq*H}XVQVHjz(P7
zzFW;TFihgPKFdv`&E87|yrZqv016+U$Jc7JB8zHOoc%)r%h-0%WjrSsVOB5kR6!*i
z{{M(5M|lic^@}utVkPDZWp+wP;qiY0_CjJ|s|911!zU6gnXv=XHL#a;na-EELT?7=
z!@>r9y&{4=gXc6)fR4FRsFIinERg?0Ncq*~=z#ygqiKBV2aNLTQX~=C6jMT*Um^<b
zAGC#VbqLWgD`+HRc!q3jNR^yb%ur*fDe;Ft2fpt03c{R{7wI(Wb&-DiJg)3~{NVrk
zI6dvu9Q=OUaE$xn4G#Diy*n8d>JajG_4NgUrfA;uc6Il>;tPG<@hKO3yspGc?bJv2
zHeVjTzCIX2%e6RbI~9bp5$^-{t$ANKb`sWe=5hjj-O?P^EYmNK?QnbqFZbBQb}t0s
z6GiH2EWNppIW9MRu&W8$LqB~Bu-e%cEN4{`B*i}{($4-~zh^9jhU?G#AZ8!jR$0}B
z({0U5ExCn47ICC{^l{ToQ|!a=)wF`y9D!%rXC-!QllGA^;vS1wsBWgnn2ZWNM^rd5
z`jE~@9BH2dK55QB&%6V{c;wLrAocWSMF4l%wY-*pEzqMtlG?p;-f?x^XIv#xO52Z3
zc*%A$Z<LvgasEy~%0!DlRB=vM$SLYex>TnO_OXDLY@zjKb9RHLiwv1i6)x9YIkIR>
zR$qG>Z$FDpI#c}I2QzM>F>}K`qfHP#CeZ42M?`^eNy;O!AC@C|o4;8|Efp0Xng_k2
zWvU$u`;%5dyK~haNkkU-3$v$%+*5$Kz?K+Hv#t)4&PssFOkMn<+h7Z#QmKGWX>2Vn
zF!{)CKnRjOQdK!a-fJ@S7~P>oBr}fv7*=Q@i3QL2GPC=EzAk!!rrUdy{T>B#xkhj0
z=Z65me#<*`qv9&&Xgd@)&fopReRKjJBJon?7oY7&CCI3ikB-2M73Q2Lm}#>>RI9oO
zYfS|}Mt0~W2{#X~LVh)yQbUP~7Sk<ijl0RM2an8E8j$|5oVX^t$DiMii<K;mH<;Eg
zhn7m8bjv3>t(`jdTRxxE#HFa5YjQuVSw8$^9L7jxMIuQL5Guu3J!%~40(+Q<DI>~;
zQ^okl7sZJ%o9e}_0O~MmN?VX5Et$T&RvFTEW5H|cC~ON=kkpZ+K8Gq(LFCh&B_U|-
z`i*6*_ojWlId1*a>;rCu{Uv===B_v=R8gxbA}OaKZ2`u}M!h9zy}wD~#ZHbp9kq=_
zYZ4s*rBPO!&5&uJLp}xOF>AOzQ9RF`c}(=AJP28B%Z(G{Z4QL37+6Rd&bCQqfXT6f
zDRf*dDa`H%YvZ>8Zuy2DnTdMsAAuXzds?TK=>>|w&Cwfyu?I*bPMYGkO*gw3dbyx1
z2nL#|6y=%+BL6RJ9~jt^N&OnEvYjYhstr~)ZCZDGp!?;jrE)ntDVFn5@dhV&J9{E(
z7VsP?L5S9==WC+Oh>yDX9Rqf+V+#xIW4PwhO%{Gp-I;uY5bk~^eI+M709nU|uOs*4
z5XLcy3D2YYSkxp}j4JbYbT@2z3_hVst91GJ+}`-!UDVR&?3g;Nm?VG09pK28Cf8yd
z%)%cB8HRh4%7`iK`}nt$ql0M$w75*6>v_ZMUfHn}FY{%Iv)k*z9?-=`nCt`0Jz$uN
z*!)=(0y$Ys;7tlohC|h1lGhL_rAH0FTP%)+$4;(vh5f1Th@IEgGHW&X*8o(V<ePF4
zCfe1V&6Hz~9pVF)HtgH1Jru^-xOdHT;y~eRX%-<YNGEG=%&>v!*Vwm<kIyINg6zlC
zBmV9W$T`)dm?QLzvUd|V_HusBK)c_7PYF6i-a^b72sOC`dEbu8cwa98vTt(uhfGsm
z1uSzUOiTzF9+nVd94d>JbLN;4$vZZJkU7893+kskK8FGAf+o4~$sW1e^|pa0=>&2T
zXY8-cMuZ=V!maKGihq2!x*%&BKYa-zR0}97n41`7;_k|N$Pl@-jKo$&*v~VC1TX;N
zE$Phb((vv)b3YDDd39C@Ybz?m)uj8$Gj9VL(lIhHu)g6<#KbZ2!BT~-vJe}iXt^IN
zN<w|G_&dY2_xSU;`d>7jZN26~(l&&SJ8TG7igf)gk&WaZ`e(WQ3ooa&mHsZ-<o`*P
zM6~>gN(<HuyZbBZ=pli8F-VK;%v8adk>#tv_EBtfHT+r+_tSv~Rf5;T3o|(L0u%3c
zRG$-S05rRDG?GY74%f?m<n8mu|7Bwb^2yGiK->w|#moEG+e?<?G>L6kK)7z4c3|5q
z2-mist)r1yW7F?}6atOMnxjw-Jdv@?mDuy+{F^)ABNsv}|IE)Slg^moBHwa5{Uj~X
z!WmVKq=qA36H3wcN4R#<{{mss3P%xO{&MVG%lfD@B#~WL@NF3}Pw$8MGVel+MP{L#
z8d~stB7=^k_dnge&w#}%jV+;jhh5^|9N?VMbOIC8sgq;5H~6{Bm_)-zuhuvf`VuCV
z!Z+w_uy(r+bJ&-@hdadoMvM~ze1`?n=&j|7I)T`4yT19E@m>S<-Ut9(h+DWwR*v*|
z4F#LX$8L7tC4R5n`?`tQ(0hmv>)*5d=2%q(<|R92*YtiO7L|j@NcSqZMWV%TQd63s
zIR*ytA0f~_pzZ1#!GU&=rZMa{kcW)$V>7y$@SZe)wb)c5FeB)2L8RvXocM;V2BF^L
zU-9r^l;Qkg{M|hapV$q1+M~Nz>f-Dtm1uJ1=(n5LxOf74-n1^qA^2l1BPv=sB7e#T
zyU@^INf%IgNo_ST4y#*b_jSh$b!uqJY)0~x2;PU92aIb-=U1wW+9S(&VsXZ`rc2tp
z;R{T?n8(uP+m#%MKdAOvux4TO{_vD;<Si3{%=SEifY=Fu80lYtf@J9+gPekbR0A6l
z0g(JDUvH2;v1(|Ls<Rs4$sWjB266_0oDbitETB^P6G$KyuxkgLVYh!79K_~-9seq5
zkjMX<bxO_~v|S!J^^Bgd|Mt9|QDN#b@(-bZznDh(<jb89x2=h^rF^^9e0d_5&rm0*
zE5*~8Jo7dVlsn!%a@_j)uD2;ol&Ld@zAFo_ZTFsuBz3-{r)H+Mr-!dKkw<5`iQIod
zw=Z?FURoX~1TfV+p6p5P#KV8WZk~uBRT>3R4KWZnU1_H*UolwPP@%_z6Zm`Xxb`oQ
zaZ-zAuuq&&>d5`UL))f1{mm|P$O_O#=w;VM_-AY3<}h7LR~W$>fB$MW{`YA^nTJ{~
ze-hJctEVy3<a^`$ag#wv*(=ksz+*g(xOT?I0~Yg|ZqI}%xt-Wc<#Kw=yt7B^12ere
zWN_?S-sc5F0}O!k){vt=c4d4h#=9DN3AlLx;?-h~<WSa>8no{p=p-=|sLMF5mi2;^
z31-!wUXzny^Fs@&#QbU4Pr1-$C6ZthV3mUXcFZ2Tlll3_q8*j^s+l!rGF?wj%G#Iz
z?TA?*yt@esA6}{YC>tEUR-XHZMc8kdx~4_8iY)GzqJn(e5ktZUwPCPpa>r8*+11p+
z?$?MZ(1dChq7%o5b9bCPxWZ-$PmO#%Oay>8LDCU2x;I7~CR7bvk}5HzI_kG~D>6t0
zZ(vaeNKtOXzyemk(hLU7(zqu+LZCOw$0F){<B5wOXj~M_tO|<}Eke~HvYIzRF$BTT
zM)@VO5*!6YKr?0E$^7uneE-UPEdDiQXcPYT1ePB?u)bMnU>q-<D<2sCFL1n1GdB`o
z1~&(fC9MAD>%P%|$8!aL0@6jWMhjK3m83l=dr^f+ThRlpwinVa{3}v!U;*{Zbwan!
z151=!Jl_Ylm*Sx~yGUG{Q>U+<svAAPHjsAd@!{>y#dArzTEA!2VlsZ;6+cmH;0Ccm
zRIxRr6u|Q@?8h%{+sLjk+?4RlsPxsb>$HY4P^X4cEak%fWt>R?tTv8nbep%$=<co}
zMr%U%3Jc2nC3dcjln*7PZj7FJ-k*E#!n~ip#kVIklFRcNz8MP<`Zv0pPF2MaP02sc
zX|#ik5R{iFM+jW)<f16F^LZ*06^ATC94)Id>O#0dpP&AzH8`Zo`k<fuMhWxL{Piu;
zqAvH!BDyY3Quw;a5ZSISpU1gtZ)(LpEq;tjObyRgB%=*TOXAC=Xu;1LZZpQySMl_q
zR*~ELO^Y-oXwJY^Bo13tIOb#_iKaD1=D`l%aV0Q&Ez&BWn8EPKKAUoF$)CAo&YjC9
zVYXKS!(GhAC(PY{VOgr>)iCia7{n4>uGv{7ar`5kWd!^GOYUC3K8K98c(PLrR@zl`
zVxB(DM*RubA3#%8`}vn(&vTSSUNLB7Gnf(CzIFbAC1JQwW;nm^Jjqk6=BMT-ScyAI
zghkb_)y03|(fAR><1TVZkTBe*kRyXmblD>OWMw8nhGZvJv9Gdi^9VIm^o2aa{r#1w
zA2)%sKc-_5G=o8l%qbiJ^-5TW2gNOB!PdesEtmV<F;`IokPz44T~jI3<rb<$i77{_
zl57=4xH4zK;%qa~2;l1`71kT|+Y{Nvaa*`yrc7H|PdEut(97TBf9TSAy*|(5zyEcn
z4p@6m{X;WE6fV&rA^8=(X<*19079;$CzlM;E>L&v`vlfcnIQ0#b`Iu_7cH>Zkg|w`
z+1}+|)~84h@?ukNWQ2o-6e<`E>Lu|dE|@43^mXr(H!W6gV2pPxN9X57*hRa8w{8B$
zLSIga>q_6$pqP0SOl44M<6(31)HW5GhtBxMC(1-E-?cjZ7d7lHTI~%^drIZkqRk=3
zs!NFGzu1RuC1rKU#33{zXBgx>=UVWN9ri<b+%wUi$o3yeIp7%5^t%~ZO)AP#B>3L3
zw%e>VTg1pPN#rS(viO_{U3=)Lm_5JW3Z8x9K*0`v4+eS9iK2v$xs;nzbpI^W1%<a8
z^eGIp<&)R4V<AkVdaIqOg|?tl>VG|+Tv650WJPwEsX=z{I_z1lH&(5%vV~r?FL<J~
zEkNxrpa5pBHesZF1w3zebI0KW@V^3tAomc7WbpMbGjjUbM|Kf8k}hHDkHRSU6nD)U
zF6rF4HPy}J6PHwwKlTi7Z&j+UQzaS}?bm3TSny@(43Lp$jy$Giw3ma5mWOE1B~pJ-
zI2+45DfD_q6b^@Uu02MoGyKaw)N!u=L`&7oro;7tF+#8w13BonhcO}m!wCl&neqDp
z!GZ)DV}K8a1HO*Z_o@UWfPCtx4jeF?5FiIA-(Cp=8S&Zpj}B`l4ZLF~2C5*pfb#ko
z0*B9`^tJUMg2v1OM+t#VyTcfL$o)5q<Q9-a8t9xbu+jw7f|c1*RF3)2u4FB6ye#ln
zd~jh_N^5ANi+syVcIB^;fi`-{KscVuIm4gAsLv)R?~@bHNWuK>c*HvVEiTbz?ky4D
zn9sqpJiTWUy$9}JT)qK5zExei-&5VMu0H$YP(W0(MjUI?`VP%py)pi$$~`Y!Myk~d
zSPoOz<*$pz!8C8BPWzv;RTU-$JH1@RD_3mIX>{{EzJl6N`bukaVoYsa9B3QKgV*oH
z#1G0o*#$Sp&!FF>(Brb1zw0fgbh#r-g!asrr00zf-zH~03u^s102^360ta@YWs;c!
zbgYA_F1zkm`LQ^BaCkzws+N$YtVSVj*Un(%BB$=~q~Mpex;H(8O3G6TNLRIwqwlPm
zeqod_dmvg`Vlb?Mb+#c8g9v+tnR_ir1tpw8FoOr8qn@Kb0u-<j(l{E2eDpB*7otW&
zjn)<+<m)M57nW4j9+&`<`_3XrbM0}e2US`$>saDCC-J0>P8N8GD%$jJ{q5(%KL!?;
zju@sf71FD)qx2;CdsQ$N&Unrx6o*TSja1(Dm37dgkmR38GqMxib%E8kYT9KY6bnby
zOk+H2h~6__kA9Q~%0eBg@8g498L#~W^^CJFfMM|-TRKFnZz&bO(1U}Z00yZQ{WK&9
zEOOi>iZayi73PQF5&Vgli7UaGy#bP;JTDQ)MNpO%n;bjxU$JP)x0CDIodDj|cVmy2
zgNKmb&*#tU+VETA@8*}mZR+><o0n&I523He=clLBOYV-BGjiJr{Lfm&PU7)3$Do|c
ztIu2gAqwIts;p^>9gr)}RjJ|5pT5voIC}SCGK8+>lv31zRv*Wbe%tX3cLf}RCQ6lq
zPv=d0-oH7~$Ld}BV<I11v8xnj*Jr4&BGgC>RA^<8lIWksMAPgb!eE6H*uw^n4Ny#N
zbt2MX(%4mYR6sQ-Cs7zHgHu9f+9shjynxXz#(XDo^vQ=z<P_WsZzDW%U9jBC>3<}<
z)4qfyH!zlsU`iRW=LV@G8nUOYw|56-woFt*Lx~E?V*hy77y2qoelD`SPd7pYSP>O3
z+uvTcwGG3gW;g6(){?rrTjLDbUNqkyz1A!-E+REMymx>qOM0xLUL#i@EitqVm(k9z
zNtX(UG?bRQI1gk{cm&l2bFg)uBQ23~@F5P-6Lxl|;5d(Dk%b>3B7(;opUUJZV#uGp
za{N$YsbNt3JtL#P;psgbbJ9j4=WQ6%H+mWH*fzo(IV=w-850?PNTnrQy9y#s<ZGuL
z#MY})mOp7CQFWnW(*qgY45Ph#&8-hYurYx7#kr(ggcJL`5xiv)MH_PHudIQ{9y42G
z@<gH0rXl5^KaeRF%fl>3_1k1_I&=gFt`DI<!1D0fgR@3B8B9^XD{9{p5Ru~9`)JvM
ztOCOUVQiFGt+@?A$D?fQSq+hmfOIK3Le2ZOM(%5&9xd9b^>2Use0{w7ClQmJDO)Ik
z9WP}$%~I{Y@J}D9{RhN5@(^Zy_KxJ`-{Ye54_G9LQS-I|Q=Qo#oFtzU!VQRyatVF+
zA2hXIC9VA?0xB^X`eoh3yYL)*XGj9otjSlM%PN{%EHVcs11;`j*30tQFXJ$-*(Ve?
zm-=dkp9dt0m$SLVgt6QDIp4ijs%B}gSn4`M%c=JfB*oVf@yVSWkwsyRVum6}I4>iP
zkRSeQbq>c@?w)G*{868=1O_!5@nwH^GfAGP<y7=A;0-PQ=#|<2oa8uv_<&^^S}@zB
zt!+fB*uD=d**_^d?MDoA8EE6MiOb}o_+9N4)+90p&wbIArHuU4{PF|1Y3+1)oZl}P
zO9F`c<CU$8J{LNQgJ~P=Iy*+sV9EQpaA-g5@D18oHox!*Kg7naETGzbiq~Jnb9s+^
zS1+zH(>_C(T!iySz-ZJk<;ndY+42@dlg~984Sf!fu``^~Um)QKcEhsISTpL28veR+
zB@V0gp85||qIIX#x4nWwkVHE`FsI}vFcr<3<z#6k@*Vupwi!&6ocu6Yw5PbPVfaw^
z{wq{mj)5e^VLYqF+EKk}4F>k~VVbl`aw|YQ7e<Q~|AYoq(r!_$O;TcZT^oUpZqe*j
z|4dK~^AFWYEBq9{X_ri6YhyHhUMRV6R$e2PO)z>Jae~J^U$9gZc{CwTQ<c9V1rh}h
zWv1m<0Zl`y!F6sc!Y<<JRyM9998_{-C*o}wsap9jCuOHR>*^0XAule$)}Za~eIQ+C
z=^26VVWUA#GgI~wUCWd1#H?}R$y1lSw3gFfW+rCjTb&|lJ`XW3-6T&fuh;Lf_xgsH
z8g5(W8krQbWX^GvTpz1n{e6E{S{)PU;qSv5jupc5?Wcx3e?b)$P7=W-#3Lb(Rok<`
z#<*{j9)9|ypc|=cnF>cHNwWgH+SwROL=)TSpbh?%?b+}Xg4>E5Q&gY~qW$hw-l_bj
zgBFCO95hN%!yhXlcOji_P@EgraVU|;@guD(uxQYMT`k=3%%IQm%m*|qblM<L<oIGU
zn(F7X2*9U6yzJT_aP^M!S|Zq4D}mv_oU`Iz=!jmeKXN&4GbE4I#*Pg^n7>&^Kn%IS
zrmuo)61@P_HZA`7XFwM;*6RL!rR_+xNZ`LySkADseO>QF&oFozGAvovzaB<|_p5<@
z^Brs?q`Q^|F(^>@InCefx#-A3;H<ET=xxgdJF}HjN(F~V@EYTMrZRCR6T<7y%b4t{
zof29KYZz5y?|-Qv!|X)ES~snh{Gc6Ta)P^=+zYu(Xnqlq9LPU{i$HomkK_)pC##<B
zZ#Bnj4cZkHB%o?BZuCsr;>bsMGZWldmkl7Aw~yn_t_9c{ve<}Tvib%_xf9*^;O10q
z=HT$I&P%i}!bNks6Z>wj?Uyb(&b}Zx1nDe*0;{>!%1G5UcZDd|oP?HbccJJmX9O%4
z>0mOc`iiP>VfJjtM3c?!wJJEbqzz*p>Z>ztFpMXLKG)5^H<vg3PV(Yr<dTyOQnYEN
zk#TlbA6}dk?f&<4(W*JRH78=imKX)$AMa$KLfS_rH^M$WC<}kl^1g;P0UfL`oY)==
zZNvABV*Y#ZGx#b@#@OyJEWCJzE@^gsxvsU5Ri$n|y*eG;+5~?0Ptf{tp;Y?qDnn&A
z?dl_M%8O^V7Fi|B7S%i9=s{dmKRO~{Spb&7!t7HBEr>$v+it60x7t_2>mm<l3f_m;
z&dPtm2dNzT#2}hWwDqTb*fJ6jAS?s6X)~5Q3Y_p?>+LRoAGV;_$=obvf3W%%C()|5
ze69G@<2z03&2IIqd-Uo?yQN0$yko`~JNj<as8F0!MXDWisg1p;J$3z?TZA*9XRq;g
zua;}zVaCz{$J@^5hX3u;M6_fR-;;ghuS?Z1hAc<76`K~(eLr%irW}robEkK5?|v2<
z{d<a^DA~DO*DcGrXx*p0Po8v|fVQNj4yvnxE@gEASI9)}bhwhgbLTkCY1mdi^WN{V
zw{J<WUngtb^H303|61wummhvbFVd3XFJSX_RZjjLeqJl~v{LY9>-2wukaggozh8Kp
zVgIkd=>G(tTxtP?6}?a`1#cJUtw5cza-sSTRk0_{jUHS=tG{1wQZy<YY5|{e|DOe*
zA!u4(c_2fOl=g!*D)B#4l`FuxW$l3)_H-I^PLtVCR96Z`={{^DxQCr-m8P3=RK;O@
z(8)R?3GE+!%iRPvN-PRiWG|!=IgvgcmMF=h5Nt*(;=(HIVbj~)a3yU`5bpH}&gq|g
zSa7DNKJFL6=u@Z`kl0iyAnqJl#v>8xGk+nn#?w*4JSCc<g`7NNAj}tnNf;=nEy8UC
zCv$b9ce#a78>reAPc)O!R0T)|w5NUxo2yFev`>pZnS!Az24xF9qjaa;F`|Mgj?=7a
zCb$<?`-3|`G6>Wl*5?~^?=X2T1Psdxtn~qNd9GSYRnUI$N?XCz%pOso=%-ul!dN_f
zpke^b+QSUvVDVN`<Yq&`z%ZPW-+5<nmpiIaey$u&PH4MF7O=mrRVgnc0_xJX2uyyT
zLCAyVSX0D(`+v3e7T$?=3zC$`FgY8Ci$fZ#{^AmDEzm4MCq8c>i0V6&_q;31a;AU}
zk$R<}ejvZOMTQgHlJ-mFOfx=sva@3n;W%j3A<-{!VV17kS62<x#_o1Wya4|9fkxfY
zMR|PolUPIPFgX;W_PU#FhW^FLN|!~$DWL8ekYF8Io8k-@EZZmKtF$%nSW!13Rpzo?
zjb)NKQVG5-cW&Nj19KDz8r=AEYK94x*pPG)wVuGYUIBuD$_bc4DcGdxhJ+VeS?N7J
zmsCkGX{bF&)tf#b^t^LNaEy*r+=z2xJCRULQe`W%Zm#6p(QR(d2NRtcft(Q)i+5f4
z9p0l|!;9JiuKc&qXJ!8&QYo^MZsZ)YKbx~>3EwCcN)rrCO+2ey1)<7&)`@i3|L96;
z<F~*n+!sE>hw^ddA7K9V#?f<Wgsc)Ll@r~qkwY7kKR;e&WAx=0*oZTfp<1GjQh`AY
zvT%7vv77C~+9lVJ4iYl|8|)Vam{tnTCk`C!{3M9Vl4Dcpcf^SW!>(V4e;+yQMr8Bn
z0?%o<`$7kT+9yS3$oY25B)4%z_o_v4H27<!wrQG-yPBXpd2XmJMx$8H7M+c>1cn7p
z(}RoU!H4RN^%OmSY!&~Cqix#g6R>D5CzyY&{OX^7^hvGd?iTzmhRyGDxw(uEuqKC$
z1|)h9VG;wQ{c-ztCXQ)XZvD8<5@$tk-Pag{1n7}VV)y&E!w+SjnFC#E1`E-}D{8K3
zv9-%sAZu7ty`0aPEd$Waxc7Tft(<>`DsMXBCm{Em^J+=iLZoW%MXhmvh_ins$*nt?
z8ev|<I=$Rq9On2vBV3&uc(}c~FVa$?)~+2jcGA(&+vnv7c2=@zfmbp&9etCq^HZao
zD8TDs!#BTZdXvw#B}UZoRP)foCc}VXjX;WUW+Y^?l=S<zzVE%F`F{9Nm4|98lY_W-
zaM;#%GE3l()hH5j@awsE+kBam<Lk#?GSTCSoMc&K-ercNulI;b3{rUfC<)SJxN^zy
z#Ar=YAS25d&%~L-^jL^<axU_>8SwM77rTme<4uNAwp!?~kseEMvl?7i!T=3Vb|8V3
zL@}gUJCe)p%N67p*ZSFc4$+uvpjQAa-mS*gI*X^T#Q0D7T{+7c_8woyhE7JnK3Yu<
zmYh@ix(r(r`PpGyh91I{!L9UQA)5Yb(9_DFm6tNKUW7(50W8y{F+QhW{fc|_&tt@?
zZ>Ur5O5i+f(W62WQ4QV6AJxt(_X)#<)~j0zXvchqGI@2SEB^;Rdv-Dr_2q;fvMS7a
zqA(c2=|T3nXQAUv7=y`;rfb+y+ZvQM>&?4$v&MM$rqJ=sq$N{{G#f}nJrQo29CQ$`
zuIMp!WI~_vbIu+SO(v4I7G|g_CL3H-wdRx&a-r_F`44sGp+i}eoMd?4hRf|xcEuF4
z=P1?jv~%hUY{w#X4suh6BB=<BI}@A`lD26e9?V=G`{|t0w5(i4+-$ltDe|r{&5vH|
zicxR)Nu>_y%Od9(g<8WiTNF8Y9(3crNGq8bX~qDN8~c0(80fRVf2bwMDasA!bjB=^
z11ix!2JM$DmI!-8^2)O_5Ni0|w+zbzvVuHNYUidQEh+j~x+%;$xQFg`eTexRIfF6q
z<Pmx!@;7Xg=`^SM8mvVq1|Tg}w>GM#G%AxP&*XYGBbwoFB8Uj40kYKpJ~!TGyF#oD
z(u}#r6SkGyA9hQkO6D5>pz@m2aJ&VxA&#iu&=5UHu2aYjus<k0_r4+Y+iTqUo*3^L
z=b%bm+7>l5&qqKe<II!f-Cu?+{#9!9P3O=#G@!P30C^_g#QIr*ODhu#U$!dr2HMSf
z6NNt!UVZi$OVvs{gFLs^(MxwXU@=*Wuq*7L2EhYHpZmU-8%y#O1i!=y>M*be=E~+!
zsya~`{<arPJy(gnyEwLi>$N(Py#ygkh@g4rON?N$cvE}We(lgT+X5lWYO}1A43fh>
zWScAxb;1M3Vqd#v`P#9?DL@$g3?}N>d*7nZVM=Mm^)%>p0Ja1096wBNrf{Cevx5-N
zNWrXi?$&||r6DSpmb71;pOE55W-#pyQ#)3J9lZE!&bS1YWkIkeATDwcWhZ%Gs+63=
z)ixrBHmn?j?^HlcCML|ZR~!9T8^lRL!0#4)43aoiYY9f`Ty>>-q#`rvXI+Vz0=so*
zPTz73X)6M^XqF=w6p?c>D<^r>%g;H7^q^5lb(^RK4JUyu8iIqiTrNr@vDm5&Dplkq
zryBeAGr}N+?OdJjsxX6=jAuL6)>#K3{+deA9QvGjLBAkZEA4z`vsl<w`Ek0<6!r6J
zD4s#ULCO?M7TrDnQLN5{$4-BfZ4x&w>@YL!w9z1954)s!RszDra1?^3`@b)wvzHIb
z!tg^Bf%ob6rA8bO9d%buee@X+dWOHDS&x%9uHZ&l;=^2vn5cj7`L6tPnww#bG{R4V
z0bDm7gKy$TI?s-qYr{`R%tan2*eip>K2g{=m7N%&Q`}yp*(u!$q}J?QrNga`gdm<H
z$HaAL;uV=No|1ox=a?8*Lr(}UO3C%tZ_Myv`V3x+;hAOnJIG^Q0j*E$ivB`E0-bGw
z0l)m++nraX+@b~r1LJX?@s^wcQI(mKw2tESPUF!lhOO!_7G|)xlUPjhkL#qVtKYmM
zM4Y?J#Gve#%ei11%VW0j43QasC=Js!Ihm80r~YVUSCw%6HYba>zfQk|4gW$nGAnrH
z&z5uwPN+@qmYWK!^m}x4enQvQOB!R~2H?X(83eI(kiuU{^VM&SQn{Ta&%K0+iwN86
z%HUOMfT{%PEH5YT_>XrDeJ$8%8O%e8TW0LK4$qBWC4wpt(l8zgzk3X!_F>0;p??|9
z+tuvk^!P-^J!}dO<BL$q7xb^~qwGcblQajedvd27z5gxvhrA)^>0rO^hx|S9D(J8g
z3Mtch%)~lhpXS7B*FgC&LG7sGD<Hf`pLdTKIj$1(Mj>f1L8-of-ghdNl*UoROOs$_
z2$j=^sFPbmj-#hi_d$s!uYRWkrx}G31%Bi4O-q-Z==Uge9S%v9Eb6=Y?_JTd_alI>
z_cQ*R&r`TR{p?%hvACbP&r^ZPNbpvXoQ}v6*D;-=H*oB35EuL2_wY;m&i9|;oCLu;
zzab;``4p&}P))^8E^>3<X@9fO9nB~(yO;_9T|dcyKrHct3^(>}<G*Mc*!ig%<ldZB
z^QUcxRs6=4w+`{8L)$DYo~pRHx5YTA6RVmTH^4^9wA0qJf2`d~hqi&A^Ye!HSSnbT
zAsLK7LoYUOcjUB>F<s=4;k5qNxUmN3d+Fd{Qc9OWTL5p_a!^9oh-!rQ{NUNlX76Ko
z4s5l5bv3fKD!q22*6Ju_Prg0z@&y-X&tjd!R#$m7J65QdM`V&`@Vut{<9$yuYBOZu
zRI+#WfzD8g-cmJo>(p5`91-S$nXV|2#@3se>D6;W+i7!fyTr|f8*4d-vWcd5=BB!y
zFn^&j<Xuv7Zp8~puV?D4)bA1sPM^rH_V<gIJfvs;)veFhk6p)Jzuxx?(vQ)AtIxWZ
z@vnpT?(VIvc%g1TKLOtN*lWMHvCMnP?~8?NDVJwmBWfQXA>TBXHL0qO{H(37ua7}6
zf5Q&J1v75j!PR?n#WY;Bw08<|D3ONDv8nV0x1G7N)nmpr)G=Cf!*Ypf^$59jxWgT2
zVI|_Xo;)5VtM!MflOl^BT5!;^#!l}o48Jws&=4#J+7yW|?qt$MeL-FqU{9#*h^}ES
zp>gXwn)80MP1X{ES9Op^w;Vf0&&+!V071h8;|iRF_<_+=yPo!a@fwZt)0%9W0O#=&
zc47sD2+h9xud1L%Zai6f3WkkiG^FgnC1tk}SZU+9-@6$jXq~&L(oNPaAjb@Mh<ylb
zN$6Mx)$bv3DR*>qreV{on-;S(_C^?06*JO?V6es4L3g%3fg}mZ`w-UT7GQIHy^1vQ
zB@q$RpoITLPF1H>(C^syN9K|RK4JC{N!@z$imq@$)R-C5tIv8%kJ&_WdH24-YLttr
z7bZOX08>y;hV7QMKpU;%%$m<;k)c)_{Z!*Dm!|lTa}jsq3RxNG`p39BY?Goa;DGD(
z7jwBsZ$<h89DwKmJZ$hy+cmAjii8Myx9aYpL@0D+21~-D=&Fgmq&5Oa$Z_Z|=_Cyh
zPrVi~hOyv;`@+=amDAJz&HDL_28s}g73BN5i5wSiOPwUcGfC;t%FwnHbc(qJ8_*5w
zN>kinV9ayz;nngDHfeKnS2aJC{rPS(o`TLQBGfDgg7|K)Ix=$M)}2tS)L34OAa7Q=
zKV?nSsydU_QpA<tWiVmKTpHOpvgu(^NHsCYDAZF752*PJ=(EEObtP|NT#{LZ{Xguz
zQ*f;9_plk;wy|T|wv!#(Hg;^=wrwXn&W>$s$F{%z;XgC=P1V#K%*j-}2mN&STI+tg
zs*k$w`&!r1)QiW7Ocw31QHNu#)iJW`!(e~FHpi}WR*BdOMjUKDsBN>l-X*33oEd<W
z)};i3Dn<z9he~OsA5MQjn08mgw4)#gmF(2ClH?S9g0dkx9->zT5sH=*QWa8nkZQ)Q
zcbU7B-BTk}T}IP$MK^bn+{&2{Np?;!P<JocfBGm>dRk~p3{HZfCnMvFAl}xMHjAgZ
zw9q+`o0q|(OQlES>rR#a)hXP{Daz?VCv|K)1p4t)vkOjW0>)_|(S~wILN(NsM#C=B
z{rrKb-U;=kD-KMeafFMllIcVBGoczc>D}1<cww5Kgn2`xE&Eb(wNS)mDrGz#<gh`6
z!2@(y@3FtVnI|%dWLq)^3uvMp$@F*5mXal`=q<EoEzKda4cs<(PErwI$Zxi#H_pMu
z?oRPvq}j<y`+dmR#-q2IG#*BIApI|TtuaNsS65j+*JkhEe%-wUJy)u#VaLMb8qVnf
z=$@7~t-~k#GF3$qdrs#t4Su!F+;1TqiUAmLQQ)1!ldCq$NN6*QyEAC0DiV*R{ah8`
z4sd}*dzn2J+ql1viL+US?@*>DjS`<nmRVN7enFAh6|q?>10PGBEKgcTWm_B-p842W
zPmuwGF^+%4Jjuk*X(WhqtnU7)9JD<LwG!sb=Qv5&<@n<fJLPtkAA}_{+IiLOl8kMZ
zJqL&RutT<zvcjf=J`@TE>jYG5Uz(9{Bb<-kBR##B11?c)^wTr9BI!J$UoO1$c_Z?2
zW9Q-UG8PfpPJ8B4QfxF|15fgKa1s3(Xtj7k9LP*Q98N0+Hc_WyPZVlMvydIQTmJZZ
z`;0~V7Rx!(Hp1bv*Wfc(@$*YZvn#@CDAP&yjNPa)m4+1w5%mnN7_vSWn#R+Bo%|#O
z=e*AEbt3OOaj}V}n3DpE#l_d#@#B3d3{~<DX=jgA<bpVwDIn%qV4Vg_)7F;M1p=DX
z6L%q#&NQ|0xOZ4v_knKvra5dE$ifphv-Ag4h383z`q{gwfvO#h$`H=H4cAhN@Gzqc
zD+Q|FsPaQP5HJ_OkI}3y#5{f1+qsZ(HLSJCx+BvL>}^B|_LjCj{UVbuQn>s2a_&c|
zSCCvr`G}B#ZhwF?R^7S3CdZH@$GX9*)<(a85O<!Gkn2y966L;P8&8?9psl_TH$on$
z8EYqrP6HSa#BZFvwYkp?c?_EBA`456X`o*NJ(R^<E5h%xZf)0yX~jm(PMmUV2AUS8
z6iShfac0Yoo(0#+UX{Hw>TcpIW>%HM{@ltUULyI3m|2Iy%}0noGTI3b;-u&W2D}C}
z(n2@Q2lXe8ib%lLl76qKl0rRE0?MBc@6EH^Yx7mBRr~4KOYgaxm^;gJD1Nla`S|xP
z{!C}=aDBxhEH`B|lp|Q~d+EHmf`?va=Fl!gWoA5zoB3}!nu1i(^e^Is3^!p<1vIoq
zc5UW}W_=IM8EaZI(ejW)9_kPRGq8XPH^L<u-Wo@7MKP=KrSmPujC<|S5fkZ*`eP&x
zXs>2}@%#aDVT9i`pg=_3@IXLY5I}vM>_9+Q)}TNJKtNzEz(D>GK!Sg~0rBH?ARvu}
zEx=_10?2>mUy%(UpqGPn4oILrWn3U2U|S%dO+c>C91y<&RJVUO0Ru4t0l5H@)@IC5
ze~1AUypF)HmNL!}zr+Fs>V5B&rbek=5q5bD3Bt;9FNvl*@cwGV(rBR^tIB)TCuWa*
zt}Z4yk_ezf-Yqx~*pE7XfM<_L*<~J@^A2NW_FcfUpL+g8WjYWW0+;{YZBJEXs#2Ln
zyog`o9F~A0&oDbnb?K$-C+VzALl9?K5R28=I(ehBr9WqaO^nPoIhROvJQHRo&pknh
zej?^!p3D7yEFebkGuxlDrfRY6@bTzm$V-N?Ndel_S#R>-59;|<GHc^$7`dL!btH_m
z(WTa}vU=3cWgXg$wczGVasKi!@*!H^thmP%Dp1=?g<NGr8c~_pN{}|!ti5bsFnJ$l
z(zU6Qrxgi=ZW<`ZjEGXz>C9WhkqJ`Ql!xzVSbl!$hWKLs@n2@SF+s91Qfm+Olg|j>
z2LdEvd>m#lpc4=C`2o5rEQG8Sks*%t3?7zsOXCL?KTb0u)P+gV<Aa}n;MAi*{cN;|
z!)o9HE>9jg*r((Bq(4Xlq2MF=L8VkH4MEBWCmIPk$_phd9fU?cR)HuSq3EqNKhqcP
zDH!<H7tm{hohuOx#HaM4z>s9hd~w_qpO-6`O1Gja!#GnW<eF&6ZHbiQ;W0fpi?>TO
zSG(w;Ax}a)R7D4!8_KU2N<a|myXinPn>FQuPB2$=6TTgcRxYPtYA1q}<$IH9FAiB4
zEgc!9qP#n-M*Btz7!<r2(hP-YYkCf1X|}4Gp<G#saMyH&M>-RrFJ4ECLV=ng^OCy4
z0Y2KnS=s)T$DUN5Cd{ckzM0FWFe-0%8|-)37Op^MXpzS3HSU#LxS^$oDqB&RhdE>0
zrXMAR9z81T?FibQF*=Cha37XbdZN|eV#>P&_BDV$B*b6<aiwgWN{Tx3(UNTm5?)y)
z#tFBG6ZC5cf@gtypmL^Wb;4^sahW)jmqw{N*YUR;6~a4<<Q`2;8CoyA_Y9!~j9;Wt
zaa#4BYYYqXdTYC(W<-!<(a$r7YJcRyh9Lya8WtJZ%t8$d=bw~O;*-GoGm;!~;FkmA
zpRdi0c52S|C@b*BkzQ@XYeKE)!NZKgn^IZCC#tp)o@#1&1e?t)%{b-*=h3lI;F)^^
z=sLqEp%@{j6lN^7;fwTCpKh4ha)$jHh;modi4{tXfd<Q}o@UZ08aJh_EHa*#q>S5A
zb$oQt_J^pm$#&+fS+9+_bP<Bx5z4_l${E=CdApC0D%B*KrtJzuF$N!r!3a4g5~Ug|
z^&=~JdODw9e_sgA?FXuqRSF0l-znImzp99#(sZP9Lpah`A%{2Lff)<g7GSzh6Xv5l
z??CKNU?LADcKH@$_`CMqfP`*AvKWm-D`_xlq00$e3LM8v#R5fBHJ&<j1)ad>CC8dg
zYkp#oyQ5<cjTfRH7H|_1XCJ#R1_fW}T2?imM_#DGBCku#%<atKzwt<x`o)~`q7NsP
z^8BE?_D=TxAuv-P%)clv9XqlZPI@Sxm<hf^u{9}W+l^P7d81M|?1B3HS{wzoj>R^h
zC>`*7w%V)$&6vk2!j%2|uCm>6o0|G=J1HA9Zn<v<JEk*#qerB{z@NYPp(99t-e6CR
zU7<bkMf>OgDQC|HgRNG}_^O9cIwT;#+@scFIvP|FjIM(7oHV|B9~IlI!L_mA!KtQT
z=O9GvMQlzOC9K?v{?|wmH45%Kn#O0VC_E{P+^P*D4EMqL`@&prCUmk)4|l|4!0Y&6
z(|OWd6TJPe>a7F7X-=?}M^=q<w+SS5dAwr6YbY(qa7nT$KBtvjcA=h0ga}H*64<c|
zREO3^XnfT!d$0~&3-O^9R0oc5EyxCv6I-wjJh3{mEmTLOrO2NpBq#JuK;6G9U~K*!
zIBNSp-vQ1u{-_-;=3%WmLv=J>X3YfviUmNJ9iTeiWO0RSL*r?-{<HkwG|u7Ke`%b5
zXX*eS1fX#`-u`zQC(6STrVw@kxiX)Ua#(^tHx6mv`IPPt>|=z-glxpKgr;I9p7pUq
zgP2A)A@1>$pp$!5MZ3MVgBm(3f>P{k3XLhKyH>ZT=F&wG;16T0a4GqEk6>98vDeny
z#Z3vpqFojWYgMJj$#We%pG%kQWl5w9LY_jZ5T>fzLp&@!L(I_AA>%3k>8ST2f%!>S
zhYwNLsnA`bnPIi&{jyx>P%GR=lZO)_RqXWg2b#@Zp>j_9FGzV{Ot$`45Qxxm_1xNS
zDh<z{1~{OolE0rR8BvtMW&?i%wVXd$?iA#en}LNrslOe3rps^-qQs))LmY(s-Q2E1
z2R-U!$D*G^qOZiZqw!hGqC+zD(D6Seh2iq;G-xl*ApdRb^CT^njzpW4nNO8UX4vT&
zX|-*-Cdo_xhnRaMK_wd<wuB9qq-KMH`VF|GPi8q%#-Wy*HHy*ol{3oO2$kYIgd`1l
zrVee`#WU73N(Gsm$|A8>GI9B(Ac)+Dk=(p^3uBmjd6R62a?ZGtNt{=G#zpQU&>byZ
z58+=Fj{k<?TJO$(DI7`6fp{A)>E@~ue~!WcT)s1dVIhXM(8Pk5rAJtJ5ykkb;(`cl
z)xi#UTWoUOLyIK)&VG)yO>ILesVTiezpJme&$6H%LI7*SFYvNqzjOWN3H5!e?<H{I
z)A;@3Yi|$0a}@0L_2Z^}i@fsq8%w+AzTcYP6S6-sR>!ut5qHF7@8+s2PG#@lXJf;(
zRJ*H&0K(0Fa{F}EY~}+1ETy2>#JmF$Lyc{Y%FUKKT7<&FOAcuV0(q(8-7Hm9-=BrB
zQne6zj=n4lH8Kv)GBP%!ThA@D!=KkosvO`URl@3t{S?HN*6cM1b|M-@s`|1QR-;5@
zM4~e-=_3Qa8pJ5lTn(d)Lb1n8sBr`i#}#&&%`%zHFLlK%?8H)IpFKE)t8YA|IHuKW
z@2SOPRvEO!V|M9xb4)K7rho)J<38tRooKe}ptel`F%X6BYD=Y?8au%#N>S}45%ss9
zGo+?u1BJ}miW-wLTgnOZBvpau0%Oo&34bvi8*Y8;1L0O$LTD!oO)l-65H-B^Cnb(&
z;xVc#J@;SOY4AyciKKmJ<rQ{u-G(tPdZ?srOwyZ;H$vNSS}>>C@=|B5cq%SbY<mA3
zn?Xev@0nExG&Y9dc|ml_pDR-Dr2Uml!^s7SD@@cHreVnI;FSc?Fe_FYHB~A*gG|RE
zV@Qg$>lw3HY&gj-Up%C3zpEU<GtoTG_8Awabj7uX-n9jqe2{Q<kb<MMyOC<zI`Ct}
zrCb=Ec1a8ZHZ7RgR=%4diRP0I=C0L$>wNlpzde1BjJ%GM&mne=UcsTVcAb7ehw0!2
zx`OSSYE0Xcx~blCxPF0!IW54cd&t7#P?DADV@s0k#X#Rl<q{sT)jhClz==dw)SX8^
zfvN|XQEnBKv6;<h>iC>h;!;@ZR4*(ea7{gh-ScP2$KGcj=JZ6JRrz`EMBuOABNokd
zRo#DM+LoWA>=a5ziLNXA!UZq(oH#nA6(8R3UC4T!b;xbv{zg}PHXZ!HO!+lflz6Ok
zVSnggu;u%q+QBAtrjTCT{sW_T^GAogNOC&%{P8QQPI%c^yNaGUxoXc5yv%Tj#9R<A
z+)=QjWikSrt>nJuJ)EU;1g7}XFODLDGwW-|(t+H)KT|?M8aP5jZ=)S-`LZ6-V>J|<
zkZdgjPNhNM(zJGxwSGu#VANW5)SNjN4|Pkmnr%OzX1HlVbm|=0OXyH7$TYx?uQeLl
z4|RH-Dh67Gss(U|E6-^lx$p;@5q9GPYCNPS_d6oj$L*sk7U6j?>a4d#p)fwdzE+OQ
z`VMe|HccD#RI{xntnJzEdW87jb%5uft<s5<uK#Fv3$`O|5+vL%F|09FCy0J}P9E6|
za|dchJ9Tgew)R?V+C(uG*_aYR6I@hMV2?pZO~ALX!E6y!<D9$&vJ6MJ3auT}mSLx2
zh|ZQ63-V$Wfrgs+_C?|#L&9<9`ICz#4Jk~eqn#O8D4lq(XjtLm(cLB!(QdKD;~`UI
zu4gmF1biQ7L#1UR!#;d{pz%p`S$%ok=*ctE5rx5NWT(NgpgP#ya5|iJbku~eWUgJ2
zjwAqP3+hrHO|Iq1UYHl(vz$2D=ic^W7H?zh`21GtJ&)RotnHeVPBM`qn{F5iCEO6e
zYQKAXf_E|%+E!fNv_u?TmW@_7XQW2r!~-BTp*=kHRw%0H-6DV9pMOyHRnl_*lqya?
z>ek7?0CGEMoNr4as2xFNuE#KuFGM+JP<p|A?8&SnM?OJ9_mJHmkI>+4h`l)xJ3CDm
z)q9Y-b{d1_<i21RaeYa-0{2es#WavSxd6v9>7DMeC^R8#?#7gMIlBT6$Jam5Bf|;<
zA7j@0S(K?@G5L7*9G|JA{U@OHvqqc>@Kfu3lyiP?>X?<XW8Qc-r;&K_d(_JyfR6rm
zr&%|acXFJ8qH#KXZwY3EdAon1LIYZm=ipb`sQBXPxPP#J-Y;ZUEE|{QuNe<{UN~5y
zCsIm>8j;Kb^{ih)WB3pb;&;;;iRW*?2|?Yi!)1$h$f+vq;52vql~Mu3GO>Gf99phB
z0l3Cx26a(6<uPSaIgo!mP(K9~19E#B%5EkP$2&aSFN>NOwJq|Ayzkh$L+66ap9hfh
z+^9DdQ?oQ)roXh`1C>yX;`TsQiS9jiCQisUuZCv(Q|ZS`eri-VyzkymV{nxC2KAad
zz%FJYARSnH%5ewQ94$mS@lo<V{ta1eoc?GcSgLf$*hfulthjmnYbUhW8`;!Do0OTx
zZe^`$>9XcW3Vmr<@@%bQ3QK-(r)86#3X->IrIfh8Ul~~e9^!d_zG7b&+f@`aWU~JP
z^+B-LT`cS`mL6@M9hMfjWa}>H3eKP`G+V*RtbQYCJ4#Sk?eIgVev6SR8lKHC;D<9!
zFblgY1U#IrE3AvDkQll4uOf9SBKC@5C-SsMnn-%g7M(ETExi#p=(9;T=2vS+PSQdJ
zitpliXfusu)ST4_!D{GUOeO^WDtyT@bN(%<IBPz77*_)g#|`{F(!h1)O!_pQ3|UEt
zz$Ss~<mkOF#rWzZ0wE{u_NHQYEBP-h8L=L0bI5bQ9?UM_<H?ZX%PODet`<r2ikBXJ
zM~tVDwo7WULc2sswrQCVZw0lPEJC@O-4^D9O7oR*vaEZf0=E1;c+V!qc8PPPnx~Tq
z&8s$3lBkcq;&6Ov&)VjKVsi&vX;1o=g5qPvdFLOe*sGz5xgt_CfP^R@F#@OnBv{(v
z$@#+mo#<mve!!FVe6#&=%9Z>8X9K8RvInFRRQ!yFg8_?MeOS0>73c5c6n~lhIDO6d
zPyN|{o)DB@G6AmuaMX(m8tK39s89#EciK8&#fEBiVM90<{G>*XIMZ{n3`@N|gVJz2
z;Ol{RN1$j4Byt{etnuPn%s0rM6}=MiWk-E*o*|;}gDCc^jqs1wgUjjhLYH>5T-z|Z
zoo9S^r$rl?eZE*0`<p>J2}2JTOYr{=eSy{ge?(vQ_?0Zb1`(C^J*A7Q#BmXRDe%Y(
z4EHiTw@Scb4ys1n?+-1TzO6VT`l8fbQ(+lwIpTDzE%R18h=Z;35$0SJ&AnCxnBR>_
zM-1$iw51S6w>Q{v)1Q}dKr`5_PdW@a<C9>*MR(|V1qnvGgDc0+n%c!ci{2vUj5w3B
zQSeq={Fk^<SZZ4YYj3W9AcKG!c!Ys+4;btP(>xo4h_xI${}*p#fEzD`G3~_lE{<7<
z#~HZB>j(Cz)1)KfHwqSGElpt|4D17!zU7l+fMDGfiB!BiOxqG|pN7R9lsAQAy2YrA
zvNUur6wjWMPel|I)BL_O^ZlgGs`q0IvRv6I0+xr28Y-)@2{;#fyp$)P!)~I0J!d-@
z)2|a-f<KQ4h~UV?_YnU}sK0EZ6AqW5$vBC#5c~Ji_$+mb*PJ7IT_%VQ%t?w2_AFE*
z9yU%Lf!7LQ^qyIMNm+mX)a6in1U&PTMp_P&u!K)Ylu>k3mi1St!Z459&z0`0+NwU`
zLYw7!TwSV(BcnYP(EHhvD();y&Tid^X%rG9Dw+<5OiLb&j-r~kF(jp?O*rK7n0f7b
zB43}+DEb02a4L#-Zi7kktZiUR>(QIm^uE4Js1av9R&p+K=ggmQUH3g~8EC44lRNFZ
zniiApcAYoz`V&X|18zhxb8gpK-n6*X09H>!hd8ozq|Fm_a(+EfcWz%J(or7~hrW2V
zuKUxXs~%Fj-!I6WYTTuhgsV%m+s;0+ebT@fqznY{Zz$~LC@C;c*PpApD!gMGLG%i6
z^s}QkpyWy#-L|KZDLawsrMJGKyj=wnLE8w!vH}OzDY$%bK^T2FU-M+A;!%+8GFT2?
zGMl0*GdOqTuaAJ;<zQAuO8QYLm7~4BXqV;pf~`yXV>N*Yv!2d2Iu@ODD+XWO(=^Z#
zo8{G`T6|q4)HF&Q+?XrHW6~%bW#kZSh|BKHHO_-2FRgnR1yXD9r;YU^$IoCq>F=9b
zUDGe=E$%El%MsFNwfD)(Q|t^abMGzyi)+1I|0f-i@rz63YNG^P*Fjt-;j`Sgjz{cm
zRMhAZq=(b{_QO(Ou=Bz48M{}~GnCDJ?ZwJ=EY)`IL)-Yo(z;PmdjZJTMO#Ix+jF=p
zKZQu|9h;rRx%Pn?DkYUgjP-zFtQejH;%CFQr#r)M`Rz6Hnc3PaSBYc1aPAVaeYP%d
zH+8Wi<g2Cyb9ZzI7Nf_I)(=9H&||PfmRXRMVd2Zqlx-+hJ2Da*dF$yu4|pZ^gTVYu
zSxLEcWuM<0pAO#8eaU>f!Be&6$o?sMnJp_@X@&46D`f~c1oT~cY~PIuF||bQY3MQe
z_i`+N4Xa^jTm6DiBj&{H`97Ldw+?yUNbRuzlye2oe4N2phyH0_=CObAH}EO{;%^|j
z4#V#%cao6_f<$e9MEVa(am0g>hBG8zBx`u-DAE%Aj54yk9Bs9h#G8>FQPSZwF2vEr
zot}{>O-v$38UIorOvv8W5rW})IqYv}5%Zc?E~}W43!zU!42cmeG0VoE?B29TpCMGO
z0CnAenK*5QoANMZbQ)2t7`oFI#^NUI53S%jcbI<MDCM(`uba|I@xSe%3#IdZQ692f
zvYUtAyp(7&h>9CE=BKPD{G|tJyif>-Gl%#Sud6IT4TuMKj(&CBfY_2Po;Uj$LSrqI
zbLREru%Tnx>wrUL>l#Y5sv4Y`x0|UZXgkUhdfsS&4Kr@TCh&-)^!+FAAQ>j(vWSD1
z8n1xPHrc({r1;tcMP`Y}7jslqg$G?)J4(ARtq~82>wy`fp^I;);aQc%7h1)250s?e
zobze?NYnNDpm!C8dfBTNl;ti;hSl*qLPrmTIe2sv&w|h6wbXt6vGi6sM%$(T#i|+s
zgb?Tq6P+N{!+?=`D62*~<R~rYv@7czd<8a@;@ExZ>`zA*C*HTuv$U$6on9WFZwev=
zVG(F48IyM?QgJ&&H#n1$NwP&}WXq3!8C;17;=jK&guBoFelZoTwmG5gs%Y1(HxD2`
zn2(KJ5Q(qHIU6i+0xR;^w1E&9D%y$5Dd{9sQy_NL8F5^CSA4&dxy>{KYuZl|HnIDJ
zlUfV#c3VY)K&8=L2=zq<hr#3z?9&g{dLO%hIVL%#NH-wic#CPuAG6v!0HXry&JiIr
zR0QNhcf(Cf5kQyQZ@Ef%Zhcpj{m!@X1QJj}Wuf8Ry#ONQz4+Kl#{o%E+zzOBx18Ca
zUI#%Q$vTC@&`(=6DG~!uh`(7duo!rNmyqj7p!+nb(Y5llQ6t;DjW;vyxbcY9G^>|l
zNNj(}UUZhWi;G@$&(944?J3xYa=SSZ*!u>L_4~Yf*phL{J|598(HFfWMhSybe*moj
zFIN3sK)WLWKjrsQC_So7rXNuSS`;R!Hy;Lr8eB=6Jcm*Fbwc|RW7t6P4*J>Ft4&br
zA`3HJsuvsM|BO}OEN)6U$e&(7%)zWN=aD1w<TidDyPzBcxu)jY2pP`Re__~?>NWx@
zS!_|l7}MR<aM4QbKXq2ALOjDbv6rVga?TsB%2|j~sJ3Xr=A;(nwO6wY-j-?(5oo0A
zHhV2D^~<3zbk2_rY%j4&ovxBz0cL~W&5;Pu&Sew9+}zl*D;FNJMs}^DTo0-OHm8K=
zH~i>Qgq3yRxt<L4!scE;Cx?U@-(bSOjeK%=S@BqCZDN}>w16Q6hrc^`z#Y5`!p)$v
zi?=>6&W7Bbt_|qu7=y7-R*PY+UXwvi128+48-C-sEy>rtL6$3I_RJ_S3JZ4)rMuVB
zr#pYS!E}=TIGCngU&m`OMqKNWcw$+s`AIMLlqbJfw(VBei~=`ti(=}uZf@z`l%t)W
zUl0FZxSU6<+EH_Us2+lUfjMl|oGsHL*CjS`G7b%{j7Qj6etm3}5lq(D*Rk4K^{Cqc
zXtENW^+#juv&lX6dcFKDSCR)r2)2)_NjozNGxW7H`Z;;Jc6h?5IS0*%9u%QH;;x&G
z`;`>V<G4z+I!||xE4Jv<IGTdcO(7GgzyE7Rl7Mf2l<0%&YANe$HQ)KQ#k){dX;oWl
zCp=-;0-gfI>-YEj(T#qxDl=^??QbN9t9Ujz&wnwU2de*KI-=bGOsBmIfa%Bu)a<eR
z52nMaK7lI(lUU&nwG|&Sa+0@tWz53;D0S)sILK>mtucxDSp`%fNN0V%R`=V)=#Ia1
z-0poobi!^U8@p-46Tkbh{(;~7@<}UygWXtazP3Xq+69PK2kyL!qt5$|Vpx4pv<Ibf
zCqA9^s9eG9!I$F14ix2bA|JI~Xkx*YHGBdl{daQ(S1`>GbV<W=*Ej3e#kZpX?M*t`
z{=qb$t?d2id*k)e?_;MQv=ZN8n^05%XFi@WHwiW!@na!8a#V8!mtu;6$opIIAa+xL
zCYRxxrZd<w@3`tnxQEOCbTmb6+^jg7VLc%F=3QFJA0ExEf)A@0Tk>GkdtMIW&E|_l
zI?$!*e9)fKO|z#B_i5y!rI%hwjBBG*4B=SRy~H5ye`jmdEhDA1JsyYG>T<@UlRstP
zY5oP*j7E<r;x_Al9BnS;;F+m4*>m&KN{yX|yq87s@*^d#c)%c=cyfMbyr+HDvlJ}V
zwLB7ATajC1z`nN+r8!>>dN#dO8*c&nlrC&6w9?(vene3I@L39uzi#`1R}WPGOF7P2
zC#pSrqVsXTl`BW3zi5BhMn-a|T075Wa*F^3v*#ycn+I!76J-j8^aV^^QdcBw_$6yK
zk)G4M$|J!c<_yYPd3|!R8N-}_yWi*6LjN{mR~KO(;m2j$wYwi*@b^ny58)I4nxFUY
zwzjVK+p@O0ItlaNb3F=#nkw5Tem?7;lGDDh7bf=CVb>@W@8PEEE=?Odd44+U5-X1x
z6kVFQBdH8tos;qHo0P=N7Js(QCM`R!PgHD@MlZrK1fEm04s{|{i)#eGeEco;M0TD*
zl?)<Cx-#Q3_YA1;XhZrhHyY8b%3lm9K7`{G2GI6{PV?j~cn$9zBn$-pgfG>6s^%N|
zUSfqW!D}{){njo{U4EZ<1Oj)_K?`Tb@2%#B!kZc9N3Jp3xY_N{ij6Y56Vxvq!8KJ$
za@Lt3Ka7RJzcx&YfRyh$`@!u6xyaZjd;=#vboxS`cDZN+JgEuTjm0)0qonQD`G#Z@
zE-U6XJBgmMg^uZ-W7MKEdB8rEAqrUJWAwE}1Q>~wvx#hnWQjbFpP@@C(2(c2@=1q}
z(AVl8m0gdz=s4$8!0LMkRt})_6eLd8L;F%_ZAxIY5TP~c=ESen1^TJg%B9hq2qgL{
zte62>1=;;oSiNE{!$kRVdSU&gVv>X#mNDf1H8?%k`@d}lm{m&RkL{+11wS?3opecW
z5otNv;b}R_ZKIF$O0Z+U96sCz|79eyAuq`wfZ-eo9k5k5>Iib>7nrE@$|hTR(PJ%A
z5o-a@NE(0|FCT(aaJ9r6(<NckBOU&6c9VShZxPWNiT%w)CMI|VIQ0p<P+2kcOChTv
z1XpLG2DO<Zy3XZ~MCA4h2<>t%kV7Rlu>fj(3Y?cc9*CKKrbV$02}~3DGancJj$Nl>
zwff{Y`c58E$`jK7a%2=KUhu~*Is3lzX-3=LW%%>*xcDQW5oa!h0Xu23%l3g_+!*#L
zms}|IgTAhG?(48ARv0s|aYZ@N;S8cJ-dVfG^@qmO!^_*dpTi;DiJYZYPM!H|jX^@H
zob)h>q*|$DWg3Y_hG)lnwYuYn#Z2T#5zrWIj(?fzE*pm@(DSF@J%>em+Z<119RDWZ
ziMF^CWq2$$DT{-iML{hxO2H=ehwkJ@r>OzA(Hqr2oNp|@xS)CE|0Ry?zRSA_g7Tpk
zd!lqFJ6D?exQI2;gLnUfgQY!$Z~3X9d%^iCuoZ@b&UMlDCEtt6*Ia{OY!(PJ?w^t|
zYb2l$MG9rRsVnuv+Sne2!dODRse&ub!u{C7+<y41S5@+0J&Pk`a|)e|mSRo5H?Dl2
z9okvxL%j?kC?zZX%!iCKk!`vH`FOYNEY4&rUE*JaPHe@t$HZD}Fdet(O1#w%LkhbS
zaC@TjbpG_peC(8A5KgN7nCb9Rg6i@U`+pNU6S@B)bgW~~vJEt#qnw>sN!#OD;9rch
z@jtQ_@koX;UgbXeltvtXKi<`iSh7y+h*{f4lK!SZzNXb03-|Ql^OQS8@l*Mv;FK47
zI4mc53|{FkA#{~7cVVF?aR=gqNn40ucC;L35od1spy%Hzt>z-cFVyz{W$U?Z*J#J1
zCV@`8lZF41Wnyww6+p?R8J2MbFgv$(|957`!A&GSOmLt5qlE(9Avf4=s=M`1#83Ll
z?c-J?Wt4r8qRAbL-}MAB=$0-)@Uhhg+pYXRm=-}Nf(f8!f}?4+ZOYiEhtgx0T_rZq
zg8vU@M?!8mqyIZ_HQrDN0Z68gl?6plwxdvejH|ne9yd4F{Or&(FcWni^Tl>JW7ppE
z&TVv5r>*ALw|F2%k+#0{-S8~Zizs#8lvFT`GFYnyLQAT4(LvIaAalyM1Go;gIJZov
zfM7`ZKh(}GqE8W_=LrA9@%Z}nPtxUNW92sD@)n(f0FO;Ib0R)}*GG*x&?YJ&hD8m(
z&k6mnkF?@k-CwgzLg@wf2T=z*b^O_a%h4|ggj{C8`@*QJ9^XYhfeD}8ec}&K%39Ph
zM5Z%7MV*}|+TDAWi2cB`5A3XRN=PUg76Yxd`f5JEqgf}ixJwt?wFBAm>ymduH4B+C
zZn#qmU32G`y}Rfx)#9U@y6di7O1v5{IHsOa?11uCp##23T3NnOPOw-!_`lwEBGi8z
zol5nHm<?~Vi!)c%dbll2n4nIvD=gJaG!GuUnG{pzOCIfSx#F_HI_N!&WS;r4(j!kg
zxrkJ1IL`c)2H;<RF;=)Z3G0iEwG=BB&X$K3DVLd8xe4hwPKjD@(6ja??hgYd27id4
z%EI21ojMsoRA;MAUmv_n|0Zc#lGnZ&z%EiQeuJD+htA23LpTV6gaqa)=L2Ylzz%R;
zUFjfzUlYI%%jl-ay;YYErSG7C>%&C!5nbbW^e5aVzPxA7b2;+yL=FD}nAmB*ex6)c
z{7ob2bN{+XWa8L9=N;Ac6X+Qkl_ac9K{Zt6fvbzQU)+m{PzwTN%nS08*Aao#=Vme#
z2~SaOU5z+V*vM7|hq2NHVc0^&bz2gTC<@lu$N=-c)1xPc?B9>n0;UXQiVLnGxd8&Y
zeB^QmuF^sKb08ondr%<3HejIoT6iG;cK~yP1q37npltGifsmN<fPrp005s3C3kTrR
z3Je%L35dJ`B46!KQ-DQ_0JcXE0OvddayM&$csJm2^=$(L1os~nC^G{N#7PoRp#TsK
zt<UQi6{hYYR_A%E-rtI=P)GOi$gv!RA1BFYg7HP{K0sYfu+NpiZ<qb`<aGZoO`;ba
z-P#bP-7nvN^II?XV%X##ki`A2AMRKi)VXkcblBfKw^VRX)b1f1^ku$!DBG9z!?Am~
zY@hw@|IRyRm_j>SoF0Oj%NI1?nY$!9>4EGRu)uJwJ#Mj<d}apaDsj45FdV!P|4>!f
z<8X#(DQ}fHxKlwI`oYG+tNyIcswplh`pdi7Wby63AS+2eUl!aGc{`(Q_4`#JAq<_8
zTH&1fk?xld7x(Qp%H)NL@LD$JJ?Gs}Cl7g=?VDkQx<Mxb0(qDF<(A4SwC)IF>ZOga
zodPN0;vj_y#_y@ow{cahwp31qp2p!(atXD7jl^9Cc>$0z{)~i+zsjVTB#_(a!JL|o
z(nr<Ugl65m%IZ?zGwr(vMJTXRR^<Gd<_AP7#>(t`wD&!O-!E~03}<5cM}Sm&vYid~
z*iIovMH?6qQZX2cI<<b`0d`PXZqGD|sZ(zV#6;Ra3;}~nP)OM+1zYDmbh@Xic1%B%
zk!mD@&B@2r#_FrXh&68+3n2G2EO#r(xE_TR(Ie~J-?0VN5FJzr4Hna?Zyv%8$|+%j
z&rG}JAOw9dJ{D2un~t1(pkpIhXO)=^sNk#70Hz@<fN6+qy#fzWQJO5+qlLWxcz$$e
zesE<z4%ZG~8p8e_Cw==#Fjtod!hKdTX$xhuh-mRJbt0Io1n72^hUspP9PTg9y9nuu
z$2c#nvC);BgUbRjlU7^Wi(M`=Ipp$ZIAIe73GHonhqPVFEGv?1^B54g(;lKsWNenn
z;5*_|n6ss;gDzEFnu$7Y-KZNbh8Zy??rjI&oIEguZGRn<QgNx-U1!d<0`c3kqAS2;
z1a+@qnn;Ma_|lqY1(si4BEiG4iRtGx3d*s>H(WaYd2z&ND|KG4lAH45=S=%fDOy+{
zPVr63vI@)&#QbR-X^4Or)4YuKZRZF!wypMNef1FVx)O~m=g&T<xpJ#8rWG!B3OOa(
zX0ECv1+u^Xb>_uc^+9gHPhZ|znr)RGzaq{<nTC5dI=_iFU<Qn^h_A?ykX<TUMSChM
z6%ai(u(e`X_FTnBhe4(s_N-owTtuP<Tu_^^)kUq+l6|{ir%US%s>3MU(Z?2lXbLe}
zQ}eNqL(_VwY-Eu4JRw^=7q8@|26Nm&TS&LDWKMYl^k<?(+oDth_!X0IvkEtFK~z5z
zs+l(_<HZ?$TVxoRN4bMtz57pxm#*z&za5__9#m%>*zcS8n1TZY`nxy>odX%Ius+p|
zy)V1$f_vbDSV_Tg9$_H#)_qHk4T*xp4gv)OmdI}*bUD>Og=H>@kftOZRu@mZnrOla
zE39(JV3F)*VWZ0iD<0tPL|i5@-qJFi!AQSgsL2A##=<Qy6mKqGi9dE&g73S3GG~K=
znoUS<_cb)rN{)uKnMO+rLP5CQrXHI~>;Z#32l!3}S2vKUWELbYssvKgHeplWf|z#K
zW=TUfA8G8*Ht5~rq@-?9g%%NPRRK&xsgQ5qQXv-MoSwHI-(RN;0RxtvQ@_IMAo3G2
zp~5dI!p@^AAq~I+8!Z!v+9;QE>@nkYK)96sEC~&&8q#H^a*A6?XJ7wp2XfW`ZC1(m
z&l+lY5?wZ}{tt9?!tihC=scy=aJoJIxad&iRr8j9DQsP8Y%U$AAZ1fZnMFtRvXZMJ
zX64`~s;_i2)-@DYp3AKfZjm_FnFRe|h#8yAlF~+kjKKuH9y-UgwwRbLx@fYq|FEUU
zOSHJ|?B#ZW#ve&S<+sg#hBYq109KG(PbqEmM<kQMa>pec=j+dxXrf=`N1EnE5Q*yE
zB!jfAiUNzib*}z>9)^zjO3m>@#Fd#cxwqwsC*pk|8#k%th9;%ZS@5OC=7oNK-0SKr
z0Wc%#lnuGc`orFCKFpr2dvtLvvG^_}k%~NhX0SC3ny@KQ2;_VAe@GN{r2i2E{UZkY
zM-23j80a4{&_80Jf5brlh=KkQ1N|cg`bP}(j~M75G0;C^pnt?b|Nj>QG36%3SF1Gy
zyBWSMLI08KCK|#sV@c!yXUcH!h;5&@cg&Jdk%RUgW+%ty0eZh1bY1JOuz0JpwL^Ia
zZD1wQ$XV2Qhk~6;&cqjaBxEf>>HgDQ(G(UpoZV!!j>wG{1T8sr5sBtNNyv?t#Q=|4
z1Vzpfn5rVbBd@38U;jN{*8)Bez_2P5#^upXfhMhOBnO2U>)KLkUW0H#;1(?Ziy?Is
zyKTtmP8&DS!(&p?B=SfrzZBn)_#|2A)17TyBxReF-Ukv(10d0G03MThdsU755b}&5
z52%u7eDA74Z>qbAP5~~PlmRt0*2_@U?$wu~U{flFGhkdVW%AE-Lo5^G%v-hOW?MBu
z4yJ8<v(36G+->vMS{c-$4mHvN*3qLqsy?TnzhaYHSn~arI^*q(_r3pM{W~)wLCNIz
zr5FEZ$kFj?@awqKG*Q{>*KQY9lwmnOshC02^@$S<3L6jHoORBHj+`zk#nQxzDtcHv
zW#7)JHOK>8+mFinfd(%lxb(UqSTQxd#z!g8BkjFFqf+0oj7;lvvM!1>=sGCtwc!Nh
zABc-eZu5B-Po5fozctY{<UMo=Gz|Ci2R(x*oRk&)L9wQkNM&7_RZ}sCyll2w8+FWY
zh2g8DM#|s<*Qe|QCb-^lFd|n-mccsONpepV4Ot`?;e4F|AP`F+As(BYFf^QXIJ{{%
zoc{lJ2lWKmS~HUV8fFjE*>2hydg(4iTFP#R`D9kPLS!Wnej2jep&WRXmibgUsAe?O
z*=U?#WtW<jx~~!9PLMZ38lJDyz*iRjpkJKZc|X3C?+a(ie+9BeLwbRTM%U`}?ASqf
z59&>O=8RyN0x>q>D9>U9%l7wCErIKCL?fr_vY$TfMrQ7Q7^;W~*6bQkC@+apc_cS6
z9%|68#iqWs*;l-#6^iqKv#Wtov(90BU@#9T*9M1%Dg4Ffbw3H5l<KjU@G0WP27lh$
zxLtlk(y8D|A6|Rpd#XLp6gFGF!5}C^Y%lFb7S{`~>C6VkohxT^?+}7t<ZlXlZNeW4
z2|9vsx?sOt)lEoxY-7#ew^vK*$g#3*IO#kL<8Y=6s_98gmExnV^~41pTy^d9`3)uA
z2TEmnvRK$>_}zkW@X4CoY-~g{khgF3OD#?=U<+-=m)?>n5r57O$g@-mh4n6|x-`+O
z-2)?;ZPPasJqAVMv(7s3kZz@^4;&!>(AGOneP720SK`9Uigz1N#-b=eU+5%b!$Cb)
z)_6M@CgyG(t_ozuE@SmP{oDngv-b!ifDdbH>StyYTl9QyKtbFLX;tWEBf7^qwP|;l
zvo4$pLX0)x_hXH%(32bwN2){TvQ4#O;yp0qWnD7um~2IItzwfF;xpv6|GwM16bMBu
z_qWI3PFH{zH*ISN)%dxnkEhRT1JCH-Mt2@%7wb*;!%ZFJE=))w$&U@|tXQC{7Wa;J
z7=okZ?&j}zAaHCwwpm8&7{OM&G#)fJpFyY2(479)wR8RNj#oTcP%LL6G%KnkYv0qP
zs4Z<8PFxAYaQZ(n4;Sp5yJL|7ydA!EK~>YP_pom}=Oxg5=Qr5r%Qz6O;Ao!>;wYe5
z!0+^oUAxlWxc8ebt(P+G4%JWKP_q)|5@|WxQ$Ys$^(Fe9H*TQeelM3pvP^V;9R8x*
zuLeS?zLZ!HWrU^HUIY?i6w{W`I?5yE8f*Fc5p)aaxJ1u+3SpZUQW+u~1@**X{;lv@
zb?~yCoYP=hvkI+YgG#k81Qo<$V|W?#90=S?G<yPyh1G^fm4kxd$=<i<S8@JpqLmt>
zn)NVSBW)Ne^d!HVPN4Z}0pk?LqDk9VzxqkaRrQM{hd6q7NByP>Y1)AvdD=OkUIs_F
z1j86d{Cg?hDBy?cq*HJ7Ri9o#s8TrT;C*jaC557G-(fAI<c=4+pxjirrt}>&O4I(f
zzXPWp&K;2K+BrvRD}j14oxN>*oMamY8dQs!0z<8@pYsP`2r_O2&-}gIDwAA30sT7K
zWz?*f>v{ZmX=T4lZhAY3`sq#G#F0>%50S@dE|%DkBq9kt9hFH&jf1$0mSzkZ)F?YS
zaaQ-3eo`ZKJ=}m%^JN123gJh9T&o`r)8bjfX4@Lm=^63YvTSJ(Ey!+5tDDi#A6xe?
z2zNAGV^#`_N!(Ox2;09^F|r71AZs^(c1Y?CYz`yZq%lEEUKT#Pc%&jETYb=C%Q3pb
zW(XjW&G_LUI0lR5s;%>ily*-^MRnl|v*^vVPG{8?@ynE5C&)Z_BioT|A2=?yr#YS{
z>Cqq8*09gS+~$%u^P-A7QVnrHMzIMNBZ29jLDG}#xrztOwUWBZ*rJPivEqC&5@CP6
z=`APc{4!B_X0zTbo=9iBnxMOmkCeahb-NF^&l=78_$}X|Gncz7Xqzrl8T?-4H_nn$
z6|A)N-7P531LzgjB`DSB^N?z|kX{NLvzO!qJHDL{NQAnV6HYtp%)vAEZEmZ1;@I+4
zi^}Je)xYQO8-y+pV{47~gcOzm+w-zeO`_Hl&1)L0l|)35mn=`Uqa?CnIh);Vz0U1t
zIYosa!a&;2)|@UXXU2+p0^xvDSYo5+gvL{G+9CC=EBKB(nC~jf!Atm=rSPBj=Tl~a
zw4OXOH|j$82WKx<2R&7P*>xqm>n}=pY$a!?BVwYxR`)I(dSVF;D!}?oRhghu$kW=G
zRI<tm7!UGCm9w<_uMKCx-Wm1F=QZ!RcEy*XI1-9`hh6ClZG^bzr`N5c8RqxV#d+;1
zPh|hdEa%K1CR@~9UBON^i#eBbkWGdceYvdfazmyG%dqH|j16FXS~1A}0bX?rT_Roo
zT&6jWi4g<H;gM6$e|J~}Q_^%Y5K9o|6frEt<=&D&uASx+IV-pCp-)tuwkJTirr$QQ
z5`iWqh=Zbl93HY4r6Y0y6Zn=>i0;mQr1;Al63X3o-$0W@wg-i?|J73%vL+9(gHiUn
z@V+aos08^4Zl6`I^JQ^VLsu;`)R-?K`V_2pgz`V9z*4#_ceDcHd9A>vc_g64VEMxU
zr%|oVHW~dh^W4CaAJG`vfK5@iJ*{~EbwY4q9QM*+uMKF~%g6UjlyYgViiR^OKliKH
z3q@4kGIoSJS)!-1D|++n0)0gKAbZd`YfmWdWZ58e3l`^jhPVtR>xd0O&r0$cOrDh&
zQws*W4txC9iB5_*|J-6pY;y_SFux$`3Mct}pO|9i?Xu-8bVpTtZ2|<vJ2E7ZDrQxM
zSV?6d(Rx0hk9efK5NE+oJ$6I`{yep1LpK#F+MAD~KjH?DCH9X=;e*jMQiWMD85@0P
z5)&7cKJ~N?YKJ`ts*FyE>6gj^m|oUG9~cFpgAkA4m-+Q7K=4h6o-YLY6Pj<qEYUp7
zx|#UBD;*En5k-73mSdt7T}DY~OcN`4mG)e0m@26%qNH$M;5SD{lMqeYjLwgB<+e7D
zJ-9ZA{jP^bYwhq?d@^7i-!~B?b4i(1nY^nu$=~#MX1|~!?861s<d_p70~O+-a|fB(
zZ>PZ_{c%(IE18_<+N@}R03sD`9X#fPpzv_{HCi6X%HCavHFmL;V*>WMLt*O*EHrSj
zE3EFtY<$6vFY#c4{*I~Fy$QU&>%Wl|tKKO{0yWKgUeL+Be?(PKaWQdAO&v*el>BIC
z-|tl(@GgZ3K+?|UiMdma+lkNAU6H$4&Ch~NNZ%uUK;7A`RpPSHsbqWd72T!#ToFoJ
zXOk%eZLh(hBfk|)3$8hagni_M6U@`#E#CmTGp^Lt`k(KRph2I5%&T^^#}ubuXK><;
z2sA~smU0aGOAkgGv!I%c)ha9Gkv0D|dXtKQk+DwwlKIiVK`Pt#`}pah9ovxlV*c{i
zI0q?)H0a;#Vw*_&J|xi)Qfyo7z(t7qKL)}6=4+CbNoX;Q<-d@lEl;ao6EP_Q!gZU^
z&Z;z;;6@Y~j+?brWvn51HdpHZQYhL8O<4cDlXssY;^X~flQ1*~`=5@))euRa<4MWz
zbIPUEZe96;t&vhlZI(O|nImj^B3-eUkwSvij-%V|K4t*=E^t3jVvs|g*M=2E&MU^*
zDifx9hD<x4){|tbOzVd>M%<z9@obN8@$(YikSlo5h-*WFjfxTNgB9~!+&Y1qcM!pD
zY+8O!c>cf~NO@e;nV)*LiNkFsFC#Dy^SbtO2Y7x=yiE)&*e0n$B0f#8iImFrvAckl
zBczL)=fY^W1q!!!ZavfD6|`2WJWP<y9p}X0fXu$08w1MCA<o10($$T*Vz9?taK;KB
zGW?e9Q_RklEN0k*XVH?D;4|g!!_Z)2D_z{}qMmx!4Yik~^c-giX#fTSit(pnX-~}6
z$8*5?UHEPzTg75kW@@`$KA^LfVkYU9?&7UIgAe|5mS7+;+4#}{isjkM-B@l~I4!-p
z;Pn$D-BgUl!eHdno6RlH`j3&Zs$Oe2Y7z;`z^J-PbWIj!lCBD^C`D9E!hOmWf%h{M
z&$^r9^QOFD(PEE@%eR1+-^SJ-+ryZ_ckVn8i7~E3b~3gm$Hc7;?=^{3*4Skh99`01
z-q)8N#`U;l$gZH55Scg>)9&Ads=%LpkQD(GR54o~hH;YY{tz%Bo*zqpEEd`O>XFE;
zRH~G8^CTt)a*Sg}F?bg=by2m#EuL(O`4FwF{?7DyrA^CAUun>52s39cB%eN+a^?&d
zFI|7Kn19?%;nsPmnHj7a0(-Y#s!C}n!>l@hP<{Yk2)ySs5c1YTE?y(04Fp-YK!86P
zYRQH7=~Bn+>`9^{R7H`mhXgE2<yIZ>A}mEtH4qeTdH#{m0oq`_zD~^mG1#F;JGQJm
z(VQlNOrqexj&iHn@cw-I+ss9>iIM)wX?)`Y&vTp`W3Jp<gDw7N4hODZt37XD#notL
zVYd5&X^$k}+_(ZEU*e6t7cFAEE%37`0`5s(&*ze6MsNmbq`k9?zak_Cf1B}JtI*(l
zxN-h+olS&hX&PfF(<Yj>$C~?FhE26+94>DWTUV}(Hs?L;uaprX-vfs}ic=<;2dF;J
z4V?LT)qczbt1O)JzVmXr<Ga^PGilg-&AA0Udo9-y;gro;&q{--DBK?0`R}J6S`M02
z0iaFej|kS_Vc_15Ay|y<1g>crO7MKr%x`JbR6g(hlygB4{WJEX%xURe+wObMlrp`3
zv!?EQ-<0RZKtHeV=2{DZ{<x6>=WZj;y_H4&XU276$g1biI~PloFk6&8&Otuzk5GH2
zgJ6nm5;w2=v`dGZO2@vb=7*n84nL+&iqKa1->pr<FUw%7dxxlbALa+NC}*9V{uTwb
z$doUsZm9`A!_Brx+bO?q(oe_lSFZ=`v}w86rg#1NR(X8;&e6Xl@@b&eiR)8k;nAze
zTht+Lj%BteWg+5fArGc<+6h)_Mo1{q(zA%tzE+N>wg9^x2fi{NFIQw!l!g%DsWRr$
zSLLHk(dZgWXj<g(D{#>h%|z46m?6y3dFN4@vY5WW_c@X^(H5X&VRS_q9%eNxq3RIM
z!(#E7p}pB!e*>dK<)bEo$~vkqE$tG?&2)A{ER5S%5klplF(Ve6i&5kIK3R3uiIE)%
zYFsv0@a;9?u|HHZmV?1aI-hX9ySv5wf=z|&yHh-GZCtdOI*Q_O6_i&#$8jPER*yE$
zQ2w&m8oPR(N+OZMI4ldK_(7;M;gMpA=Y7ThX7uojtAjy2&z!mT$757NrbN*U-O!H)
z0q&D*G~3>$M(!tQ=OUsB`%B^KrL=GEGUP5ZF31GwNRRWex!6!i8=-IbBO1IaZ})zU
z=)}q#98wh)memI2@O1wkl%r@PttfCKN1*jM23{PIoV4w7u0XlDFuN_>bm9<UvVqK0
zJ^d0>agWT#)jxt`fs?NXnr(ek#HTpe6AAI6feZymo0&%DAruYWn6|ap+M?i;7OK3t
za5zX1^(JINTQ<Ts&1e<gA0n50B3cx1ZQF6}%OGfYm7abI5C99`I7SA32OTBYeB&}2
z5j-5%0Y^N3CsF8(HZ2cq<D7U(I#Z!@E_t-K?<fYSXsozQKW0m12ss$#PvQiw*UiuK
zDBCiRgOe`VyWYOwItp>t+Po?71r+^XqVzz!pr&-%7SvKW0(Ld*e#daV=<5s`idL3-
z>hpgOSp1Xo>bu{-YIkUU-6n{MZP>UdOx?w{(Eh}2z1pcqi6O+iiKVN=OFuhY0(mFc
z_UBoKAcNW{N%A*D!00U`Gav0_;CCun`tC2n9CNX$W99*tz+?>562iJSe;@O>ip)Bs
zZ~L309j?`YXr*_mxaPn}MU=FN<Bhcc+w_?J3o1-ddNd?-xQkJEq1;eqAa0$&{2~&x
zk~ME37+Ra0CW17x=y}U%pGF&IHjt)`p69~DR?K_+jo-5Nmns=6WoVkL_R8V|+goy3
zQOS=Gx@a7`G)V1QVB=w+A~8p>*&4!~BJs7~sm9|G#=YcmxQmf$=M)Z?s(-SFM_YL6
z52;D-)S#ai=<Pz|$E)FomoGmq6WVz68)_mZ*Rqcef24+oupB4w6C`~9PB>rRz>z_o
zV@_oLUjVN_P`~@$X3A4VUXUZ`ye=LdJ5Q6X1NKaUb39@R!ie&N6HTj)KxuV}`bvl~
z>3KDjmjPFnr!*|Tr31&^9VKo49h?g!XH(z<c&2y21$KbJqGcu%IbGajIivBJ6iVm7
z-L_sJX4615RNR@oC)5Vr$qClxk;Qa|pil51p;0aYIvKlrT>1t@SB)G1lrx2t7*a3_
z7=P~R!k&CO<}p*X5PCP+7L^vv{jl*}&CPdub^f>qBt*B^w8W*%2`k*{u5qhf%KflP
zG?i8#z-nIZJ-4j^Kq^Sva=2?2qBTo-Qy<77C6uttjhAoBOCY$f(!%iG!rYd!Dz2e|
z2n*Dk!Ahqw8ug2G%yLKnZSOBI3-X*qGS8XHB!=_54YH?TSAfy*rWYTLgrM36E@5kI
z+j2MP9kQX7t-B=4tKBHrY)cAMpLq1!`tVlGBj6ERIL0%CSZ{purMk@Z1WRl5Q3DkC
z(WDFzgZ4V~%E=-Srk9i=nbEgQhd4(2l?$OmY^{~psx?;quF_I*J)M^7*{Q8iULN{N
zr}gY8Ag~jgpW;}xE<{)#w~aDMi3Jb#ClGAwl*>yoAXieG|JC%&bIH_|)bPpP_5fdN
z-#g%{(P9k}BL!Ojp1Bq5O0N@pF9nggUAiE0FKt<7$htk;V$E$7wavKo4cg-Hc4$DT
z!f&AZM3z9Deq7{O=gde;noS?6oxZN6ET1w0V6(n-<$Xb53noXuc;u@2MP6eYnj`P^
zdq)-?4|zso*B|m(1CUKXT=dwjusX=g)AZcsaMn?KM-&%Q3VPT-OV7Z+NJe?CM&#6a
z+3Vj~-*l}Tufelb3mz4OVS1XG$Fh7lAol<`Z|>*PGIVgq76${bm|oIgM+cYUpmM7>
z7)mKH0l3`(e0Q)aQiceM-em0kKm!alrJ2P-rCO$~SYEZQ-?YGI#TG`3ZyO^y$yHmG
zs1nK)=9?tou$fs+Ue1k%Z?yQ9qoJm2u7EPKhb9pgn8v+@q0F8-?J$w@uE-p1Kp;nZ
zdgCIJsnsg+UBJv_33-UdCj7i2BwM1muCBH=T-TSVw5>36$CiqHwP+76N6R5yvRnO4
zEkGzuOApLM=3^emU`D{{l;N981Ypi$LsM^eth}z)z(OkRuaHex#2)AG<INqr-|fMJ
zA!-&m3;>ws3;_m!LV#jyb&o=@IWx>K=E`Cfw`O|a4*l_d#>BTmQO(ta({aN7@438^
z+F9#<99Y{t-Yg$^TBKD?5fbxB`<j{ra7-}<tZ8X!nz`&frfEKfKyhnBaaY1Lkz<;W
zlnXPN_JzuppDf?X{`tUk;2z{tK2Df5<+OFGG-~M9hFIzjxNHJ7>1I@rw_KcCyQ!~t
z;n9-O*nGVUX*r{v9)NO`2F}Oo4lOUA7tKGi6H7Hu9r@kayRh1&YE9ZIOV=_kt;7V)
z#OQ5O<e*8M2jG1w<sh5MZf^n$Aq>2ND_@{RLQX}D*>4?I0tyI&);I-sSsuD3wXmld
zRZTo#pE?F)FXuqWn4M0b+RUOo+H`O=gq6{1=VB)B$-ND21R}CoNcAb6m_Ixv7NCrh
z)U2RXZoYL)s5^E)vf+Og(xhGQL-H3XWc~_ecr!g!k=VwmgCxd9loW9d*r7TOtr@_O
zT!QQR)nj9!gL?%2B%I~rQ)mn7vN_nVgb`m+#mu*`a<=B!PJ$fFi{65#Y(KPJAL~KN
zMu;W!;Vsi=%kg$Y#Yh^4QOZKw84d_dBna?&h99xm{?Lf#D8(%c=q(4HLFQuRZ67qq
zGVBz%g>6CiyQguS*e;3O5y3aR4Ys?jhH;Xn(Y)jY*Bmv>5gY^Su(YA!s9#r=hua(R
zjIe-Jej}RH!x|$Al>%~9pU13`#?ao2jP1LsKTL9f$W<Kf3(TxN7#GnU)6R~QLpXF+
zXfmb=6_Gg(Aa%44O|p`>QB}>5*uTe&5xS%dyvJ$QV#l~p+RO}t%KVnZlm1pTu3b{$
zcguq<u~~3`Q%i0blvkmGi$hKD(Y6!_M1{PyirQ$;l^UuiIdWNAM6)DO^_oyDhrq9T
zEi&#gjvL}sEbi%IZTD-+oS`PTD3SKsyGX``CR08)tbWF)GsyTY0e2yi9O#WZPH+#Q
zPBWHdBxi9EF)w>6+-lpWT%VFw)>zWwmo;wO;@2x@=P6>gy4B5U|HA&S8(MG+tF3H3
z=Io8Dj)>jcs0S*{4V2pWoAIKazBgt@azbsBw62oqS%p?<nbRpdvD12_`;bVm4_LjX
z;eJPu5?j~CaFP}$6q8UOmI=&#G=k(sShWU}oW0Q7b-C?uF?z2q5~?(hzDi_tccW!n
zK|1VCTQ^=~tpz##?uMLmbypR>#iAO`1fDiqU|NO03OJl8HQFkxY%{JNlMl^e>qfc1
zrT2>AN<fKG^L4vx!aufWqHaC#Si87EaU>@*L-8^Qv_`PjM(Hfv)rBm`Jw+7)*osdO
zz%9>Sk&9a4m34!1MM|JR7nKU6fR0PUuY7{Rv0Z$mX_heciX5<y`m=)pIrunH=6^y@
zps18BiJTbSc*62Ze8&fZK|P+1?(CYsJAd~I#Lrk7ML)~g+^B#o&t+cP|7)87F1|>n
zSuRsvONxVY=;`D2a_57F05rS@!Y>DNv|sx`Y?taUCq$wPr<r8RRoR`Pb32}B1^!XB
zin3qJ+;wsiv-ydN>B|939m#gF^qy3agO@E5t*ds!Q=ZT~v9*xxU{#M3nU_ODc)^PU
zawKz@gAqj%=0KWC6h(+v@&H8gw>pym%QFEHoW}1&;t^jNPK|CXm*kNb)*?5Nc%QQB
zCk_OI3oH7(H5B9(O!$->$sb(GiOiSh``8LM7DUKn@#4#KcN1nTS6pesKjVhP!%+-6
zI!)<6q#zex-Pn#iNc%bL%MS5L-NNo7;)njD$eEEr14QBS*=4cTd``}(ZY#M$AIQ#S
zg-e5F)gi^gffcp4FSM3!{bkGuF7)YJ8HWm*hqW%;Eea@qXZX1X;iqO6<Vp%QAnzHC
ziQ#nipWo$Nv(e!$B@c6!eUR&x7Q#L57NK5OJ#J4wZYE9u87Fc~>>1zn+kgB1vct=N
z`~K3syZNV_z-z--9`C;A*M15m>-CbZ6CzGlwM>>Zr(LK`qrEFk0b6;;g-5V<lZinA
z6814;k#53M0Qi$v40u{38sJ5MgbnpWyoe)aVv*qpIcMk=@ao+LA(wrx@A@qjbn4eJ
zT!19S2dk4yjv#7)3-^^zmvhP!I_3%2Ag~^foYsSJtgy5@W$8~Mz1LA40NjflneR^S
z%@uY$g8K}92)NLdfbTJuIo9vDrV0cgy?RQ0?r!w>`M2*ccP1mgZe2!eRYo+=u9XqZ
z7cH0EB3HH%6Ft0uI}{V2<Q&Dn{BuNXef<t%XVrldzDkf({K{)N>N&DV);IQUaWJc`
zk1;kw&}|%z<rMsxJlrE)R?t1~77(vO_}Jr3y%uKYdUiz?Z69!}unVpmv1~R8iDNbo
zzP@R?_0Cu}Bd>3eMYde=I*$b^hu2jYe{rZt!Y54gmM<Rw7a#@KG7p6b@XKklV;O3G
z@2G~nt$j*KB$I?iE~*(8)IHYCP{phrdUW@nV5+i4sS_lCllK>==Wj1YY5d!nydP>g
zEEF5Ith-M_az}&m3H@^=Gpc8ys)u>j>`Da=`>iSwmc8~J-TS$edKHa%QX~m%w9n$@
zj1B6Jij!ZSu-;hsPfl`wiZd84<+K;ONvF-NMr&^GP2+QPgXx*s>^rs~kP|<VIaHNs
zl0DNAtlmkXSU&O=tDb6){G=#&tM_cOza4tdChIoHehgTkWw@RZ%L+ZiNL#qLu#fdS
zhWH21dW*uaUi`}Kk<PdpbtAUj5N{w6Pk)x28||3gpWMs*j*IE=p6l5VMNM@Ah~X!{
zh5vcZ17jdg<Je-*7m7`a1oP<Ch|r9GV7Y<_|2r<?0V#O=rPml8qzz9vhpwsZ#Iu}z
z7dk3z^?O+taB|0ja~ey9zcHKIIL0(iTjza}PlM6=>TzCTxvy5nMckGI!nPkrXsU1a
zGaEKi1_x4S^uj9dHUO|0|JNbLZ<!9#h59KO;#`JVToJ;KG{EN)%=i3#P0uPsZ@Xke
zJ|V^Ele50=b^k)tpQn(mt2-C!;3<bc2ck1x6wcraS&^=~bcG8VNg;eB6Tn}2moagp
zX>`|q`+9k}mxpT)J%K#@B=Lprm|+sBjn1u7R*+LYQzrO{h6!RBySFq8@kh94mt<P^
zacg%ixF8_sFq0WzP1)pac<~(xq4rMi5bfth<h9|NcTs9S8FO9TGKy)$II=j%Qjo~j
z1OS=S$d|UeAjwq_8EKcHT|y$gc=6%|C>}5V{O3OtnL}mHh^MPRgkSyfWsAyjRr{aQ
zw{IYSEYk{6zHknvtHv;DK>qvY-IY5eYUx`rag|HvGlRN4`^BF=`^@WEo&z=qXJr-p
z(qc+;h6RxUHpWT+ye!T590U11T}R<m4+AY}Ap^{zuh8x?%3TH_1Q$1JR+gqupJ=PI
zk~KLPyDXP~$Nhmc{@Tp~x%lQ_Sv*NmdA~hIbU@d(vb<9{u~5#Ma$^ZsW-<U~WasEH
z+M2hiN)sEhRET|0h?Q}$2&C6oz}okPdj6JX3gLK-5Dwtm62KC)kGqbzb4u+te`3(%
z_Py;s?+vax^|}q$yg~q2b!xA~cYar*tq7EO?JTw@y$P{B{e6gSeaTSE8S64jz2u|s
zFku%Pwvg)$n_nCPwyw17;urAZO0d2Yd}wboxM!e@Tvj{h0VGTpWjS9#=vc|5&^T0h
zXV&;p$u<ss`EWEk4DVKHnrnwB#2jZ2=`)b8?FYTw^M=|Ja=D*TD4hPg8iSsLA!xTo
zpa9}6wZyOubdQ(W&i6BBBcXf*z)F~wIWe~~2$Qb70zzBu(q_DOtn*0m5Oav)<mjw~
zL~*ggmqN3ALL+wE+QU&AQ&=`*Da*|c+TI+F$c&0OX}#*>1&LS=yq$g2EH^Z9c5_MM
zoX=UV$kA8Ks9lWeB5#|Y8(?vP(e`3&fsx!rENZN&dTR%IXVy{G?M*&h>r4t&B=&M!
z$RbBKeTjh%^|&I9Q=p3EY-;qeyawTkRo-`+47PWFYw1{hAYIO*S1Y7uxt#OZ$*2(4
zRN*^jRMjwWs8TZGU^1(A++#!p$po3VS)R=WWYnF%5{f%{gjfY^p^!1VF2)I0vzvW7
z(AJHMVbd!iX`38rUhX=fxGkHHN&}ZrAi(Ud8>fDRCBU*kv3~oNkH}KJn?=mR65BER
zR%DIOBbp>$%GGV7T&=r@(I(^2w2*+gp>4Nz5b1}qs;iac?d)9I07X)X*g}Fx;dTkC
zkGluToy06pJW0K?a<x4N8I|<T%9ZvcF(Fk|RSF*tAvYMEUxlqj?8E?n!QzqV`<+H;
z;A~H|t?2Q~t$4Nkq9A26Wp9_E-QlRl;cWHzl1tX^ByaI_R7#H^IO2zgio`N1QYLgo
zLRDm$Z<R#vBk7&Y++MQsoJ%b4#XZgA)9aQv98C<4>gl>d<vu2-*KIe9jsaTTV(|Vt
zoYm`0@miXD=0Rt4WmxYxR__V#J>k#a6Ml)#?OK)U5dK2SiwJ0XPhQsZia(-`vjpYf
zB`q!~Yj{K}cSn#aSi(4<Si1-BEsW!(R%2^suvS^dSkMK73;f;yn*-RBv8`4^g^(x}
zsDUdT=-n$?qC^b;P#KLFoZC{w@PHM=7P{P~Rho+bv&)#**pFK^70p=ca}8C^JpS73
z*tK=$8JSx%L_uYF>Z`3`laoOsjQn8k2Q*sFF1+-wCGqP3zbIK=?(2q6lO=I`c$Q|f
z)hS&?kTQtH2yS!S(>*U!h_{e{FkCKgkXzGJamKa{^%>h!gnopEd<;tOQ&WWVo<JY+
z(T99&xV|0t_cX#{YsP-m9Z)s^B!E(#>SNU`7yaQvKfKDOW2?t|93GBFhldzIQYuJ=
zo(%ufyIUqA8N2Gq6P_y#!fIuG#kC0wu1Vdy*P=>r?!JOc@D<@8j$dy>U<}}zm0($d
zE!(9n3vyVA(S5H-!c(rXma<_hOnHj<rX67?qbMr|w!=}%QkgFXWvAxL#whj|$5;rg
z$a5xivZ%?MdlWaz<?#c^s#=p*RK9+2W|V?MkQ_8Aq3YG33fwTCGBFS8aZYpPdnQO%
z2{Yz%uB3;PziL!0-g%!Tf<=vjZ;WOSfiJy87&oP7z??~0=&bM+>#*S^>JGOn^HLsa
zf8~!<rbJXiULFMWkx{K#E?$xUJ^JhKe;yuxd35ysi{XF$@cW~`j^H2ve*ER}&+d=k
zA0HnbegDnduWzp}e&EMHe=myk4*&Z3=zDhYL(5K%kH7p~z+@W&G8cL%^C52YD<~=u
zaJA#|cjq6Ktl|0$(^sWcqV{~)!}X-V*L?<RQdlJEbBql290Y<D&iPIOGTa!=bVAM2
zOy)FSkl5Ou7Z0Kq?y2?_Og852Zkqs*L>BWR-3vq_j8tFqd#FQYt6jOkL;Ex9`Wn;d
z4%P8;Q~bhX8a00o4s5_x%BUzkO%S>#V|J*@-{K?!T|F3YW24Wj;+`@mZ$U)eV_6a}
z;vs<;X8a%QjS<p4-1mMGSg70;C~b8>fpAOVB0{wU!;6KSo<K>}D#q3^c^kgL6}fPn
z$v=?8kh&Qk6(;Z&B?==3c?1=4!JGpW7(m~*P>Ad!Pm7ck%FJGhW^dKxv8?MDPgcqW
zJk&66`CL*nMsCV=t?agdfMQD%5><fKZ|7rmP&t9%vs&3rNYnEuTS!(}h~P<+hqzjL
z<+2yTMyhY`oVV`i6Ofp<A}9L_6)wDer&2{3L*Ec9>b2~uczUR8>SD4>hG64$S`K(y
zT2rl55-lQ&vdJ4&I&pBMN=3LPL-QYJb#;LbV>ZD6PJ9N;UaeI>v@IvhbaX#sqN*jW
zNX}9@Z+jg4B^X?SvxM^WmZe!j^<F|(zN;CnYtCqD7EZ)Nnn=OO^@lT?T|4LCH4F>V
zyR8ayBk#e>!Vw%g)^BV%G(}iCW^rtG!p_mpvMlcf%bhXc`or0P@DUrizsgSCc56As
zWFMD!=i@?`@d#h9Zo00I^5f^`#m%>03_q{cY5d|xLuX!C@jos-U(ecr%A4k|AFpM6
zld))oi>iL~N`fO`mDWBoUYMORWtzrR(|txZzolg*W*Zd%$G#RVV5_=2#v(Ib2M)OY
zaOOE8a1uCJ08*w$<VxC5WQ;)uV=qk-d2hiC-Pk#^umy1uU~!n!gvanoepcgfn{jOs
z1EL!`M#H++$u`-+Xfok~Cj1}F2ddvS@8~4gw(zpPoWV3aIKRF<_D{ng-DX>c9qn<{
z!1Xao%|03VZ503$HS-6q%Oa~EDya(nt4wH~vl{G-=b-jBC`2@)V!CuM;KeazT2*nk
zcq4m{qpb{xvsQ4q+q=RlfNNjUmtVuZqa<Dxpp5SAs)!<{)LR*cFo3Qu;l}V)>KA4#
zDllf?4<K+v)gwNvMQ=vu0Z1yrmawX9@UX1a3lki|1cxtw@i&eU6K?`NN!`h%8r_EP
zMO4()CWjcnxDo3@mi6DssUYklS0E%>T}aSO&19LQc%<wHBTE+!m9hErwwd#rhc~?J
zXf1;Y>HBixDz>BgXw<SCOw2C1-kiW(CJD=7VQsX-Qivnel|)Zih%49G3Q7%EuzPo?
z$5bJ7xQhw_tA~q?T{i>&v)?5W144hl&SlXOcXGLPKLDnkUSGl-oXR<cKis8T2G@+4
zA)yL~E`&`IB%At(Yl85qo%sgp9$M#xg9<RL_VoG^=NUSS*FdTZtFP%9&*Nc6bG-mw
zrUs2Umf6T*p6PBu6@E2r>#ac^u$0d5zsSOz>=2H>ks_XAb;2Zfvb;L=T7SZ?oMF8^
zuhj_+O#s*@F8pUa3|qSnirY3rzw6>aKs@7i<&pPnQp>G|2r3j7K=ZJ6R#{KJEJazc
zbef(9gip+cD8&$5tpO8qu+z#3&?5wOu;2~AL2L7>4OX#eawMdWPt7%8^w|3`2BWVP
zUF=Unc=LDY3#fxs)UF~YL~s$ClMGS@#FMHbikQ(6CnYx}auOnQH!eH7kSW#Cj47fd
z;C(AilZ3@?Hg>}$$XfA2P=6{XD784DtrvNEk*61V9%#?&Qtw5chg%2BD%l!;xhk_t
zYYU7YY<;~5xsuwt@WCZTYoj%9G)ksavwON238pO^kFzzrceD69r=m1X)Hs1-Mh-Tp
zHj0+$=E6yopC2mgtu^06##a-{d_-;-vn78TgRf$L#7tA}2R>DAN2f_PqsMhXsxqw%
zfJ<_zRJmy=T%6ZzLkI~7t7j`qF+s=4ld#8MfmC0{_CJLTUS$i_B4z5aV$~0}XFtB2
zkoPQ-bCx6VU3|=_F!I@J$`eC+js&@Kqz45On?B~6#j@lvmRwSAI0I}Y(vKOz7LU$y
zHs`WXE^4mOD6lAP{o6A>Eh|k&G@}vMW=4_B<C2dA%tdLc3)QTP5P=WqNiFszJ?vSK
z#z4ZbYi?T(Thb+CiEJfniEJZtiF_L2iOsh4q#m+00q6||xngHy%PL)jZWVDH$uui8
ztFcte%0e%C&r{vNsXIxjpi?$1Co`;qb5A<l^MQsfQYMe~N4!7c&+mx8x74|O$gPz0
z&>`<;T(HuT9i1y8Q?9j5RG?Kv{eW=Y$n&&J3CwmF@60}ym18S4DO3^GGnU_Th3b$X
zJk79f1TdGO4ZC-xkjnW-5L`#tM=&Yk6npO1<zY+%4avT491Pcug*KyOmXMzcmWP<p
zjbQKc+HD0@#bcHO$yx*RzU{DJXTJDoR2&r+*-4g{Y`M!oGHzhW;ljJk2<)-01Yzh^
zN41F9D67+}^H4Sx9H~RL#=;3XU0UDzy5K&P-vG}nW2ziP4<&bOF|eW5w#>Kvaqy%7
z8iiFAz)a`9kgv_w?WAA}C~H=48%msY=+TDjV(}!G=+*I{V1u+g;8dXtPP!X%u{ny`
z+R}G8EcN*`)2Qy);!s&gA1Ty~XRfL?@UU*gi|qr1a=PKs?sF*y<VtGuzl)DtS!A1Y
z$<&q9@X3?!AHMo?**yy#W*D2ma79e+hGb~FOD?Xh+-a`Jr64l5OWkP#Wid=;hj*U7
z(r><Ye7n0cZ*1<4redc7wsQOiyZ~83qcUX$OH)$Kra|uKs--NS0zOz2P_eCQoi0;s
zTOs!@p|Gxn8~CyL)@*A&>&Py!gN`PTuImR9=$pVS7P4ilNoR`M4(qF}35s+n%?#W7
zr;*%%1N;k$533P5C5nq_!W!RMzhAAJ;E6zJfg$fXO^k$znzE~}C?_i##K2Y~HZo2b
zqjPY_76*e4(o>za9$bopL7A%GV2Gu#3sFA@@ZG_x`p{Jocq%=4yRmcDL2{N*^rSw8
z>uz}t>q?*9)P7U>wgIF4S$LBoGqHfgj}FXcxd6zM?%~GCxR}E_GOpRP59=PlUpeIc
z;B8$kSY9i;RZlyRIVrMuT_7gZVXJDZ_|}Q6S``bHGnGjUN?iN$R(6{~N%xpfY`jKR
z<e5~q2-fmZ2~54P`7$nRj!rbotCM8TpMz`NKSBGI32|*(6b#tG4%MQ8B~``LZjJqX
z07tx>kk?f~KCZw7%^l{2keYB2C583D;|>|}euBN(0(Yr8a%|ojQiD8gOI7@qBaH+4
z9MkB|9MLWuXur9>{))#C=%@A1y=Ue5z@%lOa)XX0QPY<5nvZiv&Sq2ymiU4+I>!>#
znnp9cs3<X_K*IE)A~UHpNoh3WqHUK}G!-TCX$76LE6|#~S4y=9xL!`QQ9#wB#}evp
zrMIenm}R%H8K?`GgNncP8EbP{S8|z_o<%MuEYES{#>_rI_=FUq6fV5*cA)OzOx}}N
zl6wZ>Smu6bc`gw~Y-ueaH6xN~mdlhY<Vnnv3WIo2Qg~D}X`;d=g)mf6l}31dMl{W*
zOq*UkR!bD=nC0z3VfR;b=}GD}HrDi!@`~iWdkWy}K;E55Kg3#$?sdf?u>zJM(GONg
zDuj=_JEV>yQq6bYU4<67I;?uwK$0HoaWC^EzUQ$G2`5LU+vE1+>22ujP{Y*62zP(a
z<In~6qGTATxd~3)GD}NfZF$UuHjFh_<OrVdNpQd5h!_SV$=tBcF&7w&E+;jDg1gyp
zDrY)ZOb;L)7RpjcJtK;zMWU%-vQR$7v7hHY`^sYp`-lg9m(YgQC{00b$^^@K<jA9p
zh_*6X%igO@x%i}%>I%3;0qTH77G@wziYadi$rVug5^N5E2h18Q)>y;5OTt@J;t~_q
z7cTHqsN4U`lSXgX*X)m3#zYK7rCwKu2v={XTZ)xEKB<z*hjz|Q5ui#Q_L$5}Cb1&y
zqt2<hTT*k2l)X;~6$_8@g8`cU(+i&QuR-usEXtYoLK5fz?(GI^E_CDL6)P8h>vH{q
z3Y01)6o(pLOXW{9s#IyJfUD6m7S(_d@E8hV1^9#rxis^7mSY(|(fEnSFs0WoMZjSy
zh!n270f2Vnztx%w==i2S>u1-b^&?@SZ2mdJ-R$63H5tPtjQW~CJ$-6&&hj~D_a`>7
zb$HM9Y>3;hPC(l_`7Qj<a~^1KIgMkRIbSF?DH4m@H>y={9YB8NfD}CbGQe6JB)fZ(
zcXyBP^C^u#Nn~`_RwizmeDTR8yRZGwqk=tYW#_g0&I(&?B_y=sxk*_hHKGiSSDE95
zXw9wzR1T`CV%pDD6V5hj!x@HN=OFega9XmMP*oyKli?RupAn5;8vVqsoewjfx!Mpe
zKp#ho4V^?(d-!bwj<lWox8Gi#hw6D%4^D}Jf8#Rx?}epYC>z0lD(ZF>s9)jHqa$S7
z^X}HslZi|tR{8qQxw_k>rDA2UCI|ZZ?1I=&o2H5;n`t@NdS=w!oz%JP&op9H+)K>W
z-7m<CwXEe^239Y#v5*D1rx^U^ZBMx6*(-7(RFShP=6`umBM$Gtx<Jz`Vd~Wrc)Xs3
z;Ov5bGS0S)<{E4y`=I!8Fn7<?J`md_`OAq*@Elkq=d#?9>&_5)t$IcnS-&nz&ytgv
z%}-QJUk+gE4pXD~o>Y;8mj^y$-SCtrG*1?dTH{rZMrd(ELul%Y19BvDm_tMbNf@0o
zhq-H*;R1Ey<4@u&?a#5A#ru+3aip4n)F>2lUR~r|nA?3szO^^56{L`+%rd%Pd<r`m
zz?`1M<hW!!+_FiKth&!Xq22Q_W%{c8cq(=xt#kdJWpbx7Iu5bqO61ynAQgwgt5g$;
zd^;)<nv<NNi?HqfpI=<Rzc@R+y*PhGzP97>x|%s6xAnSQHBbW#Dz0WUus2|9t8`fh
z5h`3zK`sT?RSkE{@=c_$`L|{a>+YO#JwVj~hcsWi-dYY`Rn>rEwdGsw%xmh(vhKxz
zQ5NQPn3EW<RDJF%oPhUG$kH@VWR8{ZkO~e*qr(vhNQa|CC-o;~sJfLes^P;5t~F_Y
zM94b_bOHFnOY!k#=zCS$5)oFLC&<f2jx{vL^%t>$^;14)!gE=JZZ9|SKsu_wxwXr@
zf3w>eBkKsBujM>;wvkLzuE~t5nYl}S_pSuD^<|U+@9uk9Ra>)@3kz##PFixTz$?oQ
zvSdywKekXjqOt_+sB}29+LQwowbIH-Im46p7pLcMFGguQOR7J|XClrd7e1g_;T*pl
z%$*bW0qOy^uqhyy)^<b7OeS*LwbHi7TK^W4aE5f4$(@?8Gpc9%F+b>;Tk~pRONCl{
z<&u9QYx`_esFejrD<3c!DC??c(7_PWW;2$j9FuvUQn%XEj_y*eD!ENtHH_-nF77mQ
zfn2vf=wU?Y#%SJXS<Z%KF{=qrAn&pg3u_l#%VC^T#Q9mUuVk_89H|tQ(jx}Zr8G&}
z21r9f>cj}}XeXvqEJl^vsDdo#bDprN8Fa?QR8`Qs78A4OK#&^Cs;j>ALccYC)#}Z|
zvA%kDO9aC~TOZIZ)PwiG+4p+4ILGrk+VV7BqtzJiD@xQNO}Mxlly%D{(juobV!m(`
zmou7d<0kX5DVdjR%``~ZEvEP6k^@JWIc|S(oWwhkvwj5~9Q=~D!P}s>qnm`QNby}>
zBQQYY4iV(?=IrM3Q}wfN5@X;+cdlGTGn$<idUnngVAY4pqAUH>66K*<zfa7LEh@>~
zw%Q)g{&IRvXkoTM+d{%Sl;x_mxk2Qbjw@q(+1k3e{`S2p&n0)GkHdHdaTvg)evz>k
zTyV{)mifLM&y4{~D{Y~)OznxkbiaT|N>7<}rTfZ+3+g@W<fSl*GmY3%lH&kM@Zv1E
z`;Eu=pIg6)IXE==;??K1(2g%kCq`L`-4<<&q!299yEQHo!hZ^7?ffUP<QT#w`hNvY
zU}-&;$ZtzSUbC^md!gtiN!gVu=?CM1fz=j@fgp#=r*kTlA(c?;(xD9~IwVIr$~<Ce
z_6mrQ6rwK2;=A7>9lZ$vL}>q-dyLzG1HTu`y&b9~v-)yg!*}EjR~j=X@y7sNh?(I=
zi?}8-Cp`NbjpO_kN?KOem$^^65m#kFMk>nSwj;gBctn$AL2l2kp-)Br^G`28t@y)#
z{ON@Uoj%W0@@HhwekL(NPmyET$PWa3JEI`nz^6XKw>b;Qj`0i`GA)IOP=%vUb?Z~z
zY7gx_)y-kY;DxXkt7UCG0PtJAm+(ru{<N>8om(vVPwm*uur-?0u(3J2u!gp0Tww%O
zk4^T2?Wj;J&aZC%_U81fi#M?AHt5-KAFGV-E{kZ(JkOH?#cm^b#8T{zAXl$%Ji~T&
zv+T<@95HFPzR%phS1SP4FwdD~S1h0VmBruFnvzdEaKtPwF8C)AGP2t(^p*4TaQG)r
zAd$R=6=k>%-W$1*FN|ctlybMoFYmPM%riQ)3$+WuAzK0~K1(Q1cX?f{9T5L{<El>A
z!gd<CGi}|f%LvS82q=!1p`vN6rv8reme+vvS0CXg0Pno3ixE2Cmt&zEY#A+%`s@gy
z%87$Ec_aud?wM>E`GoG>?{;q5+PzuJmkF0NyA$R*lUj<-7!m8bX>iH5Y!Ui7LpYd(
z<uzW6d8B0s3l(iWN=^)u!UeMg0F{3l_zb@=T*saH`a@#><6ztx^QhaM%X6!oIj9*Q
z8z!C(viW#CBgrwoJl_ewlDWQ@c{uKFvxB7oZ2MiyWweg_I!oHfY})dwUkXdQ0hUx-
z-G^Ayr^1<@7e{&$0qj=+ZHfmwnBTj{tpVB4N(i^7;07`L$Pct{58U0o;Z8VwF3m67
zPNvD+-Ln`K0FGOlB!+sVs4&vo?t%qE9gs+h37@7kQ&>wemiOYG<}o?FzT6S7wg=6x
z%2$W%{%SZ#%7Ms2^T(KL)hJ3=Ghdopt_)N&?AWkg+f$IZDTs_TO|VWS88dy)m>@4+
zyg)bHi$DMQ&%|sgiCM(c)gQvI{`m5x&*1-a`t}W>5op+0)BxuI`&=JJ4ak4ryt{IT
zMJ;^`#8xhum*#2Ha5z&9XA{*k*b5;wp_2&`wk!H)8RK&dbh3vmG-d;zb^>$4m9EOl
z`8Yz57Z^Hi{gihsQDf%U<%lTb+lr1QQ}T)=potVybRD3#x{_~PnD-*{x=+I5O$doF
zhx9ftl>Vv^apGOtu4~c3vy~ZO(xCMcg55QWm_myAaRgQWboJ{Wy)o>u$;rB*ty9)q
zDpU|!XgP%9m@aE`^qb#!k93-3GddtsT9aQ_hprLWgi&4O44w!X@PYS=sBmEyQ1c}z
z8IPbT8yE(RGxQ#GsnU$%Q^9gH!5VH$NkYdgu|rBPuM6ow;HJUIH+JBVirCvIW{u;6
z#Im|S$}trk&F~6XS}j6Q@TOq}tQp)efO!M^QpUzJJu+9cE@+Z0hU}x^2YhbpzXCW7
z1l1QpvA~-B5C)y)Od}rg0luS<kSTnC-5b$kTxf&@9ISsN?7inKU)YfXI_N@l#Fa0v
zl>`s1#@?X6<xT_pB$(9euHYuU1@~DmF1}iBJh<DAWy%9C|7P1xHG9)emsYyIJ~qwT
zeS>&ruB3w#Qz^M)3)EDMNbSnOn;&<WR?ZTtEpFN!TR`_XV(5x@KRwv)n1>N$U2E)}
zc{db3JN0Sr6zHzZq3e8juu%X)Q$)+~r6=7A9oL(quq|#vrvp@<Q`5qG#}<bQDcSJF
z8PBk^fw^6blF^Zzv3;NkkIM;Q9hFNlAXieG|6P3KN@H=obIH_|)bPo(*hyS~=d_Pj
zx#kcy2>BNvI>L*({c<=I<(_jzE&)yum%QT?AfgnfffI1`5QP*&kVn?e!0xlm8{53I
z$=HbifD3*DHIcG}Ml2?A0SiXW%2Caxtz*PDwUp&kuu()_7#^#w<F$)zOXMGt=d;@U
z3ym+gp<z@Vo_1sy+(l4I!n!WPR}y5{H|7crrjD*<^_p!9G`20)SX&zu2veFFw)jsY
z_W^hK7s)8k)rg!D#l<vXjqj|5vDQt8sbmmo{8Pc_G+_uhKm}n5%Bym+qKyp5{Y)wp
zBEc{NXz+JzaWLp4b=8^g!KFADIFynm!z{&Rh{ipD?+#WKk?smb$3xWd@ogjsRn0%`
z4BIx%B94;R*sjJ4S1ivOBv$PeK|_O$qh=3*ipX_SQ3!2xVkFWPKYXIiFoI5AumOps
zIMigE$mkA?uz=iLWG*SIjEard?AMW3!Ro5foS8xCobrT@6K8pX5KJ^q0w$3Q>|8f=
z`_jluLnBHZIAgRVfYVnWz9N#^B$@`#pm84}KH&X!URqky;6GR{gGO3oatx<#KZkqO
z{L*Bq)*$Wopx@1{3vH6iG-yF;kUF`<ZHF)i_+ktzwD;p*k;7AS<CaG1nvp;39(}~}
zd~5M55pHr~3z#PU4ma1<y_7>`DFmX#pl>)XvV>zngZ+|0sDj~<&{4HuF$9Aq-qNg-
zyRht~QGu6^W#KOrSs)$T9~4;B()nli=xhpBdAD(XF*2qZr#2vrMl&Oj4>6*`C=X6c
zI5+Era=Ki;+rv&+xdrZA)#7$s2@Mxqscfj9)fq&UyAd?DGhADi;i3%St-*@3RPZ6;
z%1rByElMsBH13)=tU#yCskD(rg;*KUNF2eVg5@)WJ#{e4G^q3~%@mrQjFc2^)&Mgt
z+~+n#h6d!@RIR(?p_9{LgTtYd*@x7aS-44V3s#QQD`suEZO?oR!B~xY@vS1-Ky1N4
zj_|RcG^B00J$;DVa=V-WTU%dUryh$~N?t154ig&tw%kHu;g(ydeuHg$XQN(XB5$Zm
z_Kt@;7nI7Z^!RpjH@>9{dzXPLXRKsWX#aW^o4T!+V}ciP7D%WgwS@s{rK#Zh#v83$
z@141AH(x`zpCL$<z_t~$XqaE&DXo~>0Mf$tT;Q~@?H*JM+w-uRx{k`Kx&F}ARf8zc
zQW=stF_H-g{%O%VWvto8%z|o%sAgSEcO6dk_B<6XFXQz3vXjxF)=%B+;Ju_^rod7g
zwH`lp!^0(75Ne@;L8N+KEs0IWG&08%s;Vm!dL1?&f;AOOFx#5lN=utC6RHI}$;?VS
z4g}n%lvA^XMaGk@sL(LB7rN(iYwX|QdnXK8BXzh}n~)`wS0>|E;4tper4UkM;Mo8j
zIcfkRNvA&JIxb0G%Yz*q2KT$2u*~Y}-(o<S?J<<;R1IYKXvR_s|9owB`#Myntr}P0
zB+^WP{gmY%C@kxnoD3Riw+C~-y8NqcOVLsjw`5z~-s?&Q?YL}se8I#64l7g*J9b*x
zY|TYJM_POao3V|Mvq|R@u!X3xZO5%(doC8qP)p>XjPh*S6FW?$w?ty=Es;TOli=0y
z2IY#ZF-dlmk(Ml)Rdtol27YJGbhgY+i5+zV=HcOJba>d^Hfp&>p(n%tBuqpyW-)|1
zcDnX+r9tVc%vrcwUG34SThq$a+M!Ea!*C&Z3m3BkoOr!mMW@ppWK|;ouC(<5?KYOh
zQ&H2Y;4(<UQ*KjM3`1tBlWKK@-HoEG7}%~yDNAL(7?j<cFB{|8UmSyu6BT*RgiaPU
zZRd%VopSL)W3#H(<gI6}<Bp;$*uG0a5iU>*9@#Y|rL>8fKAD)4In7o0xg*=tP+~sk
zs%u^v6^nNrPA)-o{Vm+s&Azsf?9w2#8!G{IRaYSms?b@Xt+2BlRo&GYEtyhRs%@y$
zFMSH&uC|P7&2sUI{O{3UfB*CF_{*cC?_Ui6>xbVT{dENY`1j*4kAHT5{Qmg(=;-@z
z-hO?1eenZ7{`q@Rq<8q&&qv?0iyvBca(w*d?>bGpp=xoVhcX``S-pZF?+%^2ZQ3R$
zeBW8gZO*MS4m<;9wG9p4z1S~Jf$!?%{`6ec!2=^?StsWgcCn>!Tie;E?(+I%V{Nh4
zSs!TI2imr6eW2~*tq-(anMWUJ+ncw4q2}#A(6-TSA86~}`as)utq-)_+<v8jwx|u+
zaND4Tvmv@b5LO?mVr_$Zbl&)1aj2~_v>vh3D3XQHxAKm8M|mw-9aj1afofQ>T39Q@
zO6T4^Kb;AK7BOcc%$B+hhU&(5VvG^YM9kvq3(IY_S=bRdB{_?D#x490#m~bJnysF&
zFh`ap6O;_7sH!UDH5K0qCQDNbyFbme(OLi;_ns?8)JzshOmYTjGqtzAt&duFE`$zW
zdp*0pG~@pDD9g9$!q(ZxjOTEwZdfEm{A3ojm5EfcHTa1U>aK*Cp3{WKTrb=TT1F6d
z43K-2RIaMsCp61)NuwE4wHczWWy=8h1K3wBONuEMsG`9*Mu|ukB$t|6I1>9}%agpV
zO~5=JG(5`VI$uDvxvUS1Z_g+7KNOKk?8>YE=L@6tN5~2SZK#T9o`Q~)80E>_-J1ve
zkI%?V7P%VL>*c<L&%$<H#8vQ}CJCcTlb0_@%0;2W5OQit@}E8nKFOi#@m3Ia0#9#U
z8HRtC8nHFiVomT&a=bd~`mw!tyK!?c3ioI&+j-1aLG&Etr$UYwI;6&%eX<Gt`~U2R
zJ{8BdTAbcr1f1rw@IcQAKcO&?GeS9skgcfU119EbsB%Sw#9lqA>G@YcTUYws(Uz;s
z^1RBwhv=F)n{uV|JuNMc)jY2j>`~?<EfUSMq*~_p?g1<H_^64Mra)`%GKy6iUqSVL
zaL68&qcWkPG!rCOv5e-l+|@{?DfPlKyr1!CMkoYe;yq|&qnswyD%2wLc6oR-6I6Ia
z3WV=3jzr{rnXWkHb0(Hgjn&+~qR|~|UEJ5SZ<X7Rcp+%YBbu0VmdiOe$Be~GBdLM)
z{a|$yS8oTU>|HK-p_oT3V)%laakj_J6}s<oK987FFU$zLT&cN7c~`Q&{-Ujvf#(}8
z?=qCas|uqaG%?(JQI@(}qFY-SX@|8weakaCR?_n49-67A2$zpTsyMc$^?V#R?~L~}
zmWq4@n6&2%6k^mU+6r=QH*t+;fPJKCmM}HC`%mx<SYC6IkK>c~7pLcMFGguQuJ)`8
z`#xA}+^TF&3^EJ7kOjG?2n+6Ahy0djugHZ^Mb4@kD$9c!F1~}>zqp&P_FkLZ+wG*Z
z%;}Ulg8OYg_PIRKt2C4MB$ni!kt}C(CNyDrE_3BB<=UE0a+w;zC(C8ZmAlb>3Rjb`
zJAtQkx)&OUfl9j~uoV2r7sNJ{OZ;{w?}u6r3&n=qS0DFU(>u0+aPK{=svW9f{?QV`
z9pG~#_P+n>{9EN`-ma;fCrn2t5zA&LcC264UZqlSE%VU2s$QGr#zG+~l1XCgPRa>6
zW7(|y!82ZB@4(6+8=rraL?)$&dpvv(%{Wai2A}vcvDyL4$6fESXLh8XjR9$U_3k@a
zik@iC{7h4rQs9+M8@_AhU|`d%MHbOQ&zR6WLSLiJbEscp<Z^;Wh}bJaM9x{B^Oz|T
zaEsLqusnIj8y^-A;U8Ak&1<!dP_pL|M7I0zu@3jAr{`%KVN829#x<^C_@u)%OyiV$
zfet<Qi`dt`1=?84-#S5c7v?P$(S%*T3ovonC!5x*8~b5q&Y{w*wVTq}c(ta{%$6r{
z-X|%@H|1F&LdI=l7Cv1oREVXiOe0z8Z5Ots(FUth7(akMc4&SkWJ)!=r=eo9ecEjo
ztRIczoGIlO6a)dh_K=)jUy`q}<DI^GmP?Jg@3~AV_Xu)rtif_OZZSNejjSx<7U8<=
zmDp}4Q0LpHODu>}<SZuElDO0Ld=iywMI|Cf=DQOp=XE@))UPGo%#${^r^S6jdQs(7
zb3t4+UC0qCh&*K=t=Bk0aflGBMRwbA%Uofgi7wTw0eK^*+?BjH#{&0~`shNvYSODF
zwTGTSHBl<L5OkdQ#0)mY%d!LVI-yg-;E$7-EAxMkmAkol13@l@aE1<uv#=L$iA(Dv
zx*7JnTRw=l*jumU=nkB)8jf%gLqR~*$T_mV0EXz2>0KVdn33BVkM6E((JC@GpNZN>
zfr4RhF9FBJzT|bdal6)olaAc=af4rZtOE2xm68#!!nMHfREbP6h)la(6;KXB7X-DC
znxt5!F?g?s?Tf0qyvK!G;hio5QoJ87Uif*eMq6IF^6V`K^jIgiqc&VCFWHZxVP=Ki
zxGK*(ATvFqAR()jwfuD{@3sAX`!)16x_BTQg;9}}Uz^dW_?e9z0@j_$tVl2srrhQZ
z@k2f#9ypsFnQ>~U5c@c<br1@F3=wyP!D>Us3)fwc?dK^VM79MP;v<4Jz(pF$@ryrw
z_L-Nk!E>lY&Y?&$zy+1T9W-a4oYBby0hz#lhB3F=%dZuNDiV?=<ry>3A;t)h!7lfX
z47O)Hu>GQd?GyXU8}Z9K9OYqjuL`HjOA+pX=@pv79)REV0BTnU?5*G&z7U+PuIZBd
z$JBZTNLtSYKWi_jSzWNQ!c%}l(to?s^4>78wu*eUBfP8aqg(~@wUE4IUmPp%9Ok_w
zB8R{fwE!mys0F$fl1K&P3x&Il_GO)^Mq6vwa?r!B=H8*IRkzd9@Yy|PQh2D@B;*|W
zT0U@kvZegB&ba#SW+~*vecVTyJT%fTFVbXp`AeTlOhDYn1gve_hzW3Hqv~88**A#h
za$GN7TQVVXdVT2=xso%0$fAiFt&`d94m+K|$?8;VmS$chgZhwwJ|v*_&=Z6NJhcyP
zR-{x64TGfPq$#vj$Jg4Fh-Gk|M+Ff!03)Rk{HKCd#;Q^V+>@UY#@g>fqlml2I3u}|
zRBhL!Ty)3zd>0#r<EmyL)iZ{2_w|z8-7s<xay#RS&?J%fzSiKncxVX7yr0FC8#9vf
zJeRrkoz`CwgBtmCrdf_Q4-D?|;cYieTdD-A){;<xxDDptF6RbI_1kM>%w}}XW#N^M
zdV?3;f$apusD&&_XGj4V)8*Q#)%|=n>c(7UM)djM0madT;ix~~R6FK3@YQyd4vTMy
z2tF;l^hsC$G}Mz`HF>;s32RDtw75L)8rp=txJ%VPj0bxlUs1(k@|FrZMN{O_&GlDr
zj}57UDfRN)qtA6wQaAMpU+os%W@(W-$T%zg?0lhj4E*DGpI?#vHDE~B%fOo$vg8nk
zeWY{CyB$}ar}5qH7Qi>Cse0S(--zw!GHjRD;W2tU3wN6t4y#JF5AAx3xjpie2fu#&
z#ybUPkera)*YBCR4=CJpN2c3ja~;@EZ!#8<BT(^=M^zD1p!D0<BuWZp#6}nOxKVI?
zEpuX%BG*?I{pW^dIJmw!cvYXxroyBL-^u)r<!yfaua!?XuIBnZ9}+#Ojndrd4Sgw1
zb+IJlJiJeDjS!Ht2um@`F@TfDwj-yv+`j&AIbL4zYa2UP$`k7ai1!XPv-!nli7b+4
z1I=`A`MPW5ak_h7$*F)keeblQzsoVXhxl0-!l*)*+9jY&3z}1*8AvK?dL1)x)^kB-
zG|QM!!!eskqweN0%L$EgsZ@zBS>>;+H4oyjr9h1VtnXi+{oxOP_%HA(gM`chyy@H9
zv(+w~=Q*aD4cFq=KES9WDPj(Ddt`af${#{(tU&f<$ikNIt|-Q=ZPoAUgg3^{GzR={
zIWEVv-;A9m4T$BIBF$)26G|eM8&0_P2m%K6y48P79Z0Csw>gEhrA=hGX7X>S(iZ0&
zOR?Mc&}COFM(iyqm_1?}`8TMyU^v?(oIFkfwx`E#Z1cL`W~Q6guX;OU@R)mDu4?aV
zj#vTxZ4~UcHusb%^#G<=W74N+0wbjf%s%XLK8zL=GfjD-9x0a!$o1u}ZhFZ_C!aH_
z<i>Q=l?BJ2yZq2<!4H+)i|#X8cY$n}(M{uuC?_)j;x?ClUa$dqO%ufi<Xdqk<bC+O
z^aILxbDb=PVS^n74*QTSHr#xEvAVmjIJH?kG<*A=MN&jO*>FO=?!@Zcu3U_{8|K$~
zGv-#{g1udLJ<u3QiYC_&ULuVhd0+3fZbpNXvwV}nMYon>OUDp&7jm;<-I3NDM-=H8
zYu8i-O9}yAzf8s(9iMH&;vNrwn^68h`s4$1HB+-F-8n;hV>Y9Tk=M}UZfBj)F-vZs
zB)!}SPSY%ke{KjOGS}rR@~vXTJx#b!n$dVuY5O)-&6MhBcJa|roLVpNZJ5>ag9sy-
za0OL8;4N+Cefe;-l;xtSA^4HK$Er`js(yNP{;&<OMc}oc0rqt14eE2UsMGEnFtb>N
zTa}@!l-#iehN4rKtZsk&$j}fy$*N#z(*^eWuobGk4ZBse_NMr3To;JmbZEV;wiz4E
zvIJE37LlJGmL#{np0Cx)4qxtF!@Y6G7Kh44x=NvDJi};xbJ1Z@sz)~r+XtHPxEuuO
z{Zb6bmDJ{c7azGY1B#fOOQx=*hEKM-dN|o#tep+ZSket`9IRa<1bSfAI&(!X1(CU3
zf)>M+`6kK^;({xM6hoF~da-sCyS6fKEN!O&?O^CXg>O(;Noa&+%b*g4Spllqv{h(8
z%JL~#bfXpl&aE?0yv($1gKyiJPah939+unm;LlnbSKG`UZnHOrwLQ3cZKb>A!5>{`
zpQBZqD_%v`iuzA;;{a9u3)0Heh@83-EA{Ve=xwc=M~2JHFlKA#G+_wyPDL3aFDEOq
zz`!PynOg$Gr@0~rcWiMmcr=`#en1Z{#R1--D+jK;a3PrF0KPj26(71=!bwmJkn#}&
zAE1iUnn(yz7~Ii66)ays+(UIQ<qVV5OG!%=NwtNRsOSTwSysfpYJthAK>k<F27b*T
zl*Fzb5Tz&{C{wudu#n}m!DfphiWrNxt1aBPPIsv=bab)2Z|bXtJS?}UdtA&3Yy5KE
z9k>*?R9bf+p>?Cm`M~@kJ7#A#d>Y*ed7rR&T6rL>(MRVpN!Hs<HyAa3IVOy?`?2yN
zS{hyvofp`*^{&@HDaIu;aT{o@gXEw8`prN8IV4QP<X??{{#)OkZ8MkGB$4;SD38^N
zW@!d`=!woTj(g~C<`ehJk<6!m`#2p-sr29FSdA7mO&%QM#fuj&{`A>r@c$PtUNrvy
zA1^-p<DXyr@!wwl@x>qi@Zyi3{rTme|Lw(p{PDAwpZyzov5y5P3`6?27oEpiez{Mi
znPbW)<cNzXDPl$r+%})(u^KrlcxQ=Vgm`1|0U42>3Hym07|w8TOosNv^9dP!Kn>3j
z)F|bGr~Drb_`q;D{7n_#{ff|xvyYkyESc!=ieLWbj*IveIV+Tw>3hp<&e?<ukivhH
zGEHNuso_6V2&rk!X<0G);gpGyd7E*;lbGeuxf^=^V)XK}(Tm?$%ba}}-k{w=;A6NB
zf{WP5#Gjd$wAlgVpZ{#zl|4(ZizK<CDKmZk>tDYy7q6KWmJ0Rg4j!<b*pOg+J6zWP
z-`8K6(f(VG;lqS0{ms%BZ@3M&%#tFfNx-{Y!-KWAfqR0BX_3%8puZdYXro66qJBln
z7;7WG+6{&`9ySy=BW&eoGAU9=Dns&jB?Uxakr7^Eqg1_PkS$Hq1v<8E+qP}nwr$(C
zjWf1w+vXY1oH6e_?|1Ky`=cYXGPANfqId6zs#>{nQvK`e?xY%Dj5QzD?oxIJrq5}I
z&CA7v3y1{!l2I+IOtW}s$+D?y{V865PXBOIlsQew{b({Ka_Mpk-oM?_r<+7j6<e#Y
zHZwoHb`T5Mp5**bDjJp-+&IHq4lMNJJ}jeeF&%|V8mU5%1j?nR_#Btl>b+%s+|y0O
z=7enpDLl20S=MWcY<e4l@GEBYb#~!TQ>~Vw`g|1B)JR%tCH7FR(+R*H5#=dOcmz8q
zDnYHm9_a%k#0VD4vknJK(g0Srq!c=dxx!p8Ld*AR7uYJviEM}4=k#II#Rz0Q86REq
z^or#4DGjHh4_ApN%TbnS=lBNX%qxPPNC8yVXdmsyC6=j!sB{SPO#|=gIlEK?k%mkM
zG#%vQ*T{^mW#C}$ploG_8ryZertCOM{T+LUOrboP5yX*@y5}G)wCV`QiB=$C0%gza
zmJ1jUK2zQ*IFT-tlbCW^&VnjO5bka21}ZB{_PkZw1^dQBygIPJb!fezb@dV)W82dZ
z8uN%Vy01ap@*?j3rWw159t2DWe8Y>5-i}UpA8Gm7S$bRgZLQp1LiS}e^TYeY;mjK>
zX06<u7--!k)r?7P<$T@vhfqRr%5DR&bGI{_X;2^_c@iVBOA)34%>4wA<vQ8HAD8#~
zTU2A>S<F~ux^-CQmm#n=LGEaKW)QAc!nqLPSgIvY(19a{#hjX&hs|%@xC52g%-sF3
zfj@=SQTwDC)H{#U4=K=1dOAP&-WR##G|8kD-0N&>*pk*{i~PQ=&*<@(5@Rf#$;lJg
zc@MA=g|V!z8rrPD_Oo}PSJ7oCi#d*MKfNM5Et&iX)DP_kFAZ%`NMa)`G3>Y*sV|!n
z)aJ2ySmInm@y#UeJd*SCu`K$S(u@dR#V0$2iq?{~CF=>~{~|nhb?O}x9T;uDTG^%J
z|9I2J6bm4<Je+0cblI@rCQ_m<89r^b@cZ&i5}h2n$axBlO#n;ET_+4|8U&Q;bnC0-
zsb$xlB}I*Nfg_TJ)c{V0+2$5tu8385iGIJF*Y*8)dVHQNEWFT%{X7lb#(#4K`G0=g
zr;qV>@%#Dv`1}@9u-o_b_Vm66;{Sa1P%LtPUY-@-Zj8Xwa&z*1Ke)roR25!3{kQ9P
zn7xd$?phN%#xT_}-JzF5s=`~3O`CRG9)t?7pj{1X(fv1vjHe9S2|x!s?O=sKBW4oY
zui2+eoI&u;vc$3wpHeXaJ@Ri7De{B=4}GGf&rp(V#j+a-gimUy-<=z&HjhWVO&yiW
zXxfOyn$78JH8>S%v+<2vN|t@CUdnzS_D!wQ2q1^4lWlv?bYuc{a3mdh2vYSMCxV#-
zK5h7jj0bGu?_PaAi}^|2ST+%zS~<HFjJdc$Lr+4^yL8-ZL@XWzQ3i>NR9TWHDxjkO
z6;3?(Wg2J!ypdTgrx5#lsiH`uJ%!P~_&R4z6KsTowPWFq=Ncg2(FjQ~i`<~Cq_bna
zQ}@Uc2SZtBtOm(M5@@DkA~^+ZuXDGZ7|aq^BlwX@&B-+#2iC1)NPBU&wl@1!*S|C%
zzj9hS07f_}CcxeTIo1+Eh_%N!#CMsK)Rf|bb*dvqI<Zy8nqdcRBY=XAO^7u$@WN!W
znFvu92`w4M>-e-T7Inl52^QUeZku4m1@!^XfB?Vz$jfXmt#~@t41Ck;daHE)o>iBZ
z>~)=d>m-Z^Vamw75{Hp<q?WF3OMjhH{w)Xc5GO7B$R{na{qo!ZJJ6;L`7xJSp&u{F
z-d7F6QM4upn$$e0L@NzT;$x4!iBM?Q5O3DfNgmxwU^j9tg<NzN>^N%Xx7*n-jy8Yd
zHBhz28sN0y4h63(P&fT-_4x>5JS#)s*47NhjLDCKV5{&j1r@?X4-12Ed*nKFMW~(O
zB`7<9(<0uD_6$bBax{9S*9zRN7+`~F(7(o)!p2s%Ye8k0CH{I4ugWPTd`Q{dhSfRQ
zL!!?Dv#H|{-fO>n7qD=c{<W1gpg#mU>(0OabKzcl6vA8n;r@01cmY8B;m>L_Y^VOE
zqp0?LLmF?ZSG20PeUm4yPd68_7COfElTBi?(~Bn=KH&8RBR2y*UkMQ&Uy|7M0P3c;
z<Iw6_^CC~jY{lixpRg4)Y9I!Hqnd1AeB6sN7RWj+j{`R<<#(4}f#c`TI0swWd;+|H
zo%%8W)pp|eaw;E-jA%>gV8<0ac3kxu-ZZ}4faxELAQfX{_2?XeT31t0M(W~z#u|L!
z!}|du=4`)Br%~!AKKf9?z+Jeja2_K-T|3XjdMR%2$L)_klJ7i1sddhhd6nnAsmg?t
zF?4)Qm2=dyhf}nuNjK>6SPPFvG>{y_na%0>f?Co;ldVo86=zmU_&WQv=4}i$=&m{j
zT-^y$h;GaT$HEyxRvw}($-jyb$wavQJZCyaXhbBJXC$E-<|fxImIi2oPZ;*`OsP_(
z)wZ;ut^-sdjg%2PQpl<$W_RAd6b?0DA@Mv29WbUsF<z`QDU7zsNHi3_t_s*2#NxBs
zJ6<f8&Uh&u3R56mZrtD@e=Dx3uWJHSGv^d-m2C@Iej8gu;<fv41AT7D64UdHielrl
zSA`Z%6i&zKu1Z8#s{AFYC1&O&t?t#5Cxt=gqONvx6$s-Kb*gEM(aeLhQm;{;E8$X3
zoOUi_qBLr9Xy^0;SS(~M`gEFEYbzyn+Bl6ZeYk1P46=Kz{0lFj9MgHI|2@(LlVPnJ
zeTOg(YK=7OhO`!31_T^Z)>LPIFdR->ppa>8eHVL?c^BA|BnH-_?)MpXBSc-$vC5b3
z=eq@lm~0ldhPHIQ)}|);8f*r}_oj8k=y?>|f2(!YW0l>}*K2ECF6W-P)z^E?d$i|_
zm0f<vniA+$4BiqRJXQzGRqR|Wy5(b^ox@unSv|W6qgbsu8&fL>m{M5U*wfJx#&rkG
zq_G!duV#}wr!9fo=mlLlcA90c+j`Lfm+qm!7;`#AXbqZlXgy8hc`8&ytG);w*^{si
z9a*DIPtt1FlYqfxLQf)e87fk@3LV*dEg3SrFW9D7HN(=J>&9^J7oK*1@~W8N`(<gr
z(rzun177Ab^{|{Cyn)e}6Gcf(A5O2|eaD@6@O#=JmH&~SZ8)QLdyjDA<BgxkU;2(0
zB|BSIejm39UE|`y%2Ey+H`VB+HOX?1kaDR<kk`2Q5!aSEbMJz;ks)D-d^j8|7_04B
z9HAJ)i_iQ|?fR=eiz1VWMt=WB;-A#CEdghcPicF->WvLjb*%juM%;6p266Jq9e<M!
z+j{U!<~*ou5~!gw-d`tO!asS|CoMsQSQ|_q51otYK>7DBF|9_h^JaACuVMZ`C%xXc
z$|W=sVt>gZv|lQxYoy&*y4vCF?NQ|w?IwpdmLFqEuN5%XSed_TrcH>-qq!IjCb;s<
zB8NOlsxY)g=MpYfke(j-W_QOnvg`1yd)}&aFK5(iwC#JLa2wh61%C&6HSGFtt-E8I
zzt;wIWPGchgw2{4VT0>s=<qzDHzA@HJ&9L~p2VYVpB#Sq&#*7MTf5cS%R{0kt=yXF
zJr+~)J(?0TGiKe?^zff4wYu2eA_+KTOhsEqb=kJnzG{o8n|i>va1?B+BYO6-;zYxo
z{fZ!}<+3Sa*KMk<s=05QwfCzzz7OXP*NJbIEz@*Ffre^QfxUcrHA1nv`qxe)=lu*}
zZ9ob*mbjkIX$`(%+a!}g+m$v_DaJkg%A?gDurdcW{i@*N)*J8Ie@^=J7fSDEVIgvJ
zdN0}E8&wbYr>nY>+_uUX_5m+M>Lf)`yc(nLg>IY!AZCgr696CDe3Y|$aN3p&$Y0^V
zEle+NYRTeJ!{AmNfTkqv?cmX~;I3FW8UeM*dF`ytqRXk>dOB>^bfj7hn0|Md%S@aV
zui<!;;y^pt+iuV_8gZqC-KA+Z4h;#r=plPMuB$X&Pg_&JF3oaDwRd}XQAzi<^CD-S
z2P&@$65dW*L4zs&+M$qc5xvxoDlRSvNO56EN~#M}{<WeZ&0VWAWqg^Tg$Z=>y_8Yh
zGW7MP!}^&QdDfEibM}rB`j@?h_6Z#bZ$G6jfTi*btL*}74O#Tm7K_PoExILilUff`
zrkRplV~udx{STaK$==Qw4B~lTG$r6^+*lhBM-o(wg+z&hMlxB#Q{5zPS%<SJps*vt
z<bp|rA!{oK%3Ci?BZaad^vgNSy`}~K>$S`-=`B$~)DNUaB!SrD?sW`7U9+R!Vl)-h
z0n4lem0Pi;`xL&$pdSSX%hcBqZsF2VB=mHw6xS|ZP&U^th>qRpD1=<+ubg;JwYkG&
zI{5<rV?i)o$<5q5@U^<%s`U7Sxmk-iHo91MCuP;-C+LRF&a^sR7yK*KBTAQ2RA|LO
z{#w|WbNy8kEXG!3p%McqnuFT=h4ql&Enyv)XMk!>X+%0Ra5ZE9XC4z33a5i1aCp`G
zh~W4uX_XCUc(MQYWqTlrwrt@`c>C&yFrIA>|8VuwH$vTigIxJrc*`{}e~IF!?}XA{
zi<;Ig{NFFa^<UF1{Km=9)?>Iz)RnS^+{I{Q<L^OaamA@(D)W_J=#Q5bv((Oh11+)C
z4oj2K5>#uUO>;&HTWV@UtBuUt@^tbh5vMP55vv<Nd>h@r5j7$FCMsGoGVxg%ADgKn
z_CAy>_-g%>gEfN{xDXo>wS5~9v2;sL(<pIKy|DYHZbs``iD@z&13Y6r2tyD>N*g}$
z{+K&ELH8iuyb7fu?qEG#TVu;s;95fR5U6Ncve1@~Z29{9fQb}x^wrFCdkiNF`u+M<
z@;THi=HG%#d?!Uv{9*=6H;w%6wd6o_Bl8I5TVt;u2C@sRl%-OYSiEDG4%qbc@uLa6
zzmEs2#JM-<f16J?>xA=K^@VBdyWq!{dQ>fW!Y}(UzYE3_6S0y)VG%6u=EB+!7!_*T
z8N5E;aw4U;IF-i6<UBRfns~(i5+%Md`0GnrNzy%FSjK`pd0rF!96Dl78Z+<^(KWP)
zA*5a{ceXKrD~7Z5)grWgNZxKqTkSOo7U<r<sk{OF_3pXs{2Kz-%wRKh^Em8aIye3I
zb848nI%m3lSC?n68qUm|4*I4goZB1A{J{@*q7R|HiQE;3AG!Q~i95!dr2$X&kLl$x
z#BLgLJ93MQx$fNH{Rd4>@7&k{whvAo4ndtXl?=Pqu7A-M@<}gG9Y`CwoX3W0qjUlY
z!t{i&eSHmSn~RLmrH4~Kk>@qKiw8Gp&C^+1D_Z{5+jT}pt1I_EJLJVYDooq(NDKMQ
zkk%oP=3T43+9$P-U8^67%bMpJE&G<+nrFhM^P1<LmEN|^kCxv6?Q8F9-wi(9YF`U2
zHFhq)O_x9Ak|UeCSgXtu1Mes?b_0~^I~HFZrCPjoEY;@8MlCguRo7)|pty+%!x;%K
zRk>&F9_X0JS@zZQ8ehjNNOD>|<SHahZ&)sLo-&O>)-qfgH5{u|Q(CHxy@%`HRB@~o
z1@zpf`fh*f7FO2IFRWdjSUYtt87a3~@sgc{z1`x(7LAo!?Rm*et5=Pcz*_K<8^=nn
z7%7K3|1wf~%S`@8nG((QFG%L4HYI-=F;M0UKIQeg$m<tZ*KI9X_{P?L7rd}`zBlcz
zom=g^W9j}{cJYzs|MwMH?)?gd%P+##-*0RefAK?@tz{Qq>G%3oFKS-GY1(%2gKGZw
zXkLGKgFzS{AhXCnuym=fJxSve&r$@$elyOj{(ldiXB=BArnW_2u8{s?{j}1lrmbI7
zUAG!qQ@6U(`a7OnJ@RX{=DjhG|9F$QbmZ4=!Fy>M`+~_7jsMs<@_TO2_p2HEx^m>t
z-~RgW(do;lyD`_VxlE>cT~hzh)H{|3@M!)`g}>XYwHD_3?V7vStEK+GTddghtn4=Z
zzFu){`xg5ZuWH|4vG70PUemVuqV|#Yf1>I)=6{neHA#$pp~TvHwb1E?nxxvj*e29`
zTWaMywbU>37lo!&(1iBteP)T>utZPmeo2$?X3{Jff|kI!h;)Xxani?3t3NP<y|hy(
zuEG_rA}r1;53v}Wodp+3Jbj)Ftm2cgYqvBeLl(k$In-i|-im#8)Af5BUVK@BFq=f8
zC`&9Q#_sX>In7nU5r1nAqj}7Q$e}g*Im{RVhh(VEY~v1T8TiW)m1U8{W^_QS$*kAO
zN!Myl!;`U?vm5`N6VukMkm+(2;)`TMOv|=x0A1>g7meI^l~b&pg#x(2&~I81f5w!u
z<hQ2a4%!_q`DhhH*hfY}=F$@^RnfBd=CZo+lq$PbjBji?5A6)dPLoq$Y1!qUIL#hC
zUws45aN?4Sk!IHCKoa+U-JB2o{pi!p?d{<JI|=dqEnOwish~n#p8czUNOsDTKG;pE
z5l4}^C8s@0NHxK1E=A^yX6&WQNlH%XkchguF_EL)j<66DMHwxAtb=x{>i5E(;Wm3n
zWTguZ8(SnX(1+cwy|bMQr86oc%Hmw7uTR*5kmcvI(wmZ#K7HYf__5>iThl?MwYzRu
zzF$P*m9r9|BWb$?ZJPs#<G^Yxxp=LkqqEcdlYi-+uHN=_e;z*u4ByO)Co}Et$&v%0
zM4Xt!VY8j+maUznqP_Uk``F+~>wnZjKl}-7>y<C^wW2lkVh0&<4MCdAyax(#pMwRv
zEG}tJ(~l}!y;x@5x-1XseObcq^xQV}FS>ebYAqf8*7qGk=}>?aP7g?)Iuzdf>7w0e
zM05632aQTI<uv$d%=Rq@k?M1_#7OZ%$vRxa=;sonD?h3CR=OXqtF5}fC3tV8lhdIz
zsWg*IE8)%-xmHsS*-7E&$q#P&QpXFm+7>4Zdpw#B7+F|@tg>N77<-ecN*_=SEr|Y;
z<_`r&q5A64#C&_|e^Bn;(hYW-`#f16+pd{V(5<Z4Ab_si4$*pV{SU2lj+}msoK&Pm
zi?n94A%uKaa`d9xo%2n$BC-qhYE#cZK@xjYyNqLzULxii=BJC}k_U^}cAiMn5;-DD
zqBKiaqO-8#rjKOr%sod&Tr6MHh-W@mAh65iy}_R#Gv|++&mC$ftg+U2-@^402^-p5
z#6rxUey5RAjD-J}0_vofUC->i_on-e-Qcf&O6!=y^z;J)awafU3@65{mYMzAzNnRP
zvW{(GA_}1*3T_ZVYj^`B$!4k`xI=JMc`@@IQ>e^nT?AF5%&AsliY1n^toW%3T$X=O
zu%&<>4gc_V_$@sD&*`CmFURM>*t@$!pwY3;HTZ6_8fLVZ(C8J^DX@Q4*xRmOVI|$N
z1zBouH{H*)N%v>E`><a6FO9WOE@!}XxyV?g84WCCl-R*bOJRU@mARNy$6UwiJ`f<e
zHwJ%Na-bnWv&6iWH-kT>ighV+UvB%_MfY|+n_JC&y9H)59h;%~h_SbqujFZaxwl@K
zLzp(*ZTYwxZq(u>xp|)*SzNEw$QvpcPpXGJ$pK}XV87W~1{8&pb4YH?e=t3`|H1Sq
zeoQuEO2q(isA!$JOoN>`eExhw<J-tsJXtpLsl@Skcf5vMx*GPJ6zSOtzw*)8T2M@<
zhf_q5WB9t#B@>xiDNIIK03!S=z&m465C1rAWz2U*MeC6tIm~^5B*Az=01@ik6n40~
z!y3rhDnb3FI)Rw-6;xSWgm`C6jv8S-Z!3_)Mt_(J4&Y;|Vx1bHe&`eT|N5F6`bFo(
z_4+e@*5Uj4KdvEu9__{V@qBN5-G3Y%{UZ7LJU^bUpGM$6U(aqu6L$~v`SE?{==>};
zChqUk`=B#yjvDuc;7xxQ3Vxz4H<rDGE!@T2KOVPqJB@P;8#5aW|52TohW%2Vpb-Td
zDb7CHO<S(Fz0hfKI#E9VLv9&QmB<&A7R185Pu3|b?z}aZL&kICJ@T1`@s>8Ur?lDe
z(@Y!0<^k!+oWEVL)#U?JzSAuvbil52K#YI$2#;=d2XTYObnI+NBT3dwROlJ_i-W_j
zM6}4!=80Mv>gC_bClHuJ26+HPM|WOu;xVh9%dFA_IRcQ>;hFn^sqHrBESgf*acaax
zw3m6SNN1Q)F$pReE%NV=YmO?Uysnv3P0CO|3t;IEQhyF>PcTDp#E6VYjqVmcgZgyM
zjfdgxv(U67iPRy`kcHy-In$!D2vDZ8!PjO>06{|XCx|7r8PGzyUw$hKDiKi{oQ1rj
zrzqQ>ZWY-#J9xQA1i(MlcP+RBmv0cd9|-M1p*0GEmyCqfL|V5`7i1ctP^y7Kvu+?c
zH0H?Pj2V(SQIj^4#$+t{4o$F&E;)>Icg(bq#fYc18{B<RZjM-`>ha!jJR+ej)N3tB
z{&P;+ZFwiHR@}xN?1o{*`nY{N4G&<FBwZ>yvsrIc{fwJ=YIDq5rYw2=8n*F=wyFv-
z)fY~SNJriiG4il0WHz%%)D+1nzi5F+SlZmWuyGs%Oy^xLW^c+|a2AdsBP2=VSEh8y
zK_^ipzp-)7DWr~i04yRh_AIL*8aoYb4jy?ifaFfPq+=~I9xF>;IN}s(g7`lYNJ#?*
zww1@Z0hjwM9p%uh1nM@k4}cvxI+DJzR2o}(v(|L%S8;cco}m41Sr%NNPg|jZFw<^p
z;ey}3b1Sv3%QxglZ47xGV?1(E<kuuVgGHh#S1CO?VhCkwg{jMMWwf2<&Yc4>{h$Lz
zc^Yi>T)rnJ3y+Iji!=`4Uney(RKCTQH;VYII`f@w!H5;=X(TjcJhGb8m1Yw`^O0dB
z?_s)BlbAFCLyFmoh~zZn$dkzQ_^(kT(oH-kKrl)eJwRj(|I|??cv>Sbb*Nub$-x<~
zaV5xDFEruq2#-X>+@ny0{(<N#OmZVlut@JOd%~dk`Aqr4Nk`#kc~&Ivsp$`Z<Gt%d
z{4T>AD}d{#M#Rxp<|7Ke%~1lZYe;dfd<##!OySnF-O2Yb;jZ^3u4N<!LF<{awPZL9
zLf9qIW4qLx2^r@ABh3z+?19LR#K6zdC|NnVcsP0V8anZ@I;afCBgEPKJA7bAmS{Bl
zr{RwP55l%Urbq7fx)E+>Y~`K;C?s9vaG`Mhto%y;4eDWuhx6mZK`bpWcBCIF3?api
z*RXJD^vg^ZqBjx*5zeE2WRUV4a%lpPlQzyr#0a$LKfCw*R&Z>FiD8R90aXCK(HDwo
z<TNE?7Dwh8_U9)Uy~3wSk0YQzXY&f-xj)o}5n+H?*@hAO&vY&m{!Cq8Kds5o-?J~-
z2OOb@$V)P%$(!WeL@&&gJm>&6qSC#fSF)T(sPP~xFbc9AE$R9mPhBFu;cI5B;Vd~e
zQZTBhDEwA2VSe^AFgB_B8?vxPr5|9#+%)O%SH|x-BF{pVno5~Hn+C0oqSlHB;Q&T<
zJ+9@L_Im<#w*2#=x^w-9);|0E&(R<Uid50J&{ooEn*RyavVH&vdk`*5QT_9AUW2Sr
zwA+H1cKt-;C?@`|g|2&dRTYvVA!xkC;Lm`Ol8Ms#t3CoYQPnzv5oAcKMTV+eN1-|`
z>2}lp2J1A`*;_Nfp7uuFi733D-A~SCm8(v?-Rmq~AnOdc@ZM|Wd~Q>LO7)5eHEk@`
zYzmPQh!t}GCCbzpp?C#wgURAp&Y_mUxA59kcw7hkP6yNbjuTOo%k%>kDC-(E%RavQ
z3I+tYLoFV;mja{daVh4dy#MDB{x`;QlV>PXkaWV-QuR{bjt>X$GRzNLTTT;zXCa_X
z_s8mP|G1eYbZ7#O+GDMu5LPUK$;_pgtMmMe$KVj%?|XjaW06f|NOPTMwx9ktm1yRO
zs6tT7QlJhdZ_N>|nZ%eqzMWn)1_M#SvUelxtxA(bbW_E>V?aN980JI24>BH^jc~4S
z#`y&gc$zWrbYDIP6t6J8g6tJ`g?)R3@t2}2aY2_nIhK8khrOImD17XCgH^6SVREHw
zi^>{p&~pOYyy_>~HBtdFnLF(*${UW_Ql_}eJ8Nv;rywidbFje+W(t$!4l0t9B|@B<
zoRz@WKBO*-99{=c4Kqt2FMz)WA**~Ej9Ogt?@Q%}6hC3p$^kd}gA!)3P|3Uaj5=Vh
zo?iTCGPpNjhw4^PfDNeeH1jR!F)j4?oOTwp2gTGzY#JVr0eCncT+2XieB(|df8VKV
zJaiaoI8PW)PcO|EdgFoS*fE-_2=iGrl1wG?-8MQV7Vm)<rPC=gd%{UfX+2jkRQXUh
z67nnI5+WC&wK~fF>K5sJjfo<ydWtfuu>wV$@3Gba!&<`M%hiSL;iVk07!#Va#qHhD
z`QHu)Cevj)6m9T+$qw4k3lKV~7)#gk*7yMPy-$Du>+b*ot~Kxg>&w3iA3%ZXB`|=*
zug{Fn7ocDG*P*ebiw{uW`WxD^3J$=t{TrrV=iBt_u<`{Ei2k+N*!+eD|Atny@BtY7
zGyXN>0|fjxl{r~Yz;5YxhB+Mpzr7_LLPhBl@T|OF?$o^;A!_Xa_YCo6L|u9mJ^2C_
zUZGDTP^Zhp$2MO4;!dCSJm_t=H~4Uo98=^^W#f(Y-)B5At)J+bxtZPBksEdRvAG^R
zH&^hEl`h6B^CLNby4uIH1F^k$=r73aGeNj&gFv!j8XSk~4T_pA&DmucGCXjO&%54V
zFoCF*To{vi%G{I%qpFpJM|A=E>}SFljXC4ztPSJ-+VuH$j=ri0qA}jd{X~-DC48}y
z97Mr1s^>;;Q<l+B_|M%o4ZosimU*H3#M*7$oRvEy>J8O_5nXZzzNgaF?6_%Huf`{8
zMp^LC_>HXh3yK=h6vlgFuI~7?;ju8+ddSt(?Z3v}2Gr49(%Le;j>99ZB$`51Nr(0F
zK7ew*?1u9jUNJfkIG+*>YSR(QwI(B;C=)NEIHYg$obh`}sZ_HLMEvU(#+d009T{;;
zAD;Iad!F!~W-x5*0<EDOVCcF~Y#ipHK@trutB8x!nJ){9^Q?RIF&@>1fRAx*mul1X
zv}o^p#B5-p)<KV)zM1MRL!T;y8rm>(&`H$+L(TYblech4UaUA&G#yluay~2-(a*~r
zJ_LmoLXIkFgJoqkk4+<nWoFor3zKeGxBxGP*GglFxxA?-P!6iWptK<1w85a%PvBHM
zcqJgX!)ujicm*gD5dRj^{<FoAy~TmG#aQecQV2`-?^N1%wbpZWNJy@Wis@^L^$P8R
z1$r^?!=THb_#S(IJ7V^SpRaGIlqT1tMz8e=Qdh^)UhOCnZ&m9l8p+EZ+FLXD96-q&
zvjE6|!r_#kSNp<y3>ZmG;24RiUBN20G?Bv%i^rp-9TfEPlK$vw4IG*G3B6b7zx8yZ
zldEAUGxf9vWvZ&kH|IW5YI(q~L7KuO2Io!Q?(=Fjo@7xj(d3`JeWE@^5W-z49m>1V
zC_AGMSq4%oU)>%zonJ~aRR%n14^7zp*F1Qw0bB5L7e%(9>}mHZ$gj})){s2`n6J{Y
znsGKJFX>KYkPeNlXa@@h)-b1t*jKWb5SM&yM)bFq(purUP=7=kyhgv+N;y!L2}0|d
z^ORoM66E^uDL*Nr5(PJ-)_}}Snr$72e%nb}h{rA;XaW)s7gX_%ZXd5_EQ>ZUoc>Yc
zOUwZ7%}aC}gxdsL5C3OrvLog2ffSv^IMb8e`9rWJHE4uEXh({W=u*`t(pS|v2jH=V
zr4`S7KvaBW6lm6d*W$z2Stx4Q6}b^ZT@)id*}Vg5uB^epCY;>$`}0frLy)nOnwgmf
zg4T^@XC_(a3$n@kx22r)pv4O)Yw<e9tVzMGm^3kBO)<(rnyLx-5xLvXJW7?M`sxN*
zf;gjo(-a}|2xpM2cmMJ5qK$p*hr@g6NoCG~4Z4Y!F(i<Gpo?S3If$VO^Gn^<_qxk3
zqz5*bg%}j;3(Bp#`AceUNB}K*lr#{iTKW*S^RD(iG;vdqAS-d!P`UhewwA!J1c^)%
zjbOU~9b+y;ITQ0Z{5*qp8XxxTJm!_ULIos`jJk+ZV4&$N{I1U&;;dtyDF+<bY)WD`
z&KOfOAuifr3PUjf;c9(EJ8ug&6dYn3{FF6W%0RS?MVJ&(If&{{BPP{7kf}~YCljD8
zr&{}^MqRr=sj++3!MXU06)#xHLEr&@WeRJeIDOvFOaAwwB8O}p=k5IpfC>~4V8hn&
z&3n-eAVy$`jTXuHb)@TAHYiEDK-{u^7Wld)&9jm-edV=;3!hUPfgCl!OO-l<3`QE}
z_$$rxg7c%hOZYe3`;@*hm;8uVsbvN;-O3xqn}XkBxAaS)yOJYInVJQudlW=ibcJpU
zdCR@mw%4G1B-#-!;aM`9o{jM`gs|^iX(z)Uvq~;2W+zCSj*;raQP1kiiprn}C%AeJ
zVEFun3h2%qZWL(Dzrs@aT(6|u;1mgJ{Y&(g#YK2QHW;k6dd7I&`1uGV@Uc9Xw#xz!
zS@I?sBWM@lo411?5HaX*;8>#2k~l?3I`=W+sUmGaXzO8ZBCy2Vvg<YsxZcQL@#V$7
zyvP*>KCVcYl(4GP=4<4|=GeOr8kg&W+EwRP;OjPpPo&m`Xaj{LpRk%PDCtURuKSg&
zj!|Zbq&G?J3J5t%b9hDPcl&;9zDB6heB>R9Iy!wJC#dCGqj*3VUCo36_q%K$3~+!k
z!T?9*y&V5j1+jrJxc_q%{+~-8#g!3+!OiM71fkzU|JQqK`#*iX1{N?T|Md`||J4Ay
zVCkiWFaYt_a=C@j4`B;o@X5Px6Amyc|C`DY!hq%1f&+vBPU$22n;|~|<r`&W{C^&p
zO@#jT<uHKJI^~8alhh!IcYCHo&>1wyj2USnPg<rK+5%z~L3zEXcpn~oLX-<84Fv=w
z)cdqdRNmR3#bXWj@MzjF_>jahKX{avwyepIRxou{!J~v12;Da%O^5Om=@iu`J}Sux
zQ4}WHg&R;VU6_sRRr7HAnF715<^oOCk-=_%S&6zm(+fJ)66aT+Mwrfms?u;B2Uknd
zR`T#2cuD?K=@~~iU-mZm*EU`Xy~RJ+)@<Fb$r|s-dTK31v|@I%FtO;To8nE~wg+3x
zvt%w-r5nXa%siyvers@95e>z1M`O+xfBIR#Y!YU9<qSw5cI*gD0=}LucU~~4tkx$A
zKa$@b{H9g&4MBxC0MJ$ugkT7+Hh*iDh1)C4+AD?6Eo6xX@7fs{cNu5%mq3R|XK?QE
z&_U;7iWmtsR)PvB)kq9G&7!<^O*N@`=*9`T*d48MP@!eFk|@qT8%$PnGsS{cR-tqq
zYRM4d7<^qhqn$&M%Z7!Lry|bOvy8NO#e2>x+fz_vr1W{DjD;8rD+x)GnHO!ONB#}5
zvP0fWK4y5uAkIA*(@SW?B}=uN2<Vaa0?y;9#i9h9WuRpN6o>1`?jl%QOEu4y3J4S(
z;PX~J{-Sr@!EOp)SDv7Ug%gg7OLUow&%>P237Dli#}~qmT$&sk7upA<5C`;%{BOP=
zuE&CVZr$AZdH7$q>h^BFogjW*k9OU?@ps_&ZmzFy{9X^PFE1B1>RfJ*z}3>(Ps`)G
z@W(gmaJe_OK5nujB>A#r*>WX&0XHG*<FnjTU*TvN+K*Y4$xas~;`9I*UuR<9yYV#-
zg)M!Ci`2p|SFDDfE>>*_#wJ0V$Y$kr84?Rx^5wG-D@D3Xq!MvR)N#T>=r$l|kOK(J
zVM1qu2}Vbo5f~9`%|y19Ak|2x5ooJ}QbH)(r@`es0iEX!na`#vl8@<#N!pg)Cpl%h
zA=y_mQpI}G4+PY<Qf3Vx%4qQyhR7otb7n2|j)<mr4wXV&cn1Zrsqc+M--=?wDh;1|
z%pv(K@JmK*@2=Y0N1!)2O-HEd2;AH(F@{6`X@xrZY+bCbz_r+YYyv8(xvwXF2hToO
zp>ORkvHZ0mS;`~Pq^;1(aVQ(t71t2N%G7NMw?fRy20KiR+|iSY;W%<l6n+TH3LLAy
zl+2fBk<EN%;ZR_xrI8Pvi$tKy(_=p3q=Qf%U>DmrhU<H5AEggHksT@>7aaK)Mv2>T
z9jKqk-9kBpuJb3cz*#GSk~0~TF2K-k2*u53Ze0K@2wh2E_G{Hb%=oj_pe@sAlAuFB
zMRf>{IJR1YKN1z~eLPos-Jyc<EOe$sfhH?+9zz%~gYeZpX8XHrEY(73zcOBZ0mmLQ
z5$QJld-z!pDlm%xhNkg;65La$*kl#m+X1pc#IKp>@X~)1xc++L{=BU^zs`@F&)3@z
z@u=i93S)tEe<71y=5puJFI|`pe&8F}QIzJa4UyaGwSvz-sH^CRN#}r()*=Th!OxUn
zLyUn;!obrn1zIoD)<Gj4#n^1i5+CdpXhv>RSRT}@%5x3t0*O_bg^tX|Iy}d0XV^18
zhGEQ8?qPLT^l613?qL`f_jO_6d}rnDM<knQYq+gqk*KvbMI40Cm)<L9yHpm3H3#<{
z$f^I8-H&?zWh$$M*`9r<IO$CB%KrG?>DmuS6cjq>Q9PrlodT_Jx~g4rEhWQ}<@gO*
zXS{r(U0KhZR;A~JReEGjd?6Sg<|M??bOndkRsxFJBP>Rc0)pMTCtDHz$@Pvy`R}a5
z@tHwCUkk}pRH|<dHu6Hq7zQfn0H?(<sv0x0ilULHu+zWjc2b3n*H}STx23+-u2Y;o
z0-o$UL<hPt&6!r2g2V!>oIc}`!zAaY$#Rt~u!e6F)M_>?fMXY!C9VKruvR1z@8~ls
zFX}$JG9oKC8hvOzaR{_8kni92l>JB6(GF%(Gz6|ER=klQtPkSR2=E<1MaU}5l100T
zZ61LRgdN;O(PA2ng&e@K-~TeIH=<0znlMhBTtSTA7{dm^qQy5R1)zK$QwcC9Afu-W
zTUeoX@IG<Q--DQEVp;_^&S=Up)!@h$%8dJ6G>U=2hG^@Hv_=K-XUPp98A<MidC5Zg
zFtkv}{JGRdzs03_NFk{GVNt|GCbZU>%NPxjILQ~w>xYrPJp7{aigkH^cs=OJGtd&O
z!D0HP!!jY;?LBZHUbc7DhC>ZoKO!7SE^SU%B{}~+lVcNO|J}WI>0qDp_^nm6iN5`A
zSM0@(+R3Wjnx0HBkwlqo7)-<Of``%Z^!<S9Xe6<xsJ@kf*j$x~Q8#Cxn%ph~c+0p8
z*xmq3?zcFj7253+=LA#>g#}Boh(u}1NvB>~q(X_Tc0y3`#Ht-#Vys6qkt>2?q)~ju
z{_^G37blu0q`J!(PAzwgutbJjie6q)Oz%EV20KeacW_y^54*X8-hqDAde;jeENnqH
zNO)s<DT+(-oqy1?Sg7nlCvfwL^iDLuNh6u^(2NDipU=2lxg~5VW+MPM{?LvcVu+Xd
z7~)tQnmJ=3?^re7&vh!?{lVm^??+45*X7oO0iqF+KWDT-*I$YrX4VlvY|w}j>;cA3
z8v_GLTSx_j1nh%03Sn43&-u!~&jESGjF61T>2HDj3e(dKgQ9iksF&Ksl6FK<23!0s
zq0Y$Mr5$vdEHe<@6%RteXoS?<buw0Y!EI->gSzQ#kL-*nT=oozVP}K~Nj=}dc88j?
zkt>XLUn4YvZ3+z(5;JJg`QWKDWFgGzxf?dmfnrZNVKW!7{>k+nsDf-5yThZ}1ns^x
zb!l|+H##?vMn74kpqX9wy|Xlr&R6Oa^fz&Ue$0YHII{MV<qE1f!Hsd^CFgm14qb1Y
z{Y=JOsdUIZMUHB$gn2U4L5YOxbB${1qUj~Lt#aBhk&Gj04o}^smrbQ@p6;@2Fw~Or
zA$lxA85vPURc3~MI$f*V)5C2O2alW(qe6P+9`uwf1&L<Boa4CF(^_xdkxx_LOK_oz
zze44i-)ab_pys(jw_%r&v=)}tAej7wI*75|k%AW1-T_jsR8pQ$+dWr>ije(o(78AJ
ziYl72qFtlbY)fy@4dQCbjRF_LnT@zoz9*<04#7n`87Ao`LXZu<6|D}QvjSg)+pN1O
z5x>Dh59MR9IRXO`QBclWIqN1*hMW*^fIG`g()2}#Y74}l8quS;ff`7Al$)c(Ar_(9
zU^2b@=|=AYJevmJxxVy;?{bweFMadX7{GWYYreJ;6<U@o!8$7yDlD%$n~5(|yVKfm
zd}_KhNt*F&n8%vG1MAVO=n}tFta(2Fr+L$6N)-JWBwN~bkJO+(z!6Aw!3a#8m#wqQ
zm+R2rkU3_|MAs5+$84wiL4ev$JDf>evy3_$psp5*=B;%k9s}6}l4|~v{fX4;Q6sC|
z8~+X8o<*;5se~Q>xz<JJUh&=83%jBpeo<HUD~6tz6MuxC)(YP*6~0=Wv8(#vR`j`B
z{(r;YP~0trFV~81tk(Z?82`rA`u(QD;(Q`kbGNGazSvYR2L8?G4=)-Oc2Spa@xPqa
zmj9RfccuBCMotpSFUsgt@y(^;54-uBvGR9DpWFx)R$S&%oMhJ$#c5uQBib9@@dd_O
zG9;qInSl~D1XDi#dPjN}7Rn#wtO{QVMf0P)8_eM{gg}_}APEVp(fN%obzMq2+CW_z
z6CAUjIM-0dN8T>ifyifwrXXo-DFE)Q83yCwN^_OK850=@;clYQkv&I`7!uQ^Ac8+A
zvu5F5eABtw!TW7}iBbqUS^tnrhL>R?9LU;JD*ix=QtxT1e`N>^D~r$Kdq)gRy{1V-
zmYXbZs3*7;#rgr;f&Kxig>5Jh?Ac@UVD=f2X5NT1=8E5{DUd?s;F7R_s+~U}L9orR
z7(=`|4JEcnn{Wc|!$D?2OOcrm0RlpCNd6$3!({8MNzqz6o}SROi_|s0OV%w$Vx4kG
z*ugOh{R<)sm}^NI_v7{5)>m{d)W=6qN?Gf05GDd@sO-xo(571_Ma{Qt&xsPqoPBpF
z&weC<1{Qy(D0eD8aDb2E)0y~AWKB0Tdb!cA6J#-JA1lx)bt0IcHd5UQ&_w5TLcC@z
znFfq<q?)q-9xS*B*Q~QWOyIXO+zzYQz{Z$Q!XPB?5gKh2)0A!f9VUOm?M4QIe(j2?
zL6tIN<z_6U^p-;4W2JjdS4*HFKX$MqCDRBMDWO^EDr!59YpVhf7Lj*i7NKC9vdaZ6
zytc-leIX{5WYlPXnC3HkgzItdMq?ixDZdrxz;q_6o21NCZrM_;z2|OaEl3)Y7Ym)|
z3d=idiw^j1)^Q=yh8rP-y3>`0ARi*7qspj84{?g}x@r@ki=_i8p@3*xCdF8vCD;W`
zd80kx$D-RFT(iGta1hU=UlT(3zE0Q2E~*n$#Tcj@2<|-OdVjQ_QKM_}g3b`f{8|(R
zAzA9zu?t+9m9!W;W8SodV9m(`abEsUohU#wav@%qP%sQrpz1w#^%4JmI}WsaZW-Q#
z#E`q8)t?L8ch5#EJMdyp#93i!EA5R;rUiW~#>El9zs1^yc_MAn+=3**p~lF~qETBE
zwlZ=MF4#@)#wN!<ix;(faA|zf`K#5<bDN<jSdDo9b~HqHLq4%vvW595@xy96{^n7~
zQ5u2R{vOD1z#0t_ADla?EwV>fYaY~m7`-(9;-ym+##shs6@DUm2z@U9*&6Dfo|i0r
zlAiLAF554Z1i(a_<!5!%ItvPa*>pTye+Q~cLSfGxJq3DLG^37?DOkMjLC6x5!-V%c
zM`qK>*Z}o1*5T#h@;KM`8Rj}m&t2x#ZJCl3v2N$2sf&t=+BQFzudA9t1Gsvw`Q(Ry
znTH(VOb(hRDs=aQx(U%jhgxJk2WnPo5G5!e)KM^j0GSA43G0fz>o%T#V64wPS!x}1
z1<9aXx(TlHL#H`#`~6XHXy|0M`b>YditTCqrm-l^rPs0yv(D0^@ETf$#l|UIdGkK1
zRJS%c;81N*QiOzA6PdX4&~7u4&yGb#w%xwgR^6L8cQ!>7rPHOJ8i|Pnce9=iMYMlM
zvW*y03_)MLaVnE1kk{8DsUgK}1<H)Kr(FmYt$mrPjRi}$T<f9uR9beFblm>DqLRdD
z6Qwc(Neo2drW{=z{`qEnf&#>tMz-u|DVq9d$iu>qk&85>L6Ab89F*n64By+hde^?5
zIumi>4dQ?YJz(*#*xwopULDn4>T-9@Tb1?#gRKL}o9@7}+*MV<*bmyP=7|UpRn4wP
zRKuExCkBx_$6a1z+aF^zkq4vQ5?6T+J@3$d*`xS1(rn-6Vp17MDYbZ1-3!!Z2hgtq
z7de3AdpaU@UKgB_D)v_}<&FS@13efG-DM`C3M<N3aX&9d)7NUvh?#T(ZSuAI2`BHR
zT+bqsCiNVtUKRe0ZV&95B1}wYY+j*~2=pNgk^!P@SMI3qoPn4yCq1J{nUK*KX;%Pv
z;ej_<UEWn~gK#EMBm7w7X0I<H{ovW<6y^<B4n*2WMAKvX^B&0Mzk`BWRwt5*(xSuE
zR3%=|ckZ%5{_QoRe>#!f?vPcPvj<$w`@YD(ns7b99RuCyIEZm!mZXKs{DpbodtU~c
zw237R=ZEjYAv$|nE1jNTaI(`x2z4CTSbJu&Y+A@Bawd+aYBaha;?4&Sg1TLz_WEkz
zXS$eYvYDpYFc+~W?eMx)8d$tqnS`ogLIw2|%=+8kaYu~xsMA9v!OZX`zvprY+h?fq
zZh2^U{xBbo`x>jbsbO^(KnY_VE9dPX1VZsng-aF--n1;9y7l|Hw1p;FiAfPT9H4%P
z^B1r`>)s28*0Uz}E}XKRyb*H!LaLGIbw+I_0pMK3P07U#M*cBuH>HW-yejBo@00P;
zF_0g5ah2M5S>VxmAO(8?>cw{FCWhNiXA)>+8nj29eHb7V8~T&Z$+{nfHjr{eEi{E?
zft=?M(%G<K=A2aoTYAs%4Yg(KGA}t=&=WkKY7ewddHn&M(c;NruRZd{q|d}@3L}xj
z3XTn-NNzj?iXLGi5cww|%j7kbrp9;ZImYyCEnzCx!q6S3wW>s0Z#kN{CA@5@lQ|=y
zhwjz5gati~vVb$v35b45*a&ir{QVx01qyKXxCGu8sB^c2RIPO&;lJW;U0>B&f@DLP
zxg^tJM_%7zJx)8+!g87o2OQr%laYlu<DF{5Ha&R6rD_$mq*k9{hZ5&VQ|1b}u0Vas
zHnH4g#j#eq{TL@gZZDtfzbZhVE#qCAp}l6e$6s3wm}{N8$m@%HHeWALJ+6gZpP!`M
zPFek^4eKP9Fh-ee$hLCqIceRKV&5BR37xct`8P^`F=rqY+s8O|l8z8FB{~(ecKcxn
zm+AIRS_FQA(Cb<DuH2jvpjpa+R~LH@fSRTvDEpD-${E-oTV$lQnwp4;-EH%W%lh|(
z@(<hssJiT~Yy4B>WDCx2dsFn~RKED_EPZWw^a~38F1kA<M7I5dkO!rAuF#^1jZC!t
z9v8q}%*>uKZG=jYgojv5$pTGH6XYECs;zig^WFp-LO{=*B)VWykgGV>S(^QYdETd+
zpO>4X@At*$mD5pu{5eXvF91H{6>HT|7^-^EG-aJ>!`(#mntq!qgqaB><}@0g?Bgb3
z+WHUIC?4znDn20h)oLEl+UmG<JWb?ADye>kdQkdA`spNv+^kaeAd_N0o4d_($j}{R
zeWQX8o*XrY;JEs<UYS`xE8lxt`+Fb_ouo-x_DL)#aGeOoPC}?-NpAa%F>>eQ#JRU{
z5kWz14N2@uH9(~Rz4hgUJ-@l$;hkj*4ZS6BQIpJF$Laa;^EgmBTyvU}!6)|v#6GmR
zf54A)*347ak~{r^W1e<}2kk@&9Snyy9+A$%i-<%;th=ygZ@g8Of7^BN*=*U)%U#`{
z+oM)Vjf7_FZzN)5Z%FhZQtie%p9iv$HDHmR2g<#K44RP&d86Y}9VOCQxIcU)9+F2@
z!9bDErt^^71qXl0f(FPzr}T+5)lt!<-jzZWa6J0HivKu>Jum#c>!W$dK)o5B-SX#r
zeg3%leeK=Z-vtCQGJgs@mJHDMd&tol@ZA-oqQ*DHtjTQf3mm^5{Qj@;J@BjX=zmjo
zMi}RxRUZiT{35Hy)Kw?UN@C_V;{V)zNGS(ID?VwGVu-Yt-y8E;o&ou=`6H4FzHdAo
zv>~_s+1-NmHh$UENw3KAk!2<dUt+|{-@HG^nVHG7^UPkvtlitCPrT-0pQ@gl^}~kW
zPzrdF1}PN3xm_$_XY{1EAx(Up>agbGoUZcPbMw$hN{SBsS>SGgD>(#`C%l+|G4DO~
zXVSNkwRqYZeNR{sn#vj(<fXd@wf(5q>#Mvk4U@G#leNuhAejD;P8mjS?zJjTf9Z*_
zpaHPSTRy^p#!PowY1Z3j`{nobREbHphV;~sy-bd6*%3Z0T7x=;>#<)PDOnVW^!;n;
zr0xiLACZPSEG=hNH4yxHs40Yxsul(DjP&LFl5WqBcjepG^>Oevu;=&X_L46AI)?w!
zyY+GI_v&VE@BT6bZ?CT(KkHZOjn7}-+0DrByZt3F>vz3AvAgTOM<Vl#SWTC4+S<qe
z;}Ecy-aE(gAB?KiXJg4UZ1{u^GEp!|2B8JhIqNU?J4$vpDL0a5=@oR#_#0HBq;}xo
z2LQyy(EJPY7^tjw-i*&947l`x0p-<pFP-#3Y6nPgCc{m2{L?Fm3?U!D=id-#WVYKI
zh%4}42$gF_Xk)fMH<*U2Fq-Vl9$3EV<M%HGI3TX@fuBcvL2%p=D<HqvOe?4Ugbw`}
zdH$Rb2P1(V;M7Ml;Os62O^r&uO}cdZ5lBv)5tEz%lrs(K98B6ec)UQ7Y!@hld8j>r
zSwdn?{mn|}UbaMLK@pSLdCZJ1*w;3w*l!z&m`Bb8fp<KOJ~sdeAWllTgjORmgr1iV
zm(ofU#0BmG;*k^7jrx0~mXj`8js<0q`rg5{BM3ct@$=2F{!|*9QYbBWNKM!Uv0HWi
z0V>rBDHJC>@%~DX%=s=8GRJAGCdwH|WfvjYZFy1&QKAF$DB_?d%x<*j8T)=Zx#E}$
z$Ek7Q;`-;4PPIdP4ZAb8`fWK|W11JL8HdNNqc&`{U4jS`YRmR%1;x@Q;#&*kc@Gd{
z*RH5Ubzm>N714%JAcT5DRb3P|v);?z9^-z3_(FwwzD@#XqUVLT<Dlw9MJc5y+l(88
z+=6ti`!py@9?;O{iMUZw>kP8X)3BD-@8$<^^i`jF&dvMOPNa&{*pJ#FGT`T&<I$(9
z?N?m(YR#{*hf5WmD(X;UE1$9{P-6Cs-E0_i&<R9Z=_KVp5)Jh$c@A4KK#aE}ZJ=Ec
zS%zuoA_9p?6zSJdfurft)3ob@p?pU)M?`I@>$a~9GTb*_m(Or`i~k)N7`$syasZ@a
zkW^(Bh05Mc+bfJtRRvHZGHSf<SWzu{Zt~CnOAr@q;CdAec~2y&O5#p>s_5}{6K^ay
ztlynIPZ}DppoZEL0ShYW`YamM9$MWacQp!gb7i@bQ4qvrWPC*Uv68lKmRwsWQg?Fe
zR7eb&XkU1;0Xc)ZzQMV^s=<idA_W&{n9MSj&{9i4PBY<t<14DtZVfsq^K6rZ2cm8Z
z?E8>#Dgl|TRE<4odl!~kW_uaCnH|gZ6;Wvox8vMWtQY;Id9zL>1RXyL)4Rip>d6Ye
zw{&MA7wuLfV+2rhB%Czl?kb){jW|Sp+*TPUUdQT&<{}qo4uWQ7eq|Zm80d@KN0^_!
z(mw=`Ydi_7N#|ye1JM80YfdWUe7MZ;y0Ccj^Y{1V_1dYbfSU_dYB*(priNKuw~1aD
zNmmn(A3Rw_HTqGpbbVy5D+Hp&Lx*;W&TQEzA)v_nJCJWlRu+HZ9pp?z;s6s=e2~>+
z!H3azMwqj#bdNN1Wt8+Xy28v3;t4@=Q^X2d8Ssz9#rmv8RIb@cafXk*#ViQ`2*dP1
zESz-Q;*W$emW_kS%0bx^AZsDsJocl+9kvPYm>ak3ykJbJv97xy*CY({tVI~~yM0pj
z<Rw@wl#y^4DJQ@hJM**z7~y=D9_rcMY!I;$Gd1(v^2F2dKAFf?xb4U@uASF|+gLaR
zd(D|&Ns+Mv4P43B$TI2+z<SA)7=W2v1dLWJw31Hsfr!+wW)T};_w4cQ?gg{<J%)3X
zb)>^rufbQI!q>OXMtdZPkt^r_!`eNDSGKMDqK|FcsIX#GY$p{}?23(wZB=aBwr$(C
zZB*{4nse^8_S)y%=bq=>4;j7n-dcM{K91h|ul*ZEPDm1(SpdY2o?yAp7|;aswlLyY
z0a*K#!TbGZujgBx7}tjYv_UYvz=_Du5nipXULX<#J6!JHgL(WJDXOl2iMfH3o|c#A
z4-@H$SevWc=Z`5oaMwAXhIRDgW;`I_0m)bk&BlQfD<ksUN_u%=W5uubpj8L5sL1}v
z|H?Rq@^jcfOf{4Mm59i?V?E)4T4F$LL&d3ushuM%b=wV^-CJ(WpZ{ZK726A1S{#j=
z(CfXjk0$QsE^mXlb;nYZG+tSSyY<+xCd4SU@MXbpVB6M%i3xQo&+hu71^Nc;&UDx8
zWurxyVRRb4Siheqam5&Lqpv}0XTz&2GFX>o2K=BbK(rBOi+ZCsqivtsK2;=N4P6Yv
zj@!gt#>CQHH)UO0zVyAiUTy!KH=FbpmPzBBrMa=4ky@n0Ysx)->iGGHfp@_YDT=FJ
z3@NHymsZpELV({>8u-~%${t#$1gu$sTM+1Mdx~9XeRqQWH(BDlYB^+OT%IEh<R(aW
z`vA9gS&*R(l*-qh;?xr!A-!5#jAwN1xmAEg@xv_wBPKta@QnQ?_&J2(Rw{>S*B>t9
z)2Hv2jo(pBJE3YaU}=qoPXc1NO7gIcz<i3W2=Ar1(K$$qNPO+yT^FVI-x9JJlNBh|
zIs0UK@aeLUi|#_AS~nMffu`Ewfq-TqfVx`PfPgN{L4kCEfE>&~fq>wFyy<VTfq*gr
zC%Q6DfDcPtARqz2U#1l((AJ~*CLR!wlqF!a3E*@CFq?N70*HSKQ0iR=FbWi?s}2~b
z%80_xdo3SOj1mBrEKTVdE5#2#bMQTjU)f4_fIel^MfNIAIwBovUL2@K(5RyvD#^N4
z#iR|tFU`f;lJKEJ-ptw%SP$C1VW$m9Sf%V4bN6GVbe++$9lKHlr(KimfE4O%G{#NW
z(BF?oy+q734~k1vVqzV|UGp3x&ZI$&?=sTeAqy=eU}v1Z(wx$glH~+)sx$4sJx@&z
ze{ar5X+PRf%bNK0EEgSwPDvyy691CW)`6D}W({q0L6vPW5$1yDqCcCSAj<Y$1=vc;
zQeHr+%#!93&9P@LCCrd3HR{{!5afN8|5Cs8ZFNVDVOIJ()mLiG0F!=s<*foM=Cs+z
zu3|YOvessnUoS&GPUOVA%+qltYCODS&MtYCG0&4tTf4a^fO|{%3FcP|yzj2kBLzW*
z9ZpY#AIO|%&8&*5szy-|@MkH3&smJqwBddp#Nuw{Dg<Ie5|h$xC@96=WNl*8-uV%_
z<UtR?$f>B_lBV4B8#A+)OrG?*Go-#TDElSf8D@I<^PFwQ{D|^c#N}hsUWnqL`Z3Ah
z!NQ9m$%+v1j_eb*U4)^gPy;^hnA9kGJ$a#@kD<RW+sV{}-MZr_QDPUwLQIDQ9dg5s
z10$fEOa2VnCqofzTZ!2+J=!%q+SWT7gl`0CUk+E<M&^NuJdzRjS-Dd>U<0c@hOB%x
zb08Wi%4y;t2iMl@&*7Vqd+5;-54vLb*1#5J6lfVwRbG-p#CJGReS`O8IEF)_#}wV{
zZ{6HP#WArj-#_k^BHbeZvn@_#@3z2=%GKPD`YU6Tgje1_TWe&E>JmKE%D_d2A^*fv
zo7-vKlZrx_fk5hc8Gg%=08yjs9Fp?Kbb~MMsB;PQTfpaFKkY8KxBLNGF}93nDb86i
zBxQ}TE36_`h}&TJhk_seKQc9{6Cdly%Z1>;zvZa%?0Tju;5`^e^{A-JQMuzjWo$<N
z;R!@)z2-j5Oe+md+o~Z!wz;AwS7qMF`c-`dYL-k=(kD5pSoYs&!bHb_btc8RWWX(Z
zM|z)GYOKhcJVHdqlMXgyY#pO4$@Lh+ks4==#J|jI<mf1`8w0Uh!j}&w+eA;>R`WA!
zKKYhntxx4tt@l|Bpvw=C8*W_q)>6@8rDhLni7@d<enT2N85xt70)f?rWv|U!<OSJH
zzgwA&xl-o=mN|A5tyTNfIvpe4clt@Bi9CK8_yt<KlewQdM%nQZIuBV|HD)RowRZ^Z
z5QpvQWj3sIa|7>V_e|!oWKJnXY^^<nHTR<gx`%u*#uyon;!%JR(Gxh_WW4Un#+~@F
z2%ihS^$|?y?(G)OtQ7C-jw6r&G)O9gzVI>4f)?r&Pm<tnoJ<&42yOM5eXaK%OkQ-1
zX|H-Zt>gtYeMqbb&5+O!UO|pYkvTvAH7(PUy427!Wl-c5vB~MpY5W&1@dB@($K2@s
zu?1WvbeHaN?w|O^t9*IyWT_(t=0ZvLWRbhSY*NggNm#bwRb*T#=JY$GK0fFD1Y5yk
z?fI(i)A<|dpcydRg($ND_Csv4-7uqu*@#U8jb!WE#Qxcmwc0LJt?SL3cUSDEGo!mL
z(jeEA@Pxa+i<G`?f$_J{Q4jF(F?OynornPa3PxJ&d`cSCc7Td)RQ;nS`>uvz>hijW
z_$|kTI7CRvmnP%7D70^Z7yMf%oqX?*EGiprxbMc(%kHs>&Lr4KzIJ-wOPApO_VWGk
z(Q;rT_ritkR04I2nR9BnecN|P>LR7D(a(XjUqYp*M!#ImrErMU4xu<n^ie=f93$D)
zH^39Cq^|-RbAeH%#Cv8?%_mF$v_egUhLojo1uFm-CM=<vasIR-{%ZBG`D+5^;{Tre
zvQE55ZFeFEcgE?j+59kn#4j{7e+i7u;jihD0~jPU6mJT+f@H@kzHPpOWOwhMcUAaF
z6ybM|@)V$YKA@OK`frGaCOqR6i~QN7LA;AZd&T!?#?hbpXjtkxI`WXz|49=97Dmv6
zWP?d#=UpBnj$*KdQ_}(&gK%Krndj@;rWy6+DvqWy_)noYQipx1<*xLE&+^~qUyI1d
zG3AHqgj+F>92mb_t7qbOu=urD&iWcDqr=|*V$BZnOe}6yik{fM9cDW6ElD7->z>b#
zU&_Fv;30cY`pi1Ge80ZN8@2wB<t$NaRknP!AQRZf2KN^0e1k+4F|qK5VX<8^lm6u5
zlm<c%*8L0u5jdjaQvp~$=lV?-2NYGj^O2GPWd>}@yA!DX^wD%PH?v3&Ea*b+VDyzS
z(IF5WkDMQV0JgW;PlX0z<cB4rW)iWc67!nUiygbhZ-xUjDTZeE=Fn{;!7S!EcyLx9
z%J9EYIMIp#g;UNdm6NtgLHz=p-zBvWDg{6|EMW{D&m3X)`u~A&`ip~O&{!mN$RrHj
z7`kJKlVSh}C(H=n+zMqU_K5Kwi!|fZSUsw03m?275!5CA31Z7pmGzQ6!$92xB%EL-
zh=FW11LfR|YU`)TmT2S`Rokhsj_mKBJb%0k_9CI}QJXII!L@9!1vG@m(A(7wv#)QZ
zT3nP@DF|039%Z(6y1!oQUbe2UBTgdzdN^%t?ZoTh`_=Tgz9IJ5+vw)j+Dho@{QBbR
z@IbTv`s6de|MU5H_X5)H!F*8m;i2P|LO&+bNJhpu#@gEvWG?4Gi@XDL6`I~<JnkS4
z`*W!}xNl1AGn<LhFh}ZCaXmLde9|@*=M^f4NybjD3{C*uhC`EfIh$ss)p($8nI?mI
z+S?pBD)h_4a~^iIWS>+?-2A8w)>w1ix&{S5r6^uD6C9sKI0!Q8wwY)jUA!)058QMO
zwYWr*@2LA$945ma9-I9H!|V%L^C;Btd0mGc0;;w9PgWsv^XKei)BdDl#D%k@+K=u*
z4{wA_q8Xk|k=b&Y6ra}88+t}0?Xn_sspA@H%|LRd<25c(mdkL(CG{3Mi5m5<^&H#M
z(XA0y&vm_43~(yv0_DlwIqT<}NR`rPckL3>(#^jZeU8jLa<t@b+;b-T``o*my_XGK
z6x?O~Z5U5dWF~9{l3+R*K{_p;@@0|(_z`fRzZ8Ne$1o>vgDefR!HEn$hQo^yI}_JK
zlyFve$PN%ffBQ*Q02i;>SEL({D~f|z<jFuyd)L6FQrH}1FaeuNoTbXboXu#)^6B`E
zUDV2Jc2|;x>S}IK?<lo3ye{~$(Nq7Gh^2!93bWCf7}wgK8Ruurk@i`)NEgcUw7yxz
zhbba|9_3)}W`$?R%lXsY`Ljs)Z9I)W!Grg@8ik3|>?<llGdI{NRNrV-+NS7P(YE!=
z8}!A94D(;4CMpd;YC?n=D26EiAvIWmXo@<k*!U0?|B#xIWKE&JNX>%jZ&LHx>yjx=
z`7ct_arv9n1pQ5Fa8FkLkecX*I6~0BNDVpFvpWaZYKE&7>c@aJ_?(AY?UjgO_f^rJ
z3)(BL3!Z9gCWCSXk+_#XRcM$#^2pE7R2JcoWMZKVzU~0`lyI*79}9x>8rro=n$BoE
zPu*W-u~fbtPt69BW%wEoB}oA^?LsT|{Z}2xNapwpI5AHIh&}}=l109WpTLGa2GUl(
zTX=JGFr~@R7@w-!h?}29)=-Kp+Df(@?EZ+FwH$z`se-a;A6Sn2EoyX;|0QZ*{uVV2
zm3aRqY8e0DM9rF^BrUb<&;9yFoabB--XKljY3Pz<GWp9PjW+(Ks5SiP`}xnyjA_xr
zA1-6_7X4p*)xzzXzxY;nV69pBG3Htr5`hz(Nk)b5`S<S!uHXb%A%25*@aRr95?#$Y
zvrm|Xqk$wbnPns*D4PZrV&c;ksSgK*NR#VA(HGwda+QYhV5s{f-C<r94j+-=EQ$2(
z7tW^$sMz`{V`+n}kKdri=zoG5Aqd)u-=Kzr-5Iax?tcktUa^ng&i)TUO?Z%jImJLJ
zGZs1&9s>B#VAlqZDl2r!j}4N&ceglHU1bFPQgVecJM9W-SfEy0wc}I?M3r4=Y*kn$
zO8Jo6#7}QOe*qFZNs*6`(4D1sMnX8at3$4iL{5&AgthM^F71Y4Ili2+3pqUnT!6dN
zd3^4Qnp%Nn7;;Z`lNTH2HF5b|cQm&Fi^SE@*DlV0AQfZSRwn8zXEJtw@))%uk2~a3
z{a!9gl_Xa1u7`KLePEvw3&<C^l5Ivh_<$o&)eRf1tib;aL5NO*b%)guR(UM4gH4}x
zq)6MJwNdr4UyXd<!bC*8<s<+G4}qIr`@x(M3)Bk|{5}M&nHptuG;gRqWfugV7Tw00
zuv6g4zei;4aZS~(;lCdz(;eCt2}Z^6eYm=9f1v1s%f?_0ZS99G>W^!d;#(kWYkdMJ
z>gihc3$%=7O-{_q3Lys!BUn&0|4Mi0|DZG&9rYg*9lG=WO9sw}=tCeIk4#^n8~GR=
zs`A6^Owllm&v>8eYWwAiH?#Pdn!sIUAcL=2+bQt77jBM4nln%{Twet()Qo=(ho2}l
zN#8<?EGq@N+P4y!>GUsaC4_9{hpni8!|{076c=<;J$|22S{58_OU1w~$nT>R{45FJ
z$;yoNSzoO^-(Sw>ZQUHAk}U8DeL6|g5|t#YpklAXZ!hw7WmdHmwTOe2{yV0D`A<xf
zF7OwoQTzH|n8vJHbJ*}VrV*iA+*bVu(@6jNgK1)i`HCHU|6m$N5+rlqOOfzDnC5sH
zfN2Kn|6rQ3=JN<RWC0l}nat62X$msXZq76($$=}aPvQ%bky%YNYicuGJcTyl`8gZm
zwSM<r8)56-_6I^U5BD8G>tFI}XWn?rIAGmSR~+j}h)>8Ae%>l%Pbtpd9*8N@IG3L_
zy)6G=8a`-KHGwyA_S>MHThF~O`sQ}`O#8UX6fNS}T@Z{f=~_{joo9T=7I&v<2DnAc
z&O7`%Q)_@L>54$k6BLtyZ29RJdp0m81JE}CXmiHh;YqqWTKpMmy!2N`1fZk&WgSpw
zZ!S}nF*`f2&|K#y0!!T88;?>3wxp|P4*Z{L1%Dm<&^ms%{&w4czLMDlP%$6yU%Y)m
zFEydnm*p}llg&+Xo5@#Oa*8U_*Oa3W?n?KQC?^_nx6?e-zA*b*C2NxNK+Km4|I%!X
zl*$J>!v{-3oQo-Be5w5-zp3ubvf9}+>78o<ePHVGY(eB;nRE<>o-TsGktJ1cAXss-
z2qbkl2`SK7Bs{Eh_X<m5qySt%l`3r<;od!os}Z8Z%8N9fsEOr}Qaq#>8);kGhDu%y
zGxS?WZN&?tk4<I~%f~vRydER@h)V7`f{Ps21Vg{)r$;t1Sj^sUA+S4r3x+T3_LpyD
z+M9|DUCq02cD2PWs@vh>b#A<0mc?>!6=5g$V&hQ)(i1n7JgasFT8^K}GP}uqn@qWS
zktbz>HH~%0?pJWZ^xHm1`Q}mCo68WTcqOr9;1)9?iyK;p#5qffroStBNXd9h!Itvt
zdjnQqc-!D|;7La1CtD0M;=2G)0~&AxaPs$U+QeGxI^q$0v8q(eh^$QW1l*&`q^#<!
z@4gghQ-j{i>+H}6Rn?{968=<1rr+Hg`zn~9hAZSlQj%ke*fJ1(>wbG1Y>WK$f4q$p
zFMoU}jb;<EyugxDCj8Y{g+&W`(rF`}*=(|m^L1gW?cOak$kxBSP5EfmH4_(o2x-c-
zMlM{rf(sJ9%5@2SSH8FQa~v>0nnq_|pV->GcVk&Ws=MOQuB^#~uPzapN8T@ElRC_)
zG<_Q2Xl*{Qep2c%Fc!3#)>iS!7hEngVlPlgnC$N<#5mBCRH<jH+`Y0Qr;rL3&MTYi
zF)tWb-HTv5p%fCHv||=7Vw1E^2fsc&&6I&ACzoJcW(PLlUA{vQ*WgNM><5Fe5@X1?
z&7mI#yyC6XUn;-kij@!`?|b{rZGJxg<~BFx&1+)6xlP?~ZZjJAo7-Th1m~dt;Wp}u
zRW#~&Qj8a=|AB3`v_hHEE5s*wkt;U=*^<mlNnOQVe$Cs0uh-&T3-mRwr__U-xL-y5
z^AtKYFMSkb@=pggnwBkt>(vRt?q;89kh2>4s%9%}SbE{IMEPNK&fX?W_J_g&+y>3c
zS$s)U<sR#T#Qn`@Yr&s|fs%JnLTi8B2m83}(W7?Na-!4=b=+0PTEnP`VP5-<ZRRs%
z_;N+{xRyps4siuPO9Re&_OKWRYaRs*7u<?VbFJ-w`Ge9Gj2x*s_`~YTzHP5Rp85w=
zg_a>-zID1(1j}!L<9={)S0-)A)Umz;-s8JS%X9!7?zIv1>S!u}nTD+Mov&o`^jq{V
zMtRjv{?7<H++Hh_Ra71;o`IiZGW7luI5md91rCmDN($}VJd5{V0;kd$vknCyaP&x-
z4kasnznXF?{+qxlclvJvXTqmQQIbTvb=25NS&3kqm&?OZMUR2>Tc+vghk%i@ED<Lt
zUDYQH*UQQ=(Jb3?Bt3g-4$xgz;pK2xU$A5(fuwI9oy#6x?$BLvJc|C~<wXhJ@!Bar
zrq&O0;P(~^5pf9U8?|{pYQEJM6FDWK*XP~JFpoQ<_rqH1WCiLo$E3|fsL-C<rGue0
z#(<J9WZv<!2I3$4rT2c1c|BNhWL26umR7?$iy@^h@>CRchC`{({seL%+k!8_;QQ1P
zla65?2^+fKYbH-y?y>0rAF`V~&JhZ0Ej^cu+xz@H^v%vrSaA6Rn<Hj1l}20-Qpd%{
z!eBasWzO`}UeR=9Pe_mSYcaMlWG&I7M*l6O@=3%O+qeBYjX<NeDlAU(qB;F%I%2r=
zNZsDMG#QS=7fa?0)}ckCO39#WKe|9V_a}uu(|OMs=(TgVPTio$K?7dODnb|fF9x$Y
za5#XS!SPxP@k@ak*mBgWYP$tz%!ph#F5#<c;B7N*r-u#f(+SHrrJXuSk;`i!hOVv#
zSP))_3i4wyX0`00o5m?r>Gcb&$C)kcfX#Wp8dU&GKlWv6HiMTxC2sUpISlC>*s!8w
znuXB#oDLE<kSefSJs^o57UC9kgdWI6zj(&s&*<D~e#yH&YkjclP);qK^&}9)X%cK$
zdF~Lis_a$+-nE!?(D~plCVbF5#+~14;EBS29qA=9+2Sk!{}dpgdNvY;0eicZ1U}dt
zLeWC(8x0cAT?uP|F7{vdCFiZPgqse*ehgm)XONb8dxE1ilJG&*sA{3_-Gy<yu4V@0
z^)YXCXo<D!?LU^}*EBd!wiGogS6F(G?+%BCFNj13BJH<kIDo&lu3G(Y_7`Zzo)@td
zVG<y4)akccc~<y%lsNM-1+CdwLae3m2&Oz`;BG4k1A$7UTNCIC{q7BuHM33Ms`b2Z
zEWSgzOB1h81^*QK*NP4h3Xql@5j=ej&~7B>Wll;LvaAl<Mf~I+AKlVk0?T(mp1G7p
zDmGoqz`V{&&#jECVAR=dpn8`x>5YnY<RsyXv)HuSaZ5(IBH;2-SF`#iEyuVSDRwj(
zfy3&nb9YN6;!cA?DL?l~wm2P=(`8(v`}z-s$EcclYV<dKJP{Da0!K)fx^wxuK7QbR
zysRI$CLVE2mUoV{1rG?3AtF~Cxsj0NDRpMkZi=yvcfOWM4l0o8gp`7o1_4$y1;L;?
zD64(Sg;#o?R=dI-)wg_re6hA~1kpTBLQ9kJ!^6ejFz}ziRxXEo)eQ_>8`2foB?&q^
zj|)qfRfvRKR+g!O4Cd@U)2mNt7yuQ|v&ducYqPIDtDyECJuy=to@5x^9t6DbycDL!
zlLw!scCCSEHtTA?`j+aeG0F@oARk9}*Q%^QfLCR7r^71HwD+PMRx%pf(-7%_C$5an
zqLBlaYeDC{-rr*p`)EqF<VW>oS{~1<U%y2@e7rhofgH&5T+2ifwGZq&ZE~a&*%ueL
zleQxWwN<if2N9H3gsWe+_<}aT?TN*^cqucYzT(<r=`5#(d;aVrCF*JmczMC2MoBXF
z=Y0G1+9T|nU3K8Yr{N9(h1kzaU$58~?k?@{K`JDSn(Rgqoy6&rdYnEZ^PHJ1dr2;|
z7sWl9Hg1&_4+7VI5ysSHU0c_=DndIwz3gA^zu%wCbvndc?7hdT7^Li&x_3ol+uWPC
z*_r!-=n+-JO4r@L&>d%N@rwYKESS|??J`0~-I%fsl4>bJT5mMgGK<PhuU*i?Y(08F
z059dFnzA!JGeb)=v-1mI>l%kY#g{=-!YgSwx1T3Xdj0W4_9NzMwC)c#_luV36F6%8
z(6s@RsGW|%<PV(@)nf2X_hNutr24|HdgD#7b#CU;60k+Z#_av76<=zg3_e)C_H@`=
z$t$Mk8O>|;?|m9oimDVaO9v4$nRZybfK;SVxju7n%HY<p<xxO3Gz9N0h6-O)KY56>
zeSKSX9#OJq&=kBHR`{=wQ(m@Q#mu-3b}|^*(-p}DlXjRWn7f*WjQ1CN3W`gE5{t%3
z%O;D)@npu;^2Kg0M5)VOcB@M87E7iCvh$SAz9F!#o_?DSx7QI$YXx^!={cJ07x)kf
z#fX>hqL;?LR_sL69dKWKa9Oz5h5eq&yq~2KQ-odw)4t-k0eH>5@kix{q0eAm6rtm<
zU%ktdAJ&J9AMhU#h()$t;Do^$EP2Fw+?1FMgiq6<p@V7z<^^YjMD8C`TM=)O=#z<F
zq4atyhtFnBU#$^zU#|`0Yp|(y!yJid-a2N`wm<?r%n%_=A!eQ!GwWh~cvCxrV~F0*
zUanR{G`?M)2ewzcSyo6X$xjquNB43~dr&RyPIIQDGOypT<uhw`w(F3r&Zp!oU}$?d
zKAalWpcsD4bcL>M<_|L(Fw9|`V|sBq$xsHVDPOK4AWA9NRbTPF4DEszH+3ln6EXKD
zS3YNsVQQeNzc*C#ey^XZF{-wSlyc`h<Sk<loBXn1b>26;5oqM^;uR9(?7N_13H9vh
z*8>a-luCKeF(^2&ugO-9**JcjCP{$)`9NKe#Ax;<&%o+2s_CfSx4AbrIgO{7MP6UW
zIekr8Q_!N&5d1nOHrecosM9%NN-Q9r#J64eW9@x^H4@To6R;-F+4HJVr*r*%AL-Zi
zVEg3*Zwq0^`s(WX`&IAi;$m*C&hf?|Vi~>lm>i)KUsSCQmt#%iBjC4dtVdrBO+oYd
z<s={ddhY3~bnJQ>yuoN9kCu_R=0z+LHr#h><^z^lr#mXPVFSnSewnX=baoxW7Bk<n
zu6X(DuJn#xeLhtQM{7-rP1;nUAtdxnoS)X9;S@dTQoKn=%Jrb__#J1;nsDpgUPN?x
zMj;n!1QqkQKGz!%ePjPVjrML8r7n8;c@Y$C%2u9eMEa@bB5T)~_aOv}bu|ET^4`uJ
zO%dp&hIQjp>Pp(KC_S;0Qi?NTqIBCIRa4`{4-X1ZHCe)GAv!n9vga6GY3LomNdlsF
zJuQi+UX@}d@k)bm>DA3N+0ly-qUQeLyrdooWKkWE3zhglzWlPGsCnf{(88DRyjrHz
zBEokFN8-N&i7eWbET64lW$(~{%POz#IeZsqky{#wZOCCYihUP^1iuN@O~1~|RY{_k
zpai51BHK_4P~6ccOW;9vhp|vfPeZec9MK3+qd@a1;vuJvZ`D^>dx8Q2i42t@HAD$;
z0_r~l0*L_GVO)(q`;KO~2F)s_fw`N2K%%M}2mvw;2~(p$kcjGRo7H&Li-|8fNrv-$
zvZ1){pHrrb3s!u`B=o=ymGlD(3s@p{c%yMJ#hGEIc?@3_I1o*2Du!_1<gapw1ao{h
zkQ^jSd_PO#8b#&O1jHL*sHB(Ti!gy?uIs|Gig|OFw0!z%*dxs4d5!OPxP^6+bDj%$
zOruYjE=S*lgN;s`-w}3<Fb(ahrYn*s2qP!(ZZ(5zGmTR)yx5|Le~(;)*X7JRDA1US
zBEi+cuq~P^!yHT5v&aEOUoiZ-&Gge3+lPrPxQrt<FCB74ZXrpVExnCLd!wXDNd;z5
zNk$g4PSlDa7-mpJz)pBHW)F=<f!5-kd#yogIgO<OjHJ4Ihkk<lpkAxN`5C0HS)_7l
z=#c`!gKC01#_#9>fh^YB_1lOEzXx)NS%HZj^U@V=+;t80)`AFJf~Q9+PG*Ka;vM&%
z{MTQop2*pg`9r_<BEIvKBxkNi(-v(bsDT=UHIe3i9EagkeiXib%_Ru}7@c7!fYF)P
z`(t#fm~hqc4ot7X^uk+dpbfRoWO}}@9l5gk+6Oo~ML0fuE4z>iV5#tPQ5;&=6zI{9
zIp2E?HnWOlz#R9IIbl$3{#m>s7DGyIBU{b^**Q<Bkkb%30027p8tvB!wfNu~4#5?~
z^Iv<U-=<)-g%%j?8I%Q>OG3eI6#C3#k!AQ)<)=6Q0G)WAT>#LT!(-*_uEM}L+%pli
z$u@$x8sy-5Vn@a!=}Uf>dh3!OxURatsT?q68Qlz9SYZ+Klp)zrtBXOte{sD_DI)(>
z@G4`I=6f_OFVg29Hjz&#BW3KsOi$_r!~>Ja9KvLK+{Y}+)c(fCyPjXhNr<15=>pH%
ze%++{gh$N;9djd%_)D6Z(L-qyHO;(V${s*=t}Fj1*|Bq!iVEW2p?_13g5i)8Y;@Gt
z*b}C~oIkTygrb7B^^wQ0a!^%`90+A8=!Otmu(ehvjKezdF%*pSHx^t#w{D!pGS-(C
zJ8j98f$8}#vXk4gGq&R;U@=rh2I)<%8;CtjRG>Lqx`Vf&mI*&O#{9#MM_?TK7`CTj
zM;eNq$E9`Gpdxj_o=;(0^b>~a>@WS3P&cB48ADS3AWDDratL**ig_Dx*A3RxcRNsR
z%8;Z&&1`}`g}>0wHKIo@q3Zze-Qmc<B?VIHC?m2ARLNHw7Np2lGx+Zie{zO&*~pIq
z2u>@#o<}o3V&-Z;BYvTPVs`L!w|!fke?=WiLEhXZ9i-*gGy%cA^r}-~uuH;R3f&Np
zlqyHgJ99BnTEz4SW9L36<^W3B2rQt275svcVpD#uGQX)KnzCOXOvQSUxCM7av)`zf
zU?NSS*{4u9thkb7-I(7l8DpF9IG<i24agZXdeZKJ-$G?4p6a}F9MAzlHGr5L)cK&f
zhRNsVDRvsFaK>E}H=IYGv~o?h$XPxp?)Z^x>#Ug>J_g28tl8FTm16`v5w^jh`2M&+
z?yDAIC5}#W(X1(9khZ?2AMJMwO!K7xT$!T0f~bMFIwYI%*`!$p(sZt92~Nl7@1P-F
zb#K1$IMiC*{jwX+%qf)@@Z@sG6kp5@tay@nK9df~qdRv8EJAJ$sG;-~QmCPC3>crv
z%o(AEBFX+pm2IhbB9%}vC~qFT7o#G#wP(==jfX=>?Z-BVeIgiUC+;tgzhF0R%2Ky5
zG}Iy8mBYndz%pK2m_+5Awao<dZ9wCR^8DAAt#2HT$dQdaC6tWPqPkJRl^4zvq)E;(
z#~lqpMzNz^v-cvXO#`t7@+w!w-cjVhC!k7#vot$5SQR-t4NasA;v}39Y-4T2U`@cN
zJtB@T8h-%DjrHHUrUC$KURQvCuz-Nl0SA6ipsZ1MfWRpPoT$#O13p&&HaUf>KtNCL
zE9{U!fL)=1fbanWni>JK<r;v2kN{A}=3@~s4+w|>AbQG@hlz-sOaZJX1a?SHBSlIY
zu%|cdgd8u5d)ssz4C$5Z?AVu`=e&4|Zs{C*SFn$9is^jVjlu_4XQz*XSbE{X^;Tip
zo1&cqKAAZWBr8I_yq{i6J8Ng_nrF86HalylrgBa(8tsI=o=g{ag*%d7I97M(O;db+
zuiV3W@w8KUNdc%CJYh2}8PFugZNW`l$BB=0hIM699?W?ixegc8`ZMO@2g;1v9Pa`t
zr~-CRX}tPFI?TQH9$tp&hW^5FgJM#m<$Q!MoXKD#N;#P8T(D@bd>>RdRXf7_#YGC6
zF^h@0v0HTAV?5+><1UPmq;eK5vv$h`gbB{z1?O8+HEydLJOSwphHwVU6BK(7EH?r?
z7J`n~tL|l$76G=#A+U2aD(;%LO6W~g&<KZjJT@n>*uz%z@OH#@TUrvqiRgt&<0sd8
z1EZuK@nc>C;Dm(ns?;QPPbQf^{iGu$mhY;@9uYov`AC9z8X<6Dzrx#1_yjB#;Nqc<
z_i(7H`-Y#m?%M($w~qCd8bp_<_PC+Jub)7z+BGF&RdWK@#1HK5SZcr1?;iS^@Q`rR
z$X7@P8uGvmhXPWDpavyDRmg{n5q(R(y0@>&0hPFV=e_{t@)`#eih&97$P+1j-nC=`
zI*HvX%!taMOFWgbQOfg4hyj)|)y;R#n&~AX-y)ip-FNm@AR+E6rGw^8<o%UE(2?M|
zW<x`iH~yqTFx_|)>=}<XB`;@aC8V3{$)8&(3Yim59U7*nu+^_ji$L-I{qtLZgDR$h
zp}A0~(Gmv3Y)J{UlLId~%_OjUcNsAX!`*T_mq{sr^N6(kUvQqvdjJ38JT<SsIS+>#
zfb*DC{ZG!*EBi0b17r3N=MgXbhx1tW|BLfL*8RhIzRnXESlL<p!+A2r|KdD)kd~ll
z|G|0Iz5d}mD8c{YJZ=A-^Qd?HA99}ajQ<nPbIuezW{aSQs$=77d%v2x>y_4i>{?>X
zks7d^fz{KMxuuo1%_)F2AO5Sfq2ob|uV*7rASD{)rzbd<_KIizp&n6~$Zib3&pi1x
zgqE|)dyn`z5z@H$VO8<0ld%dCp8|9&87z|36l}P0Pw^PsjgZ3_#zADDy@Ti*x)L>r
zTrB!DUe?y~t<cjZv;VE83HF2^aIGPk^<Z^4t@xlwm0|cNekjMY9lFW$h#pX|3((sX
z3Gylu#gy!rU@8IhZ_9A;&OS`^!dl7R4R|zbKgv`zvu3Kf0Jb~Vt)2jM=Bn!|Q)wh+
zC>L|`<5kY<_)}WJV%p=A84xwNkN1+Los)<BBTzWM0vjF5-a}u@?Knt`6p`4;=W)<8
z77VxI=0w0ALthA+HINF?z1`+%uqfb0;l8_LydH7BaJ2||0fHwh8Pf~(+h<tDuoF-I
zm?P7T{MRY2Vh$Wdnz|S+5wKp7xr&w86=xnRp6x>6u<MAZTM69H4UA^~*&T-pT3Fv|
zmGJAao532^c9d;*+vb(#lmvu1Ayw0Sf+kJoz}GMELj%I^i1X#}-(u21(Zp%CjuY$T
z<q-wg!f{k884))k<)C7ML^JN$08i+~DVfIfVef^`o%BG!24I6gf93>`A;?2lI1l7X
z=4b%JTJ&n<1V*P*Sg<8Uw1@l}oSp8-fL3DY_!4p-7f5|jdm1}k3vcaG_TwyzPT8Rz
z)S_YPC8qvs*w$B+U;mRDX?_AwBV$B)2WK0;RNm@P^32$^PxKW!JvX6>bOwmP;aY$=
z9%pMnMh_sn2M_|Jr~^pt0W`A!$v*giuBWemby0@4U;%Q10GU64aG$nHK<{J2pZ3`T
zAj(J19dOmX3V!PN6)-0laOED5|Kkq`6#7MA(*Q^hq6Az9#0{nV6*2VZ?GkXfoH&eE
zsQ%uc9tgmA!0Rob-Nj;6ks3(>vUhguYhR-<u(1R3=r)Yx1B@x;k}S&4{bIZskw`E<
zuxUR*g@ihfj)f8!3z*uKrS|q?^g{NCD|SMLzG}$qduaHTmSouux%pSPhtM|7-jI)!
zxDv+a?UBGFCzw2fq|*li62@wK6OFz$TB=W#mFVkjbW-FkUNZeiq@Lk)=T(Ey`Z_-&
zMBmg>hq4;mdl8gJc$<H~(b|!^3i-B5fcDvR;U_EZMvDaPJ2Zg0L}QS$8wU=++MnmD
zZ8Th+V;iG>sh>HM55dle0qr!0l<8ZNFTCF6{PCM4v56lN07#O*6+04B*RPlR3pY4)
z*0a5-_hEMzzJrp<DiC5kAXsxKVhAKh%V^!dIMN)kLmdUOp0j2W)+N^A<gxE|j8TMh
zWSFn9=yVcNnVG;88chs?7PAP?Wlb460p=c3dMXF&L});Pr9_<lFIA?~3F%w`YV!bk
z4i!`=v80ZcwEpHEXhr?(VZ**#8X3m&j9l$IB~3{fiu}(6`Ha~~Q*%f$!`P+``8&_s
zDXIQXWUkUY1Hp$c)tF?ogA(MLOhlC^n?NRrrJ^uh_R_F2-qS)A6xPA@tmNv43PeQH
zSCItDFFQbZ9-xn3-%eh@cZi3s<!36A<sEvPVWY6gwf0PUZCjQ(mQ6JE@`H6hPxCo>
zJwNPrZ#V(qQ3m1L`J%Ox7pK41o9$(5d*nrs_2UB|F6iy*;r{;UOr_=V8nkp2_jY!0
z9dYk$F(Uo!+~ZNEkBo4fB6Wgn6X+alNo>4T(j5{5OY<g$3f10}Ozg8a*4u%o$3`UW
zbv6sHzI<u#y;=RX>ko6bD1&`pHPpjG`XuqGl}XC+U?mc5g?w>@7#aj2!9)wN1Ze&!
z=D?l<0VD$h_248Z6=o8vVz5#aqu>N(0l=bR%>&TFHgC?Os$_ekI0?H%<d{`ck9|Cf
z4S!toG0EJGQ5&LCOG#q}u-Syjqis}SHQ7U!N?YUuD_bhT76QGjpYhJsIqveJy>kq&
z8?|7Bb%+YPY|f6FYdZmFX*E0Om`Gf$EO0wLF6Dxp9hN^%&4Sb$J<h#9m2#ble+U@6
z)Q4GKnWi|f#hA*)lwl~*$#N*}Rgjhu{T!=U5vqq8mjS&V>9hJwE}C}TGDPemG~Q*f
zbe}g#nNlF_j)V6JOC_PO=TI05Q?4@k8V}RIcng>GiZMvXRdYA7=cZs=VJ~aPr8h2O
z?V+m@@asBm8<u`Se2SB9C@yUn4zr7)Q4fZz!`Oldv>Ud#vcS`vC701tqiR)}(J*T5
z^GJzaQ1pOuS!N#$tjFF2xdq2u(ru5C!Y7PzX_N45pfRNXMwm)XA{xWRLms8P0E8)k
zUj_*RW7&D%k2_nQ=`@U|$zPR(Po3cUp6?uZ>0!_LZgqZAr4v81gQqjtR>58*{0Qah
zXbiXD-paLelsGX+_rs@&B;j^77@yT$DU+{TYuXmO;wlM)MHXJXlPSuA6bqHCikoi)
zymE|<qf9K6vG%+U5!Btsi1IwU5QKTY%^dzmND37WCTc^ykZi5hPMe%)(k?fpi}_{F
z%LyT*%T6G|+mXrL#mSpjj!d-Wj)sycvWCV8sc%#VCXejJ3`GRa1cC=Jr|uhWC;HW^
z;rL2&W9qj2@a?Au_8aGBM?Rk%UvPmJQfYZjw6L#6%4>P%l4C45H*e7Nd$Zrys48nQ
zN;Ym%@^=n%kGc^9?RuJO%px+_$O6#0g$9Vw{8Q^U#*2bpzBs29I~a4^*fZ#6s>c}i
zkMK_X3^D032oD7qCYGDuhN<M=4Aa{{7EbH2&Z(Atgbq@M%o7wx;%=Fd2E~;4SNMs|
zYJJ<`X4iei5=%c-ubNP0TzDY6FM+1`UBsXo&@t`(_UP^LI+%*ctXv6|;FY9cVV)o#
zr?-k**YzSC%;XqREq3)8!oI%|Q}F)+F^Q1UE`Lq)5&a7>G5P(CnBK62^!)n&AST|I
zzY){aAH?K|@E?dN7J!&^zW@-E-!_J-Jl$><;vs64KUU0BHbJZ)Asih{EFV6N!ACB6
z28w@tCqyV|&v&{r?AauSkTld|MOFO}Pi{Vu$?1xW4}!KtRB70udQgZh^4>A9HFj<U
ze>W>@nw=hoRgXT7m>+ERr+H~EudzR)e>z+`wydQZxA94mH1s=pt$o^r@3)d!v@|jl
zuOWjuRMi`eT!)0HXzTC@&{T_IkDGU*0JHoXF&SQb^>&wb=D)D;lhCcZ#UQ@i%uNF-
z?STN5tP>7Zn;4BZHAN5YQ|5#!;f7b)J;wUum;$g8{?jqda`e@O_#XotQ;`(FG5Oj5
zUpl5JKY(Kz(EFc`>FedcJ0@U^9Lj%lOu?$Z9g`3Ir~xR*=+TI`zxO6Mqac=r!^E#i
zXIYRpxIQvr*{v0SPoYYBp@0M~JXLb*pZOf2RG`Nz8aiXrml%4ShKf}rm!twPaLfL*
z*3FD1uLx^c?BGsXYr<N6Ur)IC2U3$DeI@VCesTpEvlUMDx1J(Z2QK&U6O&e{S9oMB
zGNd4lYdh~S%Ld?%*rhUO{X1nk|3jJ7n*TphCIr#{9c5ys4;2pD`~tvC7&=i-%FPxv
zWMU{Qy^@!S1tS>h2kUi940PnY$gc9CJ3A$z#mND#x2KENl@Y7Cetq9b(V^e)x7+d*
zd_|JNjnkYy(^;%sP)dCw6#o)0_5ee0biO1MhfeSa+kjh;SD#Hmi)82-U^CEQl^>8@
zZsk*~R9yU>#`=yLypQ5TwZgg9Q)Jq(KH)UJY;|;rULbv0wjY!f!C3gA*f~l`zXu`A
zP9H@VIk=$vF=xKpxE|CL@?6DfhSVuCOpp+(!4?#lq=;(##C{`o*#A2bN6@Y8a9Iaz
zz-m|IzW!%4rvP0k*TO@z2xO9Yi{zSrAd}z4ze6Tnxc>{tG_&p;vQ(;@#*coV<O9Gn
z^wycOO{z^}yNuY0D<X~9jU^sYFl!h)W6|GEV2rzHN(IAs%CAWW{Iz{YYF}kMp>^68
z3aB>4J|H#6G0T1w{}lUms+Gv4<fXM4cv2~JuQCfb=((K?ef){~0fhdnH2)PBl>R%h
z=U=CQJf8^5zoLBp3I|%L28>hb1eE%j_JUf<#j51><Ggg*2T-pwh(rW1Uasy>&H29$
zKcadTf45L$dNOmcIF-EcOFAI{6<g*2Gjs~|(cuTjOb7GUP0{S-1~|gp5$%42pAP#&
zHQ6&1qk|<+BA%^{YQe)SK+DYW<`vc2%00sAD+cpJSO}1ju^Jqmt(R7yB_?#yV=y7q
zdJVSpV7+9lw`>W!`Kxv3!;^dCj~gX1?#wZlbQv*G_!Da*@9tc3aEr#&m<k|$gE6iZ
z;vqbkC>OX|-4rK>q91>TR?s(t5avMDlvG*>$ceu!EA^Bn+9@VIjO6LtGIW>9>r-Sp
zIinHhnilN@ZUp%TycnoDm9=4w+lJk-^M@&=51xPfnh%ACPsReSa%6`R%qCs83*~s*
zgUmAez1c@60vZQalEOp~7#OB$*dz834tM>VWVyNB!5;0un35sKkQG98kArW4_e34a
zpcl`_s?M}?whm#`44O)ljZltnRWUDa)@p@HK04t^BVK6N-%5!L)=%u|6Xk90))gWQ
z@4C20G;5;X?!AR3y#UK@qbQM9{tc0M>5j6Nw;E>qP4p=MDglRHQ%eG%5|JsSI=z)X
zQm2*vT40fCYLXlZRyJi@j|k(y@;IwkZ{ZC-7piaALkkQo`iK#0D<gTayCf2CeT5^Y
z3Q}3&AE=}j@Ea<%<gfvl5;f4jF{Oa)-%RNT=^v(KE5&<wjnL-&n<@1bT8eQb|HG74
z<^fEpzCH^@aB={AvL%q<uptb{qgL}r&MJa%cIbtcR4}C=c|{3UDJGabjJr8o7d?Ch
z7+Fy;n_@ne>Uh?A0NP`@E?)}$TKBgr>#8fU<jQY7NFEl6zoC-A{NGTi<>}g_>^D?`
z#TvwRm;V=3k~khXsQnF<@Cg2bN?kd9M}rknM7?lC%I~7)FOkkxgCHBmCy?ARRq3j$
zeCd82)@<eD{P)&5oJGf$qwc5$D`A$REgasRE36I4-=+4MSy05AzA<vKESKj5&I#)U
z32=ROVw>O_&w$b1HvPWe?5WYpZI!ekP>OuzWYAM_Rw%xaw~~B4<iUC&=Hyz@L>~M*
zAh2qSHOxQK55Ir4Z-buh$d`F1Y)0(fZJj!hlLF>6Xs>@e>`?BNHNfR_djY0IW$`vW
zu1+}(Pz_y*m-#uXOaS5u(_U|-6}U24(Pb;_2>1@k*dkJLcdm*{b{!mE4S|;|g=I5i
zRp`BFliTx;n+aaGKu4KME(&+9len1R#fzI|E%f;KhDq7Xb!DtFpLyez8?Pwr4Afxz
zLU4?J!OQpfWhj;kbP@|$aAR^k7=f;yCL-}DXk>p=_=nW>$HBy{-OXAF^0QDg=&IR#
zHOO@j`W1dFkC&|NZM)O?+t238sjlCh)a0eUY_iOTFS4{vJ%Cf=ur>Emojdo>&@W2x
z+tM79k;EjIg&=F$vY(3+vf~s`tg$aPl(t998jp~`Xnk2ihsKUUuvEnjCE2>jTa5-I
z4X&hFX3U7CS1Z+rKJR%jM~PZ>76|4XGa{>m)o0$m!m};k+@Xjp$Uu1t)skd#1bWyH
zI<4_joPPMMX@&9#+ss0untrGH3MHkM7>F-)PsoxD(>BzGvD`bTKdHui4v8O;4lO=;
z7K&y=N%#dX@iRPTE)+StZ-S!irp(4yZwJ2Q#TDS~F3hv+UOaAXRG56aYGQxL!4~z|
zT6sumM6Q{<w#3oha9sWB=W;p$Zf+worhZ$xud@+VaSkI{zgh{-vn4N)6Fb1+Xl;M!
zHhb@ozdMwO{UU1bi|JCPNqS$O4_#J)7#Kk)9Fu}IG!RHuQt8l<qVP3QfMCF~oWbIk
zX$_hsN|Re-X~(gsg%ZS2yKRthmcP>AFHhCOM;BtOK+x2t-!C(#q`zR5S)KR%kVxTf
ziSoRCV>#G8%#BTo{P+~&yd-1QS=DBL&LmOX&VAL66{e@cB^ugwura-lM&{~>m9wb6
z+-yb+rTDU6S{f=egt~P(#tQ5jsDY-ey1m55h%u(J6Hrh>wEU76cvEg8z&Pu*Cp}r8
zO4drT3|$FjzSJL${t59;zF{U4>%mp^z^e$Rj6yRGQZ|Xhq<TXZm6PgI7jW5u2~q(C
zHuWeh3U`C2hMHB4b9M@J%r%u?mgB3+mfc22VE#dU@O-+aCbFD^ie7DO(em^7wmpdv
z7$1jOivJ8_88KTNF_U}t|8JqXkcA7(C`1X^?X`vLN(G5*_`%U}Je(#WDaJ?=rd@;x
zu@T$wL1s86l864yp)i!-7rwIywDTQr!sShnPef(D?uS55bzMF-X<MWzolx3n1!QuR
z@Vng^K*$EvDwpgUAeS~#wHtZWBG^D<X@PU5ur1QvJyiGL+U()z2_9_62U{=#HovNh
zbA-ybCZzLFglU}PYORK<0UM6e-Cu4fyv7!YvV*hDgHgjzW4vK7^(a&X1O~|+;Bz}2
z`HqDwIpuatr-y%eL|(aGxSwiPus6myTzFh+wK9WQR_oPp4&E>jaG@)216g+91ZC6z
zYW~a4568sa2=UgKJs1&klx}aydZoIPg!0tdG$^zaKy28Rx2ui{_QV+MN&U*(V<IGY
zXe%IafqR>Nba`|h#d$+2j7${^`Skw6rK5PVRGEng@j3d1rZQUUY5`+W=!{@50UCWa
zWCS|JEEJO!P59lHI%RuDt*~tSqEt=Z+?M67fk=Gaju}=n3%90epTucxal8mMzPDOp
zzd$;~P(hRtogCRjI!#LNxHnA5;Ve|;$ISP(8LYfVKg_<iZ93OFyp3^)(g>=Yh1JM<
z=dI6mZae9~$*|vRwtGY{`;s6D@rFI$r#T8diK$2xIu`co)JpoV!dI`S=Hm8iRt4|M
z**<~4`(L*`@Aa;F!Rch7bks6*ySp-!tn}k|)#UKmx?fkZcJ(a(Ec?95dGj-CNgH~I
z5CdQ4m$E@o?5{KRxjnT|cq_^I?Qt(Z;D{=0qvYygg7qj#0*Nm?x&@kj(>lLiIhQuy
z+z|@!vFyb@%_&eUzA=$uHa5!IG(_~!w-7bX)NXDe$bEy`8-8?KZ$8oF>ePMmsAVxV
zTK5<zU=0*d1nzfVCJONx_x8X{(mIrM$Gu&vYdE)WvPpXYhnf;I7E3JOIQQGquFB_o
zxpIUJ_If(+lV+wHvN=G#ZSsXu3d}blN)C#ySo0;s$ipk7wUtEztf2GuB532&YzUt=
z62LaDq1Qv$_iK;Dd?<EXvT?H<pH^jFHVaH=g-Wo_1?9)8|NPYJ+VlIF+XYYrtO`7;
z3={-c+JQ-W;lcQD9j$pj`*F5Ld=DJgGMA45#CP-@sv-OdrD~vF{Z}C~3TK{l;_$6Q
znkPlf37ZO}3Hy*LIUK=wWCJtN59L^WpHE6-Hyz;*T>{yG@|a?xTON(dGFdC$<63&r
z9gh~?87b(sb$hcCW1()KExp$>QINVL+MU&P*G)MVF6La%!P4gZK3~lr{%hZW+UO=y
z=1qTmW-y$s9LwnrsP@G=jADxt9O=`L5E{F9gpU?Y0*7Tt-^7a$W#O_rqTQJo!GvWP
z<G#FjR&k$;r2?|=iVV-@3g5uLrB`9exaEz*Lwf1Pu8WZds`DhgvT;#p@$_x34A(`8
z0JX6#$cAGzTTX87MCcoY4}kr28Mo`rI(PpWJ)A2^gzG5~r)a3LD;jRdjGg3b+%O1_
zqK}qyF6GTa*DO-E0Hhm?TjLzH{Uhbx?9s@Kyn+B_t{$lsoAfdN7*F}9yc>DbTCXuz
zHJkYaZ(thE>k+=2p?=)s&wy8?bY?OaQ_`Z#xHT~##zFA~0||?E0XicMxuPG~D#CF}
zKS)l9#B!4da)s=9<5>=l5Fh#w#tL{--alP!SoB=DG|zcSVOlpwtdwC_$qjh=7Wgj4
z8zh|H>?3ZPs(8#?OBkG*Bc2=bOzlhD9_^{W#MUrEg7DQvFv~lAdi1i=A`6B^O}2V*
z{T4+vfibyqs|qSvABsaKbN`u{5VP;s))55;!QFR*28I#;Iw^++>BOJ?SukIOt37%)
z?p6Jdt7B6e2O1GnI_;Id@k8mFTfqf+N_xPJoI=`CPP+szdE{BNAj4iOx4KDHwDo+H
zq}sTR+Qa9tF1fa1BZX~@)xMTyMcV#wZ@=zVzD=b^*XDSb$zaPfR_+rS;5oB-XwsfU
zteOGYVk${;h$l~MWSmVcB4jwt8XQT|=)TmO276`DDVkBc;oK6v4`Y`X2E2$L{iG2U
zQfL2wa~kI09DqET3hjz|6Z7M67L<IYboCX4*>Vc+1^(EmZ<;WDL3M9S!NlYsj76;}
zM`t|X*bb;7UGF`(p%XXmc3^=--=QLS<X%UMr6(4BJuxaba$-91L~PPI+V9NaYZNEd
z+f~Xw^p}cw5qzUITDqYwqdZ1$e*`<bSb19iG$2I2IaCrGlWj@<LYv3}5A7!~WSO<}
zV73Eoxjl0_A1fFIw=<8Mnu-#TH~%IEg-RD@TV?dQJU!K!T%vb=<6R`6MN5X94f)eK
zAjcaao`n-0Ra&Dc9jq$VM%N_la=69r5zls9DWFoHi=Iw0^hq5@mhv_R1Po7D-F860
zwYI|yetU~A^YPqlrnFp4(ea1z<$3FBQ*~SSFRo0GQtm_X6AG%=<GWGk+T&bRJN4Oy
zoa*m~+^e(9z@_{sxg=kyvdC(69%?VU+ks$26cm6(6zoXeqE*RY`GGMpAMc%9WCxN)
z46NosyRDGhd(=(a?4JgRxwnFU;h$9nr4PJYCTfL<xcr3uT%Y%f<5<Uqp$>yxi9O<W
z<Q^}|DR9E1u`-pQN0=32kQURvMe=Ff^_1br--DWbK^!#pJ;0y8$gzwfRMHSyqAoqq
z1Ru9FRA0K)&7P^iNcBS<@_bPNpIK+p!j439P!NSJ8LM3tre_2@wKf#vd{`B(M<tM1
zMH<mUe<v+rJ?dkO#b@!LjnsQsO#SK`(Z|N)PJ7%7zDkyWP#May5cBYc$xpVuj<D|F
z;8+GT+cvEROV!YA$&DV}J|itU$>9KP@PtrbuV1>=wE{Fwi<*ljQWlp-J-Aku!Iv}R
z5e-PM_})PDI`3K}6Ht;%QjrKL;+>9r<2Oht+RP#&p@y`VSnh%rH+b{aU0jDKAZz~*
zYv<UU$ro<@IGNbCZQHhO=Z<aLwrv{|+s4GUC!FNu|2%cR!Kv!1uId-v)o*s~z1F&Z
zs{+0ln<d}ZCJn?mo=`}lDzSk-BH}9Ly2-iV!ueOYt&WQ?`Y^dRZA(~`kP_pO{D2JI
z2;$`PTGb_b4%c+N;t7zSyGcgWP<6<sRq=C|h~be?;YCzu&$^v<n&~9Qb9vOy&?yna
zIPe~#M}-W*LSxPloYwEM=-K)cIbR@lX2vU=j%HsD=T5G~!Bv=x3;A=093B-N4M~)O
zHiRhG$!`U-LV~toVG+5(1dD7qBHx+JGOm^7CiRzK3y6<svxaNkS=+^b$5b&#xa#U!
z!g34-D^JFn^PrTNvz3>D#x&GUTn3qmL?EkZCp|<d>&Xjp{l5>No;b0#Ro6?G9#a&=
z0hDkV&PnsAyFo+|Gz!d?SRj_59uu=jAc1BimGa6iAwp!)vrKfg?tTm~FoXyCn=a2<
zJ<T_`BE2zI?LPs3tSg87A)Yn75%i|dS@9jK-z<^{3g5ZK#ulhk%v=l%)Li@9@S+!d
z781nB^{N^VZdk(I6LPnJ8J{RxHS-prj;I?L8L#14x_AuIG$j_#SK0uvf`}xBY|Q9V
zkEokQy$t0@k`5>hX9e~G&3#I3kPeNPo87kpt!8%FqXc-FXMiBJx+3MP6~Zc;bz(-|
zK7_mJY1x_Z;-LkQ@+24+frjaAt<EE#&fVkZ2h9slgp1RLEz&QdZqo~-qtM$cDd^g~
zHQl2&2MwE0UwGcAhHVV&+Q>M8`6$<C#EcX7VAyu~2X^%_@F2Kb#QNOcSvhjo4g`?1
zjh?XtsLrzA<E3#WjhHPWA&u*=bZD<b{b}87u~+M3RRLRap;4HtY*mDzXt0QeHG3ev
zv3}o>g0`NbP8-;i&rJu;+H~XY78K~G6YuEogB_V7u>S-R_H$;&&K%CnZxCijv8RO*
zWYr%(?O>*xiZ-kai9~v^+h@@V)-_W#Xb*-<pafrEt)m)UAC2ePR)o#E*0H$^j9>P;
zDVCSo5M1ZB!5F3afQoUjVmBc$R|kvPU9nf5JsW8MaIJb+4zT2|v=+3En=6QKMi-R1
zeZls$ySphn%}@_OD=$XPX5Q$BEosSe|KsO(CWqhcd5${e2OWZk*&EU;mtIU#?hi}m
z+>bZ>-nfoA+zTWr@C)xiMbfQip>%*<vK9feQ?dF4maulv)T3Qshb@tR(4{+VtXBub
z8AZ6A5)n860~ULJ>zP9b_--lYlsk(VXuvu#S~+Sp0k*nk+;8dQw@3zU12f}UAa)_w
zx!M7|$xSvhjKc7%hENdueo+c5iF^toj}PG?(I9p4rQ88X=jpG?q>uLC9~LNBSGhg!
zo2Q9^dB0*DUENKTVRU$W#y*2Z2WF$qO1D~V!qls3=_1%RFtxn4T)s}tD;g$Y^Fw0j
z=c#&~{dak#u8KeIPh^DSqCxEUU?B7M0lsoQjS54<j1+!D+AKGIx0!Bxie0V|tA>YJ
zr=Q80a_im^bR<qt7MkC#q6<OI;=gb+)Zlqwq2Xa(4{(_b9r%RPGnL>-q?t$4sqg##
z9VKH51@E1<n`FvN>)meMeI%3Z3Y;}<-F+uNGXYh*zgem%0hu-@0>$5kpM9!~RN>?`
z9?~Yau6qoB{9=g~W}9NrIV`}T47X=G3_;H!cJuy7-*&jma_paJc~bxDKsj?3jJnSE
zVPh6CQw~$pH%!g@v^c0uG4JGb5*+L*Q?a6|$07IvJKxI7@r%Dbnx%xZ+HUV97hMnM
z#BS$Xv-d4N`H`-K;eGHKN|vqp(DNUuL+CuB*}SZUAhop&l*&;bc(ElOF{F^bWw_3*
zYy!C@*zF|n&1sHOA&8<hga}V{aXv#8ewuX6_EEpq#nx}dt|}He>)Pp41o^s;+zRs+
z<G*qI?&M9e`N>!r+>r;y+Kl$ncJmaYvb)SMKJ9J%LSv%w5Kx2WTs4*FHwoo-oZa9H
z68Dt_q1kB72}Nh4)_ML8SBM(LDR2F2*nq7$4Zvw_k9CdIfRmG>o3K9r=b-=S1CS=Z
z^|rd#%&KmmhYH0JscRh(hLFcIXS(wwK@HD_z;91wjFF&E)g_SQV3^E$=Gfl)ZHe8O
zzQ4&I=1;Cvk73Hcu`06xPpzStWPc^Rdy|W1+||{`_>JsPP2XbmB7}V3ZmF{xVbmQF
zD@(>X@^G&$BaYCYb`|>u8$Y{YMx9brua_}1voZ(bVg-l6u2O4^QJ1u75u-up{XF&;
zFfV$Z#AlEIQT#5KJN>X!sKiLC%ig}JX=MA4TvM^Is<h*9{+yTS9bBY(Bqm&lNs@PD
z%RxFSS2e4o>Fq^RY$nkadtk9qW6?q|gFtC9DGk}SP<e60YBBy5-4>ElLHny?NNd^w
zLB42zUn~neH0l6}8;LXmL<woFWk6Pj<5<4~ujav-e0GdCv=U<JtA=Bc^zNGsk1lQ6
zFbSPlwW0fdRiS%9$=3)I(>%0(tZ`(^-;XY|XCC=R{W7qPvD6jFhAAWKdx*#Z>4%)u
zZktzCYVrG{W&1UN<%82=&`<zorGL73a>x>plHXAE23EK0?D-yP=DG%WlAL+Sa-~(z
zZoBa}!jC1uxXYr;!p%520uS_kvF~TQ1VIkDo|fuogoH8JpV(-;SyIrodiFnDm^$(S
z)HCw{OJFdD7ZAq0HGh~AyN}2@W$Qfl>O>T*L$cMk)B`v(P!puA;rOBMcN?8C{6j<t
zOAm#I4sx*zt(Kdp_9gV<S=>f|)v|WygMR6dRgbf17rty8AJFJP&j-=C)AL+;*oyc}
zzVlm^da7fz5QnA9@~kb#u)V)7Ehwc7risI8Oa;@e1vDB5EEI8qoP~|O6sY~JKg@7C
z$f!Sc3@*@YwF6y~53SMk!~7GNR~<9nj(=0G^9PnFRtqPpcI$16#NNHnNC!o$5l1~S
zSeF=m7H;loKjQPZc-^I)%@c8v87cqAj`^gDn0^B2880dVLT>rQDzG>402fjtn3d?;
zLS)&DctJ~-s4u>;thheh7xUiaLrU858jr)D?R~39|Nc%vYIbn`01Gb|T|*d5TJ5x^
zgryNPEvBsBX~O5w9b2O?!++Qm1EP46+e0=Bc(?{Od7JWP5ubkHld@Km3R0N3BgpI)
zoK+=)1~`==#uI@T2i%{g(O*rJo8+;eh0J$PxK*?m-h}h)uKe*CJEcJI7F2eL?oL~u
z%4rzPy}@qZ)V~Q=D{{7a{!yoncbu27fl7j0=)$|riMX3n+V=(FsRo9a+x7cs7y|eD
z#9@ZKVVre*)O1C_vCu0xf<4Qbu%9pAGSuR}x_1l=(T~t3Ox2jwq+w6paZD8k+JK7p
z<rD<4ehIn4=?<=LwjJBe^O%az@VHB*X>_YKY^0%D@<*PvKknOVi}sVWxx`pNHTFHu
zq+c+H|4LguD~6!FE0)3{gt&IaOidOel&!xb&Rl4h4d)bpNtG!S0pzBxm$j<@>snBD
z<jYON-l(iqy!lC4FNwRQAg)K!$vXnH35a3Gu8U-qjR%4ce}QdrA3w;#j(0Af_y^{B
z5@&L!WAkrp;P2U7dqL{5Y1arDmk3_&va|>3ox2*}W)e0v$)t<k?4+56!Cvp9+uX=2
zZN=c&%|nE@i+~EF`GKxbOoALdJ$4OpTZn5f0^S9$pImKctEfnT*l}bu7BIltOr2t)
zCG50ykJ#FN;Fe0i-A$416-`;)UKOXY0{|cg#=~}{D?<8t=1279&2f8pO1c>;^Fv?z
ze4yXNWXGx4i6*CJ2)~>A&I__D2By?t@X<nyys|RKntV73+krUkZ!GMwHoMKEdxcbG
z8LS$Mds!OSI#zUGM_^=u?AjrBuWO@HsDg}Hu_OfMK}2$w7L5y)=}vPs^_y$`&jaS7
z=wi`#Tg9D{s@tfQNK&Y#IjH)LSemnXdYG{L77lpg!m{c*L3~UR=$L64W4&QSGWlFL
zjfjq2^|&_!1mkX=M#aca)vJfyfmxEtj)<_c?;gVv0FeiZde?vs`1J8D^^8uFUgKTb
z&EBa6N6GXn^u9`Ps8Z+Kz|3*$=||jYC{8?rzD`k~6WTV`XS*@#3u`&rlEr_}oiNdy
z2cN!OJ?8COd>)LVhKWN!0ahc3hCq~Hl%wh|72w@QVOS@+S~Ul=vIu_)1$JgLUI|fG
zbmchlFs{D25>J(RY_{V;ZL-I*k5Tg19?Qz0Cf-WC<>Wv(%P>J#+ge&?bpPTnwPXnw
zbhH+B&=_ftGtrIbz_4WAgifaAKiQjo_gHW{AUseJU`%H@b#bd{v$+HlrFDVQ>j=tq
zVWA!2VNk5vVPEQbG?=osY2FV0nX{~h?2lg@eAC=6JU)&tdV_Q`t~{wE`EBEk!QQ=G
zBc)+>E_|{hEjuq8vqLWScXPNCa)*Keazob58$}b!Xb(+y1cVORiPmY_@3IkDQ4q6b
zl&WK@YMJfVV4k^Z>wSR91!h8S4k(ec8*iXBOZ1K9(!>g)x;V`2i0n?14$dZ&sA+S;
zAQgV505KVQ0jz?xy5d8&Js!$M)^;4=H9wT~eDx#YQwv(FR~TzYR)LMw?Q~fP`H-0A
zf)~imGET$-f|1l>ugmXwUh`}ZKTzP8#oHZfS5Vg<ysJ~AVGUKLN4lDvTCTQKLdeG=
zjXkO@INNZOZJ7<I#t{A<v-c~`9k&WhsUb#bEgPO8;KEQaVEwr}lC&)X>;>G?4m051
z!+w@=T|m!uFuGP*E=YR=-kIMAYaGfJc_I(->y%sYbzPQGPKgyO1J?kX1e`P2SU)$d
zttIEhn%wdJjW{m}tzqhJ47!n~33;KiVCcnTM(ZMGmv>_0zxk(dDR{)rs3G6r%vSG1
z?r!tV4M%FIaC#fL(Ut;YmNDRxxSK*Lb!3jJDlFuW_zWiD^w)mx9CJjT(a=S6b4*qA
zcGASB_992yWN3d)d_d$(&_}lRkFeDPfu?(96BO@ODo99uR4cbE?q0X7%r_A@wMd+W
z77A@6+z1Wwdr;ey*BF;$xKZ=Z;>hOBS_+qloWp+N->z=S(N=O5KNHP=F$xw5_m{x#
zL`k@3u{`n)Fop6g>M140p1F;b-qe4rv&;WvB&n}zF7BrTbKKlrrZzufGU@!gFn9Ie
ze_fNK>j+&@XUBK`yQ(HJd}F%|igp5#we^~PPb|BO!$QJU*e1oTAr(_2T-{Q0mV&oo
z#W(LOO}Z{oqrc?zn?y3Q*2aWWDjX$BiV|@O?1Vo{=z+LK8%BCo|7^SKk4pz;uUa{{
zT9(BwI&*j5a#J;7u3LF6PJQcY5bn2wlzc~*9rUiTQmh+@LOLB|?SKI|?kpGECiPEq
zNFBZk?2PfHM5n=`&WHn9!EnV}*A^QR!4`{>29igO@1FwBpBckK4=gZk5>1<G7xbG8
z;nkzGB4}U$89CHmRC@imm7<5)c7ZMu0_s_ja^TO%p4F?GEF)*zl7fpqx@<48_f_(j
zwY}h9ez}yl{CN~gYBL#P3~`RUhAO1p`#@90__1Q1?vveopKs{lIbCeA-!<#8O2Arb
z6O&ut!E!(t2IQw^WT(86QNhlb=ZCRQr@>)BtUaKEFTq@!2>giIrSHwZ63+&$C^DUn
zyIEZ9#!zzm1+rEZ|KezM%EvjmIhQ!SI{~RkH0jayQmC2UnuUvAmgzlkF<7dtYmd7%
zl#NB!e9j~4-x<f_jzgaqiY5keC6LD#LETFu1xVhjTO=8Jk`o3keR?a24r`RD6yr>h
zd8)Ryj?0nml-ImPf)4BrM)BXmf{THp@RLhKL8dzqKW<FWw++UEBRy#Lyj~4&hmcjH
zYHZ%k^^n~=pa#Rooj%<vCoI`B*h(Ok{6qa~7X4acXVi{#FY>LgF+E=JtEj=>O{<12
zKN+Q}Te@x@vdMX4Z_!Z8RkG2+P;C1eCbx9U1B)dX#`j(Rq%!ElZ$7kJ4EXq#%@1Gb
z)tLpxi5?s$;U(r|*n#_Fj)1yu!_q%HDV%GHY1~x?W*^@@8gW%^u6rpyI}$~3G!z%b
zd$j%EUxJ<dXOB08+qpm8+5VHidf0u??r(VfuE!Lcc4*JJsSZq4rcAY*H^VkrH#-MY
z8dBGEMZs*^Gci#Kjq;__&e?gv0|dlI0_HA-L3^MQ8Vda)FdT<vX_;|}C}6iilzO)a
zO?O}3>vold${q2Bz$H&!4V|4PfJNaP_WPpFAHp7j;yee~plZTN%AXB!X=tz2wcd**
zZ;7fv1H2PKAGa53I|tz<9P$ScfHAs|?np+N$KL;qss@6UtVveRZO0-BeBXTmY?u$S
zXU$sF%|susw6PX^791z&oXjwom<C}w#F*}tW|h7k1tb(%>y2{-RkK&Mx5_{%d^{6W
zKdG&`2644WFJ-*jIWtyf$1t;r&gkRB1wuW@5nd$o(Ol-b!H266`Qtp6Dnd89^0pJi
z)*$~-1A;HjYjWh24>D$g?diAdde>@l5;@YxiFxWg#!Uhz_g&FO4X$XE?|v=y98OX6
zgG&yy)+if+95`)WX@+I(@>CJs1}RWYm?||)i?Iy_b&b7aRb{k_#Mga8l~LQIa0`QQ
zdii_#Jlwdj&i&4r*eXmL(rz>w>-r!ib7!T>XXMvtD)CCI^2)H7sbk%1AV`tWjN5c~
zxz$j<P-8uj(nD=nV2ajYVu!**lMoOv>TSKt&prCWv|!YmJg0X{*3aIGS>4&0T0K33
zSYm13SOW+VQuq<mR8TLFdzZ0j_7-b5TBFjb^R42KNGaW^-)@+?^E~Crt=cC1!)y@r
z?Z`u#vgR9-)amGGh=1k@dxcc+ie7BcKbX8u-08qBMB1{GWKEDP5s=xzyw2Fh-=4h4
ziax(fyWBt&lXC@&*q1OE{3bpPWI`PCv|~E686kHK^n9`wwVV+6$(DzFvthgiEc1S=
zEMxMO#7c68_f=k#Hs$yda97zrdt*U!rkV_(&6E!AX2{v%nPkoJocbos1uu+VIR5l1
z)~Jt)?WBS&wh>5JR@?t&!C^lL2CZcAGD>yF0a}myzC=1~mxX)`eXqnk&<!)&K^#nD
z?Jq~3etGhhQ=k^LZ#EU-CmA_wZtlBr`Bq-eA4{ms=E1nwqY4**EMn0|o!x`cO04U0
z35Lm%A~GgL={I=mGd)mVy6XD)%QrPN_uz0hPcl9fk8E%jhee*adG?3g44i8P#Vjb_
zDuXbs(OY5))j!1BO{&b5z};;v2nNInUPcRKHAQYG3}ZJ5(falYf5A^l6d!i2FZ$#p
znQ3i?t~f(Hh9o+e7JLFA2b91S>tod|lcWotnCXVKiI03f5{<zic<*r^F7O#R4o&TB
z?$h@!^15=X?^c1k*7EKAc|&&;pQ=qXi7`9ivVtuRH~!ne&;JHKQu`fUR@ZOB*c@@Q
z+2Hf5y1ppy7|qbx;iP)qJDRE%6I~Qy9h2gpvq9E96~u!?SKMMHK7{t7FhqvPZozhH
zN;j-96usSA%~RQ2hGq3y9vc^CcT>`L@CT^X=fDg|=j(}~7O&KT$8QpG7s0i*rXCfp
zM#b4IClhcDb7mlO(^E{Q&8&7SX%w6$)d*k3=v2oBDAQ%l{!RB#udlc?=zWh^MEJce
z<bGtAnC`d^XX$HpfAjgnzrEK#Yj2$wzAH|hXDC?1MQ1Pa@Az(HTd@LSYl}v{3%Q8v
z`&$vfrA(OiEaoJw(Ztxg(IP!NfNBk=t%DN`;A^!p!tgUUW#~)sI=^G?FeixB$;^5B
zi&Pe)FQ=Z+rN&gr2A8^*#pct}6eql|M*#b}+`XE$wnYThIIg+;DRX?yEm$AlQ{)<|
zlXsRfMgH42R!Ct0u|<zW5#-*Bj>#5u`;dR@&21Dwsu}~d4z<)oe4-9vw3w<PXjyH$
z8RH)3nn#sq46l@f+w(Vpl3x8))>2*0aulA&o3n>0G?j(jB6UM(D|-kjQz;Q6SHri5
z5UV<%y;&hkEsR{>ATP1!fTKqFXivv{nO@vg&vj-_uA!sfl833SU-E_+9oWWtXESgo
z(^a*wmnzJrH%)jYwD%8sQ{BAWEz^7<zDAiNv}$6MTr9sjIAWgWv2XQ+A<s*@*VqN$
zxf4>aHc@NM5!_sE478CPT%U=QT0o#kY7!P?vR3mU5(%*+`FPLu1Av~8#N|tx@&*;j
zIJF^E_~fbxA47MB-u+xqhl4&$u0Et>`&csCY3<jD?S_vkc1H*Zu(|s-=RQ&z&=knX
z`?UrWvCN|#Iuncx;Pfh(QYYV{g|aB6x>~(c+Z~};ZnV&f2-sO<%kG+R5y4DNgNABz
zqq7A#YMRU#<`;437Fh-V4gMWZq*k6sQeJLq^)=Oa#nFaV=OR8Cc}ZoJ^!^ah5k&E0
zbz5shE+!&_CNHAz?-eMxoa@FmG(NvRwE8py)Dl41)irYqPtMQgNIm{Vm$@UkXk;ld
z9bd>{7~utN!c2WGa~|#&TcTN`8gg;GsSC5S`vkQUeP<6^d&^`z1NVVL3lnEnxk%`w
zuWTGcmmMY^XiL|~-aj+W>b1;+R@Rs4-r2L!h8^b`3x(HaiqCWJ!MXWPJk?71eTHEJ
zQNbmiho(H%PbAkIGRkmDD@Q4<A(G7wo+MQvgu?*iYxtgaM)?%&*xKBIO;aorAq-gh
z2yajTyrIHLn>HMpaFJ>OM4gMFOTA?zGS{a_DyxZuU2g;uFijYpYp0wIYwD{-I#Yck
zLAy0|cBAJs+cN9pD^9Zs#%iX8soe}Bc&gf?rY&4{4y?A(kvE5<V6mUud8t2Lqyg!x
z*u;aAL5ojT&3N}vb4zxu{5f^dD<L{b$M#;{jYp<(PbgT3(eEB9yBWz5tS$0o3qU;5
zdm{D&)7?&a8x#g#;Aukq&&5+`KlYC#wqbp<k)RNC5+Z<9u}a0aChNFJK=({Sb;AW<
z)HC+=W!dsO9+*^LsOs7Db?nS8bKLZ%ibBDolohHv_8D!BoUX(CW`{3=dZ2R*ntnnf
zB$(5$`BxxQpbdLaDWp!D%q5JIX5@lzz2v~Dt_hvlka|WG>b)FKzr47X76Kr=m@9kA
zn&~b#i$SM&-2m5^sG+MWV}67<fy15B?)^9tblh4yTZ6UF&%xYdfJh2H%cH`J%@TxT
zx?J`T>9dCj4VpK(q`@ziQx4q;C<_0j3QZpZ-!v$6Ht9a5O+M1TCuAdCuekuO<fc_K
zJepObA(>@7JB^bOf(wu1c-AseRbl-bvL_|wS}ijD#Bc7`x!q4^kJs|x;NN|iUt7C=
z&Ug7FuVeKH-!88TFJt!b2ng_B@9FNldU`ouu>@a_KkKr=;SZ|mm4@e^&X_zr!uQi}
zWb!TKgwA;pEjY()10kirkZQd2pJE(KQ@AyYtiB8B&)e6A@=K}6`VX+>k`~Fua!f32
zE+{aXoV!{O(+;N1^N_3=8Lb6tAtxJe{Xfy#9mSg(j2k)b-L}Yr$Xc_PZ}No5MkNk2
z_J#1NwQk2C2-kBpmo~D^HmYO)%7#P7TCBgWt~Uazxrzt9vj|-jP5=gPy9cDmdVHAn
zCdG5v2YF4zw}PVEMp{Xf2SkyW=AXA$wMdI3e_kAsHLL!lQrbQX20F;>6AQP34Mm6M
z<OxcxkdLl1dE)d9pmDk8Q1K@WC3ImCppoC9qd}8EctW5#4&;EMW(e+TC`MfUNCeKx
zG%Vg!o4stwV@-7?yjsrmdxdG9G$%<}Oit%(t&LkCAW?L3lB#gpzjNbPgpR?2=7O5C
z6Us1@+7fD-5C@{!5gc2eKAYAC#jEUZa@=puSQ0Wgh$+UP(dc`8tCd6J3+*G(jOe<_
z^YE#&yD|WCh=3mXG2r?hwiRiz4dQ0X>>jmJ6iA6G)eswI)^A634U98Ja}?OUVT=B&
z6|HBHEvErliFOw9EbYZ8RRFzx7k;?MFNpL#SE0AhsF|sti`<a9PejaGPzzQz7>WlX
zx)Q^qgF~BaJ@26bn+)_4_Z8F=@txrGP!dj;8iP$I%czF8jN{IYUp!-+Q%yZ+HBO@e
z(ed?=A@S?u|BiWFw`z}3lYMm$^kQK2PDp%u=UwpP9uC(|MrPV~VSmG4u=+g~7dBJY
zyb`46AvCiWJe0j%j=^Laq|xH+7gZ4yC+$ILmb%8oq?=phu*f-Aozs(K?<yHYZis{T
zHzE{)1JvBdG)*T&_Wt`Si3FHD2qcW)<WoeB3{F%G)41VPsTh$xT}B~Jw=sGfVLb{h
zJV(nOSC4Ye3g@;tF0HY!i^!a%=9<?Axi_X9x$b<>ckYPbb2mC(?$IWMK6@HVMi}I2
zdi&VD6=umUz;}HCUP4Znpm_NzDbaupm{E(ze{T>&>)*Ph+L?iw@M9Es150A?=2ijv
zMoiTCVs8M(Sc=uk@b*D0E?-<5GvTcEz_HyebTv?&?}Vlw+)G@Nhgtx0S93M-REF}c
zY2F~vdsm3g5J#m!Mq@>PMxa1IKN6a_k7o2v%nm7GC8^F}R?~opK{W<BXUH#jgRd)l
zToQ79a<8QKWEqw&xZSA=s1@>X%>E9fOXalZwIfZ$zmYVE$hGvOmX+p<r<C}V9|Ply
zp(190?;e|z&+Q=`eYb|Rfs!X*c1N@=C0|x+EpT%4bX|LSL$c@~wT1@vO(UvdqzmaH
z3fhs>O8~h35Zcu$-UX8y6y8mdaR0@=vB}yD;n&qm<Z!_J?k%;J`*5zV-9Ll?t1%1<
zM#yp}`F#ZU^Y^_hCKl4=z4_7xsUTC7xDIlt`i;!rg4-gOJr0V%VJr9sIs3dS7WWX6
zu13#ne1~fMv{t1U{Zq>YY!dmgIVYJn7^+AbL+k*$hk#O-uy3)<6Vq^qPadiRCUpuq
zCyJ?Rl+||>$79%`zb)z%Y^=bB`5h7Y_l&mJUX*s(u>ask0z*7TXC_H*H%P~8!=R{9
z(FGqH+|;qi4ZM`lX>-fUf%j3IiKLmpG;9V#aIadNK%St4@Mt|i9p(-72Mpn&$svVD
zUzc@3#p8Pkj2Yjx7e>BFLpi<!`T`J3h&!Tk5C_EU<e4S05EZH}XidZ=ay;y$k4VK%
z?DX8+h)z{4Sjr-j0$yra>7diPH`d|O32lyHgbpin3YHH-+AI=JwT?W|J#VZOE|vX%
z?)H4N)utw&$A2tRAz)$%06x7?T<M!#cLQW%!3&!l*kmeI8+3XxU`yz6V;k5z-C8~x
zO8assz!VPC;{y;srd^~ReNM=?kAaqb?HfLG-=^XTiPJ;|-P;nj584NbMb-o7U1b9v
zF2->TeprAie=Tf)40UD7E-Na%JjfQJFv#G=#-y_ByyHFP)jbB`%E$WGSi(Ryppa0R
zJO<6iuYv31ej}vEBD2Q`4SDyxJPDd4zqhc5vE)=Tfkwhhk+AXF1fDi6Z%orEQ(_3q
z@KI90988C|tLEp=Tb-1gTg3y#tS)!+?knqAa~G1#b+fU|nkM-Oq%xuxRoANYFo-}2
z=8Ltj`1r0g6GjCGTWsu9;B^)$Od<iKHjw~g=SUy?{mARK`x5*nCg3wVh)!b*lPPMw
z5IYpdoC!}Y8}tU%sYzvq_i>f&!AhPi6`^v#83hX<$T{BY&tqg5-9fTMe*EhrlE0V4
zXK(53v4~x1$p^frz+q5o+SQpZ64$BrmMHk9=rRJ-S}m`_R7yV}{C@T-xgK|`LaH*V
zA+PZwjYc&bZ2uAYQXI$`YqP;y1A1akAb5{^kUvlgsr+^N-#c%NRRPt;T5a%tSL3|7
z%QW<Z%1jk1OBd3Wo_=?2L6yfWHKCS`;Z7?a`qgxKeoR#HA~DazLlT{PrsOCcEtjrG
zJ60rLm^5OT{<CUyL~Ii`zkrmP$wVTzsR?aP!eQw%+#2}HfIlej(wHh&1ip0LhOwbY
zt!<|L$KjC_Fe|hTbwK8<36a58?XJ{7n&K)gz&(ZYa-kS*ZR9|TexdqQXaK^>v%gXq
zBj<_Z$k-XRwXyWpQFHLEWvSxlT?Sf`1XRm0>2+1?cMX0&)i)#|PF?#8H_qe`N4nOJ
zzkkd+Ez@k2iRI4ayNTjkg1&c^4L%q=bIk012Qk^3FjLEJ8Tz`JTUL!DSwyXk(i=8l
z16Y-f{oL}okD0YNdv^`>+L`S|)hpJ1^|;*ti~?HA6BYFaR<ad9){&pxW{#RlKjaiL
zbsJmlnpu=B$<Yo4>T0VCs6g9#mhH6#-UgZ5{L;~a`#(Vt-|UPLVRiu9xtvnAk?%lO
zfh0$Hsgd_LV-k)-fWOea5gYNCs3Q}d<|WVN3rv?(9#jZA=0jg$Xd<JMirX{Vv8h-v
z=DPK;_~<<oxAz*Lk>iYrFSN$>R`v?cr^+vy$jb<$$nWo7cdy!WVLkDkrq_eH$!SgS
zk*m-`@;hc-_c2!ujjtQlXW6|isQ5?n9l4pg@vle%zKj_s-~@^7As&iDV|Wo$-DV4d
zHNJq~PU9aFTV2`>yp-K&Wq9LJ%VvG_h$t5gY^`d>m!j;ok>J%C)MOB3b-tc7-7^Ix
z-m?_!`o%TX%G5ewHg6TAW%}zrSm|sM6j^FBQp~4w1FbiC1&5O%9c@(55Lbrb)(eA4
z*2dNxqkjBBB>M8>*=2+T8iqk9@Q=chavkGQo9}y$;jo@R@CQIZH!B_&yFFZ`R9;&t
zwck|Y=r7+mD>vIXO9J?oE!|y@5fi8%V(sZdbCi$aB9l_5m_%}o?Ud)x7#c~vg({T#
za1bl^81hP%IZICkB~y{$z*8SFOC@XO5@1wpjlR~Bn)ks9G`E><J}Xy4x)qX>mSU5-
z0DGZ0yi4c2wvxbngAM?30di7sU~e+o)m=lwmF+!8jDe!A*5PPk{)62Uw%!kortHD1
z@a9ZzCrv*}6XHzk+|^Q(3PIA*mXVwpKkBJD%Aq-uqD_KM_E1uiP-V3$9z<_tR9#3B
z_jt^*)RxO+?-j2}t2i}LcZCey)>|l*s9amuUV@yYNqV`V3TOuPbSFMUv|;L6LyI1U
z)(jIB&?c%xXS%sb;f|AJ6Zmw<)84cGeZCK$6r&lhqlNZHH)ku!$;G&h??y3aDPj?i
zUB)Edv89t&PVaz9HY9j0=Wvmxr43>;<xJjURFg^!c_%6x^g$&t%!nza9_AX?*>C8=
z^$QC6#(bzU=UkVGFTg{SQikX`hLXP?Mh-l=HHs?kAL|R3IzG)h1@GBb2s=RB3dTu=
zTyum)0-v9FbJ7ye+n)LOfrMdY#UUDG8F-3zT2O0QWd|vVrtpbu9TyoPgH5xhF-$By
zq`hJoAB7#A{?55#>-#ZTync1<YEElH6ke=!hcz5Z!@gQ4DwU7FI%)F5ZPpg4Kng!D
zV_FuyllUsRuA)=t<OKb`R{;twI^rStSJu}dOx_!V(48u6bw->p@)_{WHG~a=%jF>&
z4Tj&P)4wF>6l!wRaBKsaV}+kW4i2^c6-%sWYau96*w6+LAK?()EYFPNvqK7Pfk@0z
z?|&yyoU-7FgRUGv^LC%@+A6?!yR7E_uCiSGNa<4O_$@l}@jiJIm~;m%Yu;EE%gOCE
zU57TV6XgJSJ5GE!2Y;(c=G)@>LcYajL9gk4#5<PL|HL~Z#}9F#=T+b%4S30!M*%WT
zn`F}$$%mWUdtdI-dy3HMy6(wg+hhj*PSclG0&&#_irlN7v|TNu>gtdXbzTmt=o0ai
z!h3S(9`xJ|*PuxuHZ|F?PV2=DamE~@Ga|@FgTSSv;}Gh2M!B$EO<(aAKdUE{Za1cB
zj}vQ=4j^A#Iu4g4CA|H1InG758v_2E+>#4VIRyF0K>tJL(c92cT}qq*|0<Dg=;iu|
zvjwE4YftY>%n8vlEE^wR3SB+>CFMqD&1_KLm-m!)g{`tE_Uv=cbuaVf-Q4Bwt2tH^
zxj!<qE6;P|(XBPdIuPh-8=B);f0SYUqT48R?;p^((5mV*Q67KuRv?A98|oE2HW^;5
zka+aqhwfbk`LoZqC8=WrNV^L>1TwlUf)IwyrM>_M$h?r~6C3F~PTN?-2vrs(iO)C&
zUTL_;S0|FkPsc!IH;inXw^C>u-klgMt7Q3)LFyw#YBoLR3s7`+mQZrOjS}#t;LhU}
zgy6*-(?&Pg<{g5$uXoLyGTqKKX>WC=>bO*h3EH8?@>$V2FwWia<B;Bm+CtD)leEPj
zBc~0?zoyTXWaDH;hv2foCaOL@SvGqyRm^K9<I9a{7P;4MwW!*uiw_ZH>O|{iAe9{{
zd!*S4$J?8`3eYMsyP&#nz9-H{K9<(TG|DOJ$KBm{@vAaPoX}Q}p#|X>D>^b4`ga0y
zYZv?AiGSM4gK~b=Wn<rD9P3CLJ=)J;u5NQ3dj(X1!dvyZ^}6ErR8|3xSpU<pow2!?
zY`Pf^*oS%Ko|cNyu;!0PlkfMYEa8|z(K0&bDGB<wVCfGAviN1WEA=lFL9P8kjKxQL
zpq2eP9_noeSP!W0PT8ji!PnmUry9um159jVyfN&A(+3GhQ{b3GR+Qdm@%orNPf}t(
zTc>;aqkSuvsVVO0O?%eFB75R3$A-Ds+Wcm5z4vjitucmqf7^ti+T5ni$;b$9MoJ<s
z)x)e)C~aEm%LHbG1Y4#*O*)*VT8>LmiKZ6!4GX_lfREqPojc3Dxn$JYhx|d=2?;bS
zb@u+B;Z05lf+9jgs2p%7>pC2rjMli-uJjg?%|9~oec1Dc6dg9Bbk#XG6Tf+u_LG@G
zuTX7?<0OA_n-5dfid1k38UjWv%F8N?`2oa5a~bs+F7ikIGP~AdyzMgW<4!pZwwQ|z
z_8V5`KwTI9Gb_=vQOjLRvyrgAjFk|K1ow@I&;jr@N6b@HM?dtdYE4=m32d<u?_t8O
z6m+pQAS+49Tufm6>tUCukqT-YHAVH$Fbse-M6M%~8r)Oe$nX^>V##RJN!5$~nfpn7
z!45C(<>PIAgdwNpDQH)q*WEqGhx{%2sfWIVPU5Id3-+O}Sfute41FDBpWTM2_K}PD
zG)CM3wRp7LA5$iFvPY-fObDs&k*7Far#&c^vFo|GWKjyIFpc@0ojEI<A~-LdE~$=5
z)ZG&{5YUzzM4?%F1A{!@I={c&!<ZfmwKN(VF==D1dASbYn$ML@XVL;fMZBt)@sS&i
zVq~3L>RX4G0t5z#+SzpTZ3%biW}W7?^hlj$r<3dY>}~XQzxC=TRVKDQ;)Xmx95MS#
z{L&gRbRA|Y(^l$m=W2m_Q`^+FXRjj#oPP&MPD*CFmVS(ez+CWM9c3~`vCOP1CmjMw
z-yP6)e8>&I8tD9v<l=03Jy}^3vK-^siQK1Y+$yroL=7_Y>K-){epRTf$^9lx!xiZe
z{Z?86Nn<yTJZNJ*X4ApxL5Z?UPSK-M5Wqx$t!Yz-1>@4?*HbEltt`<_|7$C_z|S?W
zg@q*3tRfgvgkFdned`zM^282|SomRc!)ONy|0z%V;zp@pzVD>p?|ww5fz3j3KL(^1
zk-0A(-9gwy-1BLlb-F^6(o$2$P@UmIQs*NiPVM8c6{w%WTP)T{s8P>Qpdj}3`hiiP
z{`uGc`%4Tgmw!g}fx>j&kC;g)KG9@-5&_JIr<hQ8u$*bIoeO3>?j9D4`B_-BYVbbi
z;&09cI&aIPDn~e8Fvg&KP1=A5&|bS2!+xsEy{CbcPP^tqeph3rkp*j|k&Sbk5#04`
z$08JMj9gsswWT7h{4B%w$Mt=CxxLYv?R@h-zdF{gKKeqKr#>lo)V26sMCm%7(Cn_R
zc-S?-Vk6y_(|FO=H^0N5ff8tyc`nmTqoym8Ci-_V8(F^RUWAse?%f=*scE+kCe5kF
z`JF<dAhB8inpp?@4o+$!LyYM_ic|ae+-(bBhK0KYrWJ0WP#1*8PfwA5_r$f;P4M%y
zw3-_)<hsSdqN__S9Vx?rq<~XDENV75>s@D7M;~-?*C!+&sOPbbUi{2QBMw|(omm?<
zb^}Q`6$R4vK@wT>56TAf1J-u80ARbN)wfxl7UeH%H`)nzvUb!CCeme>mE%Mm0O{Q`
z)`1bc8bm+FvxGk+G^!4tj3P{GKS&EXU{V0VCoCVU?r_!TA64VGC$n9w=koRJMx@#-
z?y_tQ9Et*D=Z6O`(FBtK&j$4Gq}0AtHSQa`?%+}&z=z(LSxekU0@?NipzEP3A4aAN
zEDg2h#<%9&d0$o`nuIS3=x=lY`$%x^^zHWHY5>5JEObl7AsEvS6>_s3^yX&Afd;oP
z=_Fl`V#)mGMk@vyXpD{yT7*xT74uxreE_5oUXpwyMB%hWRa1s3z5O6for|lFa|^k?
z4U(>IQX~HA%bZhkGH_h@aV*1Tg<2XTgJFj56m$iahrMR)Zwjd$G%<@DOpS`ve_2%W
z@gKu#9`5A;!T%MMNk`f#?f&foVPE67_ZzeM-T(8e3b8ELHJ5=-fj)5Iiy@A78GZ}6
zhl|nq!VI6J(@H<KSaIf5rZq=iU|oeKWX(^2{n|qN*BtZXQgLsHq+vG)D)0n$?n!f)
z9UJ2kjl;m^y7^Iar&X{$!UzygzP1$=TSzM<g0&<VN7aEosdGHU!aVAyD7{E&_xvKl
zI!Vx1YhB!3C1xm+*?Okqe)Teg$Y8bX4KZ||VJ=HB_QMrg5!n8GAG3t@1~@g@Sze~F
zr9-2ItZKs-a+XbP;`-i;J^irPxQaoUO9MZ<xLpJdQGQ$+CJ$n>e(xQc;=xco!I|_y
z7JQ*ofFUO1ETh+asWeNJ0(kX2m`w*A88}|^AUsuZ4}A$_U^WDa!DgTewXuCs23s5g
z^3=r_<(R4q`w)$xRV$RxKz12ggSo>H&<WgCbbPFZmua1)-cpe!>;}aU!fR~pH}oDW
zqN)MR2(ryz5lj~?rdW?*@7FkC;j%k?H+#`|$66$0hla1jmX|)GmBF}_c_D(LpQXZ6
z5t+9Y+dKLzjYsY(*-*K@J80`E?T>|~u21V952tp%sT2y`uj{r<>%V1q47DyD{OmKE
zzQG>mbtS<lDpZ~3Fw3ejlGl?1*#s{c>LbuqbatC;I)X2pKLpkn0lxJ*tq>$rJ)7%X
zPYzUm?`Nx9)U(;s`DcFKbxNQ@sv@)Z#bm$GxS<nDKydc_B~YldwT?&q&k>o345yFt
zkSvXzu{~Oe*(-^qExu*1GaqPGi3<hPiN5u1_ne}R6@85-Q8rfwE}u6tcNpA5`ol8S
z2Hq$*!5_GYq^DwwAzWntC5Ofd!Xc>Rh_4(7sgx5gC*X&>UxFFL+vEn}mT$JQc~UDk
zDh~#vdxujIsfx~O!Zl%|$!M(}XU%?%OX8=I-E0lb9z_d1WYYTF<JM>!@u~9Qqpssq
zcz?{!8dEj46bGB!Eh#OfxhD259R&Nas#`d*ywF~w-)$Q(%07Y}+$t34ATKk7{%v%`
zzX$)n*}<ZY4D_1k+*U@2?WYXsUx}jvE1zNLu)vTNgf)VmYVztWiNKw?QlY}6nC3um
zUs-g2A$m*d65eidBYOiysH|9I8R$h=Z}5HE+p8j;G$_6Bi}K>_iG?bx?yW4=*{#qW
zQ+h_-*z`M$Jy!`Et?MPRu>rV&d|=eX;bldrn`a}EB{Y7olG#RJxmD(%NivP~6CDW~
zY?wyCot^Z0%4zXYGiz6CLaGB7WeZW6Lg#SD;CL9b4`4(YmN{Uu#2D+Hc4s%GiRoeD
zDclaDmQq0F47hznNruR_!4``hFGvJ;emo3xwN`hxHAzw=wM<-PD(*Q$y;hD^%yKq~
zf4%2#?P_3bl_xwGgTNBFQ-^KC86jVdVQE?(4|fxWOq>tn#4q~C^WEb44L$psUQ?ks
zxEjG_qdmg2Z7%gE3!9cfl#J&&a@NcS8Vd&OCJ5CAA|%f&wVN=5givlRH>UK?ysgys
zN=>xJV8qZR$NoZsqqn+zZQyZdC#mho<ru`oSdCS}K^1RILmi34R4`5kFCoiMa~I~&
zr{Df<K{;vf&#fl38%v#c7)YHAd)LYpV(r9{GT|9&HN&Ex1lqx_;gkU<fUcWvsoNNI
z4lHq8>oEf5Hj^)nrL7v7j1WJN#7Cper@E>P*D4b$y|t{IzcMW;acPFgu-fNuCt_wL
z+AXvChlkLc1Mkj>>y_y%*+0D~=Y-SXG+k`GnznT^J%$*wQiZWgRRlMT4tpd?@S!BK
znYMKp-a*&i{Hvk$dBt^5Q<TB8(uGIX`fAHbCNfmVuJRqOZ6-IiVOVrUIsFO`!JVEm
zwe;onuQNwqF^qS5AdSV3;eGk)h3@W(lV%cx;fO9-LDCus9JHwF;CmRmTK}^1r!Bvp
zXnQW9MA~pGLW^~#{w_m(S`Ns{$eY?hd%X>zD)ib)Q%+B!&)SaH#dV2ra*0NyiCCN&
zc)(xZT^`G(ovFECld4LKU`a1trI$+~bZUyTkMq*Z1?v6R4E%x&v^g|wE7H?zCl3DX
zd=O#?1bO0xR5K|%*3vj`d_`5A?3vuA57esalVMxnwzNz(V{#QZ&&0Ge4?GxeS&B+`
zsn}?8Y{fjI8*107lg;(+mp28h7Kv+@Ms@;OvIf<o#vbF%QYoUc$=(JK9+x!`u~a?(
zBVu|9^n;<q$HYH7a@yw3cMeQNb8lHQZaGja{_IAsQ2#!rZr?=eCH7bv2V^Vqe!s~o
zDAcrPIeCcMmaX3Gj;_yYTag82ly*~`KReOl;Mbi151)ZyP<R?uIB&Pjb-;|6UvSGS
z7`q7ykwx+jg(0YtNp_shz+Y9`q{_7M!1xEi7K*p*@dk3_^#*e0@(ps2*G_?MA{+Tc
z9`j<7SaW6F;#U9dbmnZ@22CRgtKrRUy!gk*KilFon`JNNPZA^IWUeWq<;JyE11dOa
z4U^fy?F*auylysI*;>A?VK!NeAPxs6p8iOVY&93JZ6S3wkUeP~f_b}QhP<dOdC+tr
zX#P`nvk^wqGOtQ?$n|YXn#;gzFIEd@Ejoxk??*Em-j8UJdB>*zZ<o%y;cIQ&N2g<F
zue7k+`(AV3P;~`eZ^1-41Zv-n_fb*pkXyf-9)$gwmoClcY2tz-`!P(PXJm?v?|tKw
zWf1lJK{?#I>)}YdTcEBNr3HOg)FgweT(xXyt^nd{?yll|Di<=XbgA!VvcP{<)c;TI
zQZKpgQftS;@Fr|xt==HQTm0N^+f7mmpIw~^+qqgMcwS)h)?aWtz3X#wfwz}OU!S@w
z6QCrfS`4QcZa@5eovn@2n}>IRiEZQRhI7HSbAj#JUtG%%2XFWmz09$nC(WK87S=m{
z@GZ8kAGnq{yLq6t-L0pBTisg>tn=utL^yWYEe`CW7*K;3B62mh%JH)}-!Sm4YGJD^
zZaHR6=<m|{&1aPLWYt5`{#1%^H0m%mp_=EsU8iF#M)TaKvLzeJ90Q8muktZWL7C%P
zJ3dC8wd^oF#A7AKSPY$^--WN9??TNhDCj5SO~ye<z-V%6q11}^wT4Zstt}r*vN*Ni
z{f_pX#-cN(dPgP30qiI}&uX03XS$Mj{2qMWeJw}#&y@eRo{TQ9R3>OR)zWE`iTzol
zHz!50H?Tj4p<GXi%Iqx%oa->`!0AXNc_7C5cvGv*Uw+X|NiPCMRT)K=TLD-F9zY*u
zsbYM`AZo0bW0XiEL8{6sFcQWF0M8_i0kG*qsi9)tx@vII>?sFLA8-C&--@E>oiz1d
zV;JI>a|vjqn~G=)KJeViMky4|?z?<@-(OMFrh1i1nhY;wK51>2#P&hAtW=n4Sv@{N
zC%Vhra6}Y}N&eqz4^r}K@f<-7$sS%JW|&{sY{oWKBUyW;M;@*r?~T3gACAt9&;rG+
zfRjc|a3-gOd}}WKvlMLmzZ2|FxBlx0Ce(4ZEu6kRP@J`<c!7Dze!@nC79mdXL^?_&
z5VF%NipNn<k-g%|OH1_uZFNuG#dI2($5yHS3JYvB?8nj?Jlfj0)xP?4>%}$WJ@l*$
z(dL=E-H<iQD8=OLSs-wK%uuUY`+_e1?IrNt6*CtWvZ9b`G$yGp-&&KOI%9{LdGH)=
z#3(}b4|~s#i=)wHsX-Axwt0H6qNs|BLYLe!#EBl&Drn?9;E<;&#IF45E8Sqb)cv#8
zf-re4(TC_V%c7m(tUiHb7l$>KF0KrE`7v-oUbh1;y|JbHpxqduIs639aR`XZrg7O-
z`y@A!?`0$bIG5THPj)9gKV#UI!t(Aqcz!5GRZzzS%?~=<hBCOei?+8hE~4A`j;2|-
z)RY{~k+3dFBGqA+t2$oEUaoN3?_%9r(WAYgGg>KNQVv%rxu6|&*&Sfd0ey&`nhh+U
zy~pq2H1wQQV4q6dD#R=7<i?$BcWfrpUwPZtI#xGvF^$tc{g*5zruA^ad!W(pBQ6(S
zL9?;0phd9mctyAVKCtWC^t64jY)@WnDpEOtx|y=Zb@nXMup+mYqMx86F&nYVm=94)
ztx4%l31-Vzb+QA?Z%T5m`xA?=(velN{mVzboTtzcb9@UeuyjwNk+7{&_h2fs2hW<T
z1`X#y)0fv;u6_e#u-Cnz%B>>pO+p6BJzy?&{o`vZ8G(BCM+DE2khPG&qOp*0tI1!}
zpDEqbR<CqbD`uaH4HZ@;j~-mjO+k6cN@e*Drsx@72uzh??|Y?;RGx%-@p#A2a@^E~
z<&QKo9ssT$^}TJRa4X4+0k(4f0m^Dc;akle$f{&0Bc{q__u2R{HdsL<{@@l^$XVy+
z*DN1#2W4V%<mRCgCB!1ean#j#Euu*O7#9MkVJLVUE*%gZ3{Ad!*0Li>|5XhdZzJGe
zJ^YG!;<Y7?u__<!SY?CFf9eRc;y+a?5K;I?9M@_e$i8~tF0Z&9<|$*=Vra2Tk<oFL
zY<sy<`mcfYRMBd6L+%{VqrC($pGxMuO-4Op_^Lr9daPrD$*)JF9$7qEl2rHF3bVCx
z30I?vB@iUgVHH4OF3tM!lbAO6uiIc&<4-(CQlem>gMjqCCF2-o$KBWO)eU-UO2oHc
zL}#hup`2`M2b?(Un1~BwYiJM9_Xl630qrOik9bRD=);vXX(%>Qe=fZEqb6I6kpGMR
zBBeZX<FZ|>CE1}%WoIuP@RRgb+*frH)(K)bg+LR>Bb3BqOHjfi84H=V)3r~dL1bCh
zo5PLka2?kj^>U$iq_c`+c&W?fsU`0fN+`;uP|N@9RhgKAZSNP|1$R(gq%l7oQ=HAd
z2pXNz)9s1IOVMZNfgRER9z1unFcoDR{oXnb_K5C{mX5m__?5j6g~5dirdpdr@&RKQ
zL7%yEj1+^_nRS2lP8^}0nEECQMnDD~HqlFpi}8_!aXxxo07-$@d3lKZJ4zG$ER>pz
zWhcZYaJLdE(+M%Nt(&?4w}c+bnkca3Z0Uz)H1t<Yjq=uUU)`fRIsla*JUZPEKYJlf
zV>Z9{H~|0h$Za{y294}PiFLYW9!KM=2b6gU1sb_YTWid~+q3@iw!7Y_W`PW3pE5S8
z=5sSnd}I!Ah1hVToaP!B$>^8uJ&Z6C;;{#4Gadb<NaW_IFM=550gL1wGGHw-3bUq{
zbbZQ1D9R3wg-jCE+ApR(c^|#&|E!kMFhElwI$J2o+z<Y?2d~YfID2Lq6d-FTFqEN#
zcf2Mof+i)E92J9ghGYUZZfL<H0kOq|ziy}0?-uzFE%p@+FV0DzOCxv*trY5||4CZT
zNTL6>3$nEu@~^rRyaDvA`mW2wwuv<#FllXhP<|`Qat*(x);U!_)%kB<D^CkdO&qbl
zP2`=G6Qw%jH*INsC)zkQ7x+hc<U|$2DDD6hvSkoG7^#w^`_RR0@$RNs*5cY$8?G}W
z4QG1;@RjQpRv)+UOjIOmb}6p##x#VSyemroT9!IL|4vk=1Af0a)=vA9e1npSzYppB
z=@|i^T;ztfTcWZ7BsgeJuBN+$SyPUh{}a3iL-@SbGa+((aTXJ~QZazYqJ<i*liBSK
zJDtGE>QrksFQZBZJ%<E5hXe!<JwiypWBbr%^_+^KVUToOw1u|j_*$D1u?#Nqs35`y
zV5HQ7|5UTaSmkBF9r-C?tlcg&invRRGm|Sx)pkw%qC3tPyVx)sSAl_4&lt+x7fW(?
z%g8~<)r>1bi$dPUT7yIJ&=8P$KZ_|hW@OH*N><i)8onY1HS+09vkGk<7~B=Z+b)^5
zR0&kAC7}Xw8_d65&JC98x7Ws)&FBr6byPa)C0=xUwi6Je7P9uvkQy?k{o1P4{d_X&
z#*HeC=<_iGilYs~5kB8mJ8mxFtIa4K7T*vNd^&a+ldk@Gs3*^=$-}KrSX05X#o0;U
z&?fA~U8?b6JlF&ImMWH$cT~_Rnj#M_FTQ<uXh;=Isb?n<eXfg=x(p|LzFl;irA6)`
z<E-?v^@ZLt@Q>qtaYgpmfFWHh18-u;l0z7dk<Kmec3k;po?mZo0b+xinz!Bjjo5uI
z!)|FE5u<mraCe#Eu&Gpg->!F<+XFwj_v<^qT>lC~@@YDL&&;(zFH4rSXMRU#N>g1g
z-Px_9@$Yhc3BL)26M*Ey^1?)p0d6~ot{Rl{3T+olFZJ(o+~x##%MF>FmjyGExZ>-W
z-NW+0`(VP{Xa!Do{~tLfw-DtCLl}YmOuICRX-z9CG=uweO|N4HE@dvrjFu%6YB**S
zX_T@mXBDAYC6)3Rh)tHoS|b(?>sJ=TEZ@I*{oCLE_TRww3340<h@lTxuUETp{?VLj
zHe8FcdJj9vq{unU?SbWe?SBXnoB|J-+3OW5Fl*cNyE@@JBRrO=&W~xo89RM1Br`J_
z)r69aRpz{|J%xajyl(X$5?TwY^i@S6x#li1Tr>H%RB4OGjRnK)duZPk%Ml?;3T98>
zom>W#Ffi}jb%j1m0=B1z?iKU8A4=0r=U2U&F?h_qE?2?(nj=<2e|L(X8=L!_DRmF>
zRcq46Xs99HP-7o<nF&T#&zYvYP!AOKw4BcF>Rm7S;N&YtmAo@)a%I8s=Prw}S@3;j
z_oDxd)?EvC%*fsjO?iBr%m9d6PRLbNvjKTS3&jTHgSZy*Hho_D9+k1ZP8Mme#f}n(
zy-#8o-hF<t26@`0zfOoTd;6YcQe?ci<Ag@tiOsoPxfm-q%rEt3tgILXd%Ny>pgEEh
zEiUf8L|QxYKJ2xdJhhf$z54>XOS##wI!0%XBkK7WE37nSHEIFAsZ!>5y63tCZ#^8O
zHKF{TB)@y+YNlqfq$`G2v2sQgBX6L`?asQOV^&;3;dFT?gi5<~`-vfl%v_hR$OpxU
zdzx^eG^6=l1=zdT-sV(iv(rz8;?#P9?~Yk5KZsy=1y@je0^ZWrhnM%q^jI!BHv~Vj
z_gM1@*nW@CPwux=bqEiRGZP*!y+Jr9i;e8Q0b_tw3zZMBq~w|{FkqUxlxq9q2Zn|i
zKh}ionl7-{`)wuNEv=nmitmad#&v-hLx(BbX`8XpvMj(s(;+@F!rtN5H}bVQS&RMN
zwT$rBY_YFwJf;+C#!HMTHy0h2PI_>|uzjQj&;1}s?`L8_&ZRd0JN?9!8BpZpL^5?Q
zHGHzs)x*hdW9@A4z>;ogqc!asAshi~)|o4ECWx%;5_A~GXGJJGhzkJ}QViL=)Qh#F
z*tL~aYiWB8Xa_?tAAEztN<lL$t_AfH%nDG=rkxzvb5>2k?wEB5!|j|W5oJv58Y0@w
z$oFs<?9gx1y+7+{0_-w-xXs=g)^_jeb(QXx2Y+y#V~$oZSG<bmv^2-+ALhmZs{9uu
zKdBKpc7;H~?`(i*(9HwGm1Y>TwKue22u4nY59F4U6<J_l)1J&NfkD1pk-clS*c&|P
z^bQZ`-kI3LJ9Op1`3o099`@k7y;Sj`zrB_uMXIP6G4LL$I1WTYkiy`O{;6iw0=)Ch
zy;LzwrS_7Rs*7d|Em6^X3W%(Tea!-sV}bmynGO7!LBNAuJ0MC?-&0I)<zXTHv&m+Q
zI?EW#H>)jNx=y#LFx*Rboz(hJUp3@mxrO}(>>=iawSKwo4qS?^@zxzkyS!87yl4K9
z!?86RKFzL$ye(KhZT#-m=%XuH6zlD#cNjH(J|>K{`?2yNS{hyvUDepP^#O;U)ML*~
z+y+|fAo<6?zWB#KhJ=Zn{HyiPU!^z0TPKCQ9cERojz%+9%=uKviuLGoxxIMt;>GX3
z`U?L4;>C;Q|G)U%Z-4izm%n@QyWhU}-B*8j`G;S<c=^@K-~HiN<i!T(aA&K{dHL0g
z-eWDl+-K6hBo|a`RtbnX$F0XxKdyO^gUN|z*K}&st}jsnw}Cf`s2M8?GA-m7Zxt@4
zgQaA;=5urXeMtnHB4*P;S+NQK<N`eYufq|6kaQ{FNi!u<vWgU3u+bNzlgt0U)Usk<
zd`Vu*`CJO}@%1Iid8NJ>O}RdT|Kjw&7>)m49l?Ly2eavs`H%Zk-H4;6qcP2{>k`9@
zzWDV>-IibcdNiijU;KKc=jPwC;?pmF{r`ROCHY7zE^9^3PEOSqBUg2M#B)ZE@aL8M
lpD#u?Dw8=o>T@oi+jDzv&u!c7{|^8F|Np;c^S=P-J^&nj!}S0F

literal 0
HcmV?d00001

diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/.helmignore b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/Chart.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/Chart.yaml
new file mode 100644
index 00000000..4d5db065
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/Chart.yaml
@@ -0,0 +1,27 @@
+apiVersion: v2
+name: kubeflow-crds
+description: A Helm chart for Kubeflow CRDs
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.4.1
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.9.1"
+maintainers:
+  - name: Kubeflow
+    url: https://github.com/kromanow94/kubeflow-manifests
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/_helpers.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/_helpers.tpl
new file mode 100644
index 00000000..38128a86
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/_helpers.tpl
@@ -0,0 +1,107 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kubeflowCrds.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kubeflowCrds.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kubeflowCrds.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kubeflowCrds.common.labels" -}}
+helm.sh/chart: {{ include "kubeflowCrds.chart" . }}
+{{ include "kubeflowCrds.common.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Common selector labels
+*/}}
+{{- define "kubeflowCrds.common.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kubeflowCrds.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Kubeflow Component Names.
+
+Changing this function will reflect on all component and subcomponent names.
+*/}}
+{{- define "kubeflowCrds.component.name" -}}
+{{- $componentName := index . 0 -}}
+{{- $context := index . 1 -}}
+{{- $componentName }}
+{{- end }}
+
+{{- define "kubeflowCrds.common.group" -}}
+kubeflow.org
+{{- end }}
+
+{{/*
+Component specific labels
+*/}}
+{{- define "kubeflowCrds.component.labels" -}}
+{{ include "kubeflowCrds.component.selectorLabels" . }}
+{{- end }}
+
+{{/*
+Component specific selector labels
+*/}}
+{{- define "kubeflowCrds.component.selectorLabels" -}}
+app.kubernetes.io/component: {{ . }}
+{{- end }}
+
+{{/*
+subcomponent specific labels
+*/}}
+{{- define "kubeflowCrds.component.subcomponent.labels" -}}
+{{ include "kubeflowCrds.component.subcomponent.selectorLabels" . }}
+{{- end }}
+
+{{/*
+subcomponent specific selector labels
+*/}}
+{{- define "kubeflowCrds.component.subcomponent.selectorLabels" -}}
+app.kubernetes.io/subcomponent: {{ . }}
+{{- end }}
+
+{{/*
+Namespace for all resources to be installed into
+If not defined in values file then the helm release namespace is used
+By default this is not set so the helm release namespace will be used
+
+This gets around an problem within helm discussed here
+https://github.com/helm/helm/issues/5358
+{{- default .Values.namespace .Release.Namespace }}
+*/}}
+{{- define "kubeflowCrds.namespace" -}}
+{{- default .Release.Namespace .Values.namespace }}
+{{- end -}}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.admissionWebhook.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.admissionWebhook.tpl
new file mode 100644
index 00000000..ed8dbaf1
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.admissionWebhook.tpl
@@ -0,0 +1,50 @@
+{{/*
+Kubeflow Admission Webhook object names.
+*/}}
+{{- define "kubeflowCrds.admissionWebhook.baseName" -}}
+{{- printf "admission-webhook" }}
+{{- end }}
+
+{{- define "kubeflowCrds.admissionWebhook.name" -}}
+{{- include "kubeflowCrds.component.name" (
+    list
+    (include "kubeflowCrds.admissionWebhook.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflowCrds.admissionWebhook.group" -}}
+{{- include "kubeflowCrds.common.group" . }}
+{{- end }}
+
+{{- define "kubeflowCrds.admissionWebhook.singularName" -}}
+{{- printf "poddefault" }}
+{{- end }}
+
+{{- define "kubeflowCrds.admissionWebhook.pluralName" -}}
+{{ printf "%s%s" (include "kubeflowCrds.admissionWebhook.singularName" .) "s" }}
+{{- end }}
+
+{{- define "kubeflowCrds.admissionWebhook.fullName" -}}
+{{ printf "%s.%s" (include "kubeflowCrds.admissionWebhook.pluralName" .) (include "kubeflowCrds.admissionWebhook.group" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Admission Webhook object labels.
+*/}}
+{{- define "kubeflowCrds.admissionWebhook.labels" -}}
+{{ include "kubeflowCrds.common.labels" . }}
+{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.admissionWebhook.name" .) }}
+{{- end }}
+
+{{- define "kubeflowCrds.admissionWebhook.selectorLabels" -}}
+{{ include "kubeflowCrds.common.selectorLabels" . }}
+{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.admissionWebhook.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Admission Webhook enable and create toggles.
+*/}}
+{{- define "kubeflowCrds.admissionWebhook.enabled" -}}
+{{- .Values.admissionWebhook.enabled }}
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.katib.controller.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.katib.controller.tpl
new file mode 100644
index 00000000..1b853ca7
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.katib.controller.tpl
@@ -0,0 +1,80 @@
+{{/*
+Kubeflow Katib Controller object names.
+*/}}
+{{- define "kubeflowCrds.katib.controller.baseName" -}}
+{{- printf "katib-controller" }}
+{{- end }}
+
+{{- define "kubeflowCrds.katib.controller.name" -}}
+{{- include "kubeflowCrds.component.name" (
+    list
+    (include "kubeflowCrds.katib.controller.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflowCrds.katib.controller.group" -}}
+{{- include "kubeflowCrds.common.group" . }}
+{{- end }}
+
+{{- define "kubeflowCrds.katib.controller.experimentSingularName" -}}
+{{- printf "experiment" }}
+{{- end }}
+
+{{- define "kubeflowCrds.katib.controller.experimentPluralName" -}}
+{{ printf "%s%s" (include "kubeflowCrds.katib.controller.experimentSingularName" .) "s" }}
+{{- end }}
+
+{{- define "kubeflowCrds.katib.controller.experimentFullName" -}}
+{{ printf "%s.%s" (include "kubeflowCrds.katib.controller.experimentPluralName" .) (include "kubeflowCrds.katib.controller.group" .) }}
+{{- end }}
+
+{{- define "kubeflowCrds.katib.controller.suggestionSingularName" -}}
+{{- printf "suggestion" }}
+{{- end }}
+
+{{- define "kubeflowCrds.katib.controller.suggestionPluralName" -}}
+{{ printf "%s%s" (include "kubeflowCrds.katib.controller.suggestionSingularName" .) "s" }}
+{{- end }}
+
+{{- define "kubeflowCrds.katib.controller.suggestionFullName" -}}
+{{ printf "%s.%s" (include "kubeflowCrds.katib.controller.suggestionPluralName" .) (include "kubeflowCrds.katib.controller.group" .) }}
+{{- end }}
+
+{{- define "kubeflowCrds.katib.controller.trialSingularName" -}}
+{{- printf "trial" }}
+{{- end }}
+
+{{- define "kubeflowCrds.katib.controller.trialPluralName" -}}
+{{ printf "%s%s" (include "kubeflowCrds.katib.controller.trialSingularName" .) "s" }}
+{{- end }}
+
+{{- define "kubeflowCrds.katib.controller.trialFullName" -}}
+{{ printf "%s.%s" (include "kubeflowCrds.katib.controller.trialPluralName" .) (include "kubeflowCrds.katib.controller.group" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Katib Controller object labels.
+*/}}
+{{- define "kubeflowCrds.katib.controller.labels" -}}
+{{ include "kubeflowCrds.common.labels" . }}
+{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.katib.name" .) }}
+{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.katib.controller.name" .) }}
+{{- end }}
+
+{{- define "kubeflowCrds.katib.controller.selectorLabels" -}}
+{{ include "kubeflowCrds.common.selectorLabels" . }}
+{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.katib.name" .) }}
+{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.katib.controller.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Katib Controller enable and create toggles.
+*/}}
+{{- define "kubeflowCrds.katib.controller.enabled" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflowCrds.katib.enabled" . | eq "true")
+    .Values.katib.controller.enabled
+)}}
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.katib.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.katib.tpl
new file mode 100644
index 00000000..eeb6f28c
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.katib.tpl
@@ -0,0 +1,36 @@
+{{/*
+Kubeflow Katib Controller object names.
+*/}}
+{{- define "kubeflowCrds.katib.baseName" -}}
+{{- printf "katib" }}
+{{- end }}
+
+{{- define "kubeflowCrds.katib.name" -}}
+{{- include "kubeflowCrds.component.name" (
+    list
+    (include "kubeflowCrds.katib.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Katib Controller object labels.
+*/}}
+{{- define "kubeflowCrds.katib.labels" -}}
+{{ include "kubeflowCrds.common.labels" . }}
+{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.katib.name" .) }}
+{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.katib.name" .) }}
+{{- end }}
+
+{{- define "kubeflowCrds.katib.selectorLabels" -}}
+{{ include "kubeflowCrds.common.selectorLabels" . }}
+{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.katib.name" .) }}
+{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.katib.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Katib enable and create toggles.
+*/}}
+{{- define "kubeflowCrds.katib.enabled" -}}
+{{- ternary true "" .Values.katib.enabled }}
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.notebooks.controller.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.notebooks.controller.tpl
new file mode 100644
index 00000000..8cddf521
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.notebooks.controller.tpl
@@ -0,0 +1,60 @@
+{{/*
+Kubeflow Notebooks Controller object names.
+*/}}
+{{- define "kubeflowCrds.notebooks.controller.baseName" -}}
+{{- printf "notebooks-controller" }}
+{{- end }}
+
+{{- define "kubeflowCrds.notebooks.controller.name" -}}
+{{- include "kubeflowCrds.component.name" (
+    list
+    (include "kubeflowCrds.notebooks.controller.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflowCrds.notebooks.controller.group" -}}
+{{- include "kubeflowCrds.common.group" . }}
+{{- end }}
+
+{{- define "kubeflowCrds.notebooks.controller.singularName" -}}
+{{- printf "notebook" }}
+{{- end }}
+
+{{- define "kubeflowCrds.notebooks.controller.pluralName" -}}
+{{ printf "%s%s" (include "kubeflowCrds.notebooks.controller.singularName" .) "s" }}
+{{- end }}
+
+{{- define "kubeflowCrds.notebooks.controller.fullName" -}}
+{{ printf "%s.%s" (include "kubeflowCrds.notebooks.controller.pluralName" .) (include "kubeflowCrds.notebooks.controller.group" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks Controller object labels.
+*/}}
+{{- define "kubeflowCrds.notebooks.controller.labels" -}}
+{{ include "kubeflowCrds.common.labels" . }}
+{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.notebooks.name" .) }}
+{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.notebooks.controller.name" .) }}
+{{- end }}
+
+{{- define "kubeflowCrds.notebooks.controller.selectorLabels" -}}
+{{ include "kubeflowCrds.common.selectorLabels" . }}
+{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.notebooks.name" .) }}
+{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.notebooks.controller.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks Controller enable and create toggles.
+*/}}
+{{- define "kubeflowCrds.notebooks.controller.enabled" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflowCrds.notebooks.enabled" . | eq "true")
+    .Values.notebooks.controller.enabled
+)}}
+{{- end }}
+
+{{- define "kubeflowCrds.notebooks.controller.certName" -}}
+{{ printf "%s-%s" (include "kubeflowCrds.notebooks.controller.name" .) "cert" }}
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.notebooks.pvcviewerController.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.notebooks.pvcviewerController.tpl
new file mode 100644
index 00000000..5c86705a
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.notebooks.pvcviewerController.tpl
@@ -0,0 +1,67 @@
+{{/*
+Kubeflow Notebooks PVC Viewer Controller object names.
+*/}}
+{{- define "kubeflowCrds.notebooks.pvcviewerController.baseName" -}}
+{{- printf "pvcviewer-controller" }}
+{{- end }}
+
+{{- define "kubeflowCrds.notebooks.pvcviewerController.name" -}}
+{{- include "kubeflowCrds.component.name" (
+    list
+    (include "kubeflowCrds.notebooks.pvcviewerController.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflowCrds.notebooks.pvcviewerController.manager.name" -}}
+{{- printf "%s-%s"
+    (include "kubeflowCrds.notebooks.pvcviewerController.name" .)
+    "manager"
+}}
+{{- end }}
+
+{{- define "kubeflowCrds.notebooks.pvcviewerController.certName" -}}
+{{ printf "%s-%s" (include "kubeflowCrds.notebooks.pvcviewerController.name" .) "cert" }}
+{{- end }}
+
+{{- define "kubeflowCrds.notebooks.pvcviewerController.group" -}}
+{{- include "kubeflowCrds.common.group" . }}
+{{- end }}
+
+{{- define "kubeflowCrds.notebooks.pvcviewerController.singularName" -}}
+{{- printf "pvcviewer" }}
+{{- end }}
+
+{{- define "kubeflowCrds.notebooks.pvcviewerController.pluralName" -}}
+{{ printf "%s%s" (include "kubeflowCrds.notebooks.pvcviewerController.singularName" .) "s" }}
+{{- end }}
+
+{{- define "kubeflowCrds.notebooks.pvcviewerController.fullName" -}}
+{{ printf "%s.%s" (include "kubeflowCrds.notebooks.pvcviewerController.pluralName" .) (include "kubeflowCrds.notebooks.pvcviewerController.group" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks PVC Viewer Controller object labels.
+*/}}
+{{- define "kubeflowCrds.notebooks.pvcviewerController.labels" -}}
+{{ include "kubeflowCrds.common.labels" . }}
+{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.notebooks.name" .) }}
+{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.notebooks.pvcviewerController.name" .) }}
+{{- end }}
+
+{{- define "kubeflowCrds.notebooks.pvcviewerController.selectorLabels" -}}
+{{ include "kubeflowCrds.common.selectorLabels" . }}
+{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.notebooks.name" .) }}
+{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.notebooks.pvcviewerController.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks PVC Viewer Controller enable and create toggles.
+*/}}
+{{- define "kubeflowCrds.notebooks.pvcviewerController.enabled" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflowCrds.notebooks.enabled" . | eq "true")
+    .Values.notebooks.pvcviewerController.enabled
+)}}
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.notebooks.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.notebooks.tpl
new file mode 100644
index 00000000..e620c78e
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.notebooks.tpl
@@ -0,0 +1,34 @@
+{{/*
+Kubeflow Notebooks object names.
+*/}}
+{{- define "kubeflowCrds.notebooks.baseName" -}}
+{{- printf "notebooks" }}
+{{- end }}
+
+{{- define "kubeflowCrds.notebooks.name" -}}
+{{- include "kubeflowCrds.component.name" (
+    list
+    (include "kubeflowCrds.notebooks.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks object labels.
+*/}}
+{{- define "kubeflowCrds.notebooks.labels" -}}
+{{ include "kubeflowCrds.common.labels" . }}
+{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.notebooks.name" .) }}
+{{- end }}
+
+{{- define "kubeflowCrds.notebooks.selectorLabels" -}}
+{{ include "kubeflowCrds.common.selectorLabels" . }}
+{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.notebooks.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Notebooks enable and create toggles.
+*/}}
+{{- define "kubeflowCrds.notebooks.enabled" -}}
+{{- ternary true "" .Values.notebooks.enabled }}
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.pipelines.scheduledWorkflow.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.pipelines.scheduledWorkflow.tpl
new file mode 100644
index 00000000..2eae1187
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.pipelines.scheduledWorkflow.tpl
@@ -0,0 +1,55 @@
+{{/*
+Kubeflow Pipelines Scheduled Workflow object names.
+*/}}
+{{- define "kubeflowCrds.pipelines.scheduledWorkflow.baseName" -}}
+{{- printf "ml-pipeline-scheduledworkflow" }}
+{{- end }}
+
+{{- define "kubeflowCrds.pipelines.scheduledWorkflow.name" -}}
+{{- include "kubeflowCrds.component.name" (
+    list
+    (include "kubeflowCrds.pipelines.scheduledWorkflow.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflowCrds.pipelines.scheduledWorkflow.group" -}}
+{{- include "kubeflowCrds.common.group" . }}
+{{- end }}
+
+{{- define "kubeflowCrds.pipelines.scheduledWorkflow.singularName" -}}
+{{- printf "scheduledworkflow" }}
+{{- end }}
+
+{{- define "kubeflowCrds.pipelines.scheduledWorkflow.pluralName" -}}
+{{ printf "%s%s" (include "kubeflowCrds.pipelines.scheduledWorkflow.singularName" .) "s" }}
+{{- end }}
+
+{{- define "kubeflowCrds.pipelines.scheduledWorkflow.fullName" -}}
+{{ printf "%s.%s" (include "kubeflowCrds.pipelines.scheduledWorkflow.pluralName" .) (include "kubeflowCrds.pipelines.scheduledWorkflow.group" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Scheduled Workflow object labels.
+*/}}
+{{- define "kubeflowCrds.pipelines.scheduledWorkflow.labels" -}}
+{{ include "kubeflowCrds.common.labels" . }}
+{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.pipelines.name" .) }}
+{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.pipelines.scheduledWorkflow.name" .) }}
+{{- end }}
+
+{{- define "kubeflowCrds.pipelines.scheduledWorkflow.selectorLabels" -}}
+{{ include "kubeflowCrds.common.selectorLabels" . }}
+{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.pipelines.name" .) }}
+{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.pipelines.scheduledWorkflow.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines Scheduled Workflow enable and create toggles.
+*/}}
+{{- define "kubeflowCrds.pipelines.scheduledWorkflow.enabled" -}}
+{{- and
+    (include "kubeflowCrds.pipelines.enabled" . | eq "true")
+    .Values.pipelines.scheduledWorkflow.enabled
+}}
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.pipelines.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.pipelines.tpl
new file mode 100644
index 00000000..1015743f
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.pipelines.tpl
@@ -0,0 +1,34 @@
+{{/*
+Kubeflow Pipelines object names.
+*/}}
+{{- define "kubeflowCrds.pipelines.baseName" -}}
+{{- printf "pipelines" }}
+{{- end }}
+
+{{- define "kubeflowCrds.pipelines.name" -}}
+{{- include "kubeflowCrds.component.name" (
+    list
+    (include "kubeflowCrds.pipelines.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines object labels.
+*/}}
+{{- define "kubeflowCrds.pipelines.labels" -}}
+{{ include "kubeflowCrds.common.labels" . }}
+{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.pipelines.name" .) }}
+{{- end }}
+
+{{- define "kubeflowCrds.pipelines.selectorLabels" -}}
+{{ include "kubeflowCrds.common.selectorLabels" . }}
+{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.pipelines.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines enable and create toggles.
+*/}}
+{{- define "kubeflowCrds.pipelines.enabled" -}}
+{{- ternary true "" .Values.pipelines.enabled }}
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.pipelines.viewerCrd.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.pipelines.viewerCrd.tpl
new file mode 100644
index 00000000..c7637954
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.pipelines.viewerCrd.tpl
@@ -0,0 +1,55 @@
+{{/*
+Kubeflow Pipelines ML Pipeline object names.
+*/}}
+{{- define "kubeflowCrds.pipelines.viewerCrd.baseName" -}}
+{{- printf "ml-pipeline-viewer-crd" }}
+{{- end }}
+
+{{- define "kubeflowCrds.pipelines.viewerCrd.name" -}}
+{{- include "kubeflowCrds.component.name" (
+    list
+    (include "kubeflowCrds.pipelines.viewerCrd.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflowCrds.pipelines.viewerCrd.group" -}}
+{{- include "kubeflowCrds.common.group" . }}
+{{- end }}
+
+{{- define "kubeflowCrds.pipelines.viewerCrd.singularName" -}}
+{{- printf "viewer" }}
+{{- end }}
+
+{{- define "kubeflowCrds.pipelines.viewerCrd.pluralName" -}}
+{{ printf "%s%s" (include "kubeflowCrds.pipelines.viewerCrd.singularName" .) "s" }}
+{{- end }}
+
+{{- define "kubeflowCrds.pipelines.viewerCrd.fullName" -}}
+{{ printf "%s.%s" (include "kubeflowCrds.pipelines.viewerCrd.pluralName" .) (include "kubeflowCrds.pipelines.viewerCrd.group" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines ML Pipeline object labels.
+*/}}
+{{- define "kubeflowCrds.pipelines.viewerCrd.labels" -}}
+{{ include "kubeflowCrds.common.labels" . }}
+{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.pipelines.name" .) }}
+{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.pipelines.viewerCrd.name" .) }}
+{{- end }}
+
+{{- define "kubeflowCrds.pipelines.viewerCrd.selectorLabels" -}}
+{{ include "kubeflowCrds.common.selectorLabels" . }}
+{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.pipelines.name" .) }}
+{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.pipelines.viewerCrd.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Pipelines ML Pipeline enable and create toggles.
+*/}}
+{{- define "kubeflowCrds.pipelines.viewerCrd.enabled" -}}
+{{- and
+    (include "kubeflowCrds.pipelines.enabled" . | eq "true")
+    .Values.pipelines.viewerCrd.enabled
+}}
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.profilesController.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.profilesController.tpl
new file mode 100644
index 00000000..b7e7a26b
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.profilesController.tpl
@@ -0,0 +1,50 @@
+{{/*
+Kubeflow Profiles Controller object names.
+*/}}
+{{- define "kubeflowCrds.profilesController.baseName" -}}
+{{- printf "profiles-controller" }}
+{{- end }}
+
+{{- define "kubeflowCrds.profilesController.name" -}}
+{{- include "kubeflowCrds.component.name" (
+    list
+    (include "kubeflowCrds.profilesController.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflowCrds.profilesController.group" -}}
+{{- include "kubeflowCrds.common.group" . }}
+{{- end }}
+
+{{- define "kubeflowCrds.profilesController.singularName" -}}
+{{- printf "profile" }}
+{{- end }}
+
+{{- define "kubeflowCrds.profilesController.pluralName" -}}
+{{ printf "%s%s" (include "kubeflowCrds.profilesController.singularName" .) "s" }}
+{{- end }}
+
+{{- define "kubeflowCrds.profilesController.fullName" -}}
+{{ printf "%s.%s" (include "kubeflowCrds.profilesController.pluralName" .) (include "kubeflowCrds.profilesController.group" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Profiles Controller object labels.
+*/}}
+{{- define "kubeflowCrds.profilesController.labels" -}}
+{{ include "kubeflowCrds.common.labels" . }}
+{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.profilesController.name" .) }}
+{{- end }}
+
+{{- define "kubeflowCrds.profilesController.selectorLabels" -}}
+{{ include "kubeflowCrds.common.selectorLabels" . }}
+{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.profilesController.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Profiles Controller enable and create toggles.
+*/}}
+{{- define "kubeflowCrds.profilesController.enabled" -}}
+{{- .Values.profilesController.enabled }}
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.tensorboard.controller.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.tensorboard.controller.tpl
new file mode 100644
index 00000000..1d52ec63
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.tensorboard.controller.tpl
@@ -0,0 +1,56 @@
+{{/*
+Kubeflow Tensorboard Controller object names.
+*/}}
+{{- define "kubeflowCrds.tensorboard.controller.baseName" -}}
+{{- printf "tensorboard-controller" }}
+{{- end }}
+
+{{- define "kubeflowCrds.tensorboard.controller.name" -}}
+{{- include "kubeflowCrds.component.name" (
+    list
+    (include "kubeflowCrds.tensorboard.controller.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflowCrds.tensorboard.controller.group" -}}
+{{ printf "%s.%s" (include "kubeflowCrds.tensorboard.controller.singularName" .) (include "kubeflowCrds.common.group" .) }}
+{{- end }}
+
+{{- define "kubeflowCrds.tensorboard.controller.singularName" -}}
+{{- printf "tensorboard" }}
+{{- end }}
+
+{{- define "kubeflowCrds.tensorboard.controller.pluralName" -}}
+{{ printf "%s%s" (include "kubeflowCrds.tensorboard.controller.singularName" .) "s" }}
+{{- end }}
+
+{{- define "kubeflowCrds.tensorboard.controller.fullName" -}}
+{{ printf "%s.%s" (include "kubeflowCrds.tensorboard.controller.pluralName" .) (include "kubeflowCrds.tensorboard.controller.group" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Tensorboard Controller object labels.
+*/}}
+{{- define "kubeflowCrds.tensorboard.controller.labels" -}}
+{{ include "kubeflowCrds.common.labels" . }}
+{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.tensorboard.name" .) }}
+{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.tensorboard.controller.name" .) }}
+{{- end }}
+
+{{- define "kubeflowCrds.tensorboard.controller.selectorLabels" -}}
+{{ include "kubeflowCrds.common.selectorLabels" . }}
+{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.tensorboard.name" .) }}
+{{ include "kubeflowCrds.component.subcomponent.labels" (include "kubeflowCrds.tensorboard.controller.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Tensorboard Controller enable and create toggles.
+*/}}
+{{- define "kubeflowCrds.tensorboard.controller.enabled" -}}
+{{- ternary true "" (
+    and
+    (include "kubeflowCrds.tensorboard.enabled" . | eq "true")
+    .Values.tensorboard.controller.enabled
+)}}
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.tensorboard.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.tensorboard.tpl
new file mode 100644
index 00000000..9c0c5c84
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.tensorboard.tpl
@@ -0,0 +1,34 @@
+{{/*
+Kubeflow Tensorboard object names.
+*/}}
+{{- define "kubeflowCrds.tensorboard.baseName" -}}
+{{- printf "tensorboard" }}
+{{- end }}
+
+{{- define "kubeflowCrds.tensorboard.name" -}}
+{{- include "kubeflowCrds.component.name" (
+    list
+    (include "kubeflowCrds.tensorboard.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{/*
+Kubeflow Tensorboard object labels.
+*/}}
+{{- define "kubeflowCrds.tensorboard.labels" -}}
+{{ include "kubeflowCrds.common.labels" . }}
+{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.tensorboard.name" .) }}
+{{- end }}
+
+{{- define "kubeflowCrds.tensorboard.selectorLabels" -}}
+{{ include "kubeflowCrds.common.selectorLabels" . }}
+{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.tensorboard.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Tensorboard enable and create toggles.
+*/}}
+{{- define "kubeflowCrds.tensorboard.enabled" -}}
+{{- ternary true "" .Values.tensorboard.enabled }}
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.trainingOperator.tpl b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.trainingOperator.tpl
new file mode 100644
index 00000000..3ddfff1c
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/_helpers/kubeflowCrds.trainingOperator.tpl
@@ -0,0 +1,110 @@
+{{/*
+Kubeflow Training Operator object names.
+*/}}
+{{- define "kubeflowCrds.trainingOperator.baseName" -}}
+{{- printf "training-operator" }}
+{{- end }}
+
+{{- define "kubeflowCrds.trainingOperator.name" -}}
+{{- include "kubeflowCrds.component.name" (
+    list
+    (include "kubeflowCrds.trainingOperator.baseName" .)
+    .
+)}}
+{{- end }}
+
+{{- define "kubeflowCrds.trainingOperator.group" -}}
+{{- include "kubeflowCrds.common.group" . }}
+{{- end }}
+
+{{- define "kubeflowCrds.trainingOperator.mpiSingularName" -}}
+{{- printf "mpijob" }}
+{{- end }}
+
+{{- define "kubeflowCrds.trainingOperator.mpiPluralName" -}}
+{{ printf "%s%s" (include "kubeflowCrds.trainingOperator.mpiSingularName" .) "s" }}
+{{- end }}
+
+{{- define "kubeflowCrds.trainingOperator.mpiFullName" -}}
+{{ printf "%s.%s" (include "kubeflowCrds.trainingOperator.mpiPluralName" .) (include "kubeflowCrds.trainingOperator.group" .) }}
+{{- end }}
+
+{{- define "kubeflowCrds.trainingOperator.mxSingularName" -}}
+{{- printf "mxjob" }}
+{{- end }}
+
+{{- define "kubeflowCrds.trainingOperator.mxPluralName" -}}
+{{ printf "%s%s" (include "kubeflowCrds.trainingOperator.mxSingularName" .) "s" }}
+{{- end }}
+
+{{- define "kubeflowCrds.trainingOperator.mxFullName" -}}
+{{ printf "%s.%s" (include "kubeflowCrds.trainingOperator.mxPluralName" .) (include "kubeflowCrds.trainingOperator.group" .) }}
+{{- end }}
+
+{{- define "kubeflowCrds.trainingOperator.paddleSingularName" -}}
+{{- printf "paddlejob" }}
+{{- end }}
+
+{{- define "kubeflowCrds.trainingOperator.paddlePluralName" -}}
+{{ printf "%s%s" (include "kubeflowCrds.trainingOperator.paddleSingularName" .) "s" }}
+{{- end }}
+
+{{- define "kubeflowCrds.trainingOperator.paddleFullName" -}}
+{{ printf "%s.%s" (include "kubeflowCrds.trainingOperator.paddlePluralName" .) (include "kubeflowCrds.trainingOperator.group" .) }}
+{{- end }}
+
+{{- define "kubeflowCrds.trainingOperator.pytorchSingularName" -}}
+{{- printf "pytorchjob" }}
+{{- end }}
+
+{{- define "kubeflowCrds.trainingOperator.pytorchPluralName" -}}
+{{ printf "%s%s" (include "kubeflowCrds.trainingOperator.pytorchSingularName" .) "s" }}
+{{- end }}
+
+{{- define "kubeflowCrds.trainingOperator.pytorchFullName" -}}
+{{ printf "%s.%s" (include "kubeflowCrds.trainingOperator.pytorchPluralName" .) (include "kubeflowCrds.trainingOperator.group" .) }}
+{{- end }}
+
+{{- define "kubeflowCrds.trainingOperator.tfSingularName" -}}
+{{- printf "tfjob" }}
+{{- end }}
+
+{{- define "kubeflowCrds.trainingOperator.tfPluralName" -}}
+{{ printf "%s%s" (include "kubeflowCrds.trainingOperator.tfSingularName" .) "s" }}
+{{- end }}
+
+{{- define "kubeflowCrds.trainingOperator.tfFullName" -}}
+{{ printf "%s.%s" (include "kubeflowCrds.trainingOperator.tfPluralName" .) (include "kubeflowCrds.trainingOperator.group" .) }}
+{{- end }}
+
+{{- define "kubeflowCrds.trainingOperator.xgboostSingularName" -}}
+{{- printf "xgboostjob" }}
+{{- end }}
+
+{{- define "kubeflowCrds.trainingOperator.xgboostPluralName" -}}
+{{ printf "%s%s" (include "kubeflowCrds.trainingOperator.xgboostSingularName" .) "s" }}
+{{- end }}
+
+{{- define "kubeflowCrds.trainingOperator.xgboostFullName" -}}
+{{ printf "%s.%s" (include "kubeflowCrds.trainingOperator.xgboostPluralName" .) (include "kubeflowCrds.trainingOperator.group" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Training Operator object labels.
+*/}}
+{{- define "kubeflowCrds.trainingOperator.labels" -}}
+{{ include "kubeflowCrds.common.labels" . }}
+{{ include "kubeflowCrds.component.labels" (include "kubeflowCrds.trainingOperator.name" .) }}
+{{- end }}
+
+{{- define "kubeflowCrds.trainingOperator.selectorLabels" -}}
+{{ include "kubeflowCrds.common.selectorLabels" . }}
+{{ include "kubeflowCrds.component.selectorLabels" (include "kubeflowCrds.trainingOperator.name" .) }}
+{{- end }}
+
+{{/*
+Kubeflow Training Operator enable and create toggles.
+*/}}
+{{- define "kubeflowCrds.trainingOperator.enabled" -}}
+{{- .Values.trainingOperator.enabled }}
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/admission-webhook/crd.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/admission-webhook/crd.yaml
new file mode 100644
index 00000000..a2b2e7ef
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/admission-webhook/crd.yaml
@@ -0,0 +1,2102 @@
+{{- if (include "kubeflowCrds.admissionWebhook.enabled" . | eq "true") -}}
+{{- if .Values.crds.minimized }}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.8.0
+  creationTimestamp: null
+  labels:
+    {{- include "kubeflowCrds.admissionWebhook.labels" . | nindent 4 }}
+  name: {{ include "kubeflowCrds.admissionWebhook.fullName" . }}
+spec:
+  group: {{ include "kubeflowCrds.admissionWebhook.group" . }}
+  names:
+    kind: PodDefault
+    listKind: PodDefaultList
+    plural: {{ include "kubeflowCrds.admissionWebhook.pluralName" . }}
+    singular: {{ include "kubeflowCrds.admissionWebhook.singularName" . }}
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        type: object
+        x-kubernetes-preserve-unknown-fields: true
+    served: true
+    storage: true
+
+{{- else }}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.8.0
+  creationTimestamp: null
+  labels:
+    {{- include "kubeflowCrds.admissionWebhook.labels" . | nindent 4 }}
+  name: {{ include "kubeflowCrds.admissionWebhook.fullName" . }}
+spec:
+  group: {{ include "kubeflowCrds.admissionWebhook.group" . }}
+  names:
+    kind: PodDefault
+    listKind: PodDefaultList
+    plural: {{ include "kubeflowCrds.admissionWebhook.pluralName" . }}
+    singular: {{ include "kubeflowCrds.admissionWebhook.singularName" . }}
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            type: string
+          kind:
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              annotations:
+                additionalProperties:
+                  type: string
+                type: object
+              args:
+                items:
+                  type: string
+                type: array
+              automountServiceAccountToken:
+                type: boolean
+              command:
+                items:
+                  type: string
+                type: array
+              desc:
+                type: string
+              env:
+                items:
+                  properties:
+                    name:
+                      type: string
+                    value:
+                      type: string
+                    valueFrom:
+                      properties:
+                        configMapKeyRef:
+                          properties:
+                            key:
+                              type: string
+                            name:
+                              type: string
+                            optional:
+                              type: boolean
+                          required:
+                          - key
+                          type: object
+                        fieldRef:
+                          properties:
+                            apiVersion:
+                              type: string
+                            fieldPath:
+                              type: string
+                          required:
+                          - fieldPath
+                          type: object
+                        resourceFieldRef:
+                          properties:
+                            containerName:
+                              type: string
+                            divisor:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                              x-kubernetes-int-or-string: true
+                            resource:
+                              type: string
+                          required:
+                          - resource
+                          type: object
+                        secretKeyRef:
+                          properties:
+                            key:
+                              type: string
+                            name:
+                              type: string
+                            optional:
+                              type: boolean
+                          required:
+                          - key
+                          type: object
+                      type: object
+                  required:
+                  - name
+                  type: object
+                type: array
+              envFrom:
+                items:
+                  properties:
+                    configMapRef:
+                      properties:
+                        name:
+                          type: string
+                        optional:
+                          type: boolean
+                      type: object
+                    prefix:
+                      type: string
+                    secretRef:
+                      properties:
+                        name:
+                          type: string
+                        optional:
+                          type: boolean
+                      type: object
+                  type: object
+                type: array
+              imagePullSecrets:
+                items:
+                  properties:
+                    name:
+                      type: string
+                  type: object
+                type: array
+              initContainers:
+                items:
+                  properties:
+                    args:
+                      items:
+                        type: string
+                      type: array
+                    command:
+                      items:
+                        type: string
+                      type: array
+                    env:
+                      items:
+                        properties:
+                          name:
+                            type: string
+                          value:
+                            type: string
+                          valueFrom:
+                            properties:
+                              configMapKeyRef:
+                                properties:
+                                  key:
+                                    type: string
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                required:
+                                - key
+                                type: object
+                              fieldRef:
+                                properties:
+                                  apiVersion:
+                                    type: string
+                                  fieldPath:
+                                    type: string
+                                required:
+                                - fieldPath
+                                type: object
+                              resourceFieldRef:
+                                properties:
+                                  containerName:
+                                    type: string
+                                  divisor:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  resource:
+                                    type: string
+                                required:
+                                - resource
+                                type: object
+                              secretKeyRef:
+                                properties:
+                                  key:
+                                    type: string
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                required:
+                                - key
+                                type: object
+                            type: object
+                        required:
+                        - name
+                        type: object
+                      type: array
+                    envFrom:
+                      items:
+                        properties:
+                          configMapRef:
+                            properties:
+                              name:
+                                type: string
+                              optional:
+                                type: boolean
+                            type: object
+                          prefix:
+                            type: string
+                          secretRef:
+                            properties:
+                              name:
+                                type: string
+                              optional:
+                                type: boolean
+                            type: object
+                        type: object
+                      type: array
+                    image:
+                      type: string
+                    imagePullPolicy:
+                      type: string
+                    lifecycle:
+                      properties:
+                        postStart:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                    - name
+                                    - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                              - port
+                              type: object
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                              - port
+                              type: object
+                          type: object
+                        preStop:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                    - name
+                                    - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                              - port
+                              type: object
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                              - port
+                              type: object
+                          type: object
+                      type: object
+                    livenessProbe:
+                      properties:
+                        exec:
+                          properties:
+                            command:
+                              items:
+                                type: string
+                              type: array
+                          type: object
+                        failureThreshold:
+                          format: int32
+                          type: integer
+                        grpc:
+                          properties:
+                            port:
+                              format: int32
+                              type: integer
+                            service:
+                              type: string
+                          required:
+                          - port
+                          type: object
+                        httpGet:
+                          properties:
+                            host:
+                              type: string
+                            httpHeaders:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                required:
+                                - name
+                                - value
+                                type: object
+                              type: array
+                            path:
+                              type: string
+                            port:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              x-kubernetes-int-or-string: true
+                            scheme:
+                              type: string
+                          required:
+                          - port
+                          type: object
+                        initialDelaySeconds:
+                          format: int32
+                          type: integer
+                        periodSeconds:
+                          format: int32
+                          type: integer
+                        successThreshold:
+                          format: int32
+                          type: integer
+                        tcpSocket:
+                          properties:
+                            host:
+                              type: string
+                            port:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              x-kubernetes-int-or-string: true
+                          required:
+                          - port
+                          type: object
+                        terminationGracePeriodSeconds:
+                          format: int64
+                          type: integer
+                        timeoutSeconds:
+                          format: int32
+                          type: integer
+                      type: object
+                    name:
+                      type: string
+                    ports:
+                      items:
+                        properties:
+                          containerPort:
+                            format: int32
+                            type: integer
+                          hostIP:
+                            type: string
+                          hostPort:
+                            format: int32
+                            type: integer
+                          name:
+                            type: string
+                          protocol:
+                            default: TCP
+                            type: string
+                        required:
+                        - containerPort
+                        type: object
+                      type: array
+                      x-kubernetes-list-map-keys:
+                      - containerPort
+                      - protocol
+                      x-kubernetes-list-type: map
+                    readinessProbe:
+                      properties:
+                        exec:
+                          properties:
+                            command:
+                              items:
+                                type: string
+                              type: array
+                          type: object
+                        failureThreshold:
+                          format: int32
+                          type: integer
+                        grpc:
+                          properties:
+                            port:
+                              format: int32
+                              type: integer
+                            service:
+                              type: string
+                          required:
+                          - port
+                          type: object
+                        httpGet:
+                          properties:
+                            host:
+                              type: string
+                            httpHeaders:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                required:
+                                - name
+                                - value
+                                type: object
+                              type: array
+                            path:
+                              type: string
+                            port:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              x-kubernetes-int-or-string: true
+                            scheme:
+                              type: string
+                          required:
+                          - port
+                          type: object
+                        initialDelaySeconds:
+                          format: int32
+                          type: integer
+                        periodSeconds:
+                          format: int32
+                          type: integer
+                        successThreshold:
+                          format: int32
+                          type: integer
+                        tcpSocket:
+                          properties:
+                            host:
+                              type: string
+                            port:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              x-kubernetes-int-or-string: true
+                          required:
+                          - port
+                          type: object
+                        terminationGracePeriodSeconds:
+                          format: int64
+                          type: integer
+                        timeoutSeconds:
+                          format: int32
+                          type: integer
+                      type: object
+                    resources:
+                      properties:
+                        limits:
+                          additionalProperties:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                            x-kubernetes-int-or-string: true
+                          type: object
+                        requests:
+                          additionalProperties:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                            x-kubernetes-int-or-string: true
+                          type: object
+                      type: object
+                    securityContext:
+                      properties:
+                        allowPrivilegeEscalation:
+                          type: boolean
+                        capabilities:
+                          properties:
+                            add:
+                              items:
+                                type: string
+                              type: array
+                            drop:
+                              items:
+                                type: string
+                              type: array
+                          type: object
+                        privileged:
+                          type: boolean
+                        procMount:
+                          type: string
+                        readOnlyRootFilesystem:
+                          type: boolean
+                        runAsGroup:
+                          format: int64
+                          type: integer
+                        runAsNonRoot:
+                          type: boolean
+                        runAsUser:
+                          format: int64
+                          type: integer
+                        seLinuxOptions:
+                          properties:
+                            level:
+                              type: string
+                            role:
+                              type: string
+                            type:
+                              type: string
+                            user:
+                              type: string
+                          type: object
+                        seccompProfile:
+                          properties:
+                            localhostProfile:
+                              type: string
+                            type:
+                              type: string
+                          required:
+                          - type
+                          type: object
+                        windowsOptions:
+                          properties:
+                            gmsaCredentialSpec:
+                              type: string
+                            gmsaCredentialSpecName:
+                              type: string
+                            hostProcess:
+                              type: boolean
+                            runAsUserName:
+                              type: string
+                          type: object
+                      type: object
+                    startupProbe:
+                      properties:
+                        exec:
+                          properties:
+                            command:
+                              items:
+                                type: string
+                              type: array
+                          type: object
+                        failureThreshold:
+                          format: int32
+                          type: integer
+                        grpc:
+                          properties:
+                            port:
+                              format: int32
+                              type: integer
+                            service:
+                              type: string
+                          required:
+                          - port
+                          type: object
+                        httpGet:
+                          properties:
+                            host:
+                              type: string
+                            httpHeaders:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                required:
+                                - name
+                                - value
+                                type: object
+                              type: array
+                            path:
+                              type: string
+                            port:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              x-kubernetes-int-or-string: true
+                            scheme:
+                              type: string
+                          required:
+                          - port
+                          type: object
+                        initialDelaySeconds:
+                          format: int32
+                          type: integer
+                        periodSeconds:
+                          format: int32
+                          type: integer
+                        successThreshold:
+                          format: int32
+                          type: integer
+                        tcpSocket:
+                          properties:
+                            host:
+                              type: string
+                            port:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              x-kubernetes-int-or-string: true
+                          required:
+                          - port
+                          type: object
+                        terminationGracePeriodSeconds:
+                          format: int64
+                          type: integer
+                        timeoutSeconds:
+                          format: int32
+                          type: integer
+                      type: object
+                    stdin:
+                      type: boolean
+                    stdinOnce:
+                      type: boolean
+                    terminationMessagePath:
+                      type: string
+                    terminationMessagePolicy:
+                      type: string
+                    tty:
+                      type: boolean
+                    volumeDevices:
+                      items:
+                        properties:
+                          devicePath:
+                            type: string
+                          name:
+                            type: string
+                        required:
+                        - devicePath
+                        - name
+                        type: object
+                      type: array
+                    volumeMounts:
+                      items:
+                        properties:
+                          mountPath:
+                            type: string
+                          mountPropagation:
+                            type: string
+                          name:
+                            type: string
+                          readOnly:
+                            type: boolean
+                          subPath:
+                            type: string
+                          subPathExpr:
+                            type: string
+                        required:
+                        - mountPath
+                        - name
+                        type: object
+                      type: array
+                    workingDir:
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              labels:
+                additionalProperties:
+                  type: string
+                type: object
+              selector:
+                properties:
+                  matchExpressions:
+                    items:
+                      properties:
+                        key:
+                          type: string
+                        operator:
+                          type: string
+                        values:
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    type: object
+                type: object
+              serviceAccountName:
+                type: string
+              sidecars:
+                items:
+                  properties:
+                    args:
+                      items:
+                        type: string
+                      type: array
+                    command:
+                      items:
+                        type: string
+                      type: array
+                    env:
+                      items:
+                        properties:
+                          name:
+                            type: string
+                          value:
+                            type: string
+                          valueFrom:
+                            properties:
+                              configMapKeyRef:
+                                properties:
+                                  key:
+                                    type: string
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                required:
+                                - key
+                                type: object
+                              fieldRef:
+                                properties:
+                                  apiVersion:
+                                    type: string
+                                  fieldPath:
+                                    type: string
+                                required:
+                                - fieldPath
+                                type: object
+                              resourceFieldRef:
+                                properties:
+                                  containerName:
+                                    type: string
+                                  divisor:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  resource:
+                                    type: string
+                                required:
+                                - resource
+                                type: object
+                              secretKeyRef:
+                                properties:
+                                  key:
+                                    type: string
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                required:
+                                - key
+                                type: object
+                            type: object
+                        required:
+                        - name
+                        type: object
+                      type: array
+                    envFrom:
+                      items:
+                        properties:
+                          configMapRef:
+                            properties:
+                              name:
+                                type: string
+                              optional:
+                                type: boolean
+                            type: object
+                          prefix:
+                            type: string
+                          secretRef:
+                            properties:
+                              name:
+                                type: string
+                              optional:
+                                type: boolean
+                            type: object
+                        type: object
+                      type: array
+                    image:
+                      type: string
+                    imagePullPolicy:
+                      type: string
+                    lifecycle:
+                      properties:
+                        postStart:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                    - name
+                                    - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                              - port
+                              type: object
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                              - port
+                              type: object
+                          type: object
+                        preStop:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                    - name
+                                    - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                              - port
+                              type: object
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                              - port
+                              type: object
+                          type: object
+                      type: object
+                    livenessProbe:
+                      properties:
+                        exec:
+                          properties:
+                            command:
+                              items:
+                                type: string
+                              type: array
+                          type: object
+                        failureThreshold:
+                          format: int32
+                          type: integer
+                        grpc:
+                          properties:
+                            port:
+                              format: int32
+                              type: integer
+                            service:
+                              type: string
+                          required:
+                          - port
+                          type: object
+                        httpGet:
+                          properties:
+                            host:
+                              type: string
+                            httpHeaders:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                required:
+                                - name
+                                - value
+                                type: object
+                              type: array
+                            path:
+                              type: string
+                            port:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              x-kubernetes-int-or-string: true
+                            scheme:
+                              type: string
+                          required:
+                          - port
+                          type: object
+                        initialDelaySeconds:
+                          format: int32
+                          type: integer
+                        periodSeconds:
+                          format: int32
+                          type: integer
+                        successThreshold:
+                          format: int32
+                          type: integer
+                        tcpSocket:
+                          properties:
+                            host:
+                              type: string
+                            port:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              x-kubernetes-int-or-string: true
+                          required:
+                          - port
+                          type: object
+                        terminationGracePeriodSeconds:
+                          format: int64
+                          type: integer
+                        timeoutSeconds:
+                          format: int32
+                          type: integer
+                      type: object
+                    name:
+                      type: string
+                    ports:
+                      items:
+                        properties:
+                          containerPort:
+                            format: int32
+                            type: integer
+                          hostIP:
+                            type: string
+                          hostPort:
+                            format: int32
+                            type: integer
+                          name:
+                            type: string
+                          protocol:
+                            default: TCP
+                            type: string
+                        required:
+                        - containerPort
+                        type: object
+                      type: array
+                      x-kubernetes-list-map-keys:
+                      - containerPort
+                      - protocol
+                      x-kubernetes-list-type: map
+                    readinessProbe:
+                      properties:
+                        exec:
+                          properties:
+                            command:
+                              items:
+                                type: string
+                              type: array
+                          type: object
+                        failureThreshold:
+                          format: int32
+                          type: integer
+                        grpc:
+                          properties:
+                            port:
+                              format: int32
+                              type: integer
+                            service:
+                              type: string
+                          required:
+                          - port
+                          type: object
+                        httpGet:
+                          properties:
+                            host:
+                              type: string
+                            httpHeaders:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                required:
+                                - name
+                                - value
+                                type: object
+                              type: array
+                            path:
+                              type: string
+                            port:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              x-kubernetes-int-or-string: true
+                            scheme:
+                              type: string
+                          required:
+                          - port
+                          type: object
+                        initialDelaySeconds:
+                          format: int32
+                          type: integer
+                        periodSeconds:
+                          format: int32
+                          type: integer
+                        successThreshold:
+                          format: int32
+                          type: integer
+                        tcpSocket:
+                          properties:
+                            host:
+                              type: string
+                            port:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              x-kubernetes-int-or-string: true
+                          required:
+                          - port
+                          type: object
+                        terminationGracePeriodSeconds:
+                          format: int64
+                          type: integer
+                        timeoutSeconds:
+                          format: int32
+                          type: integer
+                      type: object
+                    resources:
+                      properties:
+                        limits:
+                          additionalProperties:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                            x-kubernetes-int-or-string: true
+                          type: object
+                        requests:
+                          additionalProperties:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                            x-kubernetes-int-or-string: true
+                          type: object
+                      type: object
+                    securityContext:
+                      properties:
+                        allowPrivilegeEscalation:
+                          type: boolean
+                        capabilities:
+                          properties:
+                            add:
+                              items:
+                                type: string
+                              type: array
+                            drop:
+                              items:
+                                type: string
+                              type: array
+                          type: object
+                        privileged:
+                          type: boolean
+                        procMount:
+                          type: string
+                        readOnlyRootFilesystem:
+                          type: boolean
+                        runAsGroup:
+                          format: int64
+                          type: integer
+                        runAsNonRoot:
+                          type: boolean
+                        runAsUser:
+                          format: int64
+                          type: integer
+                        seLinuxOptions:
+                          properties:
+                            level:
+                              type: string
+                            role:
+                              type: string
+                            type:
+                              type: string
+                            user:
+                              type: string
+                          type: object
+                        seccompProfile:
+                          properties:
+                            localhostProfile:
+                              type: string
+                            type:
+                              type: string
+                          required:
+                          - type
+                          type: object
+                        windowsOptions:
+                          properties:
+                            gmsaCredentialSpec:
+                              type: string
+                            gmsaCredentialSpecName:
+                              type: string
+                            hostProcess:
+                              type: boolean
+                            runAsUserName:
+                              type: string
+                          type: object
+                      type: object
+                    startupProbe:
+                      properties:
+                        exec:
+                          properties:
+                            command:
+                              items:
+                                type: string
+                              type: array
+                          type: object
+                        failureThreshold:
+                          format: int32
+                          type: integer
+                        grpc:
+                          properties:
+                            port:
+                              format: int32
+                              type: integer
+                            service:
+                              type: string
+                          required:
+                          - port
+                          type: object
+                        httpGet:
+                          properties:
+                            host:
+                              type: string
+                            httpHeaders:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                required:
+                                - name
+                                - value
+                                type: object
+                              type: array
+                            path:
+                              type: string
+                            port:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              x-kubernetes-int-or-string: true
+                            scheme:
+                              type: string
+                          required:
+                          - port
+                          type: object
+                        initialDelaySeconds:
+                          format: int32
+                          type: integer
+                        periodSeconds:
+                          format: int32
+                          type: integer
+                        successThreshold:
+                          format: int32
+                          type: integer
+                        tcpSocket:
+                          properties:
+                            host:
+                              type: string
+                            port:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              x-kubernetes-int-or-string: true
+                          required:
+                          - port
+                          type: object
+                        terminationGracePeriodSeconds:
+                          format: int64
+                          type: integer
+                        timeoutSeconds:
+                          format: int32
+                          type: integer
+                      type: object
+                    stdin:
+                      type: boolean
+                    stdinOnce:
+                      type: boolean
+                    terminationMessagePath:
+                      type: string
+                    terminationMessagePolicy:
+                      type: string
+                    tty:
+                      type: boolean
+                    volumeDevices:
+                      items:
+                        properties:
+                          devicePath:
+                            type: string
+                          name:
+                            type: string
+                        required:
+                        - devicePath
+                        - name
+                        type: object
+                      type: array
+                    volumeMounts:
+                      items:
+                        properties:
+                          mountPath:
+                            type: string
+                          mountPropagation:
+                            type: string
+                          name:
+                            type: string
+                          readOnly:
+                            type: boolean
+                          subPath:
+                            type: string
+                          subPathExpr:
+                            type: string
+                        required:
+                        - mountPath
+                        - name
+                        type: object
+                      type: array
+                    workingDir:
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              tolerations:
+                items:
+                  properties:
+                    effect:
+                      type: string
+                    key:
+                      type: string
+                    operator:
+                      type: string
+                    tolerationSeconds:
+                      format: int64
+                      type: integer
+                    value:
+                      type: string
+                  type: object
+                type: array
+              volumeMounts:
+                items:
+                  properties:
+                    mountPath:
+                      type: string
+                    mountPropagation:
+                      type: string
+                    name:
+                      type: string
+                    readOnly:
+                      type: boolean
+                    subPath:
+                      type: string
+                    subPathExpr:
+                      type: string
+                  required:
+                  - mountPath
+                  - name
+                  type: object
+                type: array
+              volumes:
+                items:
+                  properties:
+                    awsElasticBlockStore:
+                      properties:
+                        fsType:
+                          type: string
+                        partition:
+                          format: int32
+                          type: integer
+                        readOnly:
+                          type: boolean
+                        volumeID:
+                          type: string
+                      required:
+                      - volumeID
+                      type: object
+                    azureDisk:
+                      properties:
+                        cachingMode:
+                          type: string
+                        diskName:
+                          type: string
+                        diskURI:
+                          type: string
+                        fsType:
+                          type: string
+                        kind:
+                          type: string
+                        readOnly:
+                          type: boolean
+                      required:
+                      - diskName
+                      - diskURI
+                      type: object
+                    azureFile:
+                      properties:
+                        readOnly:
+                          type: boolean
+                        secretName:
+                          type: string
+                        shareName:
+                          type: string
+                      required:
+                      - secretName
+                      - shareName
+                      type: object
+                    cephfs:
+                      properties:
+                        monitors:
+                          items:
+                            type: string
+                          type: array
+                        path:
+                          type: string
+                        readOnly:
+                          type: boolean
+                        secretFile:
+                          type: string
+                        secretRef:
+                          properties:
+                            name:
+                              type: string
+                          type: object
+                        user:
+                          type: string
+                      required:
+                      - monitors
+                      type: object
+                    cinder:
+                      properties:
+                        fsType:
+                          type: string
+                        readOnly:
+                          type: boolean
+                        secretRef:
+                          properties:
+                            name:
+                              type: string
+                          type: object
+                        volumeID:
+                          type: string
+                      required:
+                      - volumeID
+                      type: object
+                    configMap:
+                      properties:
+                        defaultMode:
+                          format: int32
+                          type: integer
+                        items:
+                          items:
+                            properties:
+                              key:
+                                type: string
+                              mode:
+                                format: int32
+                                type: integer
+                              path:
+                                type: string
+                            required:
+                            - key
+                            - path
+                            type: object
+                          type: array
+                        name:
+                          type: string
+                        optional:
+                          type: boolean
+                      type: object
+                    csi:
+                      properties:
+                        driver:
+                          type: string
+                        fsType:
+                          type: string
+                        nodePublishSecretRef:
+                          properties:
+                            name:
+                              type: string
+                          type: object
+                        readOnly:
+                          type: boolean
+                        volumeAttributes:
+                          additionalProperties:
+                            type: string
+                          type: object
+                      required:
+                      - driver
+                      type: object
+                    downwardAPI:
+                      properties:
+                        defaultMode:
+                          format: int32
+                          type: integer
+                        items:
+                          items:
+                            properties:
+                              fieldRef:
+                                properties:
+                                  apiVersion:
+                                    type: string
+                                  fieldPath:
+                                    type: string
+                                required:
+                                - fieldPath
+                                type: object
+                              mode:
+                                format: int32
+                                type: integer
+                              path:
+                                type: string
+                              resourceFieldRef:
+                                properties:
+                                  containerName:
+                                    type: string
+                                  divisor:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  resource:
+                                    type: string
+                                required:
+                                - resource
+                                type: object
+                            required:
+                            - path
+                            type: object
+                          type: array
+                      type: object
+                    emptyDir:
+                      properties:
+                        medium:
+                          type: string
+                        sizeLimit:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                      type: object
+                    ephemeral:
+                      properties:
+                        volumeClaimTemplate:
+                          properties:
+                            metadata:
+                              type: object
+                            spec:
+                              properties:
+                                accessModes:
+                                  items:
+                                    type: string
+                                  type: array
+                                dataSource:
+                                  properties:
+                                    apiGroup:
+                                      type: string
+                                    kind:
+                                      type: string
+                                    name:
+                                      type: string
+                                  required:
+                                  - kind
+                                  - name
+                                  type: object
+                                dataSourceRef:
+                                  properties:
+                                    apiGroup:
+                                      type: string
+                                    kind:
+                                      type: string
+                                    name:
+                                      type: string
+                                  required:
+                                  - kind
+                                  - name
+                                  type: object
+                                resources:
+                                  properties:
+                                    limits:
+                                      additionalProperties:
+                                        anyOf:
+                                        - type: integer
+                                        - type: string
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                      type: object
+                                    requests:
+                                      additionalProperties:
+                                        anyOf:
+                                        - type: integer
+                                        - type: string
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                      type: object
+                                  type: object
+                                selector:
+                                  properties:
+                                    matchExpressions:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          operator:
+                                            type: string
+                                          values:
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        type: string
+                                      type: object
+                                  type: object
+                                storageClassName:
+                                  type: string
+                                volumeMode:
+                                  type: string
+                                volumeName:
+                                  type: string
+                              type: object
+                          required:
+                          - spec
+                          type: object
+                      type: object
+                    fc:
+                      properties:
+                        fsType:
+                          type: string
+                        lun:
+                          format: int32
+                          type: integer
+                        readOnly:
+                          type: boolean
+                        targetWWNs:
+                          items:
+                            type: string
+                          type: array
+                        wwids:
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    flexVolume:
+                      properties:
+                        driver:
+                          type: string
+                        fsType:
+                          type: string
+                        options:
+                          additionalProperties:
+                            type: string
+                          type: object
+                        readOnly:
+                          type: boolean
+                        secretRef:
+                          properties:
+                            name:
+                              type: string
+                          type: object
+                      required:
+                      - driver
+                      type: object
+                    flocker:
+                      properties:
+                        datasetName:
+                          type: string
+                        datasetUUID:
+                          type: string
+                      type: object
+                    gcePersistentDisk:
+                      properties:
+                        fsType:
+                          type: string
+                        partition:
+                          format: int32
+                          type: integer
+                        pdName:
+                          type: string
+                        readOnly:
+                          type: boolean
+                      required:
+                      - pdName
+                      type: object
+                    gitRepo:
+                      properties:
+                        directory:
+                          type: string
+                        repository:
+                          type: string
+                        revision:
+                          type: string
+                      required:
+                      - repository
+                      type: object
+                    glusterfs:
+                      properties:
+                        endpoints:
+                          type: string
+                        path:
+                          type: string
+                        readOnly:
+                          type: boolean
+                      required:
+                      - endpoints
+                      - path
+                      type: object
+                    hostPath:
+                      properties:
+                        path:
+                          type: string
+                        type:
+                          type: string
+                      required:
+                      - path
+                      type: object
+                    iscsi:
+                      properties:
+                        chapAuthDiscovery:
+                          type: boolean
+                        chapAuthSession:
+                          type: boolean
+                        fsType:
+                          type: string
+                        initiatorName:
+                          type: string
+                        iqn:
+                          type: string
+                        iscsiInterface:
+                          type: string
+                        lun:
+                          format: int32
+                          type: integer
+                        portals:
+                          items:
+                            type: string
+                          type: array
+                        readOnly:
+                          type: boolean
+                        secretRef:
+                          properties:
+                            name:
+                              type: string
+                          type: object
+                        targetPortal:
+                          type: string
+                      required:
+                      - iqn
+                      - lun
+                      - targetPortal
+                      type: object
+                    name:
+                      type: string
+                    nfs:
+                      properties:
+                        path:
+                          type: string
+                        readOnly:
+                          type: boolean
+                        server:
+                          type: string
+                      required:
+                      - path
+                      - server
+                      type: object
+                    persistentVolumeClaim:
+                      properties:
+                        claimName:
+                          type: string
+                        readOnly:
+                          type: boolean
+                      required:
+                      - claimName
+                      type: object
+                    photonPersistentDisk:
+                      properties:
+                        fsType:
+                          type: string
+                        pdID:
+                          type: string
+                      required:
+                      - pdID
+                      type: object
+                    portworxVolume:
+                      properties:
+                        fsType:
+                          type: string
+                        readOnly:
+                          type: boolean
+                        volumeID:
+                          type: string
+                      required:
+                      - volumeID
+                      type: object
+                    projected:
+                      properties:
+                        defaultMode:
+                          format: int32
+                          type: integer
+                        sources:
+                          items:
+                            properties:
+                              configMap:
+                                properties:
+                                  items:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        mode:
+                                          format: int32
+                                          type: integer
+                                        path:
+                                          type: string
+                                      required:
+                                      - key
+                                      - path
+                                      type: object
+                                    type: array
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                              downwardAPI:
+                                properties:
+                                  items:
+                                    items:
+                                      properties:
+                                        fieldRef:
+                                          properties:
+                                            apiVersion:
+                                              type: string
+                                            fieldPath:
+                                              type: string
+                                          required:
+                                          - fieldPath
+                                          type: object
+                                        mode:
+                                          format: int32
+                                          type: integer
+                                        path:
+                                          type: string
+                                        resourceFieldRef:
+                                          properties:
+                                            containerName:
+                                              type: string
+                                            divisor:
+                                              anyOf:
+                                              - type: integer
+                                              - type: string
+                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                              x-kubernetes-int-or-string: true
+                                            resource:
+                                              type: string
+                                          required:
+                                          - resource
+                                          type: object
+                                      required:
+                                      - path
+                                      type: object
+                                    type: array
+                                type: object
+                              secret:
+                                properties:
+                                  items:
+                                    items:
+                                      properties:
+                                        key:
+                                          type: string
+                                        mode:
+                                          format: int32
+                                          type: integer
+                                        path:
+                                          type: string
+                                      required:
+                                      - key
+                                      - path
+                                      type: object
+                                    type: array
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                              serviceAccountToken:
+                                properties:
+                                  audience:
+                                    type: string
+                                  expirationSeconds:
+                                    format: int64
+                                    type: integer
+                                  path:
+                                    type: string
+                                required:
+                                - path
+                                type: object
+                            type: object
+                          type: array
+                      type: object
+                    quobyte:
+                      properties:
+                        group:
+                          type: string
+                        readOnly:
+                          type: boolean
+                        registry:
+                          type: string
+                        tenant:
+                          type: string
+                        user:
+                          type: string
+                        volume:
+                          type: string
+                      required:
+                      - registry
+                      - volume
+                      type: object
+                    rbd:
+                      properties:
+                        fsType:
+                          type: string
+                        image:
+                          type: string
+                        keyring:
+                          type: string
+                        monitors:
+                          items:
+                            type: string
+                          type: array
+                        pool:
+                          type: string
+                        readOnly:
+                          type: boolean
+                        secretRef:
+                          properties:
+                            name:
+                              type: string
+                          type: object
+                        user:
+                          type: string
+                      required:
+                      - image
+                      - monitors
+                      type: object
+                    scaleIO:
+                      properties:
+                        fsType:
+                          type: string
+                        gateway:
+                          type: string
+                        protectionDomain:
+                          type: string
+                        readOnly:
+                          type: boolean
+                        secretRef:
+                          properties:
+                            name:
+                              type: string
+                          type: object
+                        sslEnabled:
+                          type: boolean
+                        storageMode:
+                          type: string
+                        storagePool:
+                          type: string
+                        system:
+                          type: string
+                        volumeName:
+                          type: string
+                      required:
+                      - gateway
+                      - secretRef
+                      - system
+                      type: object
+                    secret:
+                      properties:
+                        defaultMode:
+                          format: int32
+                          type: integer
+                        items:
+                          items:
+                            properties:
+                              key:
+                                type: string
+                              mode:
+                                format: int32
+                                type: integer
+                              path:
+                                type: string
+                            required:
+                            - key
+                            - path
+                            type: object
+                          type: array
+                        optional:
+                          type: boolean
+                        secretName:
+                          type: string
+                      type: object
+                    storageos:
+                      properties:
+                        fsType:
+                          type: string
+                        readOnly:
+                          type: boolean
+                        secretRef:
+                          properties:
+                            name:
+                              type: string
+                          type: object
+                        volumeName:
+                          type: string
+                        volumeNamespace:
+                          type: string
+                      type: object
+                    vsphereVolume:
+                      properties:
+                        fsType:
+                          type: string
+                        storagePolicyID:
+                          type: string
+                        storagePolicyName:
+                          type: string
+                        volumePath:
+                          type: string
+                      required:
+                      - volumePath
+                      type: object
+                  required:
+                  - name
+                  type: object
+                type: array
+            required:
+            - selector
+            type: object
+          status:
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
+
+{{- end }}
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/katib/experiment.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/katib/experiment.yaml
new file mode 100644
index 00000000..2fe16c08
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/katib/experiment.yaml
@@ -0,0 +1,42 @@
+{{- if (include "kubeflowCrds.katib.controller.enabled" . | eq "true") -}}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: {{ include "kubeflowCrds.katib.controller.experimentFullName" . }}
+  labels:
+    {{- include "kubeflowCrds.katib.controller.labels" . | nindent 4 }}
+spec:
+  group: {{ include "kubeflowCrds.katib.controller.group" . }}
+  scope: Namespaced
+  versions:
+    - name: v1beta1
+      served: true
+      storage: true
+      additionalPrinterColumns:
+        - name: Type
+          type: string
+          jsonPath: .status.conditions[-1:].type
+        - name: Status
+          type: string
+          jsonPath: .status.conditions[-1:].status
+        - name: Age
+          type: date
+          jsonPath: .metadata.creationTimestamp
+      subresources:
+        status: {}
+      schema:
+        openAPIV3Schema:
+          type: object
+          x-kubernetes-preserve-unknown-fields: true
+  names:
+    kind: Experiment
+    plural: {{ include "kubeflowCrds.katib.controller.experimentPluralName" . }}
+    singular: {{ include "kubeflowCrds.katib.controller.experimentSingularName" . }}
+    categories:
+      - all
+      - kubeflow
+      - katib
+
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/katib/suggestion.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/katib/suggestion.yaml
new file mode 100644
index 00000000..544464e0
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/katib/suggestion.yaml
@@ -0,0 +1,48 @@
+{{- if (include "kubeflowCrds.katib.controller.enabled" . | eq "true") -}}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: {{ include "kubeflowCrds.katib.controller.suggestionFullName" . }}
+  labels:
+    {{- include "kubeflowCrds.katib.controller.labels" . | nindent 4 }}
+spec:
+  group: {{ include "kubeflowCrds.katib.controller.group" . }}
+  scope: Namespaced
+  versions:
+    - name: v1beta1
+      served: true
+      storage: true
+      additionalPrinterColumns:
+        - name: Type
+          type: string
+          jsonPath: .status.conditions[-1:].type
+        - name: Status
+          type: string
+          jsonPath: .status.conditions[-1:].status
+        - name: Requested
+          type: string
+          jsonPath: .spec.requests
+        - name: Assigned
+          type: string
+          jsonPath: .status.suggestionCount
+        - name: Age
+          type: date
+          jsonPath: .metadata.creationTimestamp
+      subresources:
+        status: {}
+      schema:
+        openAPIV3Schema:
+          type: object
+          x-kubernetes-preserve-unknown-fields: true
+  names:
+    kind: Suggestion
+    plural: {{ include "kubeflowCrds.katib.controller.suggestionPluralName" . }}
+    singular: {{ include "kubeflowCrds.katib.controller.suggestionSingularName" . }}
+    categories:
+      - all
+      - kubeflow
+      - katib
+
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/katib/trial.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/katib/trial.yaml
new file mode 100644
index 00000000..fccd5adc
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/katib/trial.yaml
@@ -0,0 +1,42 @@
+{{- if (include "kubeflowCrds.katib.controller.enabled" . | eq "true") -}}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: {{ include "kubeflowCrds.katib.controller.trialFullName" . }}
+  labels:
+    {{- include "kubeflowCrds.katib.controller.labels" . | nindent 4 }}
+spec:
+  group: {{ include "kubeflowCrds.katib.controller.group" . }}
+  scope: Namespaced
+  versions:
+    - name: v1beta1
+      served: true
+      storage: true
+      additionalPrinterColumns:
+        - name: Type
+          type: string
+          jsonPath: .status.conditions[-1:].type
+        - name: Status
+          type: string
+          jsonPath: .status.conditions[-1:].status
+        - name: Age
+          type: date
+          jsonPath: .metadata.creationTimestamp
+      subresources:
+        status: {}
+      schema:
+        openAPIV3Schema:
+          type: object
+          x-kubernetes-preserve-unknown-fields: true
+  names:
+    kind: Trial
+    plural: {{ include "kubeflowCrds.katib.controller.trialPluralName" . }}
+    singular: {{ include "kubeflowCrds.katib.controller.trialSingularName" . }}
+    categories:
+      - all
+      - kubeflow
+      - katib
+
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/notebooks/kubeflow.org_notebooks.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/notebooks/kubeflow.org_notebooks.yaml
new file mode 100644
index 00000000..f72b1ab0
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/notebooks/kubeflow.org_notebooks.yaml
@@ -0,0 +1,9513 @@
+{{- if (include "kubeflowCrds.notebooks.controller.enabled" . | eq "true") -}}
+
+{{- $ca := printf "%s/%s"
+  (include "kubeflowCrds.namespace" .)
+  (include "kubeflowCrds.notebooks.controller.certName" .)
+-}}
+{{- if .Values.crds.minimized }}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.8.0
+{{- if .Values.notebooks.controller.certManager.enabled }}
+    certmanager.k8s.io/inject-ca-from: {{ $ca }}
+{{- end }}
+  creationTimestamp: null
+  labels:
+    {{- include "kubeflowCrds.notebooks.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflowCrds.notebooks.controller.fullName" . }}
+spec:
+  conversion:
+{{- if .Values.notebooks.controller.webhook.enabled }}
+    strategy: Webhook
+    webhookClientConfig:
+      # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
+      # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
+      caBundle: Cg==
+      service:
+        namespace: system
+        name: webhook-service
+        path: /convert
+{{- else }}
+    strategy: None
+{{- end }}
+  group: {{ include "kubeflowCrds.notebooks.controller.group" . }}
+  names:
+    kind: Notebook
+    listKind: NotebookList
+    plural: {{ include "kubeflowCrds.notebooks.controller.pluralName" . }}
+    singular: {{ include "kubeflowCrds.notebooks.controller.singularName" . }}
+  scope: Namespaced
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        type: object
+        x-kubernetes-preserve-unknown-fields: true
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        type: object
+        x-kubernetes-preserve-unknown-fields: true
+    served: true
+    storage: false
+    subresources:
+      status: {}
+
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        type: object
+        x-kubernetes-preserve-unknown-fields: true
+    served: true
+    storage: false
+    subresources:
+      status: {}
+
+{{- else }}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.8.0
+{{- if .Values.notebooks.controller.certManager.enabled }}
+    certmanager.k8s.io/inject-ca-from: {{ $ca }}
+{{- end }}
+  creationTimestamp: null
+  labels:
+    {{- include "kubeflowCrds.notebooks.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflowCrds.notebooks.controller.fullName" . }}
+spec:
+  conversion:
+{{- if .Values.notebooks.controller.webhook.enabled }}
+    strategy: Webhook
+    webhookClientConfig:
+      # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
+      # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
+      caBundle: Cg==
+      service:
+        namespace: system
+        name: webhook-service
+        path: /convert
+{{- else }}
+    strategy: None
+{{- end }}
+  group: {{ include "kubeflowCrds.notebooks.controller.group" . }}
+  names:
+    kind: Notebook
+    listKind: NotebookList
+    plural: {{ include "kubeflowCrds.notebooks.controller.pluralName" . }}
+    singular: {{ include "kubeflowCrds.notebooks.controller.singularName" . }}
+  scope: Namespaced
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            type: string
+          kind:
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              template:
+                properties:
+                  spec:
+                    properties:
+                      activeDeadlineSeconds:
+                        format: int64
+                        type: integer
+                      affinity:
+                        properties:
+                          nodeAffinity:
+                            properties:
+                              preferredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    preference:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchFields:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                      type: object
+                                    weight:
+                                      format: int32
+                                      type: integer
+                                  required:
+                                  - preference
+                                  - weight
+                                  type: object
+                                type: array
+                              requiredDuringSchedulingIgnoredDuringExecution:
+                                properties:
+                                  nodeSelectorTerms:
+                                    items:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchFields:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                      type: object
+                                    type: array
+                                required:
+                                - nodeSelectorTerms
+                                type: object
+                            type: object
+                          podAffinity:
+                            properties:
+                              preferredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    podAffinityTerm:
+                                      properties:
+                                        labelSelector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                        namespaceSelector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                        namespaces:
+                                          items:
+                                            type: string
+                                          type: array
+                                        topologyKey:
+                                          type: string
+                                      required:
+                                      - topologyKey
+                                      type: object
+                                    weight:
+                                      format: int32
+                                      type: integer
+                                  required:
+                                  - podAffinityTerm
+                                  - weight
+                                  type: object
+                                type: array
+                              requiredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    labelSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                    namespaceSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                    namespaces:
+                                      items:
+                                        type: string
+                                      type: array
+                                    topologyKey:
+                                      type: string
+                                  required:
+                                  - topologyKey
+                                  type: object
+                                type: array
+                            type: object
+                          podAntiAffinity:
+                            properties:
+                              preferredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    podAffinityTerm:
+                                      properties:
+                                        labelSelector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                        namespaceSelector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                        namespaces:
+                                          items:
+                                            type: string
+                                          type: array
+                                        topologyKey:
+                                          type: string
+                                      required:
+                                      - topologyKey
+                                      type: object
+                                    weight:
+                                      format: int32
+                                      type: integer
+                                  required:
+                                  - podAffinityTerm
+                                  - weight
+                                  type: object
+                                type: array
+                              requiredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    labelSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                    namespaceSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                    namespaces:
+                                      items:
+                                        type: string
+                                      type: array
+                                    topologyKey:
+                                      type: string
+                                  required:
+                                  - topologyKey
+                                  type: object
+                                type: array
+                            type: object
+                        type: object
+                      automountServiceAccountToken:
+                        type: boolean
+                      containers:
+                        items:
+                          properties:
+                            args:
+                              items:
+                                type: string
+                              type: array
+                            command:
+                              items:
+                                type: string
+                              type: array
+                            env:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                  valueFrom:
+                                    properties:
+                                      configMapKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                      fieldRef:
+                                        properties:
+                                          apiVersion:
+                                            type: string
+                                          fieldPath:
+                                            type: string
+                                        required:
+                                        - fieldPath
+                                        type: object
+                                      resourceFieldRef:
+                                        properties:
+                                          containerName:
+                                            type: string
+                                          divisor:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          resource:
+                                            type: string
+                                        required:
+                                        - resource
+                                        type: object
+                                      secretKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            envFrom:
+                              items:
+                                properties:
+                                  configMapRef:
+                                    properties:
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                  prefix:
+                                    type: string
+                                  secretRef:
+                                    properties:
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                type: object
+                              type: array
+                            image:
+                              type: string
+                            imagePullPolicy:
+                              type: string
+                            lifecycle:
+                              properties:
+                                postStart:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                                preStop:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                              type: object
+                            livenessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            name:
+                              type: string
+                            ports:
+                              items:
+                                properties:
+                                  containerPort:
+                                    format: int32
+                                    type: integer
+                                  hostIP:
+                                    type: string
+                                  hostPort:
+                                    format: int32
+                                    type: integer
+                                  name:
+                                    type: string
+                                  protocol:
+                                    default: TCP
+                                    type: string
+                                required:
+                                - containerPort
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - containerPort
+                              - protocol
+                              x-kubernetes-list-type: map
+                            readinessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            resources:
+                              properties:
+                                limits:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                                requests:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                              type: object
+                            securityContext:
+                              properties:
+                                allowPrivilegeEscalation:
+                                  type: boolean
+                                capabilities:
+                                  properties:
+                                    add:
+                                      items:
+                                        type: string
+                                      type: array
+                                    drop:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                privileged:
+                                  type: boolean
+                                procMount:
+                                  type: string
+                                readOnlyRootFilesystem:
+                                  type: boolean
+                                runAsGroup:
+                                  format: int64
+                                  type: integer
+                                runAsNonRoot:
+                                  type: boolean
+                                runAsUser:
+                                  format: int64
+                                  type: integer
+                                seLinuxOptions:
+                                  properties:
+                                    level:
+                                      type: string
+                                    role:
+                                      type: string
+                                    type:
+                                      type: string
+                                    user:
+                                      type: string
+                                  type: object
+                                seccompProfile:
+                                  properties:
+                                    localhostProfile:
+                                      type: string
+                                    type:
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                windowsOptions:
+                                  properties:
+                                    gmsaCredentialSpec:
+                                      type: string
+                                    gmsaCredentialSpecName:
+                                      type: string
+                                    hostProcess:
+                                      type: boolean
+                                    runAsUserName:
+                                      type: string
+                                  type: object
+                              type: object
+                            startupProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            stdin:
+                              type: boolean
+                            stdinOnce:
+                              type: boolean
+                            terminationMessagePath:
+                              type: string
+                            terminationMessagePolicy:
+                              type: string
+                            tty:
+                              type: boolean
+                            volumeDevices:
+                              items:
+                                properties:
+                                  devicePath:
+                                    type: string
+                                  name:
+                                    type: string
+                                required:
+                                - devicePath
+                                - name
+                                type: object
+                              type: array
+                            volumeMounts:
+                              items:
+                                properties:
+                                  mountPath:
+                                    type: string
+                                  mountPropagation:
+                                    type: string
+                                  name:
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  subPath:
+                                    type: string
+                                  subPathExpr:
+                                    type: string
+                                required:
+                                - mountPath
+                                - name
+                                type: object
+                              type: array
+                            workingDir:
+                              type: string
+                          required:
+                          - name
+                          - image
+                          type: object
+                        type: array
+                        minItems: 1
+                      dnsConfig:
+                        properties:
+                          nameservers:
+                            items:
+                              type: string
+                            type: array
+                          options:
+                            items:
+                              properties:
+                                name:
+                                  type: string
+                                value:
+                                  type: string
+                              type: object
+                            type: array
+                          searches:
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      dnsPolicy:
+                        type: string
+                      enableServiceLinks:
+                        type: boolean
+                      ephemeralContainers:
+                        items:
+                          properties:
+                            args:
+                              items:
+                                type: string
+                              type: array
+                            command:
+                              items:
+                                type: string
+                              type: array
+                            env:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                  valueFrom:
+                                    properties:
+                                      configMapKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                      fieldRef:
+                                        properties:
+                                          apiVersion:
+                                            type: string
+                                          fieldPath:
+                                            type: string
+                                        required:
+                                        - fieldPath
+                                        type: object
+                                      resourceFieldRef:
+                                        properties:
+                                          containerName:
+                                            type: string
+                                          divisor:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          resource:
+                                            type: string
+                                        required:
+                                        - resource
+                                        type: object
+                                      secretKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            envFrom:
+                              items:
+                                properties:
+                                  configMapRef:
+                                    properties:
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                  prefix:
+                                    type: string
+                                  secretRef:
+                                    properties:
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                type: object
+                              type: array
+                            image:
+                              type: string
+                            imagePullPolicy:
+                              type: string
+                            lifecycle:
+                              properties:
+                                postStart:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                                preStop:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                              type: object
+                            livenessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            name:
+                              type: string
+                            ports:
+                              items:
+                                properties:
+                                  containerPort:
+                                    format: int32
+                                    type: integer
+                                  hostIP:
+                                    type: string
+                                  hostPort:
+                                    format: int32
+                                    type: integer
+                                  name:
+                                    type: string
+                                  protocol:
+                                    default: TCP
+                                    type: string
+                                required:
+                                - containerPort
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - containerPort
+                              - protocol
+                              x-kubernetes-list-type: map
+                            readinessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            resources:
+                              properties:
+                                limits:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                                requests:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                              type: object
+                            securityContext:
+                              properties:
+                                allowPrivilegeEscalation:
+                                  type: boolean
+                                capabilities:
+                                  properties:
+                                    add:
+                                      items:
+                                        type: string
+                                      type: array
+                                    drop:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                privileged:
+                                  type: boolean
+                                procMount:
+                                  type: string
+                                readOnlyRootFilesystem:
+                                  type: boolean
+                                runAsGroup:
+                                  format: int64
+                                  type: integer
+                                runAsNonRoot:
+                                  type: boolean
+                                runAsUser:
+                                  format: int64
+                                  type: integer
+                                seLinuxOptions:
+                                  properties:
+                                    level:
+                                      type: string
+                                    role:
+                                      type: string
+                                    type:
+                                      type: string
+                                    user:
+                                      type: string
+                                  type: object
+                                seccompProfile:
+                                  properties:
+                                    localhostProfile:
+                                      type: string
+                                    type:
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                windowsOptions:
+                                  properties:
+                                    gmsaCredentialSpec:
+                                      type: string
+                                    gmsaCredentialSpecName:
+                                      type: string
+                                    hostProcess:
+                                      type: boolean
+                                    runAsUserName:
+                                      type: string
+                                  type: object
+                              type: object
+                            startupProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            stdin:
+                              type: boolean
+                            stdinOnce:
+                              type: boolean
+                            targetContainerName:
+                              type: string
+                            terminationMessagePath:
+                              type: string
+                            terminationMessagePolicy:
+                              type: string
+                            tty:
+                              type: boolean
+                            volumeDevices:
+                              items:
+                                properties:
+                                  devicePath:
+                                    type: string
+                                  name:
+                                    type: string
+                                required:
+                                - devicePath
+                                - name
+                                type: object
+                              type: array
+                            volumeMounts:
+                              items:
+                                properties:
+                                  mountPath:
+                                    type: string
+                                  mountPropagation:
+                                    type: string
+                                  name:
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  subPath:
+                                    type: string
+                                  subPathExpr:
+                                    type: string
+                                required:
+                                - mountPath
+                                - name
+                                type: object
+                              type: array
+                            workingDir:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                      hostAliases:
+                        items:
+                          properties:
+                            hostnames:
+                              items:
+                                type: string
+                              type: array
+                            ip:
+                              type: string
+                          type: object
+                        type: array
+                      hostIPC:
+                        type: boolean
+                      hostNetwork:
+                        type: boolean
+                      hostPID:
+                        type: boolean
+                      hostname:
+                        type: string
+                      imagePullSecrets:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                          type: object
+                        type: array
+                      initContainers:
+                        items:
+                          properties:
+                            args:
+                              items:
+                                type: string
+                              type: array
+                            command:
+                              items:
+                                type: string
+                              type: array
+                            env:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                  valueFrom:
+                                    properties:
+                                      configMapKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                      fieldRef:
+                                        properties:
+                                          apiVersion:
+                                            type: string
+                                          fieldPath:
+                                            type: string
+                                        required:
+                                        - fieldPath
+                                        type: object
+                                      resourceFieldRef:
+                                        properties:
+                                          containerName:
+                                            type: string
+                                          divisor:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          resource:
+                                            type: string
+                                        required:
+                                        - resource
+                                        type: object
+                                      secretKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            envFrom:
+                              items:
+                                properties:
+                                  configMapRef:
+                                    properties:
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                  prefix:
+                                    type: string
+                                  secretRef:
+                                    properties:
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                type: object
+                              type: array
+                            image:
+                              type: string
+                            imagePullPolicy:
+                              type: string
+                            lifecycle:
+                              properties:
+                                postStart:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                                preStop:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                              type: object
+                            livenessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            name:
+                              type: string
+                            ports:
+                              items:
+                                properties:
+                                  containerPort:
+                                    format: int32
+                                    type: integer
+                                  hostIP:
+                                    type: string
+                                  hostPort:
+                                    format: int32
+                                    type: integer
+                                  name:
+                                    type: string
+                                  protocol:
+                                    default: TCP
+                                    type: string
+                                required:
+                                - containerPort
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - containerPort
+                              - protocol
+                              x-kubernetes-list-type: map
+                            readinessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            resources:
+                              properties:
+                                limits:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                                requests:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                              type: object
+                            securityContext:
+                              properties:
+                                allowPrivilegeEscalation:
+                                  type: boolean
+                                capabilities:
+                                  properties:
+                                    add:
+                                      items:
+                                        type: string
+                                      type: array
+                                    drop:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                privileged:
+                                  type: boolean
+                                procMount:
+                                  type: string
+                                readOnlyRootFilesystem:
+                                  type: boolean
+                                runAsGroup:
+                                  format: int64
+                                  type: integer
+                                runAsNonRoot:
+                                  type: boolean
+                                runAsUser:
+                                  format: int64
+                                  type: integer
+                                seLinuxOptions:
+                                  properties:
+                                    level:
+                                      type: string
+                                    role:
+                                      type: string
+                                    type:
+                                      type: string
+                                    user:
+                                      type: string
+                                  type: object
+                                seccompProfile:
+                                  properties:
+                                    localhostProfile:
+                                      type: string
+                                    type:
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                windowsOptions:
+                                  properties:
+                                    gmsaCredentialSpec:
+                                      type: string
+                                    gmsaCredentialSpecName:
+                                      type: string
+                                    hostProcess:
+                                      type: boolean
+                                    runAsUserName:
+                                      type: string
+                                  type: object
+                              type: object
+                            startupProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            stdin:
+                              type: boolean
+                            stdinOnce:
+                              type: boolean
+                            terminationMessagePath:
+                              type: string
+                            terminationMessagePolicy:
+                              type: string
+                            tty:
+                              type: boolean
+                            volumeDevices:
+                              items:
+                                properties:
+                                  devicePath:
+                                    type: string
+                                  name:
+                                    type: string
+                                required:
+                                - devicePath
+                                - name
+                                type: object
+                              type: array
+                            volumeMounts:
+                              items:
+                                properties:
+                                  mountPath:
+                                    type: string
+                                  mountPropagation:
+                                    type: string
+                                  name:
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  subPath:
+                                    type: string
+                                  subPathExpr:
+                                    type: string
+                                required:
+                                - mountPath
+                                - name
+                                type: object
+                              type: array
+                            workingDir:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                      nodeName:
+                        type: string
+                      nodeSelector:
+                        additionalProperties:
+                          type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      os:
+                        properties:
+                          name:
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      overhead:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        type: object
+                      preemptionPolicy:
+                        type: string
+                      priority:
+                        format: int32
+                        type: integer
+                      priorityClassName:
+                        type: string
+                      readinessGates:
+                        items:
+                          properties:
+                            conditionType:
+                              type: string
+                          required:
+                          - conditionType
+                          type: object
+                        type: array
+                      restartPolicy:
+                        type: string
+                      runtimeClassName:
+                        type: string
+                      schedulerName:
+                        type: string
+                      securityContext:
+                        properties:
+                          fsGroup:
+                            format: int64
+                            type: integer
+                          fsGroupChangePolicy:
+                            type: string
+                          runAsGroup:
+                            format: int64
+                            type: integer
+                          runAsNonRoot:
+                            type: boolean
+                          runAsUser:
+                            format: int64
+                            type: integer
+                          seLinuxOptions:
+                            properties:
+                              level:
+                                type: string
+                              role:
+                                type: string
+                              type:
+                                type: string
+                              user:
+                                type: string
+                            type: object
+                          seccompProfile:
+                            properties:
+                              localhostProfile:
+                                type: string
+                              type:
+                                type: string
+                            required:
+                            - type
+                            type: object
+                          supplementalGroups:
+                            items:
+                              format: int64
+                              type: integer
+                            type: array
+                          sysctls:
+                            items:
+                              properties:
+                                name:
+                                  type: string
+                                value:
+                                  type: string
+                              required:
+                              - name
+                              - value
+                              type: object
+                            type: array
+                          windowsOptions:
+                            properties:
+                              gmsaCredentialSpec:
+                                type: string
+                              gmsaCredentialSpecName:
+                                type: string
+                              hostProcess:
+                                type: boolean
+                              runAsUserName:
+                                type: string
+                            type: object
+                        type: object
+                      serviceAccount:
+                        type: string
+                      serviceAccountName:
+                        type: string
+                      setHostnameAsFQDN:
+                        type: boolean
+                      shareProcessNamespace:
+                        type: boolean
+                      subdomain:
+                        type: string
+                      terminationGracePeriodSeconds:
+                        format: int64
+                        type: integer
+                      tolerations:
+                        items:
+                          properties:
+                            effect:
+                              type: string
+                            key:
+                              type: string
+                            operator:
+                              type: string
+                            tolerationSeconds:
+                              format: int64
+                              type: integer
+                            value:
+                              type: string
+                          type: object
+                        type: array
+                      topologySpreadConstraints:
+                        items:
+                          properties:
+                            labelSelector:
+                              properties:
+                                matchExpressions:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                matchLabels:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              type: object
+                            maxSkew:
+                              format: int32
+                              type: integer
+                            topologyKey:
+                              type: string
+                            whenUnsatisfiable:
+                              type: string
+                          required:
+                          - maxSkew
+                          - topologyKey
+                          - whenUnsatisfiable
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - topologyKey
+                        - whenUnsatisfiable
+                        x-kubernetes-list-type: map
+                      volumes:
+                        items:
+                          properties:
+                            awsElasticBlockStore:
+                              properties:
+                                fsType:
+                                  type: string
+                                partition:
+                                  format: int32
+                                  type: integer
+                                readOnly:
+                                  type: boolean
+                                volumeID:
+                                  type: string
+                              required:
+                              - volumeID
+                              type: object
+                            azureDisk:
+                              properties:
+                                cachingMode:
+                                  type: string
+                                diskName:
+                                  type: string
+                                diskURI:
+                                  type: string
+                                fsType:
+                                  type: string
+                                kind:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                              required:
+                              - diskName
+                              - diskURI
+                              type: object
+                            azureFile:
+                              properties:
+                                readOnly:
+                                  type: boolean
+                                secretName:
+                                  type: string
+                                shareName:
+                                  type: string
+                              required:
+                              - secretName
+                              - shareName
+                              type: object
+                            cephfs:
+                              properties:
+                                monitors:
+                                  items:
+                                    type: string
+                                  type: array
+                                path:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretFile:
+                                  type: string
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                                user:
+                                  type: string
+                              required:
+                              - monitors
+                              type: object
+                            cinder:
+                              properties:
+                                fsType:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                                volumeID:
+                                  type: string
+                              required:
+                              - volumeID
+                              type: object
+                            configMap:
+                              properties:
+                                defaultMode:
+                                  format: int32
+                                  type: integer
+                                items:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      mode:
+                                        format: int32
+                                        type: integer
+                                      path:
+                                        type: string
+                                    required:
+                                    - key
+                                    - path
+                                    type: object
+                                  type: array
+                                name:
+                                  type: string
+                                optional:
+                                  type: boolean
+                              type: object
+                            csi:
+                              properties:
+                                driver:
+                                  type: string
+                                fsType:
+                                  type: string
+                                nodePublishSecretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                                readOnly:
+                                  type: boolean
+                                volumeAttributes:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              required:
+                              - driver
+                              type: object
+                            downwardAPI:
+                              properties:
+                                defaultMode:
+                                  format: int32
+                                  type: integer
+                                items:
+                                  items:
+                                    properties:
+                                      fieldRef:
+                                        properties:
+                                          apiVersion:
+                                            type: string
+                                          fieldPath:
+                                            type: string
+                                        required:
+                                        - fieldPath
+                                        type: object
+                                      mode:
+                                        format: int32
+                                        type: integer
+                                      path:
+                                        type: string
+                                      resourceFieldRef:
+                                        properties:
+                                          containerName:
+                                            type: string
+                                          divisor:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          resource:
+                                            type: string
+                                        required:
+                                        - resource
+                                        type: object
+                                    required:
+                                    - path
+                                    type: object
+                                  type: array
+                              type: object
+                            emptyDir:
+                              properties:
+                                medium:
+                                  type: string
+                                sizeLimit:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            ephemeral:
+                              properties:
+                                volumeClaimTemplate:
+                                  properties:
+                                    metadata:
+                                      type: object
+                                    spec:
+                                      properties:
+                                        accessModes:
+                                          items:
+                                            type: string
+                                          type: array
+                                        dataSource:
+                                          properties:
+                                            apiGroup:
+                                              type: string
+                                            kind:
+                                              type: string
+                                            name:
+                                              type: string
+                                          required:
+                                          - kind
+                                          - name
+                                          type: object
+                                        dataSourceRef:
+                                          properties:
+                                            apiGroup:
+                                              type: string
+                                            kind:
+                                              type: string
+                                            name:
+                                              type: string
+                                          required:
+                                          - kind
+                                          - name
+                                          type: object
+                                        resources:
+                                          properties:
+                                            limits:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              type: object
+                                            requests:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              type: object
+                                          type: object
+                                        selector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                        storageClassName:
+                                          type: string
+                                        volumeMode:
+                                          type: string
+                                        volumeName:
+                                          type: string
+                                      type: object
+                                  required:
+                                  - spec
+                                  type: object
+                              type: object
+                            fc:
+                              properties:
+                                fsType:
+                                  type: string
+                                lun:
+                                  format: int32
+                                  type: integer
+                                readOnly:
+                                  type: boolean
+                                targetWWNs:
+                                  items:
+                                    type: string
+                                  type: array
+                                wwids:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            flexVolume:
+                              properties:
+                                driver:
+                                  type: string
+                                fsType:
+                                  type: string
+                                options:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                              required:
+                              - driver
+                              type: object
+                            flocker:
+                              properties:
+                                datasetName:
+                                  type: string
+                                datasetUUID:
+                                  type: string
+                              type: object
+                            gcePersistentDisk:
+                              properties:
+                                fsType:
+                                  type: string
+                                partition:
+                                  format: int32
+                                  type: integer
+                                pdName:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                              required:
+                              - pdName
+                              type: object
+                            gitRepo:
+                              properties:
+                                directory:
+                                  type: string
+                                repository:
+                                  type: string
+                                revision:
+                                  type: string
+                              required:
+                              - repository
+                              type: object
+                            glusterfs:
+                              properties:
+                                endpoints:
+                                  type: string
+                                path:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                              required:
+                              - endpoints
+                              - path
+                              type: object
+                            hostPath:
+                              properties:
+                                path:
+                                  type: string
+                                type:
+                                  type: string
+                              required:
+                              - path
+                              type: object
+                            iscsi:
+                              properties:
+                                chapAuthDiscovery:
+                                  type: boolean
+                                chapAuthSession:
+                                  type: boolean
+                                fsType:
+                                  type: string
+                                initiatorName:
+                                  type: string
+                                iqn:
+                                  type: string
+                                iscsiInterface:
+                                  type: string
+                                lun:
+                                  format: int32
+                                  type: integer
+                                portals:
+                                  items:
+                                    type: string
+                                  type: array
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                                targetPortal:
+                                  type: string
+                              required:
+                              - iqn
+                              - lun
+                              - targetPortal
+                              type: object
+                            name:
+                              type: string
+                            nfs:
+                              properties:
+                                path:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                server:
+                                  type: string
+                              required:
+                              - path
+                              - server
+                              type: object
+                            persistentVolumeClaim:
+                              properties:
+                                claimName:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                              required:
+                              - claimName
+                              type: object
+                            photonPersistentDisk:
+                              properties:
+                                fsType:
+                                  type: string
+                                pdID:
+                                  type: string
+                              required:
+                              - pdID
+                              type: object
+                            portworxVolume:
+                              properties:
+                                fsType:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                volumeID:
+                                  type: string
+                              required:
+                              - volumeID
+                              type: object
+                            projected:
+                              properties:
+                                defaultMode:
+                                  format: int32
+                                  type: integer
+                                sources:
+                                  items:
+                                    properties:
+                                      configMap:
+                                        properties:
+                                          items:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                mode:
+                                                  format: int32
+                                                  type: integer
+                                                path:
+                                                  type: string
+                                              required:
+                                              - key
+                                              - path
+                                              type: object
+                                            type: array
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        type: object
+                                      downwardAPI:
+                                        properties:
+                                          items:
+                                            items:
+                                              properties:
+                                                fieldRef:
+                                                  properties:
+                                                    apiVersion:
+                                                      type: string
+                                                    fieldPath:
+                                                      type: string
+                                                  required:
+                                                  - fieldPath
+                                                  type: object
+                                                mode:
+                                                  format: int32
+                                                  type: integer
+                                                path:
+                                                  type: string
+                                                resourceFieldRef:
+                                                  properties:
+                                                    containerName:
+                                                      type: string
+                                                    divisor:
+                                                      anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    resource:
+                                                      type: string
+                                                  required:
+                                                  - resource
+                                                  type: object
+                                              required:
+                                              - path
+                                              type: object
+                                            type: array
+                                        type: object
+                                      secret:
+                                        properties:
+                                          items:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                mode:
+                                                  format: int32
+                                                  type: integer
+                                                path:
+                                                  type: string
+                                              required:
+                                              - key
+                                              - path
+                                              type: object
+                                            type: array
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        type: object
+                                      serviceAccountToken:
+                                        properties:
+                                          audience:
+                                            type: string
+                                          expirationSeconds:
+                                            format: int64
+                                            type: integer
+                                          path:
+                                            type: string
+                                        required:
+                                        - path
+                                        type: object
+                                    type: object
+                                  type: array
+                              type: object
+                            quobyte:
+                              properties:
+                                group:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                registry:
+                                  type: string
+                                tenant:
+                                  type: string
+                                user:
+                                  type: string
+                                volume:
+                                  type: string
+                              required:
+                              - registry
+                              - volume
+                              type: object
+                            rbd:
+                              properties:
+                                fsType:
+                                  type: string
+                                image:
+                                  type: string
+                                keyring:
+                                  type: string
+                                monitors:
+                                  items:
+                                    type: string
+                                  type: array
+                                pool:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                                user:
+                                  type: string
+                              required:
+                              - image
+                              - monitors
+                              type: object
+                            scaleIO:
+                              properties:
+                                fsType:
+                                  type: string
+                                gateway:
+                                  type: string
+                                protectionDomain:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                                sslEnabled:
+                                  type: boolean
+                                storageMode:
+                                  type: string
+                                storagePool:
+                                  type: string
+                                system:
+                                  type: string
+                                volumeName:
+                                  type: string
+                              required:
+                              - gateway
+                              - secretRef
+                              - system
+                              type: object
+                            secret:
+                              properties:
+                                defaultMode:
+                                  format: int32
+                                  type: integer
+                                items:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      mode:
+                                        format: int32
+                                        type: integer
+                                      path:
+                                        type: string
+                                    required:
+                                    - key
+                                    - path
+                                    type: object
+                                  type: array
+                                optional:
+                                  type: boolean
+                                secretName:
+                                  type: string
+                              type: object
+                            storageos:
+                              properties:
+                                fsType:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                                volumeName:
+                                  type: string
+                                volumeNamespace:
+                                  type: string
+                              type: object
+                            vsphereVolume:
+                              properties:
+                                fsType:
+                                  type: string
+                                storagePolicyID:
+                                  type: string
+                                storagePolicyName:
+                                  type: string
+                                volumePath:
+                                  type: string
+                              required:
+                              - volumePath
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        type: array
+                    required:
+                    - containers
+                    type: object
+                type: object
+            type: object
+          status:
+            properties:
+              conditions:
+                items:
+                  properties:
+                    lastProbeTime:
+                      format: date-time
+                      type: string
+                    lastTransitionTime:
+                      format: date-time
+                      type: string
+                    message:
+                      type: string
+                    reason:
+                      type: string
+                    status:
+                      type: string
+                    type:
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              containerState:
+                properties:
+                  running:
+                    properties:
+                      startedAt:
+                        format: date-time
+                        type: string
+                    type: object
+                  terminated:
+                    properties:
+                      containerID:
+                        type: string
+                      exitCode:
+                        format: int32
+                        type: integer
+                      finishedAt:
+                        format: date-time
+                        type: string
+                      message:
+                        type: string
+                      reason:
+                        type: string
+                      signal:
+                        format: int32
+                        type: integer
+                      startedAt:
+                        format: date-time
+                        type: string
+                    required:
+                    - exitCode
+                    type: object
+                  waiting:
+                    properties:
+                      message:
+                        type: string
+                      reason:
+                        type: string
+                    type: object
+                type: object
+              readyReplicas:
+                format: int32
+                type: integer
+            required:
+            - conditions
+            - containerState
+            - readyReplicas
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            type: string
+          kind:
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              template:
+                properties:
+                  spec:
+                    properties:
+                      activeDeadlineSeconds:
+                        format: int64
+                        type: integer
+                      affinity:
+                        properties:
+                          nodeAffinity:
+                            properties:
+                              preferredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    preference:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchFields:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                      type: object
+                                    weight:
+                                      format: int32
+                                      type: integer
+                                  required:
+                                  - preference
+                                  - weight
+                                  type: object
+                                type: array
+                              requiredDuringSchedulingIgnoredDuringExecution:
+                                properties:
+                                  nodeSelectorTerms:
+                                    items:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchFields:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                      type: object
+                                    type: array
+                                required:
+                                - nodeSelectorTerms
+                                type: object
+                            type: object
+                          podAffinity:
+                            properties:
+                              preferredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    podAffinityTerm:
+                                      properties:
+                                        labelSelector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                        namespaceSelector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                        namespaces:
+                                          items:
+                                            type: string
+                                          type: array
+                                        topologyKey:
+                                          type: string
+                                      required:
+                                      - topologyKey
+                                      type: object
+                                    weight:
+                                      format: int32
+                                      type: integer
+                                  required:
+                                  - podAffinityTerm
+                                  - weight
+                                  type: object
+                                type: array
+                              requiredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    labelSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                    namespaceSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                    namespaces:
+                                      items:
+                                        type: string
+                                      type: array
+                                    topologyKey:
+                                      type: string
+                                  required:
+                                  - topologyKey
+                                  type: object
+                                type: array
+                            type: object
+                          podAntiAffinity:
+                            properties:
+                              preferredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    podAffinityTerm:
+                                      properties:
+                                        labelSelector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                        namespaceSelector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                        namespaces:
+                                          items:
+                                            type: string
+                                          type: array
+                                        topologyKey:
+                                          type: string
+                                      required:
+                                      - topologyKey
+                                      type: object
+                                    weight:
+                                      format: int32
+                                      type: integer
+                                  required:
+                                  - podAffinityTerm
+                                  - weight
+                                  type: object
+                                type: array
+                              requiredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    labelSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                    namespaceSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                    namespaces:
+                                      items:
+                                        type: string
+                                      type: array
+                                    topologyKey:
+                                      type: string
+                                  required:
+                                  - topologyKey
+                                  type: object
+                                type: array
+                            type: object
+                        type: object
+                      automountServiceAccountToken:
+                        type: boolean
+                      containers:
+                        items:
+                          properties:
+                            args:
+                              items:
+                                type: string
+                              type: array
+                            command:
+                              items:
+                                type: string
+                              type: array
+                            env:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                  valueFrom:
+                                    properties:
+                                      configMapKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                      fieldRef:
+                                        properties:
+                                          apiVersion:
+                                            type: string
+                                          fieldPath:
+                                            type: string
+                                        required:
+                                        - fieldPath
+                                        type: object
+                                      resourceFieldRef:
+                                        properties:
+                                          containerName:
+                                            type: string
+                                          divisor:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          resource:
+                                            type: string
+                                        required:
+                                        - resource
+                                        type: object
+                                      secretKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            envFrom:
+                              items:
+                                properties:
+                                  configMapRef:
+                                    properties:
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                  prefix:
+                                    type: string
+                                  secretRef:
+                                    properties:
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                type: object
+                              type: array
+                            image:
+                              type: string
+                            imagePullPolicy:
+                              type: string
+                            lifecycle:
+                              properties:
+                                postStart:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                                preStop:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                              type: object
+                            livenessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            name:
+                              type: string
+                            ports:
+                              items:
+                                properties:
+                                  containerPort:
+                                    format: int32
+                                    type: integer
+                                  hostIP:
+                                    type: string
+                                  hostPort:
+                                    format: int32
+                                    type: integer
+                                  name:
+                                    type: string
+                                  protocol:
+                                    default: TCP
+                                    type: string
+                                required:
+                                - containerPort
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - containerPort
+                              - protocol
+                              x-kubernetes-list-type: map
+                            readinessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            resources:
+                              properties:
+                                limits:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                                requests:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                              type: object
+                            securityContext:
+                              properties:
+                                allowPrivilegeEscalation:
+                                  type: boolean
+                                capabilities:
+                                  properties:
+                                    add:
+                                      items:
+                                        type: string
+                                      type: array
+                                    drop:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                privileged:
+                                  type: boolean
+                                procMount:
+                                  type: string
+                                readOnlyRootFilesystem:
+                                  type: boolean
+                                runAsGroup:
+                                  format: int64
+                                  type: integer
+                                runAsNonRoot:
+                                  type: boolean
+                                runAsUser:
+                                  format: int64
+                                  type: integer
+                                seLinuxOptions:
+                                  properties:
+                                    level:
+                                      type: string
+                                    role:
+                                      type: string
+                                    type:
+                                      type: string
+                                    user:
+                                      type: string
+                                  type: object
+                                seccompProfile:
+                                  properties:
+                                    localhostProfile:
+                                      type: string
+                                    type:
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                windowsOptions:
+                                  properties:
+                                    gmsaCredentialSpec:
+                                      type: string
+                                    gmsaCredentialSpecName:
+                                      type: string
+                                    hostProcess:
+                                      type: boolean
+                                    runAsUserName:
+                                      type: string
+                                  type: object
+                              type: object
+                            startupProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            stdin:
+                              type: boolean
+                            stdinOnce:
+                              type: boolean
+                            terminationMessagePath:
+                              type: string
+                            terminationMessagePolicy:
+                              type: string
+                            tty:
+                              type: boolean
+                            volumeDevices:
+                              items:
+                                properties:
+                                  devicePath:
+                                    type: string
+                                  name:
+                                    type: string
+                                required:
+                                - devicePath
+                                - name
+                                type: object
+                              type: array
+                            volumeMounts:
+                              items:
+                                properties:
+                                  mountPath:
+                                    type: string
+                                  mountPropagation:
+                                    type: string
+                                  name:
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  subPath:
+                                    type: string
+                                  subPathExpr:
+                                    type: string
+                                required:
+                                - mountPath
+                                - name
+                                type: object
+                              type: array
+                            workingDir:
+                              type: string
+                          required:
+                          - name
+                          - image
+                          type: object
+                        type: array
+                        minItems: 1
+                      dnsConfig:
+                        properties:
+                          nameservers:
+                            items:
+                              type: string
+                            type: array
+                          options:
+                            items:
+                              properties:
+                                name:
+                                  type: string
+                                value:
+                                  type: string
+                              type: object
+                            type: array
+                          searches:
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      dnsPolicy:
+                        type: string
+                      enableServiceLinks:
+                        type: boolean
+                      ephemeralContainers:
+                        items:
+                          properties:
+                            args:
+                              items:
+                                type: string
+                              type: array
+                            command:
+                              items:
+                                type: string
+                              type: array
+                            env:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                  valueFrom:
+                                    properties:
+                                      configMapKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                      fieldRef:
+                                        properties:
+                                          apiVersion:
+                                            type: string
+                                          fieldPath:
+                                            type: string
+                                        required:
+                                        - fieldPath
+                                        type: object
+                                      resourceFieldRef:
+                                        properties:
+                                          containerName:
+                                            type: string
+                                          divisor:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          resource:
+                                            type: string
+                                        required:
+                                        - resource
+                                        type: object
+                                      secretKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            envFrom:
+                              items:
+                                properties:
+                                  configMapRef:
+                                    properties:
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                  prefix:
+                                    type: string
+                                  secretRef:
+                                    properties:
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                type: object
+                              type: array
+                            image:
+                              type: string
+                            imagePullPolicy:
+                              type: string
+                            lifecycle:
+                              properties:
+                                postStart:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                                preStop:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                              type: object
+                            livenessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            name:
+                              type: string
+                            ports:
+                              items:
+                                properties:
+                                  containerPort:
+                                    format: int32
+                                    type: integer
+                                  hostIP:
+                                    type: string
+                                  hostPort:
+                                    format: int32
+                                    type: integer
+                                  name:
+                                    type: string
+                                  protocol:
+                                    default: TCP
+                                    type: string
+                                required:
+                                - containerPort
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - containerPort
+                              - protocol
+                              x-kubernetes-list-type: map
+                            readinessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            resources:
+                              properties:
+                                limits:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                                requests:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                              type: object
+                            securityContext:
+                              properties:
+                                allowPrivilegeEscalation:
+                                  type: boolean
+                                capabilities:
+                                  properties:
+                                    add:
+                                      items:
+                                        type: string
+                                      type: array
+                                    drop:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                privileged:
+                                  type: boolean
+                                procMount:
+                                  type: string
+                                readOnlyRootFilesystem:
+                                  type: boolean
+                                runAsGroup:
+                                  format: int64
+                                  type: integer
+                                runAsNonRoot:
+                                  type: boolean
+                                runAsUser:
+                                  format: int64
+                                  type: integer
+                                seLinuxOptions:
+                                  properties:
+                                    level:
+                                      type: string
+                                    role:
+                                      type: string
+                                    type:
+                                      type: string
+                                    user:
+                                      type: string
+                                  type: object
+                                seccompProfile:
+                                  properties:
+                                    localhostProfile:
+                                      type: string
+                                    type:
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                windowsOptions:
+                                  properties:
+                                    gmsaCredentialSpec:
+                                      type: string
+                                    gmsaCredentialSpecName:
+                                      type: string
+                                    hostProcess:
+                                      type: boolean
+                                    runAsUserName:
+                                      type: string
+                                  type: object
+                              type: object
+                            startupProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            stdin:
+                              type: boolean
+                            stdinOnce:
+                              type: boolean
+                            targetContainerName:
+                              type: string
+                            terminationMessagePath:
+                              type: string
+                            terminationMessagePolicy:
+                              type: string
+                            tty:
+                              type: boolean
+                            volumeDevices:
+                              items:
+                                properties:
+                                  devicePath:
+                                    type: string
+                                  name:
+                                    type: string
+                                required:
+                                - devicePath
+                                - name
+                                type: object
+                              type: array
+                            volumeMounts:
+                              items:
+                                properties:
+                                  mountPath:
+                                    type: string
+                                  mountPropagation:
+                                    type: string
+                                  name:
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  subPath:
+                                    type: string
+                                  subPathExpr:
+                                    type: string
+                                required:
+                                - mountPath
+                                - name
+                                type: object
+                              type: array
+                            workingDir:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                      hostAliases:
+                        items:
+                          properties:
+                            hostnames:
+                              items:
+                                type: string
+                              type: array
+                            ip:
+                              type: string
+                          type: object
+                        type: array
+                      hostIPC:
+                        type: boolean
+                      hostNetwork:
+                        type: boolean
+                      hostPID:
+                        type: boolean
+                      hostname:
+                        type: string
+                      imagePullSecrets:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                          type: object
+                        type: array
+                      initContainers:
+                        items:
+                          properties:
+                            args:
+                              items:
+                                type: string
+                              type: array
+                            command:
+                              items:
+                                type: string
+                              type: array
+                            env:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                  valueFrom:
+                                    properties:
+                                      configMapKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                      fieldRef:
+                                        properties:
+                                          apiVersion:
+                                            type: string
+                                          fieldPath:
+                                            type: string
+                                        required:
+                                        - fieldPath
+                                        type: object
+                                      resourceFieldRef:
+                                        properties:
+                                          containerName:
+                                            type: string
+                                          divisor:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          resource:
+                                            type: string
+                                        required:
+                                        - resource
+                                        type: object
+                                      secretKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            envFrom:
+                              items:
+                                properties:
+                                  configMapRef:
+                                    properties:
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                  prefix:
+                                    type: string
+                                  secretRef:
+                                    properties:
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                type: object
+                              type: array
+                            image:
+                              type: string
+                            imagePullPolicy:
+                              type: string
+                            lifecycle:
+                              properties:
+                                postStart:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                                preStop:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                              type: object
+                            livenessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            name:
+                              type: string
+                            ports:
+                              items:
+                                properties:
+                                  containerPort:
+                                    format: int32
+                                    type: integer
+                                  hostIP:
+                                    type: string
+                                  hostPort:
+                                    format: int32
+                                    type: integer
+                                  name:
+                                    type: string
+                                  protocol:
+                                    default: TCP
+                                    type: string
+                                required:
+                                - containerPort
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - containerPort
+                              - protocol
+                              x-kubernetes-list-type: map
+                            readinessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            resources:
+                              properties:
+                                limits:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                                requests:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                              type: object
+                            securityContext:
+                              properties:
+                                allowPrivilegeEscalation:
+                                  type: boolean
+                                capabilities:
+                                  properties:
+                                    add:
+                                      items:
+                                        type: string
+                                      type: array
+                                    drop:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                privileged:
+                                  type: boolean
+                                procMount:
+                                  type: string
+                                readOnlyRootFilesystem:
+                                  type: boolean
+                                runAsGroup:
+                                  format: int64
+                                  type: integer
+                                runAsNonRoot:
+                                  type: boolean
+                                runAsUser:
+                                  format: int64
+                                  type: integer
+                                seLinuxOptions:
+                                  properties:
+                                    level:
+                                      type: string
+                                    role:
+                                      type: string
+                                    type:
+                                      type: string
+                                    user:
+                                      type: string
+                                  type: object
+                                seccompProfile:
+                                  properties:
+                                    localhostProfile:
+                                      type: string
+                                    type:
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                windowsOptions:
+                                  properties:
+                                    gmsaCredentialSpec:
+                                      type: string
+                                    gmsaCredentialSpecName:
+                                      type: string
+                                    hostProcess:
+                                      type: boolean
+                                    runAsUserName:
+                                      type: string
+                                  type: object
+                              type: object
+                            startupProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            stdin:
+                              type: boolean
+                            stdinOnce:
+                              type: boolean
+                            terminationMessagePath:
+                              type: string
+                            terminationMessagePolicy:
+                              type: string
+                            tty:
+                              type: boolean
+                            volumeDevices:
+                              items:
+                                properties:
+                                  devicePath:
+                                    type: string
+                                  name:
+                                    type: string
+                                required:
+                                - devicePath
+                                - name
+                                type: object
+                              type: array
+                            volumeMounts:
+                              items:
+                                properties:
+                                  mountPath:
+                                    type: string
+                                  mountPropagation:
+                                    type: string
+                                  name:
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  subPath:
+                                    type: string
+                                  subPathExpr:
+                                    type: string
+                                required:
+                                - mountPath
+                                - name
+                                type: object
+                              type: array
+                            workingDir:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                      nodeName:
+                        type: string
+                      nodeSelector:
+                        additionalProperties:
+                          type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      os:
+                        properties:
+                          name:
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      overhead:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        type: object
+                      preemptionPolicy:
+                        type: string
+                      priority:
+                        format: int32
+                        type: integer
+                      priorityClassName:
+                        type: string
+                      readinessGates:
+                        items:
+                          properties:
+                            conditionType:
+                              type: string
+                          required:
+                          - conditionType
+                          type: object
+                        type: array
+                      restartPolicy:
+                        type: string
+                      runtimeClassName:
+                        type: string
+                      schedulerName:
+                        type: string
+                      securityContext:
+                        properties:
+                          fsGroup:
+                            format: int64
+                            type: integer
+                          fsGroupChangePolicy:
+                            type: string
+                          runAsGroup:
+                            format: int64
+                            type: integer
+                          runAsNonRoot:
+                            type: boolean
+                          runAsUser:
+                            format: int64
+                            type: integer
+                          seLinuxOptions:
+                            properties:
+                              level:
+                                type: string
+                              role:
+                                type: string
+                              type:
+                                type: string
+                              user:
+                                type: string
+                            type: object
+                          seccompProfile:
+                            properties:
+                              localhostProfile:
+                                type: string
+                              type:
+                                type: string
+                            required:
+                            - type
+                            type: object
+                          supplementalGroups:
+                            items:
+                              format: int64
+                              type: integer
+                            type: array
+                          sysctls:
+                            items:
+                              properties:
+                                name:
+                                  type: string
+                                value:
+                                  type: string
+                              required:
+                              - name
+                              - value
+                              type: object
+                            type: array
+                          windowsOptions:
+                            properties:
+                              gmsaCredentialSpec:
+                                type: string
+                              gmsaCredentialSpecName:
+                                type: string
+                              hostProcess:
+                                type: boolean
+                              runAsUserName:
+                                type: string
+                            type: object
+                        type: object
+                      serviceAccount:
+                        type: string
+                      serviceAccountName:
+                        type: string
+                      setHostnameAsFQDN:
+                        type: boolean
+                      shareProcessNamespace:
+                        type: boolean
+                      subdomain:
+                        type: string
+                      terminationGracePeriodSeconds:
+                        format: int64
+                        type: integer
+                      tolerations:
+                        items:
+                          properties:
+                            effect:
+                              type: string
+                            key:
+                              type: string
+                            operator:
+                              type: string
+                            tolerationSeconds:
+                              format: int64
+                              type: integer
+                            value:
+                              type: string
+                          type: object
+                        type: array
+                      topologySpreadConstraints:
+                        items:
+                          properties:
+                            labelSelector:
+                              properties:
+                                matchExpressions:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                matchLabels:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              type: object
+                            maxSkew:
+                              format: int32
+                              type: integer
+                            topologyKey:
+                              type: string
+                            whenUnsatisfiable:
+                              type: string
+                          required:
+                          - maxSkew
+                          - topologyKey
+                          - whenUnsatisfiable
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - topologyKey
+                        - whenUnsatisfiable
+                        x-kubernetes-list-type: map
+                      volumes:
+                        items:
+                          properties:
+                            awsElasticBlockStore:
+                              properties:
+                                fsType:
+                                  type: string
+                                partition:
+                                  format: int32
+                                  type: integer
+                                readOnly:
+                                  type: boolean
+                                volumeID:
+                                  type: string
+                              required:
+                              - volumeID
+                              type: object
+                            azureDisk:
+                              properties:
+                                cachingMode:
+                                  type: string
+                                diskName:
+                                  type: string
+                                diskURI:
+                                  type: string
+                                fsType:
+                                  type: string
+                                kind:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                              required:
+                              - diskName
+                              - diskURI
+                              type: object
+                            azureFile:
+                              properties:
+                                readOnly:
+                                  type: boolean
+                                secretName:
+                                  type: string
+                                shareName:
+                                  type: string
+                              required:
+                              - secretName
+                              - shareName
+                              type: object
+                            cephfs:
+                              properties:
+                                monitors:
+                                  items:
+                                    type: string
+                                  type: array
+                                path:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretFile:
+                                  type: string
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                                user:
+                                  type: string
+                              required:
+                              - monitors
+                              type: object
+                            cinder:
+                              properties:
+                                fsType:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                                volumeID:
+                                  type: string
+                              required:
+                              - volumeID
+                              type: object
+                            configMap:
+                              properties:
+                                defaultMode:
+                                  format: int32
+                                  type: integer
+                                items:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      mode:
+                                        format: int32
+                                        type: integer
+                                      path:
+                                        type: string
+                                    required:
+                                    - key
+                                    - path
+                                    type: object
+                                  type: array
+                                name:
+                                  type: string
+                                optional:
+                                  type: boolean
+                              type: object
+                            csi:
+                              properties:
+                                driver:
+                                  type: string
+                                fsType:
+                                  type: string
+                                nodePublishSecretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                                readOnly:
+                                  type: boolean
+                                volumeAttributes:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              required:
+                              - driver
+                              type: object
+                            downwardAPI:
+                              properties:
+                                defaultMode:
+                                  format: int32
+                                  type: integer
+                                items:
+                                  items:
+                                    properties:
+                                      fieldRef:
+                                        properties:
+                                          apiVersion:
+                                            type: string
+                                          fieldPath:
+                                            type: string
+                                        required:
+                                        - fieldPath
+                                        type: object
+                                      mode:
+                                        format: int32
+                                        type: integer
+                                      path:
+                                        type: string
+                                      resourceFieldRef:
+                                        properties:
+                                          containerName:
+                                            type: string
+                                          divisor:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          resource:
+                                            type: string
+                                        required:
+                                        - resource
+                                        type: object
+                                    required:
+                                    - path
+                                    type: object
+                                  type: array
+                              type: object
+                            emptyDir:
+                              properties:
+                                medium:
+                                  type: string
+                                sizeLimit:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            ephemeral:
+                              properties:
+                                volumeClaimTemplate:
+                                  properties:
+                                    metadata:
+                                      type: object
+                                    spec:
+                                      properties:
+                                        accessModes:
+                                          items:
+                                            type: string
+                                          type: array
+                                        dataSource:
+                                          properties:
+                                            apiGroup:
+                                              type: string
+                                            kind:
+                                              type: string
+                                            name:
+                                              type: string
+                                          required:
+                                          - kind
+                                          - name
+                                          type: object
+                                        dataSourceRef:
+                                          properties:
+                                            apiGroup:
+                                              type: string
+                                            kind:
+                                              type: string
+                                            name:
+                                              type: string
+                                          required:
+                                          - kind
+                                          - name
+                                          type: object
+                                        resources:
+                                          properties:
+                                            limits:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              type: object
+                                            requests:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              type: object
+                                          type: object
+                                        selector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                        storageClassName:
+                                          type: string
+                                        volumeMode:
+                                          type: string
+                                        volumeName:
+                                          type: string
+                                      type: object
+                                  required:
+                                  - spec
+                                  type: object
+                              type: object
+                            fc:
+                              properties:
+                                fsType:
+                                  type: string
+                                lun:
+                                  format: int32
+                                  type: integer
+                                readOnly:
+                                  type: boolean
+                                targetWWNs:
+                                  items:
+                                    type: string
+                                  type: array
+                                wwids:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            flexVolume:
+                              properties:
+                                driver:
+                                  type: string
+                                fsType:
+                                  type: string
+                                options:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                              required:
+                              - driver
+                              type: object
+                            flocker:
+                              properties:
+                                datasetName:
+                                  type: string
+                                datasetUUID:
+                                  type: string
+                              type: object
+                            gcePersistentDisk:
+                              properties:
+                                fsType:
+                                  type: string
+                                partition:
+                                  format: int32
+                                  type: integer
+                                pdName:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                              required:
+                              - pdName
+                              type: object
+                            gitRepo:
+                              properties:
+                                directory:
+                                  type: string
+                                repository:
+                                  type: string
+                                revision:
+                                  type: string
+                              required:
+                              - repository
+                              type: object
+                            glusterfs:
+                              properties:
+                                endpoints:
+                                  type: string
+                                path:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                              required:
+                              - endpoints
+                              - path
+                              type: object
+                            hostPath:
+                              properties:
+                                path:
+                                  type: string
+                                type:
+                                  type: string
+                              required:
+                              - path
+                              type: object
+                            iscsi:
+                              properties:
+                                chapAuthDiscovery:
+                                  type: boolean
+                                chapAuthSession:
+                                  type: boolean
+                                fsType:
+                                  type: string
+                                initiatorName:
+                                  type: string
+                                iqn:
+                                  type: string
+                                iscsiInterface:
+                                  type: string
+                                lun:
+                                  format: int32
+                                  type: integer
+                                portals:
+                                  items:
+                                    type: string
+                                  type: array
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                                targetPortal:
+                                  type: string
+                              required:
+                              - iqn
+                              - lun
+                              - targetPortal
+                              type: object
+                            name:
+                              type: string
+                            nfs:
+                              properties:
+                                path:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                server:
+                                  type: string
+                              required:
+                              - path
+                              - server
+                              type: object
+                            persistentVolumeClaim:
+                              properties:
+                                claimName:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                              required:
+                              - claimName
+                              type: object
+                            photonPersistentDisk:
+                              properties:
+                                fsType:
+                                  type: string
+                                pdID:
+                                  type: string
+                              required:
+                              - pdID
+                              type: object
+                            portworxVolume:
+                              properties:
+                                fsType:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                volumeID:
+                                  type: string
+                              required:
+                              - volumeID
+                              type: object
+                            projected:
+                              properties:
+                                defaultMode:
+                                  format: int32
+                                  type: integer
+                                sources:
+                                  items:
+                                    properties:
+                                      configMap:
+                                        properties:
+                                          items:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                mode:
+                                                  format: int32
+                                                  type: integer
+                                                path:
+                                                  type: string
+                                              required:
+                                              - key
+                                              - path
+                                              type: object
+                                            type: array
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        type: object
+                                      downwardAPI:
+                                        properties:
+                                          items:
+                                            items:
+                                              properties:
+                                                fieldRef:
+                                                  properties:
+                                                    apiVersion:
+                                                      type: string
+                                                    fieldPath:
+                                                      type: string
+                                                  required:
+                                                  - fieldPath
+                                                  type: object
+                                                mode:
+                                                  format: int32
+                                                  type: integer
+                                                path:
+                                                  type: string
+                                                resourceFieldRef:
+                                                  properties:
+                                                    containerName:
+                                                      type: string
+                                                    divisor:
+                                                      anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    resource:
+                                                      type: string
+                                                  required:
+                                                  - resource
+                                                  type: object
+                                              required:
+                                              - path
+                                              type: object
+                                            type: array
+                                        type: object
+                                      secret:
+                                        properties:
+                                          items:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                mode:
+                                                  format: int32
+                                                  type: integer
+                                                path:
+                                                  type: string
+                                              required:
+                                              - key
+                                              - path
+                                              type: object
+                                            type: array
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        type: object
+                                      serviceAccountToken:
+                                        properties:
+                                          audience:
+                                            type: string
+                                          expirationSeconds:
+                                            format: int64
+                                            type: integer
+                                          path:
+                                            type: string
+                                        required:
+                                        - path
+                                        type: object
+                                    type: object
+                                  type: array
+                              type: object
+                            quobyte:
+                              properties:
+                                group:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                registry:
+                                  type: string
+                                tenant:
+                                  type: string
+                                user:
+                                  type: string
+                                volume:
+                                  type: string
+                              required:
+                              - registry
+                              - volume
+                              type: object
+                            rbd:
+                              properties:
+                                fsType:
+                                  type: string
+                                image:
+                                  type: string
+                                keyring:
+                                  type: string
+                                monitors:
+                                  items:
+                                    type: string
+                                  type: array
+                                pool:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                                user:
+                                  type: string
+                              required:
+                              - image
+                              - monitors
+                              type: object
+                            scaleIO:
+                              properties:
+                                fsType:
+                                  type: string
+                                gateway:
+                                  type: string
+                                protectionDomain:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                                sslEnabled:
+                                  type: boolean
+                                storageMode:
+                                  type: string
+                                storagePool:
+                                  type: string
+                                system:
+                                  type: string
+                                volumeName:
+                                  type: string
+                              required:
+                              - gateway
+                              - secretRef
+                              - system
+                              type: object
+                            secret:
+                              properties:
+                                defaultMode:
+                                  format: int32
+                                  type: integer
+                                items:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      mode:
+                                        format: int32
+                                        type: integer
+                                      path:
+                                        type: string
+                                    required:
+                                    - key
+                                    - path
+                                    type: object
+                                  type: array
+                                optional:
+                                  type: boolean
+                                secretName:
+                                  type: string
+                              type: object
+                            storageos:
+                              properties:
+                                fsType:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                                volumeName:
+                                  type: string
+                                volumeNamespace:
+                                  type: string
+                              type: object
+                            vsphereVolume:
+                              properties:
+                                fsType:
+                                  type: string
+                                storagePolicyID:
+                                  type: string
+                                storagePolicyName:
+                                  type: string
+                                volumePath:
+                                  type: string
+                              required:
+                              - volumePath
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        type: array
+                    required:
+                    - containers
+                    type: object
+                type: object
+            type: object
+          status:
+            properties:
+              conditions:
+                items:
+                  properties:
+                    lastProbeTime:
+                      format: date-time
+                      type: string
+                    lastTransitionTime:
+                      format: date-time
+                      type: string
+                    message:
+                      type: string
+                    reason:
+                      type: string
+                    status:
+                      type: string
+                    type:
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              containerState:
+                properties:
+                  running:
+                    properties:
+                      startedAt:
+                        format: date-time
+                        type: string
+                    type: object
+                  terminated:
+                    properties:
+                      containerID:
+                        type: string
+                      exitCode:
+                        format: int32
+                        type: integer
+                      finishedAt:
+                        format: date-time
+                        type: string
+                      message:
+                        type: string
+                      reason:
+                        type: string
+                      signal:
+                        format: int32
+                        type: integer
+                      startedAt:
+                        format: date-time
+                        type: string
+                    required:
+                    - exitCode
+                    type: object
+                  waiting:
+                    properties:
+                      message:
+                        type: string
+                      reason:
+                        type: string
+                    type: object
+                type: object
+              readyReplicas:
+                format: int32
+                type: integer
+            required:
+            - conditions
+            - containerState
+            - readyReplicas
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            type: string
+          kind:
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              template:
+                properties:
+                  spec:
+                    properties:
+                      activeDeadlineSeconds:
+                        format: int64
+                        type: integer
+                      affinity:
+                        properties:
+                          nodeAffinity:
+                            properties:
+                              preferredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    preference:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchFields:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                      type: object
+                                    weight:
+                                      format: int32
+                                      type: integer
+                                  required:
+                                  - preference
+                                  - weight
+                                  type: object
+                                type: array
+                              requiredDuringSchedulingIgnoredDuringExecution:
+                                properties:
+                                  nodeSelectorTerms:
+                                    items:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchFields:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                      type: object
+                                    type: array
+                                required:
+                                - nodeSelectorTerms
+                                type: object
+                            type: object
+                          podAffinity:
+                            properties:
+                              preferredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    podAffinityTerm:
+                                      properties:
+                                        labelSelector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                        namespaceSelector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                        namespaces:
+                                          items:
+                                            type: string
+                                          type: array
+                                        topologyKey:
+                                          type: string
+                                      required:
+                                      - topologyKey
+                                      type: object
+                                    weight:
+                                      format: int32
+                                      type: integer
+                                  required:
+                                  - podAffinityTerm
+                                  - weight
+                                  type: object
+                                type: array
+                              requiredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    labelSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                    namespaceSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                    namespaces:
+                                      items:
+                                        type: string
+                                      type: array
+                                    topologyKey:
+                                      type: string
+                                  required:
+                                  - topologyKey
+                                  type: object
+                                type: array
+                            type: object
+                          podAntiAffinity:
+                            properties:
+                              preferredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    podAffinityTerm:
+                                      properties:
+                                        labelSelector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                        namespaceSelector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                        namespaces:
+                                          items:
+                                            type: string
+                                          type: array
+                                        topologyKey:
+                                          type: string
+                                      required:
+                                      - topologyKey
+                                      type: object
+                                    weight:
+                                      format: int32
+                                      type: integer
+                                  required:
+                                  - podAffinityTerm
+                                  - weight
+                                  type: object
+                                type: array
+                              requiredDuringSchedulingIgnoredDuringExecution:
+                                items:
+                                  properties:
+                                    labelSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                    namespaceSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                    namespaces:
+                                      items:
+                                        type: string
+                                      type: array
+                                    topologyKey:
+                                      type: string
+                                  required:
+                                  - topologyKey
+                                  type: object
+                                type: array
+                            type: object
+                        type: object
+                      automountServiceAccountToken:
+                        type: boolean
+                      containers:
+                        items:
+                          properties:
+                            args:
+                              items:
+                                type: string
+                              type: array
+                            command:
+                              items:
+                                type: string
+                              type: array
+                            env:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                  valueFrom:
+                                    properties:
+                                      configMapKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                      fieldRef:
+                                        properties:
+                                          apiVersion:
+                                            type: string
+                                          fieldPath:
+                                            type: string
+                                        required:
+                                        - fieldPath
+                                        type: object
+                                      resourceFieldRef:
+                                        properties:
+                                          containerName:
+                                            type: string
+                                          divisor:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          resource:
+                                            type: string
+                                        required:
+                                        - resource
+                                        type: object
+                                      secretKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            envFrom:
+                              items:
+                                properties:
+                                  configMapRef:
+                                    properties:
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                  prefix:
+                                    type: string
+                                  secretRef:
+                                    properties:
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                type: object
+                              type: array
+                            image:
+                              type: string
+                            imagePullPolicy:
+                              type: string
+                            lifecycle:
+                              properties:
+                                postStart:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                                preStop:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                              type: object
+                            livenessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            name:
+                              type: string
+                            ports:
+                              items:
+                                properties:
+                                  containerPort:
+                                    format: int32
+                                    type: integer
+                                  hostIP:
+                                    type: string
+                                  hostPort:
+                                    format: int32
+                                    type: integer
+                                  name:
+                                    type: string
+                                  protocol:
+                                    default: TCP
+                                    type: string
+                                required:
+                                - containerPort
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - containerPort
+                              - protocol
+                              x-kubernetes-list-type: map
+                            readinessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            resources:
+                              properties:
+                                limits:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                                requests:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                              type: object
+                            securityContext:
+                              properties:
+                                allowPrivilegeEscalation:
+                                  type: boolean
+                                capabilities:
+                                  properties:
+                                    add:
+                                      items:
+                                        type: string
+                                      type: array
+                                    drop:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                privileged:
+                                  type: boolean
+                                procMount:
+                                  type: string
+                                readOnlyRootFilesystem:
+                                  type: boolean
+                                runAsGroup:
+                                  format: int64
+                                  type: integer
+                                runAsNonRoot:
+                                  type: boolean
+                                runAsUser:
+                                  format: int64
+                                  type: integer
+                                seLinuxOptions:
+                                  properties:
+                                    level:
+                                      type: string
+                                    role:
+                                      type: string
+                                    type:
+                                      type: string
+                                    user:
+                                      type: string
+                                  type: object
+                                seccompProfile:
+                                  properties:
+                                    localhostProfile:
+                                      type: string
+                                    type:
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                windowsOptions:
+                                  properties:
+                                    gmsaCredentialSpec:
+                                      type: string
+                                    gmsaCredentialSpecName:
+                                      type: string
+                                    hostProcess:
+                                      type: boolean
+                                    runAsUserName:
+                                      type: string
+                                  type: object
+                              type: object
+                            startupProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            stdin:
+                              type: boolean
+                            stdinOnce:
+                              type: boolean
+                            terminationMessagePath:
+                              type: string
+                            terminationMessagePolicy:
+                              type: string
+                            tty:
+                              type: boolean
+                            volumeDevices:
+                              items:
+                                properties:
+                                  devicePath:
+                                    type: string
+                                  name:
+                                    type: string
+                                required:
+                                - devicePath
+                                - name
+                                type: object
+                              type: array
+                            volumeMounts:
+                              items:
+                                properties:
+                                  mountPath:
+                                    type: string
+                                  mountPropagation:
+                                    type: string
+                                  name:
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  subPath:
+                                    type: string
+                                  subPathExpr:
+                                    type: string
+                                required:
+                                - mountPath
+                                - name
+                                type: object
+                              type: array
+                            workingDir:
+                              type: string
+                          required:
+                          - name
+                          - image
+                          type: object
+                        type: array
+                        minItems: 1
+                      dnsConfig:
+                        properties:
+                          nameservers:
+                            items:
+                              type: string
+                            type: array
+                          options:
+                            items:
+                              properties:
+                                name:
+                                  type: string
+                                value:
+                                  type: string
+                              type: object
+                            type: array
+                          searches:
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      dnsPolicy:
+                        type: string
+                      enableServiceLinks:
+                        type: boolean
+                      ephemeralContainers:
+                        items:
+                          properties:
+                            args:
+                              items:
+                                type: string
+                              type: array
+                            command:
+                              items:
+                                type: string
+                              type: array
+                            env:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                  valueFrom:
+                                    properties:
+                                      configMapKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                      fieldRef:
+                                        properties:
+                                          apiVersion:
+                                            type: string
+                                          fieldPath:
+                                            type: string
+                                        required:
+                                        - fieldPath
+                                        type: object
+                                      resourceFieldRef:
+                                        properties:
+                                          containerName:
+                                            type: string
+                                          divisor:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          resource:
+                                            type: string
+                                        required:
+                                        - resource
+                                        type: object
+                                      secretKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            envFrom:
+                              items:
+                                properties:
+                                  configMapRef:
+                                    properties:
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                  prefix:
+                                    type: string
+                                  secretRef:
+                                    properties:
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                type: object
+                              type: array
+                            image:
+                              type: string
+                            imagePullPolicy:
+                              type: string
+                            lifecycle:
+                              properties:
+                                postStart:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                                preStop:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                              type: object
+                            livenessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            name:
+                              type: string
+                            ports:
+                              items:
+                                properties:
+                                  containerPort:
+                                    format: int32
+                                    type: integer
+                                  hostIP:
+                                    type: string
+                                  hostPort:
+                                    format: int32
+                                    type: integer
+                                  name:
+                                    type: string
+                                  protocol:
+                                    default: TCP
+                                    type: string
+                                required:
+                                - containerPort
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - containerPort
+                              - protocol
+                              x-kubernetes-list-type: map
+                            readinessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            resources:
+                              properties:
+                                limits:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                                requests:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                              type: object
+                            securityContext:
+                              properties:
+                                allowPrivilegeEscalation:
+                                  type: boolean
+                                capabilities:
+                                  properties:
+                                    add:
+                                      items:
+                                        type: string
+                                      type: array
+                                    drop:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                privileged:
+                                  type: boolean
+                                procMount:
+                                  type: string
+                                readOnlyRootFilesystem:
+                                  type: boolean
+                                runAsGroup:
+                                  format: int64
+                                  type: integer
+                                runAsNonRoot:
+                                  type: boolean
+                                runAsUser:
+                                  format: int64
+                                  type: integer
+                                seLinuxOptions:
+                                  properties:
+                                    level:
+                                      type: string
+                                    role:
+                                      type: string
+                                    type:
+                                      type: string
+                                    user:
+                                      type: string
+                                  type: object
+                                seccompProfile:
+                                  properties:
+                                    localhostProfile:
+                                      type: string
+                                    type:
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                windowsOptions:
+                                  properties:
+                                    gmsaCredentialSpec:
+                                      type: string
+                                    gmsaCredentialSpecName:
+                                      type: string
+                                    hostProcess:
+                                      type: boolean
+                                    runAsUserName:
+                                      type: string
+                                  type: object
+                              type: object
+                            startupProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            stdin:
+                              type: boolean
+                            stdinOnce:
+                              type: boolean
+                            targetContainerName:
+                              type: string
+                            terminationMessagePath:
+                              type: string
+                            terminationMessagePolicy:
+                              type: string
+                            tty:
+                              type: boolean
+                            volumeDevices:
+                              items:
+                                properties:
+                                  devicePath:
+                                    type: string
+                                  name:
+                                    type: string
+                                required:
+                                - devicePath
+                                - name
+                                type: object
+                              type: array
+                            volumeMounts:
+                              items:
+                                properties:
+                                  mountPath:
+                                    type: string
+                                  mountPropagation:
+                                    type: string
+                                  name:
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  subPath:
+                                    type: string
+                                  subPathExpr:
+                                    type: string
+                                required:
+                                - mountPath
+                                - name
+                                type: object
+                              type: array
+                            workingDir:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                      hostAliases:
+                        items:
+                          properties:
+                            hostnames:
+                              items:
+                                type: string
+                              type: array
+                            ip:
+                              type: string
+                          type: object
+                        type: array
+                      hostIPC:
+                        type: boolean
+                      hostNetwork:
+                        type: boolean
+                      hostPID:
+                        type: boolean
+                      hostname:
+                        type: string
+                      imagePullSecrets:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                          type: object
+                        type: array
+                      initContainers:
+                        items:
+                          properties:
+                            args:
+                              items:
+                                type: string
+                              type: array
+                            command:
+                              items:
+                                type: string
+                              type: array
+                            env:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                  value:
+                                    type: string
+                                  valueFrom:
+                                    properties:
+                                      configMapKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                      fieldRef:
+                                        properties:
+                                          apiVersion:
+                                            type: string
+                                          fieldPath:
+                                            type: string
+                                        required:
+                                        - fieldPath
+                                        type: object
+                                      resourceFieldRef:
+                                        properties:
+                                          containerName:
+                                            type: string
+                                          divisor:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          resource:
+                                            type: string
+                                        required:
+                                        - resource
+                                        type: object
+                                      secretKeyRef:
+                                        properties:
+                                          key:
+                                            type: string
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        required:
+                                        - key
+                                        type: object
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            envFrom:
+                              items:
+                                properties:
+                                  configMapRef:
+                                    properties:
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                  prefix:
+                                    type: string
+                                  secretRef:
+                                    properties:
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                type: object
+                              type: array
+                            image:
+                              type: string
+                            imagePullPolicy:
+                              type: string
+                            lifecycle:
+                              properties:
+                                postStart:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                                preStop:
+                                  properties:
+                                    exec:
+                                      properties:
+                                        command:
+                                          items:
+                                            type: string
+                                          type: array
+                                      type: object
+                                    httpGet:
+                                      properties:
+                                        host:
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                type: string
+                                              value:
+                                                type: string
+                                            required:
+                                            - name
+                                            - value
+                                            type: object
+                                          type: array
+                                        path:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                        scheme:
+                                          type: string
+                                      required:
+                                      - port
+                                      type: object
+                                    tcpSocket:
+                                      properties:
+                                        host:
+                                          type: string
+                                        port:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          x-kubernetes-int-or-string: true
+                                      required:
+                                      - port
+                                      type: object
+                                  type: object
+                              type: object
+                            livenessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            name:
+                              type: string
+                            ports:
+                              items:
+                                properties:
+                                  containerPort:
+                                    format: int32
+                                    type: integer
+                                  hostIP:
+                                    type: string
+                                  hostPort:
+                                    format: int32
+                                    type: integer
+                                  name:
+                                    type: string
+                                  protocol:
+                                    default: TCP
+                                    type: string
+                                required:
+                                - containerPort
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - containerPort
+                              - protocol
+                              x-kubernetes-list-type: map
+                            readinessProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            resources:
+                              properties:
+                                limits:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                                requests:
+                                  additionalProperties:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  type: object
+                              type: object
+                            securityContext:
+                              properties:
+                                allowPrivilegeEscalation:
+                                  type: boolean
+                                capabilities:
+                                  properties:
+                                    add:
+                                      items:
+                                        type: string
+                                      type: array
+                                    drop:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                privileged:
+                                  type: boolean
+                                procMount:
+                                  type: string
+                                readOnlyRootFilesystem:
+                                  type: boolean
+                                runAsGroup:
+                                  format: int64
+                                  type: integer
+                                runAsNonRoot:
+                                  type: boolean
+                                runAsUser:
+                                  format: int64
+                                  type: integer
+                                seLinuxOptions:
+                                  properties:
+                                    level:
+                                      type: string
+                                    role:
+                                      type: string
+                                    type:
+                                      type: string
+                                    user:
+                                      type: string
+                                  type: object
+                                seccompProfile:
+                                  properties:
+                                    localhostProfile:
+                                      type: string
+                                    type:
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                windowsOptions:
+                                  properties:
+                                    gmsaCredentialSpec:
+                                      type: string
+                                    gmsaCredentialSpecName:
+                                      type: string
+                                    hostProcess:
+                                      type: boolean
+                                    runAsUserName:
+                                      type: string
+                                  type: object
+                              type: object
+                            startupProbe:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                failureThreshold:
+                                  format: int32
+                                  type: integer
+                                grpc:
+                                  properties:
+                                    port:
+                                      format: int32
+                                      type: integer
+                                    service:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                initialDelaySeconds:
+                                  format: int32
+                                  type: integer
+                                periodSeconds:
+                                  format: int32
+                                  type: integer
+                                successThreshold:
+                                  format: int32
+                                  type: integer
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                                terminationGracePeriodSeconds:
+                                  format: int64
+                                  type: integer
+                                timeoutSeconds:
+                                  format: int32
+                                  type: integer
+                              type: object
+                            stdin:
+                              type: boolean
+                            stdinOnce:
+                              type: boolean
+                            terminationMessagePath:
+                              type: string
+                            terminationMessagePolicy:
+                              type: string
+                            tty:
+                              type: boolean
+                            volumeDevices:
+                              items:
+                                properties:
+                                  devicePath:
+                                    type: string
+                                  name:
+                                    type: string
+                                required:
+                                - devicePath
+                                - name
+                                type: object
+                              type: array
+                            volumeMounts:
+                              items:
+                                properties:
+                                  mountPath:
+                                    type: string
+                                  mountPropagation:
+                                    type: string
+                                  name:
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  subPath:
+                                    type: string
+                                  subPathExpr:
+                                    type: string
+                                required:
+                                - mountPath
+                                - name
+                                type: object
+                              type: array
+                            workingDir:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                      nodeName:
+                        type: string
+                      nodeSelector:
+                        additionalProperties:
+                          type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      os:
+                        properties:
+                          name:
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      overhead:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        type: object
+                      preemptionPolicy:
+                        type: string
+                      priority:
+                        format: int32
+                        type: integer
+                      priorityClassName:
+                        type: string
+                      readinessGates:
+                        items:
+                          properties:
+                            conditionType:
+                              type: string
+                          required:
+                          - conditionType
+                          type: object
+                        type: array
+                      restartPolicy:
+                        type: string
+                      runtimeClassName:
+                        type: string
+                      schedulerName:
+                        type: string
+                      securityContext:
+                        properties:
+                          fsGroup:
+                            format: int64
+                            type: integer
+                          fsGroupChangePolicy:
+                            type: string
+                          runAsGroup:
+                            format: int64
+                            type: integer
+                          runAsNonRoot:
+                            type: boolean
+                          runAsUser:
+                            format: int64
+                            type: integer
+                          seLinuxOptions:
+                            properties:
+                              level:
+                                type: string
+                              role:
+                                type: string
+                              type:
+                                type: string
+                              user:
+                                type: string
+                            type: object
+                          seccompProfile:
+                            properties:
+                              localhostProfile:
+                                type: string
+                              type:
+                                type: string
+                            required:
+                            - type
+                            type: object
+                          supplementalGroups:
+                            items:
+                              format: int64
+                              type: integer
+                            type: array
+                          sysctls:
+                            items:
+                              properties:
+                                name:
+                                  type: string
+                                value:
+                                  type: string
+                              required:
+                              - name
+                              - value
+                              type: object
+                            type: array
+                          windowsOptions:
+                            properties:
+                              gmsaCredentialSpec:
+                                type: string
+                              gmsaCredentialSpecName:
+                                type: string
+                              hostProcess:
+                                type: boolean
+                              runAsUserName:
+                                type: string
+                            type: object
+                        type: object
+                      serviceAccount:
+                        type: string
+                      serviceAccountName:
+                        type: string
+                      setHostnameAsFQDN:
+                        type: boolean
+                      shareProcessNamespace:
+                        type: boolean
+                      subdomain:
+                        type: string
+                      terminationGracePeriodSeconds:
+                        format: int64
+                        type: integer
+                      tolerations:
+                        items:
+                          properties:
+                            effect:
+                              type: string
+                            key:
+                              type: string
+                            operator:
+                              type: string
+                            tolerationSeconds:
+                              format: int64
+                              type: integer
+                            value:
+                              type: string
+                          type: object
+                        type: array
+                      topologySpreadConstraints:
+                        items:
+                          properties:
+                            labelSelector:
+                              properties:
+                                matchExpressions:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      operator:
+                                        type: string
+                                      values:
+                                        items:
+                                          type: string
+                                        type: array
+                                    required:
+                                    - key
+                                    - operator
+                                    type: object
+                                  type: array
+                                matchLabels:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              type: object
+                            maxSkew:
+                              format: int32
+                              type: integer
+                            topologyKey:
+                              type: string
+                            whenUnsatisfiable:
+                              type: string
+                          required:
+                          - maxSkew
+                          - topologyKey
+                          - whenUnsatisfiable
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - topologyKey
+                        - whenUnsatisfiable
+                        x-kubernetes-list-type: map
+                      volumes:
+                        items:
+                          properties:
+                            awsElasticBlockStore:
+                              properties:
+                                fsType:
+                                  type: string
+                                partition:
+                                  format: int32
+                                  type: integer
+                                readOnly:
+                                  type: boolean
+                                volumeID:
+                                  type: string
+                              required:
+                              - volumeID
+                              type: object
+                            azureDisk:
+                              properties:
+                                cachingMode:
+                                  type: string
+                                diskName:
+                                  type: string
+                                diskURI:
+                                  type: string
+                                fsType:
+                                  type: string
+                                kind:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                              required:
+                              - diskName
+                              - diskURI
+                              type: object
+                            azureFile:
+                              properties:
+                                readOnly:
+                                  type: boolean
+                                secretName:
+                                  type: string
+                                shareName:
+                                  type: string
+                              required:
+                              - secretName
+                              - shareName
+                              type: object
+                            cephfs:
+                              properties:
+                                monitors:
+                                  items:
+                                    type: string
+                                  type: array
+                                path:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretFile:
+                                  type: string
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                                user:
+                                  type: string
+                              required:
+                              - monitors
+                              type: object
+                            cinder:
+                              properties:
+                                fsType:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                                volumeID:
+                                  type: string
+                              required:
+                              - volumeID
+                              type: object
+                            configMap:
+                              properties:
+                                defaultMode:
+                                  format: int32
+                                  type: integer
+                                items:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      mode:
+                                        format: int32
+                                        type: integer
+                                      path:
+                                        type: string
+                                    required:
+                                    - key
+                                    - path
+                                    type: object
+                                  type: array
+                                name:
+                                  type: string
+                                optional:
+                                  type: boolean
+                              type: object
+                            csi:
+                              properties:
+                                driver:
+                                  type: string
+                                fsType:
+                                  type: string
+                                nodePublishSecretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                                readOnly:
+                                  type: boolean
+                                volumeAttributes:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              required:
+                              - driver
+                              type: object
+                            downwardAPI:
+                              properties:
+                                defaultMode:
+                                  format: int32
+                                  type: integer
+                                items:
+                                  items:
+                                    properties:
+                                      fieldRef:
+                                        properties:
+                                          apiVersion:
+                                            type: string
+                                          fieldPath:
+                                            type: string
+                                        required:
+                                        - fieldPath
+                                        type: object
+                                      mode:
+                                        format: int32
+                                        type: integer
+                                      path:
+                                        type: string
+                                      resourceFieldRef:
+                                        properties:
+                                          containerName:
+                                            type: string
+                                          divisor:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          resource:
+                                            type: string
+                                        required:
+                                        - resource
+                                        type: object
+                                    required:
+                                    - path
+                                    type: object
+                                  type: array
+                              type: object
+                            emptyDir:
+                              properties:
+                                medium:
+                                  type: string
+                                sizeLimit:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            ephemeral:
+                              properties:
+                                volumeClaimTemplate:
+                                  properties:
+                                    metadata:
+                                      type: object
+                                    spec:
+                                      properties:
+                                        accessModes:
+                                          items:
+                                            type: string
+                                          type: array
+                                        dataSource:
+                                          properties:
+                                            apiGroup:
+                                              type: string
+                                            kind:
+                                              type: string
+                                            name:
+                                              type: string
+                                          required:
+                                          - kind
+                                          - name
+                                          type: object
+                                        dataSourceRef:
+                                          properties:
+                                            apiGroup:
+                                              type: string
+                                            kind:
+                                              type: string
+                                            name:
+                                              type: string
+                                          required:
+                                          - kind
+                                          - name
+                                          type: object
+                                        resources:
+                                          properties:
+                                            limits:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              type: object
+                                            requests:
+                                              additionalProperties:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                x-kubernetes-int-or-string: true
+                                              type: object
+                                          type: object
+                                        selector:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    type: string
+                                                  operator:
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                required:
+                                                - key
+                                                - operator
+                                                type: object
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                type: string
+                                              type: object
+                                          type: object
+                                        storageClassName:
+                                          type: string
+                                        volumeMode:
+                                          type: string
+                                        volumeName:
+                                          type: string
+                                      type: object
+                                  required:
+                                  - spec
+                                  type: object
+                              type: object
+                            fc:
+                              properties:
+                                fsType:
+                                  type: string
+                                lun:
+                                  format: int32
+                                  type: integer
+                                readOnly:
+                                  type: boolean
+                                targetWWNs:
+                                  items:
+                                    type: string
+                                  type: array
+                                wwids:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            flexVolume:
+                              properties:
+                                driver:
+                                  type: string
+                                fsType:
+                                  type: string
+                                options:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                              required:
+                              - driver
+                              type: object
+                            flocker:
+                              properties:
+                                datasetName:
+                                  type: string
+                                datasetUUID:
+                                  type: string
+                              type: object
+                            gcePersistentDisk:
+                              properties:
+                                fsType:
+                                  type: string
+                                partition:
+                                  format: int32
+                                  type: integer
+                                pdName:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                              required:
+                              - pdName
+                              type: object
+                            gitRepo:
+                              properties:
+                                directory:
+                                  type: string
+                                repository:
+                                  type: string
+                                revision:
+                                  type: string
+                              required:
+                              - repository
+                              type: object
+                            glusterfs:
+                              properties:
+                                endpoints:
+                                  type: string
+                                path:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                              required:
+                              - endpoints
+                              - path
+                              type: object
+                            hostPath:
+                              properties:
+                                path:
+                                  type: string
+                                type:
+                                  type: string
+                              required:
+                              - path
+                              type: object
+                            iscsi:
+                              properties:
+                                chapAuthDiscovery:
+                                  type: boolean
+                                chapAuthSession:
+                                  type: boolean
+                                fsType:
+                                  type: string
+                                initiatorName:
+                                  type: string
+                                iqn:
+                                  type: string
+                                iscsiInterface:
+                                  type: string
+                                lun:
+                                  format: int32
+                                  type: integer
+                                portals:
+                                  items:
+                                    type: string
+                                  type: array
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                                targetPortal:
+                                  type: string
+                              required:
+                              - iqn
+                              - lun
+                              - targetPortal
+                              type: object
+                            name:
+                              type: string
+                            nfs:
+                              properties:
+                                path:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                server:
+                                  type: string
+                              required:
+                              - path
+                              - server
+                              type: object
+                            persistentVolumeClaim:
+                              properties:
+                                claimName:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                              required:
+                              - claimName
+                              type: object
+                            photonPersistentDisk:
+                              properties:
+                                fsType:
+                                  type: string
+                                pdID:
+                                  type: string
+                              required:
+                              - pdID
+                              type: object
+                            portworxVolume:
+                              properties:
+                                fsType:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                volumeID:
+                                  type: string
+                              required:
+                              - volumeID
+                              type: object
+                            projected:
+                              properties:
+                                defaultMode:
+                                  format: int32
+                                  type: integer
+                                sources:
+                                  items:
+                                    properties:
+                                      configMap:
+                                        properties:
+                                          items:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                mode:
+                                                  format: int32
+                                                  type: integer
+                                                path:
+                                                  type: string
+                                              required:
+                                              - key
+                                              - path
+                                              type: object
+                                            type: array
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        type: object
+                                      downwardAPI:
+                                        properties:
+                                          items:
+                                            items:
+                                              properties:
+                                                fieldRef:
+                                                  properties:
+                                                    apiVersion:
+                                                      type: string
+                                                    fieldPath:
+                                                      type: string
+                                                  required:
+                                                  - fieldPath
+                                                  type: object
+                                                mode:
+                                                  format: int32
+                                                  type: integer
+                                                path:
+                                                  type: string
+                                                resourceFieldRef:
+                                                  properties:
+                                                    containerName:
+                                                      type: string
+                                                    divisor:
+                                                      anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    resource:
+                                                      type: string
+                                                  required:
+                                                  - resource
+                                                  type: object
+                                              required:
+                                              - path
+                                              type: object
+                                            type: array
+                                        type: object
+                                      secret:
+                                        properties:
+                                          items:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                mode:
+                                                  format: int32
+                                                  type: integer
+                                                path:
+                                                  type: string
+                                              required:
+                                              - key
+                                              - path
+                                              type: object
+                                            type: array
+                                          name:
+                                            type: string
+                                          optional:
+                                            type: boolean
+                                        type: object
+                                      serviceAccountToken:
+                                        properties:
+                                          audience:
+                                            type: string
+                                          expirationSeconds:
+                                            format: int64
+                                            type: integer
+                                          path:
+                                            type: string
+                                        required:
+                                        - path
+                                        type: object
+                                    type: object
+                                  type: array
+                              type: object
+                            quobyte:
+                              properties:
+                                group:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                registry:
+                                  type: string
+                                tenant:
+                                  type: string
+                                user:
+                                  type: string
+                                volume:
+                                  type: string
+                              required:
+                              - registry
+                              - volume
+                              type: object
+                            rbd:
+                              properties:
+                                fsType:
+                                  type: string
+                                image:
+                                  type: string
+                                keyring:
+                                  type: string
+                                monitors:
+                                  items:
+                                    type: string
+                                  type: array
+                                pool:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                                user:
+                                  type: string
+                              required:
+                              - image
+                              - monitors
+                              type: object
+                            scaleIO:
+                              properties:
+                                fsType:
+                                  type: string
+                                gateway:
+                                  type: string
+                                protectionDomain:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                                sslEnabled:
+                                  type: boolean
+                                storageMode:
+                                  type: string
+                                storagePool:
+                                  type: string
+                                system:
+                                  type: string
+                                volumeName:
+                                  type: string
+                              required:
+                              - gateway
+                              - secretRef
+                              - system
+                              type: object
+                            secret:
+                              properties:
+                                defaultMode:
+                                  format: int32
+                                  type: integer
+                                items:
+                                  items:
+                                    properties:
+                                      key:
+                                        type: string
+                                      mode:
+                                        format: int32
+                                        type: integer
+                                      path:
+                                        type: string
+                                    required:
+                                    - key
+                                    - path
+                                    type: object
+                                  type: array
+                                optional:
+                                  type: boolean
+                                secretName:
+                                  type: string
+                              type: object
+                            storageos:
+                              properties:
+                                fsType:
+                                  type: string
+                                readOnly:
+                                  type: boolean
+                                secretRef:
+                                  properties:
+                                    name:
+                                      type: string
+                                  type: object
+                                volumeName:
+                                  type: string
+                                volumeNamespace:
+                                  type: string
+                              type: object
+                            vsphereVolume:
+                              properties:
+                                fsType:
+                                  type: string
+                                storagePolicyID:
+                                  type: string
+                                storagePolicyName:
+                                  type: string
+                                volumePath:
+                                  type: string
+                              required:
+                              - volumePath
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        type: array
+                    required:
+                    - containers
+                    type: object
+                type: object
+            type: object
+          status:
+            properties:
+              conditions:
+                items:
+                  properties:
+                    lastProbeTime:
+                      format: date-time
+                      type: string
+                    lastTransitionTime:
+                      format: date-time
+                      type: string
+                    message:
+                      type: string
+                    reason:
+                      type: string
+                    status:
+                      type: string
+                    type:
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              containerState:
+                properties:
+                  running:
+                    properties:
+                      startedAt:
+                        format: date-time
+                        type: string
+                    type: object
+                  terminated:
+                    properties:
+                      containerID:
+                        type: string
+                      exitCode:
+                        format: int32
+                        type: integer
+                      finishedAt:
+                        format: date-time
+                        type: string
+                      message:
+                        type: string
+                      reason:
+                        type: string
+                      signal:
+                        format: int32
+                        type: integer
+                      startedAt:
+                        format: date-time
+                        type: string
+                    required:
+                    - exitCode
+                    type: object
+                  waiting:
+                    properties:
+                      message:
+                        type: string
+                      reason:
+                        type: string
+                    type: object
+                type: object
+              readyReplicas:
+                format: int32
+                type: integer
+            required:
+            - conditions
+            - containerState
+            - readyReplicas
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
+
+{{- end }}
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/pipeline/scheduled-workflow-crd.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/pipeline/scheduled-workflow-crd.yaml
new file mode 100644
index 00000000..95778813
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/pipeline/scheduled-workflow-crd.yaml
@@ -0,0 +1,45 @@
+{{- if (include "kubeflowCrds.pipelines.scheduledWorkflow.enabled" . | eq "true") -}}
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    {{- include "kubeflowCrds.pipelines.scheduledWorkflow.labels" . | nindent 4 }}
+  name: {{ include "kubeflowCrds.pipelines.scheduledWorkflow.fullName" . }}
+spec:
+  group: {{ include "kubeflowCrds.pipelines.scheduledWorkflow.group" . }}
+  names:
+    kind: ScheduledWorkflow
+    listKind: ScheduledWorkflowList
+    plural: {{ include "kubeflowCrds.pipelines.scheduledWorkflow.pluralName" . }}
+    shortNames:
+    - swf
+    singular: {{ include "kubeflowCrds.pipelines.scheduledWorkflow.singularName" . }}
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            type: string
+          kind:
+            type: string
+          metadata:
+            type: object
+          spec:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            x-kubernetes-map-type: atomic
+          status:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            x-kubernetes-map-type: atomic
+        required:
+        - spec
+        - status
+        type: object
+    served: true
+    storage: true
+
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/pipeline/viewer-crd.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/pipeline/viewer-crd.yaml
new file mode 100644
index 00000000..7d768bd2
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/pipeline/viewer-crd.yaml
@@ -0,0 +1,40 @@
+{{- if (include "kubeflowCrds.pipelines.viewerCrd.enabled" . | eq "true") -}}
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    {{- include "kubeflowCrds.pipelines.viewerCrd.labels" . | nindent 4 }}
+  name: {{ include "kubeflowCrds.pipelines.viewerCrd.fullName" . }}
+spec:
+  group: {{ include "kubeflowCrds.pipelines.viewerCrd.group" . }}
+  names:
+    kind: Viewer
+    listKind: ViewerList
+    plural: {{ include "kubeflowCrds.pipelines.viewerCrd.pluralName" . }}
+    shortNames:
+    - vi
+    singular: {{ include "kubeflowCrds.pipelines.viewerCrd.singularName" . }}
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            type: string
+          kind:
+            type: string
+          metadata:
+            type: object
+          spec:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            x-kubernetes-map-type: atomic
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/profiles/kubeflow.org_profiles.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/profiles/kubeflow.org_profiles.yaml
new file mode 100644
index 00000000..b9281e2c
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/profiles/kubeflow.org_profiles.yaml
@@ -0,0 +1,696 @@
+{{- if (include "kubeflowCrds.profilesController.enabled" . | eq "true") -}}
+{{- if .Values.crds.minimized }}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.8.0
+  creationTimestamp: null
+  labels:
+    {{- include "kubeflowCrds.profilesController.labels" . | nindent 4 }}
+  name: {{ include "kubeflowCrds.profilesController.fullName" . }}
+spec:
+  group: {{ include "kubeflowCrds.profilesController.group" . }}
+  names:
+    kind: Profile
+    listKind: ProfileList
+    plural: {{ include "kubeflowCrds.profilesController.pluralName" . }}
+    singular: {{ include "kubeflowCrds.profilesController.singularName" . }}
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: Profile is the Schema for the profiles API
+        type: object
+        x-kubernetes-preserve-unknown-fields: true
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: Profile is the Schema for the profiles API
+        type: object
+        x-kubernetes-preserve-unknown-fields: true
+    served: true
+    storage: false
+    subresources:
+      status: {}
+
+{{- else }}
+
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.8.0
+  creationTimestamp: null
+  labels:
+    {{- include "kubeflowCrds.profilesController.labels" . | nindent 4 }}
+  name: {{ include "kubeflowCrds.profilesController.fullName" . }}
+spec:
+  group: {{ include "kubeflowCrds.profilesController.group" . }}
+  names:
+    kind: Profile
+    listKind: ProfileList
+    plural: {{ include "kubeflowCrds.profilesController.pluralName" . }}
+    singular: {{ include "kubeflowCrds.profilesController.singularName" . }}
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: Profile is the Schema for the profiles API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ProfileSpec defines the desired state of Profile
+            properties:
+              owner:
+                description: The profile owner
+                properties:
+                  apiGroup:
+                    description: APIGroup holds the API group of the referenced subject.
+                      Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io"
+                      for User and Group subjects.
+                    type: string
+                  kind:
+                    description: Kind of object being referenced. Values defined by
+                      this API group are "User", "Group", and "ServiceAccount". If
+                      the Authorizer does not recognized the kind value, the Authorizer
+                      should report an error.
+                    type: string
+                  name:
+                    description: Name of the object being referenced.
+                    type: string
+                  namespace:
+                    description: Namespace of the referenced object.  If the object
+                      kind is non-namespace, such as "User" or "Group", and this value
+                      is not empty the Authorizer should report an error.
+                    type: string
+                required:
+                - kind
+                - name
+                type: object
+              plugins:
+                items:
+                  description: Plugin is for customize actions on different platform.
+                  properties:
+                    apiVersion:
+                      description: 'APIVersion defines the versioned schema of this
+                        representation of an object. Servers should convert recognized
+                        schemas to the latest internal value, and may reject unrecognized
+                        values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                      type: string
+                    kind:
+                      description: 'Kind is a string value representing the REST resource
+                        this object represents. Servers may infer this from the endpoint
+                        the client submits requests to. Cannot be updated. In CamelCase.
+                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                      type: string
+                    spec:
+                      type: object
+                      x-kubernetes-preserve-unknown-fields: true
+                  type: object
+                type: array
+              resourceQuotaSpec:
+                description: Resourcequota that will be applied to target namespace
+                properties:
+                  hard:
+                    additionalProperties:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
+                    description: 'hard is the set of desired hard limits for each
+                      named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/'
+                    type: object
+                  scopeSelector:
+                    description: scopeSelector is also a collection of filters like
+                      scopes that must match each object tracked by a quota but expressed
+                      using ScopeSelectorOperator in combination with possible values.
+                      For a resource to match, both scopes AND scopeSelector (if specified
+                      in spec), must be matched.
+                    properties:
+                      matchExpressions:
+                        description: A list of scope selector requirements by scope
+                          of the resources.
+                        items:
+                          description: A scoped-resource selector requirement is a
+                            selector that contains values, a scope name, and an operator
+                            that relates the scope name and values.
+                          properties:
+                            operator:
+                              description: Represents a scope's relationship to a
+                                set of values. Valid operators are In, NotIn, Exists,
+                                DoesNotExist.
+                              type: string
+                            scopeName:
+                              description: The name of the scope that the selector
+                                applies to.
+                              type: string
+                            values:
+                              description: An array of string values. If the operator
+                                is In or NotIn, the values array must be non-empty.
+                                If the operator is Exists or DoesNotExist, the values
+                                array must be empty. This array is replaced during
+                                a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - operator
+                          - scopeName
+                          type: object
+                        type: array
+                    type: object
+                  scopes:
+                    description: A collection of filters that must match each object
+                      tracked by a quota. If not specified, the quota matches all
+                      objects.
+                    items:
+                      description: A ResourceQuotaScope defines a filter that must
+                        match each object tracked by a quota
+                      type: string
+                    type: array
+                type: object
+            type: object
+          status:
+            description: ProfileStatus defines the observed state of Profile
+            properties:
+              conditions:
+                items:
+                  properties:
+                    message:
+                      type: string
+                    status:
+                      type: string
+                    type:
+                      type: string
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: Profile is the Schema for the profiles API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ProfileSpec defines the desired state of Profile
+            properties:
+              owner:
+                description: The profile owner
+                properties:
+                  apiGroup:
+                    description: APIGroup holds the API group of the referenced subject.
+                      Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io"
+                      for User and Group subjects.
+                    type: string
+                  kind:
+                    description: Kind of object being referenced. Values defined by
+                      this API group are "User", "Group", and "ServiceAccount". If
+                      the Authorizer does not recognized the kind value, the Authorizer
+                      should report an error.
+                    type: string
+                  name:
+                    description: Name of the object being referenced.
+                    type: string
+                  namespace:
+                    description: Namespace of the referenced object.  If the object
+                      kind is non-namespace, such as "User" or "Group", and this value
+                      is not empty the Authorizer should report an error.
+                    type: string
+                required:
+                - kind
+                - name
+                type: object
+              plugins:
+                items:
+                  description: Plugin is for customize actions on different platform.
+                  properties:
+                    apiVersion:
+                      description: 'APIVersion defines the versioned schema of this
+                        representation of an object. Servers should convert recognized
+                        schemas to the latest internal value, and may reject unrecognized
+                        values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                      type: string
+                    kind:
+                      description: 'Kind is a string value representing the REST resource
+                        this object represents. Servers may infer this from the endpoint
+                        the client submits requests to. Cannot be updated. In CamelCase.
+                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                      type: string
+                    spec:
+                      type: object
+                      x-kubernetes-preserve-unknown-fields: true
+                  type: object
+                type: array
+              resourceQuotaSpec:
+                description: Resourcequota that will be applied to target namespace
+                properties:
+                  hard:
+                    additionalProperties:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
+                    description: 'hard is the set of desired hard limits for each
+                      named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/'
+                    type: object
+                  scopeSelector:
+                    description: scopeSelector is also a collection of filters like
+                      scopes that must match each object tracked by a quota but expressed
+                      using ScopeSelectorOperator in combination with possible values.
+                      For a resource to match, both scopes AND scopeSelector (if specified
+                      in spec), must be matched.
+                    properties:
+                      matchExpressions:
+                        description: A list of scope selector requirements by scope
+                          of the resources.
+                        items:
+                          description: A scoped-resource selector requirement is a
+                            selector that contains values, a scope name, and an operator
+                            that relates the scope name and values.
+                          properties:
+                            operator:
+                              description: Represents a scope's relationship to a
+                                set of values. Valid operators are In, NotIn, Exists,
+                                DoesNotExist.
+                              type: string
+                            scopeName:
+                              description: The name of the scope that the selector
+                                applies to.
+                              type: string
+                            values:
+                              description: An array of string values. If the operator
+                                is In or NotIn, the values array must be non-empty.
+                                If the operator is Exists or DoesNotExist, the values
+                                array must be empty. This array is replaced during
+                                a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - operator
+                          - scopeName
+                          type: object
+                        type: array
+                    type: object
+                  scopes:
+                    description: A collection of filters that must match each object
+                      tracked by a quota. If not specified, the quota matches all
+                      objects.
+                    items:
+                      description: A ResourceQuotaScope defines a filter that must
+                        match each object tracked by a quota
+                      type: string
+                    type: array
+                type: object
+            type: object
+          status:
+            description: ProfileStatus defines the observed state of Profile
+            properties:
+              conditions:
+                items:
+                  properties:
+                    message:
+                      type: string
+                    status:
+                      type: string
+                    type:
+                      type: string
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.8.0
+  creationTimestamp: null
+  name: profiles.kubeflow.org
+spec:
+  group: kubeflow.org
+  names:
+    kind: Profile
+    listKind: ProfileList
+    plural: profiles
+    singular: profile
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: Profile is the Schema for the profiles API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ProfileSpec defines the desired state of Profile
+            properties:
+              owner:
+                description: The profile owner
+                properties:
+                  apiGroup:
+                    description: APIGroup holds the API group of the referenced subject.
+                      Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io"
+                      for User and Group subjects.
+                    type: string
+                  kind:
+                    description: Kind of object being referenced. Values defined by
+                      this API group are "User", "Group", and "ServiceAccount". If
+                      the Authorizer does not recognized the kind value, the Authorizer
+                      should report an error.
+                    type: string
+                  name:
+                    description: Name of the object being referenced.
+                    type: string
+                  namespace:
+                    description: Namespace of the referenced object.  If the object
+                      kind is non-namespace, such as "User" or "Group", and this value
+                      is not empty the Authorizer should report an error.
+                    type: string
+                required:
+                - kind
+                - name
+                type: object
+              plugins:
+                items:
+                  description: Plugin is for customize actions on different platform.
+                  properties:
+                    apiVersion:
+                      description: 'APIVersion defines the versioned schema of this
+                        representation of an object. Servers should convert recognized
+                        schemas to the latest internal value, and may reject unrecognized
+                        values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                      type: string
+                    kind:
+                      description: 'Kind is a string value representing the REST resource
+                        this object represents. Servers may infer this from the endpoint
+                        the client submits requests to. Cannot be updated. In CamelCase.
+                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                      type: string
+                    spec:
+                      type: object
+                      x-kubernetes-preserve-unknown-fields: true
+                  type: object
+                type: array
+              resourceQuotaSpec:
+                description: Resourcequota that will be applied to target namespace
+                properties:
+                  hard:
+                    additionalProperties:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
+                    description: 'hard is the set of desired hard limits for each
+                      named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/'
+                    type: object
+                  scopeSelector:
+                    description: scopeSelector is also a collection of filters like
+                      scopes that must match each object tracked by a quota but expressed
+                      using ScopeSelectorOperator in combination with possible values.
+                      For a resource to match, both scopes AND scopeSelector (if specified
+                      in spec), must be matched.
+                    properties:
+                      matchExpressions:
+                        description: A list of scope selector requirements by scope
+                          of the resources.
+                        items:
+                          description: A scoped-resource selector requirement is a
+                            selector that contains values, a scope name, and an operator
+                            that relates the scope name and values.
+                          properties:
+                            operator:
+                              description: Represents a scope's relationship to a
+                                set of values. Valid operators are In, NotIn, Exists,
+                                DoesNotExist.
+                              type: string
+                            scopeName:
+                              description: The name of the scope that the selector
+                                applies to.
+                              type: string
+                            values:
+                              description: An array of string values. If the operator
+                                is In or NotIn, the values array must be non-empty.
+                                If the operator is Exists or DoesNotExist, the values
+                                array must be empty. This array is replaced during
+                                a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - operator
+                          - scopeName
+                          type: object
+                        type: array
+                    type: object
+                  scopes:
+                    description: A collection of filters that must match each object
+                      tracked by a quota. If not specified, the quota matches all
+                      objects.
+                    items:
+                      description: A ResourceQuotaScope defines a filter that must
+                        match each object tracked by a quota
+                      type: string
+                    type: array
+                type: object
+            type: object
+          status:
+            description: ProfileStatus defines the observed state of Profile
+            properties:
+              conditions:
+                items:
+                  properties:
+                    message:
+                      type: string
+                    status:
+                      type: string
+                    type:
+                      type: string
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: Profile is the Schema for the profiles API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ProfileSpec defines the desired state of Profile
+            properties:
+              owner:
+                description: The profile owner
+                properties:
+                  apiGroup:
+                    description: APIGroup holds the API group of the referenced subject.
+                      Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io"
+                      for User and Group subjects.
+                    type: string
+                  kind:
+                    description: Kind of object being referenced. Values defined by
+                      this API group are "User", "Group", and "ServiceAccount". If
+                      the Authorizer does not recognized the kind value, the Authorizer
+                      should report an error.
+                    type: string
+                  name:
+                    description: Name of the object being referenced.
+                    type: string
+                  namespace:
+                    description: Namespace of the referenced object.  If the object
+                      kind is non-namespace, such as "User" or "Group", and this value
+                      is not empty the Authorizer should report an error.
+                    type: string
+                required:
+                - kind
+                - name
+                type: object
+              plugins:
+                items:
+                  description: Plugin is for customize actions on different platform.
+                  properties:
+                    apiVersion:
+                      description: 'APIVersion defines the versioned schema of this
+                        representation of an object. Servers should convert recognized
+                        schemas to the latest internal value, and may reject unrecognized
+                        values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+                      type: string
+                    kind:
+                      description: 'Kind is a string value representing the REST resource
+                        this object represents. Servers may infer this from the endpoint
+                        the client submits requests to. Cannot be updated. In CamelCase.
+                        More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                      type: string
+                    spec:
+                      type: object
+                      x-kubernetes-preserve-unknown-fields: true
+                  type: object
+                type: array
+              resourceQuotaSpec:
+                description: Resourcequota that will be applied to target namespace
+                properties:
+                  hard:
+                    additionalProperties:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
+                    description: 'hard is the set of desired hard limits for each
+                      named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/'
+                    type: object
+                  scopeSelector:
+                    description: scopeSelector is also a collection of filters like
+                      scopes that must match each object tracked by a quota but expressed
+                      using ScopeSelectorOperator in combination with possible values.
+                      For a resource to match, both scopes AND scopeSelector (if specified
+                      in spec), must be matched.
+                    properties:
+                      matchExpressions:
+                        description: A list of scope selector requirements by scope
+                          of the resources.
+                        items:
+                          description: A scoped-resource selector requirement is a
+                            selector that contains values, a scope name, and an operator
+                            that relates the scope name and values.
+                          properties:
+                            operator:
+                              description: Represents a scope's relationship to a
+                                set of values. Valid operators are In, NotIn, Exists,
+                                DoesNotExist.
+                              type: string
+                            scopeName:
+                              description: The name of the scope that the selector
+                                applies to.
+                              type: string
+                            values:
+                              description: An array of string values. If the operator
+                                is In or NotIn, the values array must be non-empty.
+                                If the operator is Exists or DoesNotExist, the values
+                                array must be empty. This array is replaced during
+                                a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - operator
+                          - scopeName
+                          type: object
+                        type: array
+                    type: object
+                  scopes:
+                    description: A collection of filters that must match each object
+                      tracked by a quota. If not specified, the quota matches all
+                      objects.
+                    items:
+                      description: A ResourceQuotaScope defines a filter that must
+                        match each object tracked by a quota
+                      type: string
+                    type: array
+                type: object
+            type: object
+          status:
+            description: ProfileStatus defines the observed state of Profile
+            properties:
+              conditions:
+                items:
+                  properties:
+                    message:
+                      type: string
+                    status:
+                      type: string
+                    type:
+                      type: string
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
+{{- end }}
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/pvcviewer-controller/kubeflow.org_pvcviewers.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/pvcviewer-controller/kubeflow.org_pvcviewers.yaml
new file mode 100644
index 00000000..8022e6a2
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/pvcviewer-controller/kubeflow.org_pvcviewers.yaml
@@ -0,0 +1,3492 @@
+{{- if (include "kubeflowCrds.notebooks.pvcviewerController.enabled" . | eq "true") -}}
+
+{{- $ca := printf "%s/%s"
+  (include "kubeflowCrds.namespace" .)
+  (include "kubeflowCrds.notebooks.pvcviewerController.certName" .)
+-}}
+{{- if .Values.crds.minimized }}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: {{ $ca }}
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    {{- include "kubeflowCrds.notebooks.pvcviewerController.labels" . | nindent 4 }}
+  name: {{ include "kubeflowCrds.notebooks.pvcviewerController.fullName" . }}
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          name: {{ include "kubeflowCrds.notebooks.pvcviewerController.manager.name" . }}
+          namespace: {{ include "kubeflowCrds.namespace" . }}
+          path: /convert
+      conversionReviewVersions:
+      - v1
+  group: {{ include "kubeflowCrds.notebooks.pvcviewerController.group" . }}
+  names:
+    kind: PVCViewer
+    listKind: PVCViewerList
+    plural: {{ include "kubeflowCrds.notebooks.pvcviewerController.pluralName" . }}
+    singular: {{ include "kubeflowCrds.notebooks.pvcviewerController.singularName" . }}
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        type: object
+        x-kubernetes-preserve-unknown-fields: true
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+{{- else }}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: {{ $ca }}
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    {{- include "kubeflowCrds.notebooks.pvcviewerController.labels" . | nindent 4 }}
+  name: {{ include "kubeflowCrds.notebooks.pvcviewerController.fullName" . }}
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          name: {{ include "kubeflowCrds.notebooks.pvcviewerController.manager.name" . }}
+          namespace: {{ include "kubeflowCrds.namespace" . }}
+          path: /convert
+      conversionReviewVersions:
+      - v1
+  group: {{ include "kubeflowCrds.notebooks.pvcviewerController.group" . }}
+  names:
+    kind: PVCViewer
+    listKind: PVCViewerList
+    plural: {{ include "kubeflowCrds.notebooks.pvcviewerController.pluralName" . }}
+    singular: {{ include "kubeflowCrds.notebooks.pvcviewerController.singularName" . }}
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            type: string
+          kind:
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              networking:
+                properties:
+                  basePrefix:
+                    type: string
+                  rewrite:
+                    type: string
+                  targetPort:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    x-kubernetes-int-or-string: true
+                  timeout:
+                    type: string
+                type: object
+              podSpec:
+                properties:
+                  activeDeadlineSeconds:
+                    format: int64
+                    type: integer
+                  affinity:
+                    properties:
+                      nodeAffinity:
+                        properties:
+                          preferredDuringSchedulingIgnoredDuringExecution:
+                            items:
+                              properties:
+                                preference:
+                                  properties:
+                                    matchExpressions:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          operator:
+                                            type: string
+                                          values:
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchFields:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          operator:
+                                            type: string
+                                          values:
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                weight:
+                                  format: int32
+                                  type: integer
+                              required:
+                              - preference
+                              - weight
+                              type: object
+                            type: array
+                          requiredDuringSchedulingIgnoredDuringExecution:
+                            properties:
+                              nodeSelectorTerms:
+                                items:
+                                  properties:
+                                    matchExpressions:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          operator:
+                                            type: string
+                                          values:
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchFields:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          operator:
+                                            type: string
+                                          values:
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                type: array
+                            required:
+                            - nodeSelectorTerms
+                            type: object
+                            x-kubernetes-map-type: atomic
+                        type: object
+                      podAffinity:
+                        properties:
+                          preferredDuringSchedulingIgnoredDuringExecution:
+                            items:
+                              properties:
+                                podAffinityTerm:
+                                  properties:
+                                    labelSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    matchLabelKeys:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    mismatchLabelKeys:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    namespaceSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    namespaces:
+                                      items:
+                                        type: string
+                                      type: array
+                                    topologyKey:
+                                      type: string
+                                  required:
+                                  - topologyKey
+                                  type: object
+                                weight:
+                                  format: int32
+                                  type: integer
+                              required:
+                              - podAffinityTerm
+                              - weight
+                              type: object
+                            type: array
+                          requiredDuringSchedulingIgnoredDuringExecution:
+                            items:
+                              properties:
+                                labelSelector:
+                                  properties:
+                                    matchExpressions:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          operator:
+                                            type: string
+                                          values:
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        type: string
+                                      type: object
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                matchLabelKeys:
+                                  items:
+                                    type: string
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                                mismatchLabelKeys:
+                                  items:
+                                    type: string
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                                namespaceSelector:
+                                  properties:
+                                    matchExpressions:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          operator:
+                                            type: string
+                                          values:
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        type: string
+                                      type: object
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                namespaces:
+                                  items:
+                                    type: string
+                                  type: array
+                                topologyKey:
+                                  type: string
+                              required:
+                              - topologyKey
+                              type: object
+                            type: array
+                        type: object
+                      podAntiAffinity:
+                        properties:
+                          preferredDuringSchedulingIgnoredDuringExecution:
+                            items:
+                              properties:
+                                podAffinityTerm:
+                                  properties:
+                                    labelSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    matchLabelKeys:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    mismatchLabelKeys:
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    namespaceSelector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    namespaces:
+                                      items:
+                                        type: string
+                                      type: array
+                                    topologyKey:
+                                      type: string
+                                  required:
+                                  - topologyKey
+                                  type: object
+                                weight:
+                                  format: int32
+                                  type: integer
+                              required:
+                              - podAffinityTerm
+                              - weight
+                              type: object
+                            type: array
+                          requiredDuringSchedulingIgnoredDuringExecution:
+                            items:
+                              properties:
+                                labelSelector:
+                                  properties:
+                                    matchExpressions:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          operator:
+                                            type: string
+                                          values:
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        type: string
+                                      type: object
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                matchLabelKeys:
+                                  items:
+                                    type: string
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                                mismatchLabelKeys:
+                                  items:
+                                    type: string
+                                  type: array
+                                  x-kubernetes-list-type: atomic
+                                namespaceSelector:
+                                  properties:
+                                    matchExpressions:
+                                      items:
+                                        properties:
+                                          key:
+                                            type: string
+                                          operator:
+                                            type: string
+                                          values:
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        type: string
+                                      type: object
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                namespaces:
+                                  items:
+                                    type: string
+                                  type: array
+                                topologyKey:
+                                  type: string
+                              required:
+                              - topologyKey
+                              type: object
+                            type: array
+                        type: object
+                    type: object
+                  automountServiceAccountToken:
+                    type: boolean
+                  containers:
+                    items:
+                      properties:
+                        args:
+                          items:
+                            type: string
+                          type: array
+                        command:
+                          items:
+                            type: string
+                          type: array
+                        env:
+                          items:
+                            properties:
+                              name:
+                                type: string
+                              value:
+                                type: string
+                              valueFrom:
+                                properties:
+                                  configMapKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                    - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  fieldRef:
+                                    properties:
+                                      apiVersion:
+                                        type: string
+                                      fieldPath:
+                                        type: string
+                                    required:
+                                    - fieldPath
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  resourceFieldRef:
+                                    properties:
+                                      containerName:
+                                        type: string
+                                      divisor:
+                                        anyOf:
+                                        - type: integer
+                                        - type: string
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                      resource:
+                                        type: string
+                                    required:
+                                    - resource
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  secretKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                    - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                type: object
+                            required:
+                            - name
+                            type: object
+                          type: array
+                        envFrom:
+                          items:
+                            properties:
+                              configMapRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              prefix:
+                                type: string
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            type: object
+                          type: array
+                        image:
+                          type: string
+                        imagePullPolicy:
+                          type: string
+                        lifecycle:
+                          properties:
+                            postStart:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                sleep:
+                                  properties:
+                                    seconds:
+                                      format: int64
+                                      type: integer
+                                  required:
+                                  - seconds
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                              type: object
+                            preStop:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                sleep:
+                                  properties:
+                                    seconds:
+                                      format: int64
+                                      type: integer
+                                  required:
+                                  - seconds
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                              type: object
+                          type: object
+                        livenessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                              - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                    - name
+                                    - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                              - port
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                              - port
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        name:
+                          type: string
+                        ports:
+                          items:
+                            properties:
+                              containerPort:
+                                format: int32
+                                type: integer
+                              hostIP:
+                                type: string
+                              hostPort:
+                                format: int32
+                                type: integer
+                              name:
+                                type: string
+                              protocol:
+                                default: TCP
+                                type: string
+                            required:
+                            - containerPort
+                            type: object
+                          type: array
+                          x-kubernetes-list-map-keys:
+                          - containerPort
+                          - protocol
+                          x-kubernetes-list-type: map
+                        readinessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                              - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                    - name
+                                    - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                              - port
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                              - port
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        resizePolicy:
+                          items:
+                            properties:
+                              resourceName:
+                                type: string
+                              restartPolicy:
+                                type: string
+                            required:
+                            - resourceName
+                            - restartPolicy
+                            type: object
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        resources:
+                          properties:
+                            claims:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
+                            limits:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                            requests:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                          type: object
+                        restartPolicy:
+                          type: string
+                        securityContext:
+                          properties:
+                            allowPrivilegeEscalation:
+                              type: boolean
+                            capabilities:
+                              properties:
+                                add:
+                                  items:
+                                    type: string
+                                  type: array
+                                drop:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            privileged:
+                              type: boolean
+                            procMount:
+                              type: string
+                            readOnlyRootFilesystem:
+                              type: boolean
+                            runAsGroup:
+                              format: int64
+                              type: integer
+                            runAsNonRoot:
+                              type: boolean
+                            runAsUser:
+                              format: int64
+                              type: integer
+                            seLinuxOptions:
+                              properties:
+                                level:
+                                  type: string
+                                role:
+                                  type: string
+                                type:
+                                  type: string
+                                user:
+                                  type: string
+                              type: object
+                            seccompProfile:
+                              properties:
+                                localhostProfile:
+                                  type: string
+                                type:
+                                  type: string
+                              required:
+                              - type
+                              type: object
+                            windowsOptions:
+                              properties:
+                                gmsaCredentialSpec:
+                                  type: string
+                                gmsaCredentialSpecName:
+                                  type: string
+                                hostProcess:
+                                  type: boolean
+                                runAsUserName:
+                                  type: string
+                              type: object
+                          type: object
+                        startupProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                              - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                    - name
+                                    - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                              - port
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                              - port
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        stdin:
+                          type: boolean
+                        stdinOnce:
+                          type: boolean
+                        terminationMessagePath:
+                          type: string
+                        terminationMessagePolicy:
+                          type: string
+                        tty:
+                          type: boolean
+                        volumeDevices:
+                          items:
+                            properties:
+                              devicePath:
+                                type: string
+                              name:
+                                type: string
+                            required:
+                            - devicePath
+                            - name
+                            type: object
+                          type: array
+                        volumeMounts:
+                          items:
+                            properties:
+                              mountPath:
+                                type: string
+                              mountPropagation:
+                                type: string
+                              name:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              subPath:
+                                type: string
+                              subPathExpr:
+                                type: string
+                            required:
+                            - mountPath
+                            - name
+                            type: object
+                          type: array
+                        workingDir:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  dnsConfig:
+                    properties:
+                      nameservers:
+                        items:
+                          type: string
+                        type: array
+                      options:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                            value:
+                              type: string
+                          type: object
+                        type: array
+                      searches:
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                  dnsPolicy:
+                    type: string
+                  enableServiceLinks:
+                    type: boolean
+                  ephemeralContainers:
+                    items:
+                      properties:
+                        args:
+                          items:
+                            type: string
+                          type: array
+                        command:
+                          items:
+                            type: string
+                          type: array
+                        env:
+                          items:
+                            properties:
+                              name:
+                                type: string
+                              value:
+                                type: string
+                              valueFrom:
+                                properties:
+                                  configMapKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                    - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  fieldRef:
+                                    properties:
+                                      apiVersion:
+                                        type: string
+                                      fieldPath:
+                                        type: string
+                                    required:
+                                    - fieldPath
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  resourceFieldRef:
+                                    properties:
+                                      containerName:
+                                        type: string
+                                      divisor:
+                                        anyOf:
+                                        - type: integer
+                                        - type: string
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                      resource:
+                                        type: string
+                                    required:
+                                    - resource
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  secretKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                    - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                type: object
+                            required:
+                            - name
+                            type: object
+                          type: array
+                        envFrom:
+                          items:
+                            properties:
+                              configMapRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              prefix:
+                                type: string
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            type: object
+                          type: array
+                        image:
+                          type: string
+                        imagePullPolicy:
+                          type: string
+                        lifecycle:
+                          properties:
+                            postStart:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                sleep:
+                                  properties:
+                                    seconds:
+                                      format: int64
+                                      type: integer
+                                  required:
+                                  - seconds
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                              type: object
+                            preStop:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                sleep:
+                                  properties:
+                                    seconds:
+                                      format: int64
+                                      type: integer
+                                  required:
+                                  - seconds
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                              type: object
+                          type: object
+                        livenessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                              - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                    - name
+                                    - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                              - port
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                              - port
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        name:
+                          type: string
+                        ports:
+                          items:
+                            properties:
+                              containerPort:
+                                format: int32
+                                type: integer
+                              hostIP:
+                                type: string
+                              hostPort:
+                                format: int32
+                                type: integer
+                              name:
+                                type: string
+                              protocol:
+                                default: TCP
+                                type: string
+                            required:
+                            - containerPort
+                            type: object
+                          type: array
+                          x-kubernetes-list-map-keys:
+                          - containerPort
+                          - protocol
+                          x-kubernetes-list-type: map
+                        readinessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                              - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                    - name
+                                    - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                              - port
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                              - port
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        resizePolicy:
+                          items:
+                            properties:
+                              resourceName:
+                                type: string
+                              restartPolicy:
+                                type: string
+                            required:
+                            - resourceName
+                            - restartPolicy
+                            type: object
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        resources:
+                          properties:
+                            claims:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
+                            limits:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                            requests:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                          type: object
+                        restartPolicy:
+                          type: string
+                        securityContext:
+                          properties:
+                            allowPrivilegeEscalation:
+                              type: boolean
+                            capabilities:
+                              properties:
+                                add:
+                                  items:
+                                    type: string
+                                  type: array
+                                drop:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            privileged:
+                              type: boolean
+                            procMount:
+                              type: string
+                            readOnlyRootFilesystem:
+                              type: boolean
+                            runAsGroup:
+                              format: int64
+                              type: integer
+                            runAsNonRoot:
+                              type: boolean
+                            runAsUser:
+                              format: int64
+                              type: integer
+                            seLinuxOptions:
+                              properties:
+                                level:
+                                  type: string
+                                role:
+                                  type: string
+                                type:
+                                  type: string
+                                user:
+                                  type: string
+                              type: object
+                            seccompProfile:
+                              properties:
+                                localhostProfile:
+                                  type: string
+                                type:
+                                  type: string
+                              required:
+                              - type
+                              type: object
+                            windowsOptions:
+                              properties:
+                                gmsaCredentialSpec:
+                                  type: string
+                                gmsaCredentialSpecName:
+                                  type: string
+                                hostProcess:
+                                  type: boolean
+                                runAsUserName:
+                                  type: string
+                              type: object
+                          type: object
+                        startupProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                              - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                    - name
+                                    - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                              - port
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                              - port
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        stdin:
+                          type: boolean
+                        stdinOnce:
+                          type: boolean
+                        targetContainerName:
+                          type: string
+                        terminationMessagePath:
+                          type: string
+                        terminationMessagePolicy:
+                          type: string
+                        tty:
+                          type: boolean
+                        volumeDevices:
+                          items:
+                            properties:
+                              devicePath:
+                                type: string
+                              name:
+                                type: string
+                            required:
+                            - devicePath
+                            - name
+                            type: object
+                          type: array
+                        volumeMounts:
+                          items:
+                            properties:
+                              mountPath:
+                                type: string
+                              mountPropagation:
+                                type: string
+                              name:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              subPath:
+                                type: string
+                              subPathExpr:
+                                type: string
+                            required:
+                            - mountPath
+                            - name
+                            type: object
+                          type: array
+                        workingDir:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  hostAliases:
+                    items:
+                      properties:
+                        hostnames:
+                          items:
+                            type: string
+                          type: array
+                        ip:
+                          type: string
+                      type: object
+                    type: array
+                  hostIPC:
+                    type: boolean
+                  hostNetwork:
+                    type: boolean
+                  hostPID:
+                    type: boolean
+                  hostUsers:
+                    type: boolean
+                  hostname:
+                    type: string
+                  imagePullSecrets:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      type: object
+                      x-kubernetes-map-type: atomic
+                    type: array
+                  initContainers:
+                    items:
+                      properties:
+                        args:
+                          items:
+                            type: string
+                          type: array
+                        command:
+                          items:
+                            type: string
+                          type: array
+                        env:
+                          items:
+                            properties:
+                              name:
+                                type: string
+                              value:
+                                type: string
+                              valueFrom:
+                                properties:
+                                  configMapKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                    - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  fieldRef:
+                                    properties:
+                                      apiVersion:
+                                        type: string
+                                      fieldPath:
+                                        type: string
+                                    required:
+                                    - fieldPath
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  resourceFieldRef:
+                                    properties:
+                                      containerName:
+                                        type: string
+                                      divisor:
+                                        anyOf:
+                                        - type: integer
+                                        - type: string
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                      resource:
+                                        type: string
+                                    required:
+                                    - resource
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  secretKeyRef:
+                                    properties:
+                                      key:
+                                        type: string
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    required:
+                                    - key
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                type: object
+                            required:
+                            - name
+                            type: object
+                          type: array
+                        envFrom:
+                          items:
+                            properties:
+                              configMapRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              prefix:
+                                type: string
+                              secretRef:
+                                properties:
+                                  name:
+                                    type: string
+                                  optional:
+                                    type: boolean
+                                type: object
+                                x-kubernetes-map-type: atomic
+                            type: object
+                          type: array
+                        image:
+                          type: string
+                        imagePullPolicy:
+                          type: string
+                        lifecycle:
+                          properties:
+                            postStart:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                sleep:
+                                  properties:
+                                    seconds:
+                                      format: int64
+                                      type: integer
+                                  required:
+                                  - seconds
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                              type: object
+                            preStop:
+                              properties:
+                                exec:
+                                  properties:
+                                    command:
+                                      items:
+                                        type: string
+                                      type: array
+                                  type: object
+                                httpGet:
+                                  properties:
+                                    host:
+                                      type: string
+                                    httpHeaders:
+                                      items:
+                                        properties:
+                                          name:
+                                            type: string
+                                          value:
+                                            type: string
+                                        required:
+                                        - name
+                                        - value
+                                        type: object
+                                      type: array
+                                    path:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                    scheme:
+                                      type: string
+                                  required:
+                                  - port
+                                  type: object
+                                sleep:
+                                  properties:
+                                    seconds:
+                                      format: int64
+                                      type: integer
+                                  required:
+                                  - seconds
+                                  type: object
+                                tcpSocket:
+                                  properties:
+                                    host:
+                                      type: string
+                                    port:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      x-kubernetes-int-or-string: true
+                                  required:
+                                  - port
+                                  type: object
+                              type: object
+                          type: object
+                        livenessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                              - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                    - name
+                                    - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                              - port
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                              - port
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        name:
+                          type: string
+                        ports:
+                          items:
+                            properties:
+                              containerPort:
+                                format: int32
+                                type: integer
+                              hostIP:
+                                type: string
+                              hostPort:
+                                format: int32
+                                type: integer
+                              name:
+                                type: string
+                              protocol:
+                                default: TCP
+                                type: string
+                            required:
+                            - containerPort
+                            type: object
+                          type: array
+                          x-kubernetes-list-map-keys:
+                          - containerPort
+                          - protocol
+                          x-kubernetes-list-type: map
+                        readinessProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                              - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                    - name
+                                    - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                              - port
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                              - port
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        resizePolicy:
+                          items:
+                            properties:
+                              resourceName:
+                                type: string
+                              restartPolicy:
+                                type: string
+                            required:
+                            - resourceName
+                            - restartPolicy
+                            type: object
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        resources:
+                          properties:
+                            claims:
+                              items:
+                                properties:
+                                  name:
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
+                            limits:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                            requests:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              type: object
+                          type: object
+                        restartPolicy:
+                          type: string
+                        securityContext:
+                          properties:
+                            allowPrivilegeEscalation:
+                              type: boolean
+                            capabilities:
+                              properties:
+                                add:
+                                  items:
+                                    type: string
+                                  type: array
+                                drop:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            privileged:
+                              type: boolean
+                            procMount:
+                              type: string
+                            readOnlyRootFilesystem:
+                              type: boolean
+                            runAsGroup:
+                              format: int64
+                              type: integer
+                            runAsNonRoot:
+                              type: boolean
+                            runAsUser:
+                              format: int64
+                              type: integer
+                            seLinuxOptions:
+                              properties:
+                                level:
+                                  type: string
+                                role:
+                                  type: string
+                                type:
+                                  type: string
+                                user:
+                                  type: string
+                              type: object
+                            seccompProfile:
+                              properties:
+                                localhostProfile:
+                                  type: string
+                                type:
+                                  type: string
+                              required:
+                              - type
+                              type: object
+                            windowsOptions:
+                              properties:
+                                gmsaCredentialSpec:
+                                  type: string
+                                gmsaCredentialSpecName:
+                                  type: string
+                                hostProcess:
+                                  type: boolean
+                                runAsUserName:
+                                  type: string
+                              type: object
+                          type: object
+                        startupProbe:
+                          properties:
+                            exec:
+                              properties:
+                                command:
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            failureThreshold:
+                              format: int32
+                              type: integer
+                            grpc:
+                              properties:
+                                port:
+                                  format: int32
+                                  type: integer
+                                service:
+                                  type: string
+                              required:
+                              - port
+                              type: object
+                            httpGet:
+                              properties:
+                                host:
+                                  type: string
+                                httpHeaders:
+                                  items:
+                                    properties:
+                                      name:
+                                        type: string
+                                      value:
+                                        type: string
+                                    required:
+                                    - name
+                                    - value
+                                    type: object
+                                  type: array
+                                path:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                                scheme:
+                                  type: string
+                              required:
+                              - port
+                              type: object
+                            initialDelaySeconds:
+                              format: int32
+                              type: integer
+                            periodSeconds:
+                              format: int32
+                              type: integer
+                            successThreshold:
+                              format: int32
+                              type: integer
+                            tcpSocket:
+                              properties:
+                                host:
+                                  type: string
+                                port:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  x-kubernetes-int-or-string: true
+                              required:
+                              - port
+                              type: object
+                            terminationGracePeriodSeconds:
+                              format: int64
+                              type: integer
+                            timeoutSeconds:
+                              format: int32
+                              type: integer
+                          type: object
+                        stdin:
+                          type: boolean
+                        stdinOnce:
+                          type: boolean
+                        terminationMessagePath:
+                          type: string
+                        terminationMessagePolicy:
+                          type: string
+                        tty:
+                          type: boolean
+                        volumeDevices:
+                          items:
+                            properties:
+                              devicePath:
+                                type: string
+                              name:
+                                type: string
+                            required:
+                            - devicePath
+                            - name
+                            type: object
+                          type: array
+                        volumeMounts:
+                          items:
+                            properties:
+                              mountPath:
+                                type: string
+                              mountPropagation:
+                                type: string
+                              name:
+                                type: string
+                              readOnly:
+                                type: boolean
+                              subPath:
+                                type: string
+                              subPathExpr:
+                                type: string
+                            required:
+                            - mountPath
+                            - name
+                            type: object
+                          type: array
+                        workingDir:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  nodeName:
+                    type: string
+                  nodeSelector:
+                    additionalProperties:
+                      type: string
+                    type: object
+                    x-kubernetes-map-type: atomic
+                  os:
+                    properties:
+                      name:
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  overhead:
+                    additionalProperties:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
+                    type: object
+                  preemptionPolicy:
+                    type: string
+                  priority:
+                    format: int32
+                    type: integer
+                  priorityClassName:
+                    type: string
+                  readinessGates:
+                    items:
+                      properties:
+                        conditionType:
+                          type: string
+                      required:
+                      - conditionType
+                      type: object
+                    type: array
+                  resourceClaims:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                        source:
+                          properties:
+                            resourceClaimName:
+                              type: string
+                            resourceClaimTemplateName:
+                              type: string
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                    x-kubernetes-list-map-keys:
+                    - name
+                    x-kubernetes-list-type: map
+                  restartPolicy:
+                    type: string
+                  runtimeClassName:
+                    type: string
+                  schedulerName:
+                    type: string
+                  schedulingGates:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                    x-kubernetes-list-map-keys:
+                    - name
+                    x-kubernetes-list-type: map
+                  securityContext:
+                    properties:
+                      fsGroup:
+                        format: int64
+                        type: integer
+                      fsGroupChangePolicy:
+                        type: string
+                      runAsGroup:
+                        format: int64
+                        type: integer
+                      runAsNonRoot:
+                        type: boolean
+                      runAsUser:
+                        format: int64
+                        type: integer
+                      seLinuxOptions:
+                        properties:
+                          level:
+                            type: string
+                          role:
+                            type: string
+                          type:
+                            type: string
+                          user:
+                            type: string
+                        type: object
+                      seccompProfile:
+                        properties:
+                          localhostProfile:
+                            type: string
+                          type:
+                            type: string
+                        required:
+                        - type
+                        type: object
+                      supplementalGroups:
+                        items:
+                          format: int64
+                          type: integer
+                        type: array
+                      sysctls:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                            value:
+                              type: string
+                          required:
+                          - name
+                          - value
+                          type: object
+                        type: array
+                      windowsOptions:
+                        properties:
+                          gmsaCredentialSpec:
+                            type: string
+                          gmsaCredentialSpecName:
+                            type: string
+                          hostProcess:
+                            type: boolean
+                          runAsUserName:
+                            type: string
+                        type: object
+                    type: object
+                  serviceAccount:
+                    type: string
+                  serviceAccountName:
+                    type: string
+                  setHostnameAsFQDN:
+                    type: boolean
+                  shareProcessNamespace:
+                    type: boolean
+                  subdomain:
+                    type: string
+                  terminationGracePeriodSeconds:
+                    format: int64
+                    type: integer
+                  tolerations:
+                    items:
+                      properties:
+                        effect:
+                          type: string
+                        key:
+                          type: string
+                        operator:
+                          type: string
+                        tolerationSeconds:
+                          format: int64
+                          type: integer
+                        value:
+                          type: string
+                      type: object
+                    type: array
+                  topologySpreadConstraints:
+                    items:
+                      properties:
+                        labelSelector:
+                          properties:
+                            matchExpressions:
+                              items:
+                                properties:
+                                  key:
+                                    type: string
+                                  operator:
+                                    type: string
+                                  values:
+                                    items:
+                                      type: string
+                                    type: array
+                                required:
+                                - key
+                                - operator
+                                type: object
+                              type: array
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              type: object
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        matchLabelKeys:
+                          items:
+                            type: string
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        maxSkew:
+                          format: int32
+                          type: integer
+                        minDomains:
+                          format: int32
+                          type: integer
+                        nodeAffinityPolicy:
+                          type: string
+                        nodeTaintsPolicy:
+                          type: string
+                        topologyKey:
+                          type: string
+                        whenUnsatisfiable:
+                          type: string
+                      required:
+                      - maxSkew
+                      - topologyKey
+                      - whenUnsatisfiable
+                      type: object
+                    type: array
+                    x-kubernetes-list-map-keys:
+                    - topologyKey
+                    - whenUnsatisfiable
+                    x-kubernetes-list-type: map
+                  volumes:
+                    items:
+                      properties:
+                        awsElasticBlockStore:
+                          properties:
+                            fsType:
+                              type: string
+                            partition:
+                              format: int32
+                              type: integer
+                            readOnly:
+                              type: boolean
+                            volumeID:
+                              type: string
+                          required:
+                          - volumeID
+                          type: object
+                        azureDisk:
+                          properties:
+                            cachingMode:
+                              type: string
+                            diskName:
+                              type: string
+                            diskURI:
+                              type: string
+                            fsType:
+                              type: string
+                            kind:
+                              type: string
+                            readOnly:
+                              type: boolean
+                          required:
+                          - diskName
+                          - diskURI
+                          type: object
+                        azureFile:
+                          properties:
+                            readOnly:
+                              type: boolean
+                            secretName:
+                              type: string
+                            shareName:
+                              type: string
+                          required:
+                          - secretName
+                          - shareName
+                          type: object
+                        cephfs:
+                          properties:
+                            monitors:
+                              items:
+                                type: string
+                              type: array
+                            path:
+                              type: string
+                            readOnly:
+                              type: boolean
+                            secretFile:
+                              type: string
+                            secretRef:
+                              properties:
+                                name:
+                                  type: string
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            user:
+                              type: string
+                          required:
+                          - monitors
+                          type: object
+                        cinder:
+                          properties:
+                            fsType:
+                              type: string
+                            readOnly:
+                              type: boolean
+                            secretRef:
+                              properties:
+                                name:
+                                  type: string
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            volumeID:
+                              type: string
+                          required:
+                          - volumeID
+                          type: object
+                        configMap:
+                          properties:
+                            defaultMode:
+                              format: int32
+                              type: integer
+                            items:
+                              items:
+                                properties:
+                                  key:
+                                    type: string
+                                  mode:
+                                    format: int32
+                                    type: integer
+                                  path:
+                                    type: string
+                                required:
+                                - key
+                                - path
+                                type: object
+                              type: array
+                            name:
+                              type: string
+                            optional:
+                              type: boolean
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        csi:
+                          properties:
+                            driver:
+                              type: string
+                            fsType:
+                              type: string
+                            nodePublishSecretRef:
+                              properties:
+                                name:
+                                  type: string
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            readOnly:
+                              type: boolean
+                            volumeAttributes:
+                              additionalProperties:
+                                type: string
+                              type: object
+                          required:
+                          - driver
+                          type: object
+                        downwardAPI:
+                          properties:
+                            defaultMode:
+                              format: int32
+                              type: integer
+                            items:
+                              items:
+                                properties:
+                                  fieldRef:
+                                    properties:
+                                      apiVersion:
+                                        type: string
+                                      fieldPath:
+                                        type: string
+                                    required:
+                                    - fieldPath
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  mode:
+                                    format: int32
+                                    type: integer
+                                  path:
+                                    type: string
+                                  resourceFieldRef:
+                                    properties:
+                                      containerName:
+                                        type: string
+                                      divisor:
+                                        anyOf:
+                                        - type: integer
+                                        - type: string
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                      resource:
+                                        type: string
+                                    required:
+                                    - resource
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                required:
+                                - path
+                                type: object
+                              type: array
+                          type: object
+                        emptyDir:
+                          properties:
+                            medium:
+                              type: string
+                            sizeLimit:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                              x-kubernetes-int-or-string: true
+                          type: object
+                        ephemeral:
+                          properties:
+                            volumeClaimTemplate:
+                              properties:
+                                metadata:
+                                  type: object
+                                spec:
+                                  properties:
+                                    accessModes:
+                                      items:
+                                        type: string
+                                      type: array
+                                    dataSource:
+                                      properties:
+                                        apiGroup:
+                                          type: string
+                                        kind:
+                                          type: string
+                                        name:
+                                          type: string
+                                      required:
+                                      - kind
+                                      - name
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    dataSourceRef:
+                                      properties:
+                                        apiGroup:
+                                          type: string
+                                        kind:
+                                          type: string
+                                        name:
+                                          type: string
+                                        namespace:
+                                          type: string
+                                      required:
+                                      - kind
+                                      - name
+                                      type: object
+                                    resources:
+                                      properties:
+                                        limits:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          type: object
+                                        requests:
+                                          additionalProperties:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                          type: object
+                                      type: object
+                                    selector:
+                                      properties:
+                                        matchExpressions:
+                                          items:
+                                            properties:
+                                              key:
+                                                type: string
+                                              operator:
+                                                type: string
+                                              values:
+                                                items:
+                                                  type: string
+                                                type: array
+                                            required:
+                                            - key
+                                            - operator
+                                            type: object
+                                          type: array
+                                        matchLabels:
+                                          additionalProperties:
+                                            type: string
+                                          type: object
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                    storageClassName:
+                                      type: string
+                                    volumeAttributesClassName:
+                                      type: string
+                                    volumeMode:
+                                      type: string
+                                    volumeName:
+                                      type: string
+                                  type: object
+                              required:
+                              - spec
+                              type: object
+                          type: object
+                        fc:
+                          properties:
+                            fsType:
+                              type: string
+                            lun:
+                              format: int32
+                              type: integer
+                            readOnly:
+                              type: boolean
+                            targetWWNs:
+                              items:
+                                type: string
+                              type: array
+                            wwids:
+                              items:
+                                type: string
+                              type: array
+                          type: object
+                        flexVolume:
+                          properties:
+                            driver:
+                              type: string
+                            fsType:
+                              type: string
+                            options:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            readOnly:
+                              type: boolean
+                            secretRef:
+                              properties:
+                                name:
+                                  type: string
+                              type: object
+                              x-kubernetes-map-type: atomic
+                          required:
+                          - driver
+                          type: object
+                        flocker:
+                          properties:
+                            datasetName:
+                              type: string
+                            datasetUUID:
+                              type: string
+                          type: object
+                        gcePersistentDisk:
+                          properties:
+                            fsType:
+                              type: string
+                            partition:
+                              format: int32
+                              type: integer
+                            pdName:
+                              type: string
+                            readOnly:
+                              type: boolean
+                          required:
+                          - pdName
+                          type: object
+                        gitRepo:
+                          properties:
+                            directory:
+                              type: string
+                            repository:
+                              type: string
+                            revision:
+                              type: string
+                          required:
+                          - repository
+                          type: object
+                        glusterfs:
+                          properties:
+                            endpoints:
+                              type: string
+                            path:
+                              type: string
+                            readOnly:
+                              type: boolean
+                          required:
+                          - endpoints
+                          - path
+                          type: object
+                        hostPath:
+                          properties:
+                            path:
+                              type: string
+                            type:
+                              type: string
+                          required:
+                          - path
+                          type: object
+                        iscsi:
+                          properties:
+                            chapAuthDiscovery:
+                              type: boolean
+                            chapAuthSession:
+                              type: boolean
+                            fsType:
+                              type: string
+                            initiatorName:
+                              type: string
+                            iqn:
+                              type: string
+                            iscsiInterface:
+                              type: string
+                            lun:
+                              format: int32
+                              type: integer
+                            portals:
+                              items:
+                                type: string
+                              type: array
+                            readOnly:
+                              type: boolean
+                            secretRef:
+                              properties:
+                                name:
+                                  type: string
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            targetPortal:
+                              type: string
+                          required:
+                          - iqn
+                          - lun
+                          - targetPortal
+                          type: object
+                        name:
+                          type: string
+                        nfs:
+                          properties:
+                            path:
+                              type: string
+                            readOnly:
+                              type: boolean
+                            server:
+                              type: string
+                          required:
+                          - path
+                          - server
+                          type: object
+                        persistentVolumeClaim:
+                          properties:
+                            claimName:
+                              type: string
+                            readOnly:
+                              type: boolean
+                          required:
+                          - claimName
+                          type: object
+                        photonPersistentDisk:
+                          properties:
+                            fsType:
+                              type: string
+                            pdID:
+                              type: string
+                          required:
+                          - pdID
+                          type: object
+                        portworxVolume:
+                          properties:
+                            fsType:
+                              type: string
+                            readOnly:
+                              type: boolean
+                            volumeID:
+                              type: string
+                          required:
+                          - volumeID
+                          type: object
+                        projected:
+                          properties:
+                            defaultMode:
+                              format: int32
+                              type: integer
+                            sources:
+                              items:
+                                properties:
+                                  clusterTrustBundle:
+                                    properties:
+                                      labelSelector:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  type: string
+                                                operator:
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                              required:
+                                              - key
+                                              - operator
+                                              type: object
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            type: object
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                      path:
+                                        type: string
+                                      signerName:
+                                        type: string
+                                    required:
+                                    - path
+                                    type: object
+                                  configMap:
+                                    properties:
+                                      items:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            mode:
+                                              format: int32
+                                              type: integer
+                                            path:
+                                              type: string
+                                          required:
+                                          - key
+                                          - path
+                                          type: object
+                                        type: array
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  downwardAPI:
+                                    properties:
+                                      items:
+                                        items:
+                                          properties:
+                                            fieldRef:
+                                              properties:
+                                                apiVersion:
+                                                  type: string
+                                                fieldPath:
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            mode:
+                                              format: int32
+                                              type: integer
+                                            path:
+                                              type: string
+                                            resourceFieldRef:
+                                              properties:
+                                                containerName:
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          required:
+                                          - path
+                                          type: object
+                                        type: array
+                                    type: object
+                                  secret:
+                                    properties:
+                                      items:
+                                        items:
+                                          properties:
+                                            key:
+                                              type: string
+                                            mode:
+                                              format: int32
+                                              type: integer
+                                            path:
+                                              type: string
+                                          required:
+                                          - key
+                                          - path
+                                          type: object
+                                        type: array
+                                      name:
+                                        type: string
+                                      optional:
+                                        type: boolean
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  serviceAccountToken:
+                                    properties:
+                                      audience:
+                                        type: string
+                                      expirationSeconds:
+                                        format: int64
+                                        type: integer
+                                      path:
+                                        type: string
+                                    required:
+                                    - path
+                                    type: object
+                                type: object
+                              type: array
+                          type: object
+                        quobyte:
+                          properties:
+                            group:
+                              type: string
+                            readOnly:
+                              type: boolean
+                            registry:
+                              type: string
+                            tenant:
+                              type: string
+                            user:
+                              type: string
+                            volume:
+                              type: string
+                          required:
+                          - registry
+                          - volume
+                          type: object
+                        rbd:
+                          properties:
+                            fsType:
+                              type: string
+                            image:
+                              type: string
+                            keyring:
+                              type: string
+                            monitors:
+                              items:
+                                type: string
+                              type: array
+                            pool:
+                              type: string
+                            readOnly:
+                              type: boolean
+                            secretRef:
+                              properties:
+                                name:
+                                  type: string
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            user:
+                              type: string
+                          required:
+                          - image
+                          - monitors
+                          type: object
+                        scaleIO:
+                          properties:
+                            fsType:
+                              type: string
+                            gateway:
+                              type: string
+                            protectionDomain:
+                              type: string
+                            readOnly:
+                              type: boolean
+                            secretRef:
+                              properties:
+                                name:
+                                  type: string
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            sslEnabled:
+                              type: boolean
+                            storageMode:
+                              type: string
+                            storagePool:
+                              type: string
+                            system:
+                              type: string
+                            volumeName:
+                              type: string
+                          required:
+                          - gateway
+                          - secretRef
+                          - system
+                          type: object
+                        secret:
+                          properties:
+                            defaultMode:
+                              format: int32
+                              type: integer
+                            items:
+                              items:
+                                properties:
+                                  key:
+                                    type: string
+                                  mode:
+                                    format: int32
+                                    type: integer
+                                  path:
+                                    type: string
+                                required:
+                                - key
+                                - path
+                                type: object
+                              type: array
+                            optional:
+                              type: boolean
+                            secretName:
+                              type: string
+                          type: object
+                        storageos:
+                          properties:
+                            fsType:
+                              type: string
+                            readOnly:
+                              type: boolean
+                            secretRef:
+                              properties:
+                                name:
+                                  type: string
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            volumeName:
+                              type: string
+                            volumeNamespace:
+                              type: string
+                          type: object
+                        vsphereVolume:
+                          properties:
+                            fsType:
+                              type: string
+                            storagePolicyID:
+                              type: string
+                            storagePolicyName:
+                              type: string
+                            volumePath:
+                              type: string
+                          required:
+                          - volumePath
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                required:
+                - containers
+                type: object
+              pvc:
+                type: string
+              rwoScheduling:
+                default: false
+                type: boolean
+            required:
+            - pvc
+            - rwoScheduling
+            type: object
+          status:
+            properties:
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      format: date-time
+                      type: string
+                    lastUpdateTime:
+                      format: date-time
+                      type: string
+                    message:
+                      type: string
+                    reason:
+                      type: string
+                    status:
+                      type: string
+                    type:
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              ready:
+                default: false
+                type: boolean
+              url:
+                type: string
+            required:
+            - ready
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+{{- end }}
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/tensorboard/tensorboard.kubeflow.org_tensorboards.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/tensorboard/tensorboard.kubeflow.org_tensorboards.yaml
new file mode 100644
index 00000000..4588a994
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/tensorboard/tensorboard.kubeflow.org_tensorboards.yaml
@@ -0,0 +1,91 @@
+{{- if (include "kubeflowCrds.tensorboard.controller.enabled" . | eq "true") -}}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.8.0
+  creationTimestamp: null
+  labels:
+    {{- include "kubeflowCrds.tensorboard.controller.labels" . | nindent 4 }}
+  name: {{ include "kubeflowCrds.tensorboard.controller.fullName" . }}
+spec:
+  group: {{ include "kubeflowCrds.tensorboard.controller.group" . }}
+  names:
+    kind: Tensorboard
+    listKind: TensorboardList
+    plural: {{ include "kubeflowCrds.tensorboard.controller.pluralName" . }}
+    singular: {{ include "kubeflowCrds.tensorboard.controller.singularName" . }}
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Tensorboard is the Schema for the tensorboards API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TensorboardSpec defines the desired state of Tensorboard
+            properties:
+              logspath:
+                description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+                  Important: Run "make" to regenerate code after modifying this file'
+                type: string
+            required:
+            - logspath
+            type: object
+          status:
+            description: TensorboardStatus defines the observed state of Tensorboard
+            properties:
+              conditions:
+                description: Conditions is an array of current conditions
+                items:
+                  description: TensorboardCondition defines the observed state of
+                    Tensorboard
+                  properties:
+                    deploymentState:
+                      description: Deployment status, 'Available', 'Progressing',
+                        'ReplicaFailure' .
+                      type: string
+                    lastProbeTime:
+                      description: Last time we probed the condition.
+                      format: date-time
+                      type: string
+                  required:
+                  - deploymentState
+                  type: object
+                type: array
+              readyReplicas:
+                description: ReadyReplicas defines the number of Tensorboard Servers
+                  that are available to connect. The value of ReadyReplicas can be
+                  either 0 or 1
+                format: int32
+                type: integer
+            required:
+            - conditions
+            - readyReplicas
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
+
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_mpijobs.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_mpijobs.yaml
new file mode 100644
index 00000000..322c2a24
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_mpijobs.yaml
@@ -0,0 +1,7547 @@
+{{- if (include "kubeflowCrds.trainingOperator.enabled" . | eq "true") -}}
+{{- if .Values.crds.minimized }}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }}
+  name: {{ include "kubeflowCrds.trainingOperator.mpiFullName" . }}
+spec:
+  group: {{ include "kubeflowCrds.trainingOperator.group" . }}
+  names:
+    kind: MPIJob
+    listKind: MPIJobList
+    plural: {{ include "kubeflowCrds.trainingOperator.mpiPluralName" . }}
+    singular: {{ include "kubeflowCrds.trainingOperator.mpiSingularName" . }}
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - jsonPath: .status.conditions[-1:].type
+      name: State
+      type: string
+    name: v1
+    schema:
+      openAPIV3Schema:
+        type: object
+        x-kubernetes-preserve-unknown-fields: true
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+{{- else }}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }}
+  name: {{ include "kubeflowCrds.trainingOperator.mpiFullName" . }}
+spec:
+  group: {{ include "kubeflowCrds.trainingOperator.group" . }}
+  names:
+    kind: MPIJob
+    listKind: MPIJobList
+    plural: {{ include "kubeflowCrds.trainingOperator.mpiPluralName" . }}
+    singular: {{ include "kubeflowCrds.trainingOperator.mpiSingularName" . }}
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - jsonPath: .status.conditions[-1:].type
+      name: State
+      type: string
+    name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              cleanPodPolicy:
+                description: |-
+                  CleanPodPolicy defines the policy that whether to kill pods after the job completes.
+                  Defaults to None.
+                type: string
+              mainContainer:
+                description: |-
+                  MainContainer specifies name of the main container which
+                  executes the MPI code.
+                type: string
+              mpiReplicaSpecs:
+                additionalProperties:
+                  description: ReplicaSpec is a description of the replica
+                  properties:
+                    replicas:
+                      description: |-
+                        Replicas is the desired number of replicas of the given template.
+                        If unspecified, defaults to 1.
+                      format: int32
+                      type: integer
+                    restartPolicy:
+                      description: |-
+                        Restart policy for all replicas within the job.
+                        One of Always, OnFailure, Never and ExitCode.
+                        Default to Never.
+                      type: string
+                    template:
+                      description: |-
+                        Template is the object that describes the pod that
+                        will be created for this replica. RestartPolicy in PodTemplateSpec
+                        will be overide by RestartPolicy in ReplicaSpec
+                      properties:
+                        metadata:
+                          description: |-
+                            Standard object's metadata.
+                            More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+                          properties:
+                            annotations:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            finalizers:
+                              items:
+                                type: string
+                              type: array
+                            labels:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                          type: object
+                        spec:
+                          description: |-
+                            Specification of the desired behavior of the pod.
+                            More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+                          properties:
+                            activeDeadlineSeconds:
+                              description: |-
+                                Optional duration in seconds the pod may be active on the node relative to
+                                StartTime before the system will actively try to mark it failed and kill associated containers.
+                                Value must be a positive integer.
+                              format: int64
+                              type: integer
+                            affinity:
+                              description: If specified, the pod's scheduling constraints
+                              properties:
+                                nodeAffinity:
+                                  description: Describes node affinity scheduling
+                                    rules for the pod.
+                                  properties:
+                                    preferredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        The scheduler will prefer to schedule pods to nodes that satisfy
+                                        the affinity expressions specified by this field, but it may choose
+                                        a node that violates one or more of the expressions. The node that is
+                                        most preferred is the one with the greatest sum of weights, i.e.
+                                        for each node that meets all of the scheduling requirements (resource
+                                        request, requiredDuringScheduling affinity expressions, etc.
+                                      items:
+                                        description: |-
+                                          An empty preferred scheduling term matches all objects with implicit weight 0
+                                          (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+                                        properties:
+                                          preference:
+                                            description: A node selector term, associated
+                                              with the corresponding weight.
+                                            properties:
+                                              matchExpressions:
+                                                description: A list of node selector
+                                                  requirements by node's labels.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchFields:
+                                                description: A list of node selector
+                                                  requirements by node's fields.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          weight:
+                                            description: Weight associated with matching
+                                              the corresponding nodeSelectorTerm,
+                                              in the range 1-100.
+                                            format: int32
+                                            type: integer
+                                        required:
+                                        - preference
+                                        - weight
+                                        type: object
+                                      type: array
+                                    requiredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        If the affinity requirements specified by this field are not met at
+                                        scheduling time, the pod will not be scheduled onto the node.
+                                        If the affinity requirements specified by this field cease to be met
+                                        at some point during pod execution (e.g. due to an update), the system
+                                        may or may not try to eventually evict the pod from its node.
+                                      properties:
+                                        nodeSelectorTerms:
+                                          description: Required. A list of node selector
+                                            terms. The terms are ORed.
+                                          items:
+                                            description: |-
+                                              A null or empty node selector term matches no objects. The requirements of
+                                              them are ANDed.
+                                              The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+                                            properties:
+                                              matchExpressions:
+                                                description: A list of node selector
+                                                  requirements by node's labels.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchFields:
+                                                description: A list of node selector
+                                                  requirements by node's fields.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          type: array
+                                      required:
+                                      - nodeSelectorTerms
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                  type: object
+                                podAffinity:
+                                  description: Describes pod affinity scheduling rules
+                                    (e.g. co-locate this pod in the same node, zone,
+                                    etc. as some other pod(s)).
+                                  properties:
+                                    preferredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        The scheduler will prefer to schedule pods to nodes that satisfy
+                                        the affinity expressions specified by this field, but it may choose
+                                        a node that violates one or more of the expressions. The node that is
+                                        most preferred is the one with the greatest sum of weights, i.e.
+                                        for each node that meets all of the scheduling requirements (resource
+                                        request, requiredDuringScheduling affinity expressions, etc.
+                                      items:
+                                        description: The weights of all of the matched
+                                          WeightedPodAffinityTerm fields are added
+                                          per-node to find the most preferred node(s)
+                                        properties:
+                                          podAffinityTerm:
+                                            description: Required. A pod affinity
+                                              term, associated with the corresponding
+                                              weight.
+                                            properties:
+                                              labelSelector:
+                                                description: |-
+                                                  A label query over a set of resources, in this case pods.
+                                                  If it's null, this PodAffinityTerm matches with no Pods.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              matchLabelKeys:
+                                                description: |-
+                                                  MatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              mismatchLabelKeys:
+                                                description: |-
+                                                  MismatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              namespaceSelector:
+                                                description: |-
+                                                  A label query over the set of namespaces that the term applies to.
+                                                  The term is applied to the union of the namespaces selected by this field
+                                                  and the ones listed in the namespaces field.
+                                                  null selector and null or empty namespaces list means "this pod's namespace".
+                                                  An empty selector ({}) matches all namespaces.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              namespaces:
+                                                description: |-
+                                                  namespaces specifies a static list of namespace names that the term applies to.
+                                                  The term is applied to the union of the namespaces listed in this field
+                                                  and the ones selected by namespaceSelector.
+                                                  null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                                items:
+                                                  type: string
+                                                type: array
+                                              topologyKey:
+                                                description: |-
+                                                  This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                                  the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                                  whose value of the label with key topologyKey matches that of any node on which any of the
+                                                  selected pods is running.
+                                                  Empty topologyKey is not allowed.
+                                                type: string
+                                            required:
+                                            - topologyKey
+                                            type: object
+                                          weight:
+                                            description: |-
+                                              weight associated with matching the corresponding podAffinityTerm,
+                                              in the range 1-100.
+                                            format: int32
+                                            type: integer
+                                        required:
+                                        - podAffinityTerm
+                                        - weight
+                                        type: object
+                                      type: array
+                                    requiredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        If the affinity requirements specified by this field are not met at
+                                        scheduling time, the pod will not be scheduled onto the node.
+                                        If the affinity requirements specified by this field cease to be met
+                                        at some point during pod execution (e.g. due to a pod label update), the
+                                        system may or may not try to eventually evict the pod from its node.
+                                      items:
+                                        description: |-
+                                          Defines a set of pods (namely those matching the labelSelector
+                                          relative to the given namespace(s)) that this pod should be
+                                          co-located (affinity) or not co-located (anti-affinity) with,
+                                          where co-located is defined as running on a node whose value of
+                                          the label with key <topologyKey> matches that of any node on which
+                                          a pod of the set of pods is running
+                                        properties:
+                                          labelSelector:
+                                            description: |-
+                                              A label query over a set of resources, in this case pods.
+                                              If it's null, this PodAffinityTerm matches with no Pods.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          matchLabelKeys:
+                                            description: |-
+                                              MatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          mismatchLabelKeys:
+                                            description: |-
+                                              MismatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          namespaceSelector:
+                                            description: |-
+                                              A label query over the set of namespaces that the term applies to.
+                                              The term is applied to the union of the namespaces selected by this field
+                                              and the ones listed in the namespaces field.
+                                              null selector and null or empty namespaces list means "this pod's namespace".
+                                              An empty selector ({}) matches all namespaces.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          namespaces:
+                                            description: |-
+                                              namespaces specifies a static list of namespace names that the term applies to.
+                                              The term is applied to the union of the namespaces listed in this field
+                                              and the ones selected by namespaceSelector.
+                                              null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                            items:
+                                              type: string
+                                            type: array
+                                          topologyKey:
+                                            description: |-
+                                              This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                              the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                              whose value of the label with key topologyKey matches that of any node on which any of the
+                                              selected pods is running.
+                                              Empty topologyKey is not allowed.
+                                            type: string
+                                        required:
+                                        - topologyKey
+                                        type: object
+                                      type: array
+                                  type: object
+                                podAntiAffinity:
+                                  description: Describes pod anti-affinity scheduling
+                                    rules (e.g. avoid putting this pod in the same
+                                    node, zone, etc. as some other pod(s)).
+                                  properties:
+                                    preferredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        The scheduler will prefer to schedule pods to nodes that satisfy
+                                        the anti-affinity expressions specified by this field, but it may choose
+                                        a node that violates one or more of the expressions. The node that is
+                                        most preferred is the one with the greatest sum of weights, i.e.
+                                      items:
+                                        description: The weights of all of the matched
+                                          WeightedPodAffinityTerm fields are added
+                                          per-node to find the most preferred node(s)
+                                        properties:
+                                          podAffinityTerm:
+                                            description: Required. A pod affinity
+                                              term, associated with the corresponding
+                                              weight.
+                                            properties:
+                                              labelSelector:
+                                                description: |-
+                                                  A label query over a set of resources, in this case pods.
+                                                  If it's null, this PodAffinityTerm matches with no Pods.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              matchLabelKeys:
+                                                description: |-
+                                                  MatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              mismatchLabelKeys:
+                                                description: |-
+                                                  MismatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              namespaceSelector:
+                                                description: |-
+                                                  A label query over the set of namespaces that the term applies to.
+                                                  The term is applied to the union of the namespaces selected by this field
+                                                  and the ones listed in the namespaces field.
+                                                  null selector and null or empty namespaces list means "this pod's namespace".
+                                                  An empty selector ({}) matches all namespaces.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              namespaces:
+                                                description: |-
+                                                  namespaces specifies a static list of namespace names that the term applies to.
+                                                  The term is applied to the union of the namespaces listed in this field
+                                                  and the ones selected by namespaceSelector.
+                                                  null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                                items:
+                                                  type: string
+                                                type: array
+                                              topologyKey:
+                                                description: |-
+                                                  This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                                  the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                                  whose value of the label with key topologyKey matches that of any node on which any of the
+                                                  selected pods is running.
+                                                  Empty topologyKey is not allowed.
+                                                type: string
+                                            required:
+                                            - topologyKey
+                                            type: object
+                                          weight:
+                                            description: |-
+                                              weight associated with matching the corresponding podAffinityTerm,
+                                              in the range 1-100.
+                                            format: int32
+                                            type: integer
+                                        required:
+                                        - podAffinityTerm
+                                        - weight
+                                        type: object
+                                      type: array
+                                    requiredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        If the anti-affinity requirements specified by this field are not met at
+                                        scheduling time, the pod will not be scheduled onto the node.
+                                        If the anti-affinity requirements specified by this field cease to be met
+                                        at some point during pod execution (e.g. due to a pod label update), the
+                                        system may or may not try to eventually evict the pod from its node.
+                                      items:
+                                        description: |-
+                                          Defines a set of pods (namely those matching the labelSelector
+                                          relative to the given namespace(s)) that this pod should be
+                                          co-located (affinity) or not co-located (anti-affinity) with,
+                                          where co-located is defined as running on a node whose value of
+                                          the label with key <topologyKey> matches that of any node on which
+                                          a pod of the set of pods is running
+                                        properties:
+                                          labelSelector:
+                                            description: |-
+                                              A label query over a set of resources, in this case pods.
+                                              If it's null, this PodAffinityTerm matches with no Pods.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          matchLabelKeys:
+                                            description: |-
+                                              MatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          mismatchLabelKeys:
+                                            description: |-
+                                              MismatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          namespaceSelector:
+                                            description: |-
+                                              A label query over the set of namespaces that the term applies to.
+                                              The term is applied to the union of the namespaces selected by this field
+                                              and the ones listed in the namespaces field.
+                                              null selector and null or empty namespaces list means "this pod's namespace".
+                                              An empty selector ({}) matches all namespaces.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          namespaces:
+                                            description: |-
+                                              namespaces specifies a static list of namespace names that the term applies to.
+                                              The term is applied to the union of the namespaces listed in this field
+                                              and the ones selected by namespaceSelector.
+                                              null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                            items:
+                                              type: string
+                                            type: array
+                                          topologyKey:
+                                            description: |-
+                                              This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                              the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                              whose value of the label with key topologyKey matches that of any node on which any of the
+                                              selected pods is running.
+                                              Empty topologyKey is not allowed.
+                                            type: string
+                                        required:
+                                        - topologyKey
+                                        type: object
+                                      type: array
+                                  type: object
+                              type: object
+                            automountServiceAccountToken:
+                              description: AutomountServiceAccountToken indicates
+                                whether a service account token should be automatically
+                                mounted.
+                              type: boolean
+                            containers:
+                              description: |-
+                                List of containers belonging to the pod.
+                                Containers cannot currently be added or removed.
+                                There must be at least one container in a Pod.
+                                Cannot be updated.
+                              items:
+                                description: A single application container that you
+                                  want to run within a pod.
+                                properties:
+                                  args:
+                                    description: |-
+                                      Arguments to the entrypoint.
+                                      The container image's CMD is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  command:
+                                    description: |-
+                                      Entrypoint array. Not executed within a shell.
+                                      The container image's ENTRYPOINT is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  env:
+                                    description: |-
+                                      List of environment variables to set in the container.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvVar represents an environment
+                                        variable present in a Container.
+                                      properties:
+                                        name:
+                                          description: Name of the environment variable.
+                                            Must be a C_IDENTIFIER.
+                                          type: string
+                                        value:
+                                          description: |-
+                                            Variable references $(VAR_NAME) are expanded
+                                            using the previously defined environment variables in the container and
+                                            any service environment variables. If a variable cannot be resolved,
+                                            the reference in the input string will be unchanged. Double $$ are reduced
+                                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                          type: string
+                                        valueFrom:
+                                          description: Source for the environment
+                                            variable's value. Cannot be used if value
+                                            is not empty.
+                                          properties:
+                                            configMapKeyRef:
+                                              description: Selects a key of a ConfigMap.
+                                              properties:
+                                                key:
+                                                  description: The key to select.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    ConfigMap or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            fieldRef:
+                                              description: |-
+                                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            secretKeyRef:
+                                              description: Selects a key of a secret
+                                                in the pod's namespace
+                                              properties:
+                                                key:
+                                                  description: The key of the secret
+                                                    to select from.  Must be a valid
+                                                    secret key.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    Secret or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  envFrom:
+                                    description: |-
+                                      List of sources to populate environment variables in the container.
+                                      The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                      will be reported as an event when the container is starting. When a key exists in multiple
+                                      sources, the value associated with the last source will take precedence.
+                                      Values defined by an Env with a duplicate key will take precedence.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvFromSource represents the source
+                                        of a set of ConfigMaps
+                                      properties:
+                                        configMapRef:
+                                          description: The ConfigMap to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the ConfigMap
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        prefix:
+                                          description: An optional identifier to prepend
+                                            to each key in the ConfigMap. Must be
+                                            a C_IDENTIFIER.
+                                          type: string
+                                        secretRef:
+                                          description: The Secret to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the Secret
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                      type: object
+                                    type: array
+                                  image:
+                                    description: |-
+                                      Container image name.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images
+                                      This field is optional to allow higher level config management to default or override
+                                      container images in workload controllers like Deployments and StatefulSets.
+                                    type: string
+                                  imagePullPolicy:
+                                    description: |-
+                                      Image pull policy.
+                                      One of Always, Never, IfNotPresent.
+                                      Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                    type: string
+                                  lifecycle:
+                                    description: |-
+                                      Actions that the management system should take in response to container lifecycle events.
+                                      Cannot be updated.
+                                    properties:
+                                      postStart:
+                                        description: |-
+                                          PostStart is called immediately after a container is created. If the handler fails,
+                                          the container is terminated and restarted according to its restart policy.
+                                          Other management of the container blocks until the hook completes.
+                                          More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                      preStop:
+                                        description: |-
+                                          PreStop is called immediately before a container is terminated due to an
+                                          API request or management event such as liveness/startup probe failure,
+                                          preemption, resource contention, etc. The handler is not called if the
+                                          container crashes or exits. The Pod's termination grace period countdown begins before the
+                                          PreStop hook is executed.
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                    type: object
+                                  livenessProbe:
+                                    description: |-
+                                      Periodic probe of container liveness.
+                                      Container will be restarted if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  name:
+                                    description: |-
+                                      Name of the container specified as a DNS_LABEL.
+                                      Each container in a pod must have a unique name (DNS_LABEL).
+                                      Cannot be updated.
+                                    type: string
+                                  ports:
+                                    description: |-
+                                      List of ports to expose from the container. Not specifying a port here
+                                      DOES NOT prevent that port from being exposed. Any port which is
+                                      listening on the default "0.0.0.0" address inside a container will be
+                                      accessible from the network.
+                                      Modifying this array with strategic merge patch may corrupt the data.
+                                      For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+                                    items:
+                                      description: ContainerPort represents a network
+                                        port in a single container.
+                                      properties:
+                                        containerPort:
+                                          description: |-
+                                            Number of port to expose on the pod's IP address.
+                                            This must be a valid port number, 0 < x < 65536.
+                                          format: int32
+                                          type: integer
+                                        hostIP:
+                                          description: What host IP to bind the external
+                                            port to.
+                                          type: string
+                                        hostPort:
+                                          description: |-
+                                            Number of port to expose on the host.
+                                            If specified, this must be a valid port number, 0 < x < 65536.
+                                            If HostNetwork is specified, this must match ContainerPort.
+                                            Most containers do not need this.
+                                          format: int32
+                                          type: integer
+                                        name:
+                                          description: |-
+                                            If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                            named port in a pod must have a unique name. Name for the port that can be
+                                            referred to by services.
+                                          type: string
+                                        protocol:
+                                          default: TCP
+                                          description: |-
+                                            Protocol for port. Must be UDP, TCP, or SCTP.
+                                            Defaults to "TCP".
+                                          type: string
+                                      required:
+                                      - containerPort
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-map-keys:
+                                    - containerPort
+                                    - protocol
+                                    x-kubernetes-list-type: map
+                                  readinessProbe:
+                                    description: |-
+                                      Periodic probe of container service readiness.
+                                      Container will be removed from service endpoints if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  resizePolicy:
+                                    description: Resources resize policy for the container.
+                                    items:
+                                      description: ContainerResizePolicy represents
+                                        resource resize policy for the container.
+                                      properties:
+                                        resourceName:
+                                          description: |-
+                                            Name of the resource to which this resource resize policy applies.
+                                            Supported values: cpu, memory.
+                                          type: string
+                                        restartPolicy:
+                                          description: |-
+                                            Restart policy to apply when specified resource is resized.
+                                            If not specified, it defaults to NotRequired.
+                                          type: string
+                                      required:
+                                      - resourceName
+                                      - restartPolicy
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  resources:
+                                    description: |-
+                                      Compute Resources required by this container.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                    properties:
+                                      claims:
+                                        description: |-
+                                          Claims lists the names of resources, defined in spec.resourceClaims,
+                                          that are used by this container.
+
+
+                                          This is an alpha field and requires enabling the
+                                          DynamicResourceAllocation feature gate.
+
+
+                                          This field is immutable. It can only be set for containers.
+                                        items:
+                                          description: ResourceClaim references one
+                                            entry in PodSpec.ResourceClaims.
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name must match the name of one entry in pod.spec.resourceClaims of
+                                                the Pod where this field is used. It makes that resource available
+                                                inside a container.
+                                              type: string
+                                          required:
+                                          - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                        - name
+                                        x-kubernetes-list-type: map
+                                      limits:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Limits describes the maximum amount of compute resources allowed.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                      requests:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Requests describes the minimum amount of compute resources required.
+                                          If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                          otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                    type: object
+                                  restartPolicy:
+                                    description: |-
+                                      RestartPolicy defines the restart behavior of individual containers in a pod.
+                                      This field may only be set for init containers, and the only allowed value is "Always".
+                                      For non-init containers or when this field is not specified,
+                                      the restart behavior is defined by the Pod's restart policy and the container type.
+                                    type: string
+                                  securityContext:
+                                    description: |-
+                                      SecurityContext defines the security options the container should be run with.
+                                      If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                      More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+                                    properties:
+                                      allowPrivilegeEscalation:
+                                        description: |-
+                                          AllowPrivilegeEscalation controls whether a process can gain more
+                                          privileges than its parent process. This bool directly controls if
+                                          the no_new_privs flag will be set on the container process.
+                                          AllowPrivilegeEscalation is true always when the container is:
+                                          1) run as Privileged
+                                          2) has CAP_SYS_ADMIN
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      capabilities:
+                                        description: |-
+                                          The capabilities to add/drop when running containers.
+                                          Defaults to the default set of capabilities granted by the container runtime.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          add:
+                                            description: Added capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                          drop:
+                                            description: Removed capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                        type: object
+                                      privileged:
+                                        description: |-
+                                          Run container in privileged mode.
+                                          Processes in privileged containers are essentially equivalent to root on the host.
+                                          Defaults to false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      procMount:
+                                        description: |-
+                                          procMount denotes the type of proc mount to use for the containers.
+                                          The default is DefaultProcMount which uses the container runtime defaults for
+                                          readonly paths and masked paths.
+                                          This requires the ProcMountType feature flag to be enabled.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: string
+                                      readOnlyRootFilesystem:
+                                        description: |-
+                                          Whether this container has a read-only root filesystem.
+                                          Default is false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      runAsGroup:
+                                        description: |-
+                                          The GID to run the entrypoint of the container process.
+                                          Uses runtime default if unset.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      runAsNonRoot:
+                                        description: |-
+                                          Indicates that the container must run as a non-root user.
+                                          If true, the Kubelet will validate the image at runtime to ensure that it
+                                          does not run as UID 0 (root) and fail to start the container if it does.
+                                          If unset or false, no such validation will be performed.
+                                          May also be set in PodSecurityContext.
+                                        type: boolean
+                                      runAsUser:
+                                        description: |-
+                                          The UID to run the entrypoint of the container process.
+                                          Defaults to user specified in image metadata if unspecified.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      seLinuxOptions:
+                                        description: |-
+                                          The SELinux context to be applied to the container.
+                                          If unspecified, the container runtime will allocate a random SELinux context for each
+                                          container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          level:
+                                            description: Level is SELinux level label
+                                              that applies to the container.
+                                            type: string
+                                          role:
+                                            description: Role is a SELinux role label
+                                              that applies to the container.
+                                            type: string
+                                          type:
+                                            description: Type is a SELinux type label
+                                              that applies to the container.
+                                            type: string
+                                          user:
+                                            description: User is a SELinux user label
+                                              that applies to the container.
+                                            type: string
+                                        type: object
+                                      seccompProfile:
+                                        description: |-
+                                          The seccomp options to use by this container. If seccomp options are
+                                          provided at both the pod & container level, the container options
+                                          override the pod options.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          localhostProfile:
+                                            description: |-
+                                              localhostProfile indicates a profile defined in a file on the node should be used.
+                                              The profile must be preconfigured on the node to work.
+                                              Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                              Must be set if type is "Localhost". Must NOT be set for any other type.
+                                            type: string
+                                          type:
+                                            description: |-
+                                              type indicates which kind of seccomp profile will be applied.
+                                              Valid options are:
+
+
+                                              Localhost - a profile defined in a file on the node should be used.
+                                              RuntimeDefault - the container runtime default profile should be used.
+                                              Unconfined - no profile should be applied.
+                                            type: string
+                                        required:
+                                        - type
+                                        type: object
+                                      windowsOptions:
+                                        description: |-
+                                          The Windows specific settings applied to all containers.
+                                          If unspecified, the options from the PodSecurityContext will be used.
+                                          If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is linux.
+                                        properties:
+                                          gmsaCredentialSpec:
+                                            description: |-
+                                              GMSACredentialSpec is where the GMSA admission webhook
+                                              (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                              GMSA credential spec named by the GMSACredentialSpecName field.
+                                            type: string
+                                          gmsaCredentialSpecName:
+                                            description: GMSACredentialSpecName is
+                                              the name of the GMSA credential spec
+                                              to use.
+                                            type: string
+                                          hostProcess:
+                                            description: |-
+                                              HostProcess determines if a container should be run as a 'Host Process' container.
+                                              All of a Pod's containers must have the same effective HostProcess value
+                                              (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                              In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                            type: boolean
+                                          runAsUserName:
+                                            description: |-
+                                              The UserName in Windows to run the entrypoint of the container process.
+                                              Defaults to the user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext. If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: string
+                                        type: object
+                                    type: object
+                                  startupProbe:
+                                    description: |-
+                                      StartupProbe indicates that the Pod has successfully initialized.
+                                      If specified, no other probes are executed until this completes successfully.
+                                      If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  stdin:
+                                    description: |-
+                                      Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                      is not set, reads from stdin in the container will always result in EOF.
+                                      Default is false.
+                                    type: boolean
+                                  stdinOnce:
+                                    description: |-
+                                      Whether the container runtime should close the stdin channel after it has been opened by
+                                      a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                      sessions.
+                                    type: boolean
+                                  terminationMessagePath:
+                                    description: |-
+                                      Optional: Path at which the file to which the container's termination message
+                                      will be written is mounted into the container's filesystem.
+                                      Message written is intended to be brief final status, such as an assertion failure message.
+                                      Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                      all containers will be limited to 12kb.
+                                      Defaults to /dev/termination-log.
+                                    type: string
+                                  terminationMessagePolicy:
+                                    description: |-
+                                      Indicate how the termination message should be populated. File will use the contents of
+                                      terminationMessagePath to populate the container status message on both success and failure.
+                                      FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                      message file is empty and the container exited with an error.
+                                    type: string
+                                  tty:
+                                    description: |-
+                                      Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                      Default is false.
+                                    type: boolean
+                                  volumeDevices:
+                                    description: volumeDevices is the list of block
+                                      devices to be used by the container.
+                                    items:
+                                      description: volumeDevice describes a mapping
+                                        of a raw block device within a container.
+                                      properties:
+                                        devicePath:
+                                          description: devicePath is the path inside
+                                            of the container that the device will
+                                            be mapped to.
+                                          type: string
+                                        name:
+                                          description: name must match the name of
+                                            a persistentVolumeClaim in the pod
+                                          type: string
+                                      required:
+                                      - devicePath
+                                      - name
+                                      type: object
+                                    type: array
+                                  volumeMounts:
+                                    description: |-
+                                      Pod volumes to mount into the container's filesystem.
+                                      Cannot be updated.
+                                    items:
+                                      description: VolumeMount describes a mounting
+                                        of a Volume within a container.
+                                      properties:
+                                        mountPath:
+                                          description: |-
+                                            Path within the container at which the volume should be mounted.  Must
+                                            not contain ':'.
+                                          type: string
+                                        mountPropagation:
+                                          description: |-
+                                            mountPropagation determines how mounts are propagated from the host
+                                            to container and the other way around.
+                                            When not set, MountPropagationNone is used.
+                                            This field is beta in 1.10.
+                                          type: string
+                                        name:
+                                          description: This must match the Name of
+                                            a Volume.
+                                          type: string
+                                        readOnly:
+                                          description: |-
+                                            Mounted read-only if true, read-write otherwise (false or unspecified).
+                                            Defaults to false.
+                                          type: boolean
+                                        subPath:
+                                          description: |-
+                                            Path within the volume from which the container's volume should be mounted.
+                                            Defaults to "" (volume's root).
+                                          type: string
+                                        subPathExpr:
+                                          description: |-
+                                            Expanded path within the volume from which the container's volume should be mounted.
+                                            Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                            Defaults to "" (volume's root).
+                                            SubPathExpr and SubPath are mutually exclusive.
+                                          type: string
+                                      required:
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                  workingDir:
+                                    description: |-
+                                      Container's working directory.
+                                      If not specified, the container runtime's default will be used, which
+                                      might be configured in the container image.
+                                      Cannot be updated.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            dnsConfig:
+                              description: |-
+                                Specifies the DNS parameters of a pod.
+                                Parameters specified here will be merged to the generated DNS
+                                configuration based on DNSPolicy.
+                              properties:
+                                nameservers:
+                                  description: |-
+                                    A list of DNS name server IP addresses.
+                                    This will be appended to the base nameservers generated from DNSPolicy.
+                                    Duplicated nameservers will be removed.
+                                  items:
+                                    type: string
+                                  type: array
+                                options:
+                                  description: |-
+                                    A list of DNS resolver options.
+                                    This will be merged with the base options generated from DNSPolicy.
+                                    Duplicated entries will be removed. Resolution options given in Options
+                                    will override those that appear in the base DNSPolicy.
+                                  items:
+                                    description: PodDNSConfigOption defines DNS resolver
+                                      options of a pod.
+                                    properties:
+                                      name:
+                                        description: Required.
+                                        type: string
+                                      value:
+                                        type: string
+                                    type: object
+                                  type: array
+                                searches:
+                                  description: |-
+                                    A list of DNS search domains for host-name lookup.
+                                    This will be appended to the base search paths generated from DNSPolicy.
+                                    Duplicated search paths will be removed.
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            dnsPolicy:
+                              description: |-
+                                Set DNS policy for the pod.
+                                Defaults to "ClusterFirst".
+                                Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
+                                DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
+                                To have DNS options set along with hostNetwork, you have to specify DNS policy
+                                explicitly to 'ClusterFirstWithHostNet'.
+                              type: string
+                            enableServiceLinks:
+                              description: |-
+                                EnableServiceLinks indicates whether information about services should be injected into pod's
+                                environment variables, matching the syntax of Docker links.
+                                Optional: Defaults to true.
+                              type: boolean
+                            ephemeralContainers:
+                              description: |-
+                                List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing
+                                pod to perform user-initiated actions such as debugging. This list cannot be specified when
+                                creating a pod, and it cannot be modified by updating the pod spec. In order to add an
+                                ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
+                              items:
+                                description: |-
+                                  An EphemeralContainer is a temporary container that you may add to an existing Pod for
+                                  user-initiated activities such as debugging. Ephemeral containers have no resource or
+                                  scheduling guarantees, and they will not be restarted when they exit or when a Pod is
+                                  removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the
+                                  Pod to exceed its resource allocation.
+                                properties:
+                                  args:
+                                    description: |-
+                                      Arguments to the entrypoint.
+                                      The image's CMD is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+                                      produce the string literal "$(VAR_NAME)".
+                                    items:
+                                      type: string
+                                    type: array
+                                  command:
+                                    description: |-
+                                      Entrypoint array. Not executed within a shell.
+                                      The image's ENTRYPOINT is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  env:
+                                    description: |-
+                                      List of environment variables to set in the container.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvVar represents an environment
+                                        variable present in a Container.
+                                      properties:
+                                        name:
+                                          description: Name of the environment variable.
+                                            Must be a C_IDENTIFIER.
+                                          type: string
+                                        value:
+                                          description: |-
+                                            Variable references $(VAR_NAME) are expanded
+                                            using the previously defined environment variables in the container and
+                                            any service environment variables. If a variable cannot be resolved,
+                                            the reference in the input string will be unchanged. Double $$ are reduced
+                                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                          type: string
+                                        valueFrom:
+                                          description: Source for the environment
+                                            variable's value. Cannot be used if value
+                                            is not empty.
+                                          properties:
+                                            configMapKeyRef:
+                                              description: Selects a key of a ConfigMap.
+                                              properties:
+                                                key:
+                                                  description: The key to select.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    ConfigMap or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            fieldRef:
+                                              description: |-
+                                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            secretKeyRef:
+                                              description: Selects a key of a secret
+                                                in the pod's namespace
+                                              properties:
+                                                key:
+                                                  description: The key of the secret
+                                                    to select from.  Must be a valid
+                                                    secret key.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    Secret or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  envFrom:
+                                    description: |-
+                                      List of sources to populate environment variables in the container.
+                                      The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                      will be reported as an event when the container is starting. When a key exists in multiple
+                                      sources, the value associated with the last source will take precedence.
+                                      Values defined by an Env with a duplicate key will take precedence.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvFromSource represents the source
+                                        of a set of ConfigMaps
+                                      properties:
+                                        configMapRef:
+                                          description: The ConfigMap to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the ConfigMap
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        prefix:
+                                          description: An optional identifier to prepend
+                                            to each key in the ConfigMap. Must be
+                                            a C_IDENTIFIER.
+                                          type: string
+                                        secretRef:
+                                          description: The Secret to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the Secret
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                      type: object
+                                    type: array
+                                  image:
+                                    description: |-
+                                      Container image name.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images
+                                    type: string
+                                  imagePullPolicy:
+                                    description: |-
+                                      Image pull policy.
+                                      One of Always, Never, IfNotPresent.
+                                      Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                    type: string
+                                  lifecycle:
+                                    description: Lifecycle is not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      postStart:
+                                        description: |-
+                                          PostStart is called immediately after a container is created. If the handler fails,
+                                          the container is terminated and restarted according to its restart policy.
+                                          Other management of the container blocks until the hook completes.
+                                          More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                      preStop:
+                                        description: |-
+                                          PreStop is called immediately before a container is terminated due to an
+                                          API request or management event such as liveness/startup probe failure,
+                                          preemption, resource contention, etc. The handler is not called if the
+                                          container crashes or exits. The Pod's termination grace period countdown begins before the
+                                          PreStop hook is executed.
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                    type: object
+                                  livenessProbe:
+                                    description: Probes are not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  name:
+                                    description: |-
+                                      Name of the ephemeral container specified as a DNS_LABEL.
+                                      This name must be unique among all containers, init containers and ephemeral containers.
+                                    type: string
+                                  ports:
+                                    description: Ports are not allowed for ephemeral
+                                      containers.
+                                    items:
+                                      description: ContainerPort represents a network
+                                        port in a single container.
+                                      properties:
+                                        containerPort:
+                                          description: |-
+                                            Number of port to expose on the pod's IP address.
+                                            This must be a valid port number, 0 < x < 65536.
+                                          format: int32
+                                          type: integer
+                                        hostIP:
+                                          description: What host IP to bind the external
+                                            port to.
+                                          type: string
+                                        hostPort:
+                                          description: |-
+                                            Number of port to expose on the host.
+                                            If specified, this must be a valid port number, 0 < x < 65536.
+                                            If HostNetwork is specified, this must match ContainerPort.
+                                            Most containers do not need this.
+                                          format: int32
+                                          type: integer
+                                        name:
+                                          description: |-
+                                            If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                            named port in a pod must have a unique name. Name for the port that can be
+                                            referred to by services.
+                                          type: string
+                                        protocol:
+                                          default: TCP
+                                          description: |-
+                                            Protocol for port. Must be UDP, TCP, or SCTP.
+                                            Defaults to "TCP".
+                                          type: string
+                                      required:
+                                      - containerPort
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-map-keys:
+                                    - containerPort
+                                    - protocol
+                                    x-kubernetes-list-type: map
+                                  readinessProbe:
+                                    description: Probes are not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  resizePolicy:
+                                    description: Resources resize policy for the container.
+                                    items:
+                                      description: ContainerResizePolicy represents
+                                        resource resize policy for the container.
+                                      properties:
+                                        resourceName:
+                                          description: |-
+                                            Name of the resource to which this resource resize policy applies.
+                                            Supported values: cpu, memory.
+                                          type: string
+                                        restartPolicy:
+                                          description: |-
+                                            Restart policy to apply when specified resource is resized.
+                                            If not specified, it defaults to NotRequired.
+                                          type: string
+                                      required:
+                                      - resourceName
+                                      - restartPolicy
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  resources:
+                                    description: |-
+                                      Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources
+                                      already allocated to the pod.
+                                    properties:
+                                      claims:
+                                        description: |-
+                                          Claims lists the names of resources, defined in spec.resourceClaims,
+                                          that are used by this container.
+
+
+                                          This is an alpha field and requires enabling the
+                                          DynamicResourceAllocation feature gate.
+
+
+                                          This field is immutable. It can only be set for containers.
+                                        items:
+                                          description: ResourceClaim references one
+                                            entry in PodSpec.ResourceClaims.
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name must match the name of one entry in pod.spec.resourceClaims of
+                                                the Pod where this field is used. It makes that resource available
+                                                inside a container.
+                                              type: string
+                                          required:
+                                          - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                        - name
+                                        x-kubernetes-list-type: map
+                                      limits:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Limits describes the maximum amount of compute resources allowed.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                      requests:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Requests describes the minimum amount of compute resources required.
+                                          If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                          otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                    type: object
+                                  restartPolicy:
+                                    description: |-
+                                      Restart policy for the container to manage the restart behavior of each
+                                      container within a pod.
+                                      This may only be set for init containers. You cannot set this field on
+                                      ephemeral containers.
+                                    type: string
+                                  securityContext:
+                                    description: |-
+                                      Optional: SecurityContext defines the security options the ephemeral container should be run with.
+                                      If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                    properties:
+                                      allowPrivilegeEscalation:
+                                        description: |-
+                                          AllowPrivilegeEscalation controls whether a process can gain more
+                                          privileges than its parent process. This bool directly controls if
+                                          the no_new_privs flag will be set on the container process.
+                                          AllowPrivilegeEscalation is true always when the container is:
+                                          1) run as Privileged
+                                          2) has CAP_SYS_ADMIN
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      capabilities:
+                                        description: |-
+                                          The capabilities to add/drop when running containers.
+                                          Defaults to the default set of capabilities granted by the container runtime.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          add:
+                                            description: Added capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                          drop:
+                                            description: Removed capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                        type: object
+                                      privileged:
+                                        description: |-
+                                          Run container in privileged mode.
+                                          Processes in privileged containers are essentially equivalent to root on the host.
+                                          Defaults to false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      procMount:
+                                        description: |-
+                                          procMount denotes the type of proc mount to use for the containers.
+                                          The default is DefaultProcMount which uses the container runtime defaults for
+                                          readonly paths and masked paths.
+                                          This requires the ProcMountType feature flag to be enabled.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: string
+                                      readOnlyRootFilesystem:
+                                        description: |-
+                                          Whether this container has a read-only root filesystem.
+                                          Default is false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      runAsGroup:
+                                        description: |-
+                                          The GID to run the entrypoint of the container process.
+                                          Uses runtime default if unset.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      runAsNonRoot:
+                                        description: |-
+                                          Indicates that the container must run as a non-root user.
+                                          If true, the Kubelet will validate the image at runtime to ensure that it
+                                          does not run as UID 0 (root) and fail to start the container if it does.
+                                          If unset or false, no such validation will be performed.
+                                          May also be set in PodSecurityContext.
+                                        type: boolean
+                                      runAsUser:
+                                        description: |-
+                                          The UID to run the entrypoint of the container process.
+                                          Defaults to user specified in image metadata if unspecified.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      seLinuxOptions:
+                                        description: |-
+                                          The SELinux context to be applied to the container.
+                                          If unspecified, the container runtime will allocate a random SELinux context for each
+                                          container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          level:
+                                            description: Level is SELinux level label
+                                              that applies to the container.
+                                            type: string
+                                          role:
+                                            description: Role is a SELinux role label
+                                              that applies to the container.
+                                            type: string
+                                          type:
+                                            description: Type is a SELinux type label
+                                              that applies to the container.
+                                            type: string
+                                          user:
+                                            description: User is a SELinux user label
+                                              that applies to the container.
+                                            type: string
+                                        type: object
+                                      seccompProfile:
+                                        description: |-
+                                          The seccomp options to use by this container. If seccomp options are
+                                          provided at both the pod & container level, the container options
+                                          override the pod options.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          localhostProfile:
+                                            description: |-
+                                              localhostProfile indicates a profile defined in a file on the node should be used.
+                                              The profile must be preconfigured on the node to work.
+                                              Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                              Must be set if type is "Localhost". Must NOT be set for any other type.
+                                            type: string
+                                          type:
+                                            description: |-
+                                              type indicates which kind of seccomp profile will be applied.
+                                              Valid options are:
+
+
+                                              Localhost - a profile defined in a file on the node should be used.
+                                              RuntimeDefault - the container runtime default profile should be used.
+                                              Unconfined - no profile should be applied.
+                                            type: string
+                                        required:
+                                        - type
+                                        type: object
+                                      windowsOptions:
+                                        description: |-
+                                          The Windows specific settings applied to all containers.
+                                          If unspecified, the options from the PodSecurityContext will be used.
+                                          If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is linux.
+                                        properties:
+                                          gmsaCredentialSpec:
+                                            description: |-
+                                              GMSACredentialSpec is where the GMSA admission webhook
+                                              (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                              GMSA credential spec named by the GMSACredentialSpecName field.
+                                            type: string
+                                          gmsaCredentialSpecName:
+                                            description: GMSACredentialSpecName is
+                                              the name of the GMSA credential spec
+                                              to use.
+                                            type: string
+                                          hostProcess:
+                                            description: |-
+                                              HostProcess determines if a container should be run as a 'Host Process' container.
+                                              All of a Pod's containers must have the same effective HostProcess value
+                                              (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                              In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                            type: boolean
+                                          runAsUserName:
+                                            description: |-
+                                              The UserName in Windows to run the entrypoint of the container process.
+                                              Defaults to the user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext. If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: string
+                                        type: object
+                                    type: object
+                                  startupProbe:
+                                    description: Probes are not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  stdin:
+                                    description: |-
+                                      Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                      is not set, reads from stdin in the container will always result in EOF.
+                                      Default is false.
+                                    type: boolean
+                                  stdinOnce:
+                                    description: |-
+                                      Whether the container runtime should close the stdin channel after it has been opened by
+                                      a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                      sessions.
+                                    type: boolean
+                                  targetContainerName:
+                                    description: |-
+                                      If set, the name of the container from PodSpec that this ephemeral container targets.
+                                      The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.
+                                      If not set then the ephemeral container uses the namespaces configured in the Pod spec.
+
+
+                                      The container runtime must implement support for this feature.
+                                    type: string
+                                  terminationMessagePath:
+                                    description: |-
+                                      Optional: Path at which the file to which the container's termination message
+                                      will be written is mounted into the container's filesystem.
+                                      Message written is intended to be brief final status, such as an assertion failure message.
+                                      Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                      all containers will be limited to 12kb.
+                                      Defaults to /dev/termination-log.
+                                    type: string
+                                  terminationMessagePolicy:
+                                    description: |-
+                                      Indicate how the termination message should be populated. File will use the contents of
+                                      terminationMessagePath to populate the container status message on both success and failure.
+                                      FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                      message file is empty and the container exited with an error.
+                                    type: string
+                                  tty:
+                                    description: |-
+                                      Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                      Default is false.
+                                    type: boolean
+                                  volumeDevices:
+                                    description: volumeDevices is the list of block
+                                      devices to be used by the container.
+                                    items:
+                                      description: volumeDevice describes a mapping
+                                        of a raw block device within a container.
+                                      properties:
+                                        devicePath:
+                                          description: devicePath is the path inside
+                                            of the container that the device will
+                                            be mapped to.
+                                          type: string
+                                        name:
+                                          description: name must match the name of
+                                            a persistentVolumeClaim in the pod
+                                          type: string
+                                      required:
+                                      - devicePath
+                                      - name
+                                      type: object
+                                    type: array
+                                  volumeMounts:
+                                    description: |-
+                                      Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.
+                                      Cannot be updated.
+                                    items:
+                                      description: VolumeMount describes a mounting
+                                        of a Volume within a container.
+                                      properties:
+                                        mountPath:
+                                          description: |-
+                                            Path within the container at which the volume should be mounted.  Must
+                                            not contain ':'.
+                                          type: string
+                                        mountPropagation:
+                                          description: |-
+                                            mountPropagation determines how mounts are propagated from the host
+                                            to container and the other way around.
+                                            When not set, MountPropagationNone is used.
+                                            This field is beta in 1.10.
+                                          type: string
+                                        name:
+                                          description: This must match the Name of
+                                            a Volume.
+                                          type: string
+                                        readOnly:
+                                          description: |-
+                                            Mounted read-only if true, read-write otherwise (false or unspecified).
+                                            Defaults to false.
+                                          type: boolean
+                                        subPath:
+                                          description: |-
+                                            Path within the volume from which the container's volume should be mounted.
+                                            Defaults to "" (volume's root).
+                                          type: string
+                                        subPathExpr:
+                                          description: |-
+                                            Expanded path within the volume from which the container's volume should be mounted.
+                                            Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                            Defaults to "" (volume's root).
+                                            SubPathExpr and SubPath are mutually exclusive.
+                                          type: string
+                                      required:
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                  workingDir:
+                                    description: |-
+                                      Container's working directory.
+                                      If not specified, the container runtime's default will be used, which
+                                      might be configured in the container image.
+                                      Cannot be updated.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            hostAliases:
+                              description: |-
+                                HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
+                                file if specified. This is only valid for non-hostNetwork pods.
+                              items:
+                                description: |-
+                                  HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
+                                  pod's hosts file.
+                                properties:
+                                  hostnames:
+                                    description: Hostnames for the above IP address.
+                                    items:
+                                      type: string
+                                    type: array
+                                  ip:
+                                    description: IP address of the host file entry.
+                                    type: string
+                                type: object
+                              type: array
+                            hostIPC:
+                              description: |-
+                                Use the host's ipc namespace.
+                                Optional: Default to false.
+                              type: boolean
+                            hostNetwork:
+                              description: |-
+                                Host networking requested for this pod. Use the host's network namespace.
+                                If this option is set, the ports that will be used must be specified.
+                                Default to false.
+                              type: boolean
+                            hostPID:
+                              description: |-
+                                Use the host's pid namespace.
+                                Optional: Default to false.
+                              type: boolean
+                            hostUsers:
+                              description: |-
+                                Use the host's user namespace.
+                                Optional: Default to true.
+                                If set to true or not present, the pod will be run in the host user namespace, useful
+                                for when the pod needs a feature only available to the host user namespace, such as
+                                loading a kernel module with CAP_SYS_MODULE.
+                                When set to false, a new userns is created for the pod.
+                              type: boolean
+                            hostname:
+                              description: |-
+                                Specifies the hostname of the Pod
+                                If not specified, the pod's hostname will be set to a system-defined value.
+                              type: string
+                            imagePullSecrets:
+                              description: |-
+                                ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+                                If specified, these secrets will be passed to individual puller implementations for them to use.
+                                More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+                              items:
+                                description: |-
+                                  LocalObjectReference contains enough information to let you locate the
+                                  referenced object inside the same namespace.
+                                properties:
+                                  name:
+                                    description: |-
+                                      Name of the referent.
+                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                      TODO: Add other useful fields. apiVersion, kind, uid?
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              type: array
+                            initContainers:
+                              description: |-
+                                List of initialization containers belonging to the pod.
+                                Init containers are executed in order prior to containers being started. If any
+                                init container fails, the pod is considered to have failed and is handled according
+                                to its restartPolicy. The name for an init container or normal container must be
+                                unique among all containers.
+                              items:
+                                description: A single application container that you
+                                  want to run within a pod.
+                                properties:
+                                  args:
+                                    description: |-
+                                      Arguments to the entrypoint.
+                                      The container image's CMD is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  command:
+                                    description: |-
+                                      Entrypoint array. Not executed within a shell.
+                                      The container image's ENTRYPOINT is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  env:
+                                    description: |-
+                                      List of environment variables to set in the container.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvVar represents an environment
+                                        variable present in a Container.
+                                      properties:
+                                        name:
+                                          description: Name of the environment variable.
+                                            Must be a C_IDENTIFIER.
+                                          type: string
+                                        value:
+                                          description: |-
+                                            Variable references $(VAR_NAME) are expanded
+                                            using the previously defined environment variables in the container and
+                                            any service environment variables. If a variable cannot be resolved,
+                                            the reference in the input string will be unchanged. Double $$ are reduced
+                                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                          type: string
+                                        valueFrom:
+                                          description: Source for the environment
+                                            variable's value. Cannot be used if value
+                                            is not empty.
+                                          properties:
+                                            configMapKeyRef:
+                                              description: Selects a key of a ConfigMap.
+                                              properties:
+                                                key:
+                                                  description: The key to select.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    ConfigMap or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            fieldRef:
+                                              description: |-
+                                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            secretKeyRef:
+                                              description: Selects a key of a secret
+                                                in the pod's namespace
+                                              properties:
+                                                key:
+                                                  description: The key of the secret
+                                                    to select from.  Must be a valid
+                                                    secret key.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    Secret or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  envFrom:
+                                    description: |-
+                                      List of sources to populate environment variables in the container.
+                                      The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                      will be reported as an event when the container is starting. When a key exists in multiple
+                                      sources, the value associated with the last source will take precedence.
+                                      Values defined by an Env with a duplicate key will take precedence.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvFromSource represents the source
+                                        of a set of ConfigMaps
+                                      properties:
+                                        configMapRef:
+                                          description: The ConfigMap to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the ConfigMap
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        prefix:
+                                          description: An optional identifier to prepend
+                                            to each key in the ConfigMap. Must be
+                                            a C_IDENTIFIER.
+                                          type: string
+                                        secretRef:
+                                          description: The Secret to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the Secret
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                      type: object
+                                    type: array
+                                  image:
+                                    description: |-
+                                      Container image name.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images
+                                      This field is optional to allow higher level config management to default or override
+                                      container images in workload controllers like Deployments and StatefulSets.
+                                    type: string
+                                  imagePullPolicy:
+                                    description: |-
+                                      Image pull policy.
+                                      One of Always, Never, IfNotPresent.
+                                      Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                    type: string
+                                  lifecycle:
+                                    description: |-
+                                      Actions that the management system should take in response to container lifecycle events.
+                                      Cannot be updated.
+                                    properties:
+                                      postStart:
+                                        description: |-
+                                          PostStart is called immediately after a container is created. If the handler fails,
+                                          the container is terminated and restarted according to its restart policy.
+                                          Other management of the container blocks until the hook completes.
+                                          More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                      preStop:
+                                        description: |-
+                                          PreStop is called immediately before a container is terminated due to an
+                                          API request or management event such as liveness/startup probe failure,
+                                          preemption, resource contention, etc. The handler is not called if the
+                                          container crashes or exits. The Pod's termination grace period countdown begins before the
+                                          PreStop hook is executed.
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                    type: object
+                                  livenessProbe:
+                                    description: |-
+                                      Periodic probe of container liveness.
+                                      Container will be restarted if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  name:
+                                    description: |-
+                                      Name of the container specified as a DNS_LABEL.
+                                      Each container in a pod must have a unique name (DNS_LABEL).
+                                      Cannot be updated.
+                                    type: string
+                                  ports:
+                                    description: |-
+                                      List of ports to expose from the container. Not specifying a port here
+                                      DOES NOT prevent that port from being exposed. Any port which is
+                                      listening on the default "0.0.0.0" address inside a container will be
+                                      accessible from the network.
+                                      Modifying this array with strategic merge patch may corrupt the data.
+                                      For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+                                    items:
+                                      description: ContainerPort represents a network
+                                        port in a single container.
+                                      properties:
+                                        containerPort:
+                                          description: |-
+                                            Number of port to expose on the pod's IP address.
+                                            This must be a valid port number, 0 < x < 65536.
+                                          format: int32
+                                          type: integer
+                                        hostIP:
+                                          description: What host IP to bind the external
+                                            port to.
+                                          type: string
+                                        hostPort:
+                                          description: |-
+                                            Number of port to expose on the host.
+                                            If specified, this must be a valid port number, 0 < x < 65536.
+                                            If HostNetwork is specified, this must match ContainerPort.
+                                            Most containers do not need this.
+                                          format: int32
+                                          type: integer
+                                        name:
+                                          description: |-
+                                            If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                            named port in a pod must have a unique name. Name for the port that can be
+                                            referred to by services.
+                                          type: string
+                                        protocol:
+                                          default: TCP
+                                          description: |-
+                                            Protocol for port. Must be UDP, TCP, or SCTP.
+                                            Defaults to "TCP".
+                                          type: string
+                                      required:
+                                      - containerPort
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-map-keys:
+                                    - containerPort
+                                    - protocol
+                                    x-kubernetes-list-type: map
+                                  readinessProbe:
+                                    description: |-
+                                      Periodic probe of container service readiness.
+                                      Container will be removed from service endpoints if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  resizePolicy:
+                                    description: Resources resize policy for the container.
+                                    items:
+                                      description: ContainerResizePolicy represents
+                                        resource resize policy for the container.
+                                      properties:
+                                        resourceName:
+                                          description: |-
+                                            Name of the resource to which this resource resize policy applies.
+                                            Supported values: cpu, memory.
+                                          type: string
+                                        restartPolicy:
+                                          description: |-
+                                            Restart policy to apply when specified resource is resized.
+                                            If not specified, it defaults to NotRequired.
+                                          type: string
+                                      required:
+                                      - resourceName
+                                      - restartPolicy
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  resources:
+                                    description: |-
+                                      Compute Resources required by this container.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                    properties:
+                                      claims:
+                                        description: |-
+                                          Claims lists the names of resources, defined in spec.resourceClaims,
+                                          that are used by this container.
+
+
+                                          This is an alpha field and requires enabling the
+                                          DynamicResourceAllocation feature gate.
+
+
+                                          This field is immutable. It can only be set for containers.
+                                        items:
+                                          description: ResourceClaim references one
+                                            entry in PodSpec.ResourceClaims.
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name must match the name of one entry in pod.spec.resourceClaims of
+                                                the Pod where this field is used. It makes that resource available
+                                                inside a container.
+                                              type: string
+                                          required:
+                                          - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                        - name
+                                        x-kubernetes-list-type: map
+                                      limits:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Limits describes the maximum amount of compute resources allowed.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                      requests:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Requests describes the minimum amount of compute resources required.
+                                          If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                          otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                    type: object
+                                  restartPolicy:
+                                    description: |-
+                                      RestartPolicy defines the restart behavior of individual containers in a pod.
+                                      This field may only be set for init containers, and the only allowed value is "Always".
+                                      For non-init containers or when this field is not specified,
+                                      the restart behavior is defined by the Pod's restart policy and the container type.
+                                    type: string
+                                  securityContext:
+                                    description: |-
+                                      SecurityContext defines the security options the container should be run with.
+                                      If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                      More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+                                    properties:
+                                      allowPrivilegeEscalation:
+                                        description: |-
+                                          AllowPrivilegeEscalation controls whether a process can gain more
+                                          privileges than its parent process. This bool directly controls if
+                                          the no_new_privs flag will be set on the container process.
+                                          AllowPrivilegeEscalation is true always when the container is:
+                                          1) run as Privileged
+                                          2) has CAP_SYS_ADMIN
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      capabilities:
+                                        description: |-
+                                          The capabilities to add/drop when running containers.
+                                          Defaults to the default set of capabilities granted by the container runtime.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          add:
+                                            description: Added capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                          drop:
+                                            description: Removed capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                        type: object
+                                      privileged:
+                                        description: |-
+                                          Run container in privileged mode.
+                                          Processes in privileged containers are essentially equivalent to root on the host.
+                                          Defaults to false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      procMount:
+                                        description: |-
+                                          procMount denotes the type of proc mount to use for the containers.
+                                          The default is DefaultProcMount which uses the container runtime defaults for
+                                          readonly paths and masked paths.
+                                          This requires the ProcMountType feature flag to be enabled.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: string
+                                      readOnlyRootFilesystem:
+                                        description: |-
+                                          Whether this container has a read-only root filesystem.
+                                          Default is false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      runAsGroup:
+                                        description: |-
+                                          The GID to run the entrypoint of the container process.
+                                          Uses runtime default if unset.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      runAsNonRoot:
+                                        description: |-
+                                          Indicates that the container must run as a non-root user.
+                                          If true, the Kubelet will validate the image at runtime to ensure that it
+                                          does not run as UID 0 (root) and fail to start the container if it does.
+                                          If unset or false, no such validation will be performed.
+                                          May also be set in PodSecurityContext.
+                                        type: boolean
+                                      runAsUser:
+                                        description: |-
+                                          The UID to run the entrypoint of the container process.
+                                          Defaults to user specified in image metadata if unspecified.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      seLinuxOptions:
+                                        description: |-
+                                          The SELinux context to be applied to the container.
+                                          If unspecified, the container runtime will allocate a random SELinux context for each
+                                          container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          level:
+                                            description: Level is SELinux level label
+                                              that applies to the container.
+                                            type: string
+                                          role:
+                                            description: Role is a SELinux role label
+                                              that applies to the container.
+                                            type: string
+                                          type:
+                                            description: Type is a SELinux type label
+                                              that applies to the container.
+                                            type: string
+                                          user:
+                                            description: User is a SELinux user label
+                                              that applies to the container.
+                                            type: string
+                                        type: object
+                                      seccompProfile:
+                                        description: |-
+                                          The seccomp options to use by this container. If seccomp options are
+                                          provided at both the pod & container level, the container options
+                                          override the pod options.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          localhostProfile:
+                                            description: |-
+                                              localhostProfile indicates a profile defined in a file on the node should be used.
+                                              The profile must be preconfigured on the node to work.
+                                              Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                              Must be set if type is "Localhost". Must NOT be set for any other type.
+                                            type: string
+                                          type:
+                                            description: |-
+                                              type indicates which kind of seccomp profile will be applied.
+                                              Valid options are:
+
+
+                                              Localhost - a profile defined in a file on the node should be used.
+                                              RuntimeDefault - the container runtime default profile should be used.
+                                              Unconfined - no profile should be applied.
+                                            type: string
+                                        required:
+                                        - type
+                                        type: object
+                                      windowsOptions:
+                                        description: |-
+                                          The Windows specific settings applied to all containers.
+                                          If unspecified, the options from the PodSecurityContext will be used.
+                                          If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is linux.
+                                        properties:
+                                          gmsaCredentialSpec:
+                                            description: |-
+                                              GMSACredentialSpec is where the GMSA admission webhook
+                                              (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                              GMSA credential spec named by the GMSACredentialSpecName field.
+                                            type: string
+                                          gmsaCredentialSpecName:
+                                            description: GMSACredentialSpecName is
+                                              the name of the GMSA credential spec
+                                              to use.
+                                            type: string
+                                          hostProcess:
+                                            description: |-
+                                              HostProcess determines if a container should be run as a 'Host Process' container.
+                                              All of a Pod's containers must have the same effective HostProcess value
+                                              (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                              In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                            type: boolean
+                                          runAsUserName:
+                                            description: |-
+                                              The UserName in Windows to run the entrypoint of the container process.
+                                              Defaults to the user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext. If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: string
+                                        type: object
+                                    type: object
+                                  startupProbe:
+                                    description: |-
+                                      StartupProbe indicates that the Pod has successfully initialized.
+                                      If specified, no other probes are executed until this completes successfully.
+                                      If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  stdin:
+                                    description: |-
+                                      Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                      is not set, reads from stdin in the container will always result in EOF.
+                                      Default is false.
+                                    type: boolean
+                                  stdinOnce:
+                                    description: |-
+                                      Whether the container runtime should close the stdin channel after it has been opened by
+                                      a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                      sessions.
+                                    type: boolean
+                                  terminationMessagePath:
+                                    description: |-
+                                      Optional: Path at which the file to which the container's termination message
+                                      will be written is mounted into the container's filesystem.
+                                      Message written is intended to be brief final status, such as an assertion failure message.
+                                      Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                      all containers will be limited to 12kb.
+                                      Defaults to /dev/termination-log.
+                                    type: string
+                                  terminationMessagePolicy:
+                                    description: |-
+                                      Indicate how the termination message should be populated. File will use the contents of
+                                      terminationMessagePath to populate the container status message on both success and failure.
+                                      FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                      message file is empty and the container exited with an error.
+                                    type: string
+                                  tty:
+                                    description: |-
+                                      Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                      Default is false.
+                                    type: boolean
+                                  volumeDevices:
+                                    description: volumeDevices is the list of block
+                                      devices to be used by the container.
+                                    items:
+                                      description: volumeDevice describes a mapping
+                                        of a raw block device within a container.
+                                      properties:
+                                        devicePath:
+                                          description: devicePath is the path inside
+                                            of the container that the device will
+                                            be mapped to.
+                                          type: string
+                                        name:
+                                          description: name must match the name of
+                                            a persistentVolumeClaim in the pod
+                                          type: string
+                                      required:
+                                      - devicePath
+                                      - name
+                                      type: object
+                                    type: array
+                                  volumeMounts:
+                                    description: |-
+                                      Pod volumes to mount into the container's filesystem.
+                                      Cannot be updated.
+                                    items:
+                                      description: VolumeMount describes a mounting
+                                        of a Volume within a container.
+                                      properties:
+                                        mountPath:
+                                          description: |-
+                                            Path within the container at which the volume should be mounted.  Must
+                                            not contain ':'.
+                                          type: string
+                                        mountPropagation:
+                                          description: |-
+                                            mountPropagation determines how mounts are propagated from the host
+                                            to container and the other way around.
+                                            When not set, MountPropagationNone is used.
+                                            This field is beta in 1.10.
+                                          type: string
+                                        name:
+                                          description: This must match the Name of
+                                            a Volume.
+                                          type: string
+                                        readOnly:
+                                          description: |-
+                                            Mounted read-only if true, read-write otherwise (false or unspecified).
+                                            Defaults to false.
+                                          type: boolean
+                                        subPath:
+                                          description: |-
+                                            Path within the volume from which the container's volume should be mounted.
+                                            Defaults to "" (volume's root).
+                                          type: string
+                                        subPathExpr:
+                                          description: |-
+                                            Expanded path within the volume from which the container's volume should be mounted.
+                                            Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                            Defaults to "" (volume's root).
+                                            SubPathExpr and SubPath are mutually exclusive.
+                                          type: string
+                                      required:
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                  workingDir:
+                                    description: |-
+                                      Container's working directory.
+                                      If not specified, the container runtime's default will be used, which
+                                      might be configured in the container image.
+                                      Cannot be updated.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            nodeName:
+                              description: |-
+                                NodeName is a request to schedule this pod onto a specific node. If it is non-empty,
+                                the scheduler simply schedules this pod onto that node, assuming that it fits resource
+                                requirements.
+                              type: string
+                            nodeSelector:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                NodeSelector is a selector which must be true for the pod to fit on a node.
+                                Selector which must match a node's labels for the pod to be scheduled on that node.
+                                More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            os:
+                              description: |-
+                                Specifies the OS of the containers in the pod.
+                                Some pod and container fields are restricted if this is set.
+
+
+                                If the OS field is set to linux, the following fields must be unset:
+                                -securityContext.windowsOptions
+
+
+                                If the OS field is set to windows, following fields must be unset:
+                                - spec.hostPID
+                                - spec.hostIPC
+                                - spec.hostUsers
+                                - spec.securityContext.seLinuxOptions
+                                - spec.securityContext.
+                              properties:
+                                name:
+                                  description: |-
+                                    Name is the name of the operating system. The currently supported values are linux and windows.
+                                    Additional value may be defined in future and can be one of:
+                                    https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
+                                    Clients should expect to handle additional values and treat unrecognized values in this field as os: null
+                                  type: string
+                              required:
+                              - name
+                              type: object
+                            overhead:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              description: |-
+                                Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.
+                                This field will be autopopulated at admission time by the RuntimeClass admission controller. If
+                                the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.
+                                The RuntimeClass admission controller will reject Pod create requests which have the overhead already
+                                set.
+                              type: object
+                            preemptionPolicy:
+                              description: |-
+                                PreemptionPolicy is the Policy for preempting pods with lower priority.
+                                One of Never, PreemptLowerPriority.
+                                Defaults to PreemptLowerPriority if unset.
+                              type: string
+                            priority:
+                              description: |-
+                                The priority value. Various system components use this field to find the
+                                priority of the pod. When Priority Admission Controller is enabled, it
+                                prevents users from setting this field. The admission controller populates
+                                this field from PriorityClassName.
+                                The higher the value, the higher the priority.
+                              format: int32
+                              type: integer
+                            priorityClassName:
+                              description: |-
+                                If specified, indicates the pod's priority. "system-node-critical" and
+                                "system-cluster-critical" are two special keywords which indicate the
+                                highest priorities with the former being the highest priority. Any other
+                                name must be defined by creating a PriorityClass object with that name.
+                                If not specified, the pod priority will be default or zero if there is no
+                                default.
+                              type: string
+                            readinessGates:
+                              description: |-
+                                If specified, all readiness gates will be evaluated for pod readiness.
+                                A pod is ready when all its containers are ready AND
+                                all conditions specified in the readiness gates have status equal to "True"
+                                More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
+                              items:
+                                description: PodReadinessGate contains the reference
+                                  to a pod condition
+                                properties:
+                                  conditionType:
+                                    description: ConditionType refers to a condition
+                                      in the pod's condition list with matching type.
+                                    type: string
+                                required:
+                                - conditionType
+                                type: object
+                              type: array
+                            resourceClaims:
+                              description: |-
+                                ResourceClaims defines which ResourceClaims must be allocated
+                                and reserved before the Pod is allowed to start. The resources
+                                will be made available to those containers which consume them
+                                by name.
+
+
+                                This is an alpha field and requires enabling the
+                                DynamicResourceAllocation feature gate.
+
+
+                                This field is immutable.
+                              items:
+                                description: |-
+                                  PodResourceClaim references exactly one ResourceClaim through a ClaimSource.
+                                  It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
+                                  Containers that need access to the ResourceClaim reference it with this name.
+                                properties:
+                                  name:
+                                    description: |-
+                                      Name uniquely identifies this resource claim inside the pod.
+                                      This must be a DNS_LABEL.
+                                    type: string
+                                  source:
+                                    description: Source describes where to find the
+                                      ResourceClaim.
+                                    properties:
+                                      resourceClaimName:
+                                        description: |-
+                                          ResourceClaimName is the name of a ResourceClaim object in the same
+                                          namespace as this pod.
+                                        type: string
+                                      resourceClaimTemplateName:
+                                        description: |-
+                                          ResourceClaimTemplateName is the name of a ResourceClaimTemplate
+                                          object in the same namespace as this pod.
+
+
+                                          The template will be used to create a new ResourceClaim, which will
+                                          be bound to this pod. When this pod is deleted, the ResourceClaim
+                                          will also be deleted.
+                                        type: string
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
+                            restartPolicy:
+                              description: |-
+                                Restart policy for all containers within the pod.
+                                One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.
+                                Default to Always.
+                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
+                              type: string
+                            runtimeClassName:
+                              description: |-
+                                RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
+                                to run this pod.  If no RuntimeClass resource matches the named class, the pod will not be run.
+                                If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
+                                empty definition that uses the default runtime handler.
+                                More info: https://git.k8s.
+                              type: string
+                            schedulerName:
+                              description: |-
+                                If specified, the pod will be dispatched by specified scheduler.
+                                If not specified, the pod will be dispatched by default scheduler.
+                              type: string
+                            schedulingGates:
+                              description: |-
+                                SchedulingGates is an opaque list of values that if specified will block scheduling the pod.
+                                If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the
+                                scheduler will not attempt to schedule the pod.
+
+
+                                SchedulingGates can only be set at pod creation time, and be removed only afterwards.
+
+
+                                This is a beta feature enabled by the PodSchedulingReadiness feature gate.
+                              items:
+                                description: PodSchedulingGate is associated to a
+                                  Pod to guard its scheduling.
+                                properties:
+                                  name:
+                                    description: |-
+                                      Name of the scheduling gate.
+                                      Each scheduling gate must have a unique name field.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
+                            securityContext:
+                              description: |-
+                                SecurityContext holds pod-level security attributes and common container settings.
+                                Optional: Defaults to empty.  See type description for default values of each field.
+                              properties:
+                                fsGroup:
+                                  description: |-
+                                    A special supplemental group that applies to all containers in a pod.
+                                    Some volume types allow the Kubelet to change the ownership of that volume
+                                    to be owned by the pod:
+
+
+                                    1. The owning GID will be the FSGroup
+                                    2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
+                                    3.
+                                  format: int64
+                                  type: integer
+                                fsGroupChangePolicy:
+                                  description: |-
+                                    fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
+                                    before being exposed inside Pod. This field will only apply to
+                                    volume types which support fsGroup based ownership(and permissions).
+                                    It will have no effect on ephemeral volume types such as: secret, configmaps
+                                    and emptydir.
+                                    Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
+                                  type: string
+                                runAsGroup:
+                                  description: |-
+                                    The GID to run the entrypoint of the container process.
+                                    Uses runtime default if unset.
+                                    May also be set in SecurityContext.  If set in both SecurityContext and
+                                    PodSecurityContext, the value specified in SecurityContext takes precedence
+                                    for that container.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  format: int64
+                                  type: integer
+                                runAsNonRoot:
+                                  description: |-
+                                    Indicates that the container must run as a non-root user.
+                                    If true, the Kubelet will validate the image at runtime to ensure that it
+                                    does not run as UID 0 (root) and fail to start the container if it does.
+                                    If unset or false, no such validation will be performed.
+                                    May also be set in SecurityContext.
+                                  type: boolean
+                                runAsUser:
+                                  description: |-
+                                    The UID to run the entrypoint of the container process.
+                                    Defaults to user specified in image metadata if unspecified.
+                                    May also be set in SecurityContext.  If set in both SecurityContext and
+                                    PodSecurityContext, the value specified in SecurityContext takes precedence
+                                    for that container.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  format: int64
+                                  type: integer
+                                seLinuxOptions:
+                                  description: |-
+                                    The SELinux context to be applied to all containers.
+                                    If unspecified, the container runtime will allocate a random SELinux context for each
+                                    container.  May also be set in SecurityContext.  If set in
+                                    both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+                                    takes precedence for that container.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  properties:
+                                    level:
+                                      description: Level is SELinux level label that
+                                        applies to the container.
+                                      type: string
+                                    role:
+                                      description: Role is a SELinux role label that
+                                        applies to the container.
+                                      type: string
+                                    type:
+                                      description: Type is a SELinux type label that
+                                        applies to the container.
+                                      type: string
+                                    user:
+                                      description: User is a SELinux user label that
+                                        applies to the container.
+                                      type: string
+                                  type: object
+                                seccompProfile:
+                                  description: |-
+                                    The seccomp options to use by the containers in this pod.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  properties:
+                                    localhostProfile:
+                                      description: |-
+                                        localhostProfile indicates a profile defined in a file on the node should be used.
+                                        The profile must be preconfigured on the node to work.
+                                        Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                        Must be set if type is "Localhost". Must NOT be set for any other type.
+                                      type: string
+                                    type:
+                                      description: |-
+                                        type indicates which kind of seccomp profile will be applied.
+                                        Valid options are:
+
+
+                                        Localhost - a profile defined in a file on the node should be used.
+                                        RuntimeDefault - the container runtime default profile should be used.
+                                        Unconfined - no profile should be applied.
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                supplementalGroups:
+                                  description: |-
+                                    A list of groups applied to the first process run in each container, in addition
+                                    to the container's primary GID, the fsGroup (if specified), and group memberships
+                                    defined in the container image for the uid of the container process. If unspecified,
+                                    no additional groups are added to any container.
+                                  items:
+                                    format: int64
+                                    type: integer
+                                  type: array
+                                sysctls:
+                                  description: |-
+                                    Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
+                                    sysctls (by the container runtime) might fail to launch.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  items:
+                                    description: Sysctl defines a kernel parameter
+                                      to be set
+                                    properties:
+                                      name:
+                                        description: Name of a property to set
+                                        type: string
+                                      value:
+                                        description: Value of a property to set
+                                        type: string
+                                    required:
+                                    - name
+                                    - value
+                                    type: object
+                                  type: array
+                                windowsOptions:
+                                  description: |-
+                                    The Windows specific settings applied to all containers.
+                                    If unspecified, the options within a container's SecurityContext will be used.
+                                    If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                    Note that this field cannot be set when spec.os.name is linux.
+                                  properties:
+                                    gmsaCredentialSpec:
+                                      description: |-
+                                        GMSACredentialSpec is where the GMSA admission webhook
+                                        (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                        GMSA credential spec named by the GMSACredentialSpecName field.
+                                      type: string
+                                    gmsaCredentialSpecName:
+                                      description: GMSACredentialSpecName is the name
+                                        of the GMSA credential spec to use.
+                                      type: string
+                                    hostProcess:
+                                      description: |-
+                                        HostProcess determines if a container should be run as a 'Host Process' container.
+                                        All of a Pod's containers must have the same effective HostProcess value
+                                        (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                        In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                      type: boolean
+                                    runAsUserName:
+                                      description: |-
+                                        The UserName in Windows to run the entrypoint of the container process.
+                                        Defaults to the user specified in image metadata if unspecified.
+                                        May also be set in PodSecurityContext. If set in both SecurityContext and
+                                        PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                      type: string
+                                  type: object
+                              type: object
+                            serviceAccount:
+                              description: |-
+                                DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
+                                Deprecated: Use serviceAccountName instead.
+                              type: string
+                            serviceAccountName:
+                              description: |-
+                                ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+                                More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+                              type: string
+                            setHostnameAsFQDN:
+                              description: |-
+                                If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
+                                In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).
+                              type: boolean
+                            shareProcessNamespace:
+                              description: |-
+                                Share a single process namespace between all of the containers in a pod.
+                                When this is set containers will be able to view and signal processes from other containers
+                                in the same pod, and the first process in each container will not be assigned PID 1.
+                                HostPID and ShareProcessNamespace cannot both be set.
+                                Optional: Default to false.
+                              type: boolean
+                            subdomain:
+                              description: |-
+                                If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>".
+                                If not specified, the pod will not have a domainname at all.
+                              type: string
+                            terminationGracePeriodSeconds:
+                              description: |-
+                                Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.
+                                Value must be non-negative integer. The value zero indicates stop immediately via
+                                the kill signal (no opportunity to shut down).
+                                If this value is nil, the default grace period will be used instead.
+                              format: int64
+                              type: integer
+                            tolerations:
+                              description: If specified, the pod's tolerations.
+                              items:
+                                description: |-
+                                  The pod this Toleration is attached to tolerates any taint that matches
+                                  the triple <key,value,effect> using the matching operator <operator>.
+                                properties:
+                                  effect:
+                                    description: |-
+                                      Effect indicates the taint effect to match. Empty means match all taint effects.
+                                      When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+                                    type: string
+                                  key:
+                                    description: |-
+                                      Key is the taint key that the toleration applies to. Empty means match all taint keys.
+                                      If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+                                    type: string
+                                  operator:
+                                    description: |-
+                                      Operator represents a key's relationship to the value.
+                                      Valid operators are Exists and Equal. Defaults to Equal.
+                                      Exists is equivalent to wildcard for value, so that a pod can
+                                      tolerate all taints of a particular category.
+                                    type: string
+                                  tolerationSeconds:
+                                    description: |-
+                                      TolerationSeconds represents the period of time the toleration (which must be
+                                      of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+                                      it is not set, which means tolerate the taint forever (do not evict). Zero and
+                                      negative values will be treated as 0 (evict immediately) by the system.
+                                    format: int64
+                                    type: integer
+                                  value:
+                                    description: |-
+                                      Value is the taint value the toleration matches to.
+                                      If the operator is Exists, the value should be empty, otherwise just a regular string.
+                                    type: string
+                                type: object
+                              type: array
+                            topologySpreadConstraints:
+                              description: |-
+                                TopologySpreadConstraints describes how a group of pods ought to spread across topology
+                                domains. Scheduler will schedule pods in a way which abides by the constraints.
+                                All topologySpreadConstraints are ANDed.
+                              items:
+                                description: TopologySpreadConstraint specifies how
+                                  to spread matching pods among the given topology.
+                                properties:
+                                  labelSelector:
+                                    description: |-
+                                      LabelSelector is used to find matching pods.
+                                      Pods that match this label selector are counted to determine the number of pods
+                                      in their corresponding topology domain.
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of
+                                          label selector requirements. The requirements
+                                          are ANDed.
+                                        items:
+                                          description: |-
+                                            A label selector requirement is a selector that contains values, a key, and an operator that
+                                            relates the key and values.
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              type: string
+                                            operator:
+                                              description: |-
+                                                operator represents a key's relationship to a set of values.
+                                                Valid operators are In, NotIn, Exists and DoesNotExist.
+                                              type: string
+                                            values:
+                                              description: |-
+                                                values is an array of string values. If the operator is In or NotIn,
+                                                the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                the values array must be empty. This array is replaced during a strategic
+                                                merge patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                          - key
+                                          - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        description: |-
+                                          matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                          map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                          operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  matchLabelKeys:
+                                    description: |-
+                                      MatchLabelKeys is a set of pod label keys to select the pods over which
+                                      spreading will be calculated. The keys are used to lookup values from the
+                                      incoming pod labels, those key-value labels are ANDed with labelSelector
+                                      to select the group of existing pods over which spreading will be calculated
+                                      for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+                                    items:
+                                      type: string
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  maxSkew:
+                                    description: |-
+                                      MaxSkew describes the degree to which pods may be unevenly distributed.
+                                      When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
+                                      between the number of matching pods in the target topology and the global minimum.
+                                      The global minimum is the minimum number of matching pods in an eligible domain
+                                      or zero if the number of eligible domains is less than MinDomains.
+                                    format: int32
+                                    type: integer
+                                  minDomains:
+                                    description: |-
+                                      MinDomains indicates a minimum number of eligible domains.
+                                      When the number of eligible domains with matching topology keys is less than minDomains,
+                                      Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
+                                      And when the number of eligible domains with matching topology keys equals or greater than minDomains,
+                                      this value has no effect on scheduling.
+                                    format: int32
+                                    type: integer
+                                  nodeAffinityPolicy:
+                                    description: |-
+                                      NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
+                                      when calculating pod topology spread skew. Options are:
+                                      - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
+                                      - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
+
+
+                                      If this value is nil, the behavior is equivalent to the Honor policy.
+                                    type: string
+                                  nodeTaintsPolicy:
+                                    description: |-
+                                      NodeTaintsPolicy indicates how we will treat node taints when calculating
+                                      pod topology spread skew. Options are:
+                                      - Honor: nodes without taints, along with tainted nodes for which the incoming pod
+                                      has a toleration, are included.
+                                      - Ignore: node taints are ignored. All nodes are included.
+
+
+                                      If this value is nil, the behavior is equivalent to the Ignore policy.
+                                    type: string
+                                  topologyKey:
+                                    description: |-
+                                      TopologyKey is the key of node labels. Nodes that have a label with this key
+                                      and identical values are considered to be in the same topology.
+                                      We consider each <key, value> as a "bucket", and try to put balanced number
+                                      of pods into each bucket.
+                                      We define a domain as a particular instance of a topology.
+                                    type: string
+                                  whenUnsatisfiable:
+                                    description: |-
+                                      WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
+                                      the spread constraint.
+                                      - DoNotSchedule (default) tells the scheduler not to schedule it.
+                                      - ScheduleAnyway tells the scheduler to schedule the pod in any location,
+                                        but giving higher precedence to topologies that would help reduce the
+                                        skew.
+                                    type: string
+                                required:
+                                - maxSkew
+                                - topologyKey
+                                - whenUnsatisfiable
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - topologyKey
+                              - whenUnsatisfiable
+                              x-kubernetes-list-type: map
+                            volumes:
+                              description: |-
+                                List of volumes that can be mounted by containers belonging to the pod.
+                                More info: https://kubernetes.io/docs/concepts/storage/volumes
+                              items:
+                                description: Volume represents a named volume in a
+                                  pod that may be accessed by any container in the
+                                  pod.
+                                properties:
+                                  awsElasticBlockStore:
+                                    description: |-
+                                      awsElasticBlockStore represents an AWS Disk resource that is attached to a
+                                      kubelet's host machine and then exposed to the pod.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      partition:
+                                        description: |-
+                                          partition is the partition in the volume that you want to mount.
+                                          If omitted, the default is to mount by volume name.
+                                          Examples: For volume /dev/sda1, you specify the partition as "1".
+                                          Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+                                        format: int32
+                                        type: integer
+                                      readOnly:
+                                        description: |-
+                                          readOnly value true will force the readOnly setting in VolumeMounts.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                        type: boolean
+                                      volumeID:
+                                        description: |-
+                                          volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                        type: string
+                                    required:
+                                    - volumeID
+                                    type: object
+                                  azureDisk:
+                                    description: azureDisk represents an Azure Data
+                                      Disk mount on the host and bind mount to the
+                                      pod.
+                                    properties:
+                                      cachingMode:
+                                        description: 'cachingMode is the Host Caching
+                                          mode: None, Read Only, Read Write.'
+                                        type: string
+                                      diskName:
+                                        description: diskName is the Name of the data
+                                          disk in the blob storage
+                                        type: string
+                                      diskURI:
+                                        description: diskURI is the URI of data disk
+                                          in the blob storage
+                                        type: string
+                                      fsType:
+                                        description: |-
+                                          fsType is Filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      kind:
+                                        description: 'kind expected values are Shared:
+                                          multiple blob disks per storage account  Dedicated:
+                                          single blob disk per storage account  Managed:
+                                          azure managed data disk (only in managed
+                                          availability set). defaults to shared'
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                    required:
+                                    - diskName
+                                    - diskURI
+                                    type: object
+                                  azureFile:
+                                    description: azureFile represents an Azure File
+                                      Service mount on the host and bind mount to
+                                      the pod.
+                                    properties:
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretName:
+                                        description: secretName is the  name of secret
+                                          that contains Azure Storage Account Name
+                                          and Key
+                                        type: string
+                                      shareName:
+                                        description: shareName is the azure share
+                                          Name
+                                        type: string
+                                    required:
+                                    - secretName
+                                    - shareName
+                                    type: object
+                                  cephfs:
+                                    description: cephFS represents a Ceph FS mount
+                                      on the host that shares a pod's lifetime
+                                    properties:
+                                      monitors:
+                                        description: |-
+                                          monitors is Required: Monitors is a collection of Ceph monitors
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        items:
+                                          type: string
+                                        type: array
+                                      path:
+                                        description: 'path is Optional: Used as the
+                                          mounted root, rather than the full Ceph
+                                          tree, default is /'
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        type: boolean
+                                      secretFile:
+                                        description: |-
+                                          secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        type: string
+                                      secretRef:
+                                        description: |-
+                                          secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      user:
+                                        description: |-
+                                          user is optional: User is the rados user name, default is admin
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        type: string
+                                    required:
+                                    - monitors
+                                    type: object
+                                  cinder:
+                                    description: |-
+                                      cinder represents a cinder volume attached and mounted on kubelets host machine.
+                                      More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef is optional: points to a secret object containing parameters used to connect
+                                          to OpenStack.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      volumeID:
+                                        description: |-
+                                          volumeID used to identify the volume in cinder.
+                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                        type: string
+                                    required:
+                                    - volumeID
+                                    type: object
+                                  configMap:
+                                    description: configMap represents a configMap
+                                      that should populate this volume
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          defaultMode is optional: mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                          Defaults to 0644.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      items:
+                                        description: |-
+                                          items if unspecified, each key-value pair in the Data field of the referenced
+                                          ConfigMap will be projected into the volume as a file whose name is the
+                                          key and content is the value. If specified, the listed keys will be
+                                          projected into the specified paths, and unlisted keys will not be
+                                          present.
+                                        items:
+                                          description: Maps a string key to a path
+                                            within a volume.
+                                          properties:
+                                            key:
+                                              description: key is the key to project.
+                                              type: string
+                                            mode:
+                                              description: |-
+                                                mode is Optional: mode bits used to set permissions on this file.
+                                                Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                If not specified, the volume defaultMode will be used.
+                                              format: int32
+                                              type: integer
+                                            path:
+                                              description: |-
+                                                path is the relative path of the file to map the key to.
+                                                May not be an absolute path.
+                                                May not contain the path element '..'.
+                                                May not start with the string '..'.
+                                              type: string
+                                          required:
+                                          - key
+                                          - path
+                                          type: object
+                                        type: array
+                                      name:
+                                        description: |-
+                                          Name of the referent.
+                                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                          TODO: Add other useful fields. apiVersion, kind, uid?
+                                        type: string
+                                      optional:
+                                        description: optional specify whether the
+                                          ConfigMap or its keys must be defined
+                                        type: boolean
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  csi:
+                                    description: csi (Container Storage Interface)
+                                      represents ephemeral storage that is handled
+                                      by certain external CSI drivers (Beta feature).
+                                    properties:
+                                      driver:
+                                        description: |-
+                                          driver is the name of the CSI driver that handles this volume.
+                                          Consult with your admin for the correct name as registered in the cluster.
+                                        type: string
+                                      fsType:
+                                        description: |-
+                                          fsType to mount. Ex. "ext4", "xfs", "ntfs".
+                                          If not provided, the empty value is passed to the associated CSI driver
+                                          which will determine the default filesystem to apply.
+                                        type: string
+                                      nodePublishSecretRef:
+                                        description: |-
+                                          nodePublishSecretRef is a reference to the secret object containing
+                                          sensitive information to pass to the CSI driver to complete the CSI
+                                          NodePublishVolume and NodeUnpublishVolume calls.
+                                          This field is optional, and  may be empty if no secret is required. If the
+                                          secret object contains more than one secret, all secret references are passed.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      readOnly:
+                                        description: |-
+                                          readOnly specifies a read-only configuration for the volume.
+                                          Defaults to false (read/write).
+                                        type: boolean
+                                      volumeAttributes:
+                                        additionalProperties:
+                                          type: string
+                                        description: |-
+                                          volumeAttributes stores driver-specific properties that are passed to the CSI
+                                          driver. Consult your driver's documentation for supported values.
+                                        type: object
+                                    required:
+                                    - driver
+                                    type: object
+                                  downwardAPI:
+                                    description: downwardAPI represents downward API
+                                      about the pod that should populate this volume
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          Optional: mode bits to use on created files by default. Must be a
+                                          Optional: mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                          Defaults to 0644.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      items:
+                                        description: Items is a list of downward API
+                                          volume file
+                                        items:
+                                          description: DownwardAPIVolumeFile represents
+                                            information to create the file containing
+                                            the pod field
+                                          properties:
+                                            fieldRef:
+                                              description: 'Required: Selects a field
+                                                of the pod: only annotations, labels,
+                                                name and namespace are supported.'
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            mode:
+                                              description: |-
+                                                Optional: mode bits used to set permissions on this file, must be an octal value
+                                                between 0000 and 0777 or a decimal value between 0 and 511.
+                                                YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                If not specified, the volume defaultMode will be used.
+                                              format: int32
+                                              type: integer
+                                            path:
+                                              description: 'Required: Path is  the
+                                                relative path name of the file to
+                                                be created. Must not be absolute or
+                                                contain the ''..'' path. Must be utf-8
+                                                encoded. The first item of the relative
+                                                path must not start with ''..'''
+                                              type: string
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          required:
+                                          - path
+                                          type: object
+                                        type: array
+                                    type: object
+                                  emptyDir:
+                                    description: |-
+                                      emptyDir represents a temporary directory that shares a pod's lifetime.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+                                    properties:
+                                      medium:
+                                        description: |-
+                                          medium represents what type of storage medium should back this directory.
+                                          The default is "" which means to use the node's default medium.
+                                          Must be an empty string (default) or Memory.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+                                        type: string
+                                      sizeLimit:
+                                        anyOf:
+                                        - type: integer
+                                        - type: string
+                                        description: |-
+                                          sizeLimit is the total amount of local storage required for this EmptyDir volume.
+                                          The size limit is also applicable for memory medium.
+                                          The maximum usage on memory medium EmptyDir would be the minimum value between
+                                          the SizeLimit specified here and the sum of memory limits of all containers in a pod.
+                                          The default is nil which means that the limit is undefined.
+                                          More info: https://kubernetes.
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  ephemeral:
+                                    description: |-
+                                      ephemeral represents a volume that is handled by a cluster storage driver.
+                                      The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
+                                      and deleted when the pod is removed.
+                                    properties:
+                                      volumeClaimTemplate:
+                                        description: |-
+                                          Will be used to create a stand-alone PVC to provision the volume.
+                                          The pod in which this EphemeralVolumeSource is embedded will be the
+                                          owner of the PVC, i.e. the PVC will be deleted together with the
+                                          pod.  The name of the PVC will be `<pod name>-<volume name>` where
+                                          `<volume name>` is the name from the `PodSpec.Volumes` array
+                                          entry.
+                                        properties:
+                                          metadata:
+                                            description: |-
+                                              May contain labels and annotations that will be copied into the PVC
+                                              when creating it. No other fields are allowed and will be rejected during
+                                              validation.
+                                            properties:
+                                              annotations:
+                                                additionalProperties:
+                                                  type: string
+                                                type: object
+                                              finalizers:
+                                                items:
+                                                  type: string
+                                                type: array
+                                              labels:
+                                                additionalProperties:
+                                                  type: string
+                                                type: object
+                                              name:
+                                                type: string
+                                              namespace:
+                                                type: string
+                                            type: object
+                                          spec:
+                                            description: |-
+                                              The specification for the PersistentVolumeClaim. The entire content is
+                                              copied unchanged into the PVC that gets created from this
+                                              template. The same fields as in a PersistentVolumeClaim
+                                              are also valid here.
+                                            properties:
+                                              accessModes:
+                                                description: |-
+                                                  accessModes contains the desired access modes the volume should have.
+                                                  More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+                                                items:
+                                                  type: string
+                                                type: array
+                                              dataSource:
+                                                description: |-
+                                                  dataSource field can be used to specify either:
+                                                  * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+                                                  * An existing PVC (PersistentVolumeClaim)
+                                                  If the provisioner or an external controller can support the specified data source,
+                                                  it will create a new volume based on the contents of the specified data source.
+                                                properties:
+                                                  apiGroup:
+                                                    description: |-
+                                                      APIGroup is the group for the resource being referenced.
+                                                      If APIGroup is not specified, the specified Kind must be in the core API group.
+                                                      For any other third-party types, APIGroup is required.
+                                                    type: string
+                                                  kind:
+                                                    description: Kind is the type
+                                                      of resource being referenced
+                                                    type: string
+                                                  name:
+                                                    description: Name is the name
+                                                      of resource being referenced
+                                                    type: string
+                                                required:
+                                                - kind
+                                                - name
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              dataSourceRef:
+                                                description: |-
+                                                  dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+                                                  volume is desired. This may be any object from a non-empty API group (non
+                                                  core object) or a PersistentVolumeClaim object.
+                                                  When this field is specified, volume binding will only succeed if the type of
+                                                  the specified object matches some installed volume populator or dynamic
+                                                  provisioner.
+                                                properties:
+                                                  apiGroup:
+                                                    description: |-
+                                                      APIGroup is the group for the resource being referenced.
+                                                      If APIGroup is not specified, the specified Kind must be in the core API group.
+                                                      For any other third-party types, APIGroup is required.
+                                                    type: string
+                                                  kind:
+                                                    description: Kind is the type
+                                                      of resource being referenced
+                                                    type: string
+                                                  name:
+                                                    description: Name is the name
+                                                      of resource being referenced
+                                                    type: string
+                                                  namespace:
+                                                    description: |-
+                                                      Namespace is the namespace of resource being referenced
+                                                      Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+                                                      (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+                                                    type: string
+                                                required:
+                                                - kind
+                                                - name
+                                                type: object
+                                              resources:
+                                                description: |-
+                                                  resources represents the minimum resources the volume should have.
+                                                  If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+                                                  that are lower than previous value but must still be higher than capacity recorded in the
+                                                  status field of the claim.
+                                                  More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+                                                properties:
+                                                  limits:
+                                                    additionalProperties:
+                                                      anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    description: |-
+                                                      Limits describes the maximum amount of compute resources allowed.
+                                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                                    type: object
+                                                  requests:
+                                                    additionalProperties:
+                                                      anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    description: |-
+                                                      Requests describes the minimum amount of compute resources required.
+                                                      If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                                      otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                                    type: object
+                                                type: object
+                                              selector:
+                                                description: selector is a label query
+                                                  over volumes to consider for binding.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              storageClassName:
+                                                description: |-
+                                                  storageClassName is the name of the StorageClass required by the claim.
+                                                  More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+                                                type: string
+                                              volumeAttributesClassName:
+                                                description: |-
+                                                  volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+                                                  If specified, the CSI driver will create or update the volume with the attributes defined
+                                                  in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+                                                  it can be changed after the claim is created.
+                                                type: string
+                                              volumeMode:
+                                                description: |-
+                                                  volumeMode defines what type of volume is required by the claim.
+                                                  Value of Filesystem is implied when not included in claim spec.
+                                                type: string
+                                              volumeName:
+                                                description: volumeName is the binding
+                                                  reference to the PersistentVolume
+                                                  backing this claim.
+                                                type: string
+                                            type: object
+                                        required:
+                                        - spec
+                                        type: object
+                                    type: object
+                                  fc:
+                                    description: fc represents a Fibre Channel resource
+                                      that is attached to a kubelet's host machine
+                                      and then exposed to the pod.
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      lun:
+                                        description: 'lun is Optional: FC target lun
+                                          number'
+                                        format: int32
+                                        type: integer
+                                      readOnly:
+                                        description: |-
+                                          readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      targetWWNs:
+                                        description: 'targetWWNs is Optional: FC target
+                                          worldwide names (WWNs)'
+                                        items:
+                                          type: string
+                                        type: array
+                                      wwids:
+                                        description: |-
+                                          wwids Optional: FC volume world wide identifiers (wwids)
+                                          Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+                                        items:
+                                          type: string
+                                        type: array
+                                    type: object
+                                  flexVolume:
+                                    description: |-
+                                      flexVolume represents a generic volume resource that is
+                                      provisioned/attached using an exec based plugin.
+                                    properties:
+                                      driver:
+                                        description: driver is the name of the driver
+                                          to use for this volume.
+                                        type: string
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+                                        type: string
+                                      options:
+                                        additionalProperties:
+                                          type: string
+                                        description: 'options is Optional: this field
+                                          holds extra command options if any.'
+                                        type: object
+                                      readOnly:
+                                        description: |-
+                                          readOnly is Optional: defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef is Optional: secretRef is reference to the secret object containing
+                                          sensitive information to pass to the plugin scripts. This may be
+                                          empty if no secret object is specified. If the secret object
+                                          contains more than one secret, all secrets are passed to the plugin
+                                          scripts.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                    required:
+                                    - driver
+                                    type: object
+                                  flocker:
+                                    description: flocker represents a Flocker volume
+                                      attached to a kubelet's host machine. This depends
+                                      on the Flocker control service being running
+                                    properties:
+                                      datasetName:
+                                        description: |-
+                                          datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
+                                          should be considered as deprecated
+                                        type: string
+                                      datasetUUID:
+                                        description: datasetUUID is the UUID of the
+                                          dataset. This is unique identifier of a
+                                          Flocker dataset
+                                        type: string
+                                    type: object
+                                  gcePersistentDisk:
+                                    description: |-
+                                      gcePersistentDisk represents a GCE Disk resource that is attached to a
+                                      kubelet's host machine and then exposed to the pod.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      partition:
+                                        description: |-
+                                          partition is the partition in the volume that you want to mount.
+                                          If omitted, the default is to mount by volume name.
+                                          Examples: For volume /dev/sda1, you specify the partition as "1".
+                                          Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                        format: int32
+                                        type: integer
+                                      pdName:
+                                        description: |-
+                                          pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the ReadOnly setting in VolumeMounts.
+                                          Defaults to false.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                        type: boolean
+                                    required:
+                                    - pdName
+                                    type: object
+                                  gitRepo:
+                                    description: |-
+                                      gitRepo represents a git repository at a particular revision.
+                                      DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
+                                      EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
+                                      into the Pod's container.
+                                    properties:
+                                      directory:
+                                        description: |-
+                                          directory is the target directory name.
+                                          Must not contain or start with '..'.  If '.' is supplied, the volume directory will be the
+                                          git repository.  Otherwise, if specified, the volume will contain the git repository in
+                                          the subdirectory with the given name.
+                                        type: string
+                                      repository:
+                                        description: repository is the URL
+                                        type: string
+                                      revision:
+                                        description: revision is the commit hash for
+                                          the specified revision.
+                                        type: string
+                                    required:
+                                    - repository
+                                    type: object
+                                  glusterfs:
+                                    description: |-
+                                      glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
+                                      More info: https://examples.k8s.io/volumes/glusterfs/README.md
+                                    properties:
+                                      endpoints:
+                                        description: |-
+                                          endpoints is the endpoint name that details Glusterfs topology.
+                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                        type: string
+                                      path:
+                                        description: |-
+                                          path is the Glusterfs volume path.
+                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
+                                          Defaults to false.
+                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                        type: boolean
+                                    required:
+                                    - endpoints
+                                    - path
+                                    type: object
+                                  hostPath:
+                                    description: |-
+                                      hostPath represents a pre-existing file or directory on the host
+                                      machine that is directly exposed to the container. This is generally
+                                      used for system agents or other privileged things that are allowed
+                                      to see the host machine. Most containers will NOT need this.
+                                      More info: https://kubernetes.
+                                    properties:
+                                      path:
+                                        description: |-
+                                          path of the directory on the host.
+                                          If the path is a symlink, it will follow the link to the real path.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+                                        type: string
+                                      type:
+                                        description: |-
+                                          type for HostPath Volume
+                                          Defaults to ""
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+                                        type: string
+                                    required:
+                                    - path
+                                    type: object
+                                  iscsi:
+                                    description: |-
+                                      iscsi represents an ISCSI Disk resource that is attached to a
+                                      kubelet's host machine and then exposed to the pod.
+                                      More info: https://examples.k8s.io/volumes/iscsi/README.md
+                                    properties:
+                                      chapAuthDiscovery:
+                                        description: chapAuthDiscovery defines whether
+                                          support iSCSI Discovery CHAP authentication
+                                        type: boolean
+                                      chapAuthSession:
+                                        description: chapAuthSession defines whether
+                                          support iSCSI Session CHAP authentication
+                                        type: boolean
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      initiatorName:
+                                        description: |-
+                                          initiatorName is the custom iSCSI Initiator Name.
+                                          If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
+                                          <target portal>:<volume name> will be created for the connection.
+                                        type: string
+                                      iqn:
+                                        description: iqn is the target iSCSI Qualified
+                                          Name.
+                                        type: string
+                                      iscsiInterface:
+                                        description: |-
+                                          iscsiInterface is the interface Name that uses an iSCSI transport.
+                                          Defaults to 'default' (tcp).
+                                        type: string
+                                      lun:
+                                        description: lun represents iSCSI Target Lun
+                                          number.
+                                        format: int32
+                                        type: integer
+                                      portals:
+                                        description: |-
+                                          portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
+                                          is other than default (typically TCP ports 860 and 3260).
+                                        items:
+                                          type: string
+                                        type: array
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the ReadOnly setting in VolumeMounts.
+                                          Defaults to false.
+                                        type: boolean
+                                      secretRef:
+                                        description: secretRef is the CHAP Secret
+                                          for iSCSI target and initiator authentication
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      targetPortal:
+                                        description: |-
+                                          targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
+                                          is other than default (typically TCP ports 860 and 3260).
+                                        type: string
+                                    required:
+                                    - iqn
+                                    - lun
+                                    - targetPortal
+                                    type: object
+                                  name:
+                                    description: |-
+                                      name of the volume.
+                                      Must be a DNS_LABEL and unique within the pod.
+                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    type: string
+                                  nfs:
+                                    description: |-
+                                      nfs represents an NFS mount on the host that shares a pod's lifetime
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                    properties:
+                                      path:
+                                        description: |-
+                                          path that is exported by the NFS server.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the NFS export to be mounted with read-only permissions.
+                                          Defaults to false.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                        type: boolean
+                                      server:
+                                        description: |-
+                                          server is the hostname or IP address of the NFS server.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                        type: string
+                                    required:
+                                    - path
+                                    - server
+                                    type: object
+                                  persistentVolumeClaim:
+                                    description: |-
+                                      persistentVolumeClaimVolumeSource represents a reference to a
+                                      PersistentVolumeClaim in the same namespace.
+                                      More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+                                    properties:
+                                      claimName:
+                                        description: |-
+                                          claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
+                                          More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly Will force the ReadOnly setting in VolumeMounts.
+                                          Default false.
+                                        type: boolean
+                                    required:
+                                    - claimName
+                                    type: object
+                                  photonPersistentDisk:
+                                    description: photonPersistentDisk represents a
+                                      PhotonController persistent disk attached and
+                                      mounted on kubelets host machine
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      pdID:
+                                        description: pdID is the ID that identifies
+                                          Photon Controller persistent disk
+                                        type: string
+                                    required:
+                                    - pdID
+                                    type: object
+                                  portworxVolume:
+                                    description: portworxVolume represents a portworx
+                                      volume attached and mounted on kubelets host
+                                      machine
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fSType represents the filesystem type to mount
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      volumeID:
+                                        description: volumeID uniquely identifies
+                                          a Portworx volume
+                                        type: string
+                                    required:
+                                    - volumeID
+                                    type: object
+                                  projected:
+                                    description: projected items for all in one resources
+                                      secrets, configmaps, and downward API
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          defaultMode are the mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      sources:
+                                        description: sources is the list of volume
+                                          projections
+                                        items:
+                                          description: Projection that may be projected
+                                            along with other supported volume types
+                                          properties:
+                                            clusterTrustBundle:
+                                              description: |-
+                                                ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
+                                                of ClusterTrustBundle objects in an auto-updating file.
+
+
+                                                Alpha, gated by the ClusterTrustBundleProjection feature gate.
+
+
+                                                ClusterTrustBundle objects can either be selected by name, or by the
+                                                combination of signer name and a label selector.
+                                              properties:
+                                                labelSelector:
+                                                  description: |-
+                                                    Select all ClusterTrustBundles that match this label selector.  Only has
+                                                    effect if signerName is set.  Mutually-exclusive with name.  If unset,
+                                                    interpreted as "match nothing".  If set but empty, interpreted as "match
+                                                    everything".
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: |-
+                                                          A label selector requirement is a selector that contains values, a key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: |-
+                                                              operator represents a key's relationship to a set of values.
+                                                              Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: |-
+                                                              values is an array of string values. If the operator is In or NotIn,
+                                                              the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                              the values array must be empty. This array is replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: |-
+                                                        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                        map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                        operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                name:
+                                                  description: |-
+                                                    Select a single ClusterTrustBundle by object name.  Mutually-exclusive
+                                                    with signerName and labelSelector.
+                                                  type: string
+                                                optional:
+                                                  description: |-
+                                                    If true, don't block pod startup if the referenced ClusterTrustBundle(s)
+                                                    aren't available.  If using name, then the named ClusterTrustBundle is
+                                                    allowed not to exist.  If using signerName, then the combination of
+                                                    signerName and labelSelector is allowed to match zero
+                                                    ClusterTrustBundles.
+                                                  type: boolean
+                                                path:
+                                                  description: Relative path from
+                                                    the volume root to write the bundle.
+                                                  type: string
+                                                signerName:
+                                                  description: |-
+                                                    Select all ClusterTrustBundles that match this signer name.
+                                                    Mutually-exclusive with name.  The contents of all selected
+                                                    ClusterTrustBundles will be unified and deduplicated.
+                                                  type: string
+                                              required:
+                                              - path
+                                              type: object
+                                            configMap:
+                                              description: configMap information about
+                                                the configMap data to project
+                                              properties:
+                                                items:
+                                                  description: |-
+                                                    items if unspecified, each key-value pair in the Data field of the referenced
+                                                    ConfigMap will be projected into the volume as a file whose name is the
+                                                    key and content is the value. If specified, the listed keys will be
+                                                    projected into the specified paths, and unlisted keys will not be
+                                                    present.
+                                                  items:
+                                                    description: Maps a string key
+                                                      to a path within a volume.
+                                                    properties:
+                                                      key:
+                                                        description: key is the key
+                                                          to project.
+                                                        type: string
+                                                      mode:
+                                                        description: |-
+                                                          mode is Optional: mode bits used to set permissions on this file.
+                                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                          If not specified, the volume defaultMode will be used.
+                                                        format: int32
+                                                        type: integer
+                                                      path:
+                                                        description: |-
+                                                          path is the relative path of the file to map the key to.
+                                                          May not be an absolute path.
+                                                          May not contain the path element '..'.
+                                                          May not start with the string '..'.
+                                                        type: string
+                                                    required:
+                                                    - key
+                                                    - path
+                                                    type: object
+                                                  type: array
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: optional specify whether
+                                                    the ConfigMap or its keys must
+                                                    be defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            downwardAPI:
+                                              description: downwardAPI information
+                                                about the downwardAPI data to project
+                                              properties:
+                                                items:
+                                                  description: Items is a list of
+                                                    DownwardAPIVolume file
+                                                  items:
+                                                    description: DownwardAPIVolumeFile
+                                                      represents information to create
+                                                      the file containing the pod
+                                                      field
+                                                    properties:
+                                                      fieldRef:
+                                                        description: 'Required: Selects
+                                                          a field of the pod: only
+                                                          annotations, labels, name
+                                                          and namespace are supported.'
+                                                        properties:
+                                                          apiVersion:
+                                                            description: Version of
+                                                              the schema the FieldPath
+                                                              is written in terms
+                                                              of, defaults to "v1".
+                                                            type: string
+                                                          fieldPath:
+                                                            description: Path of the
+                                                              field to select in the
+                                                              specified API version.
+                                                            type: string
+                                                        required:
+                                                        - fieldPath
+                                                        type: object
+                                                        x-kubernetes-map-type: atomic
+                                                      mode:
+                                                        description: |-
+                                                          Optional: mode bits used to set permissions on this file, must be an octal value
+                                                          between 0000 and 0777 or a decimal value between 0 and 511.
+                                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                          If not specified, the volume defaultMode will be used.
+                                                        format: int32
+                                                        type: integer
+                                                      path:
+                                                        description: 'Required: Path
+                                                          is  the relative path name
+                                                          of the file to be created.
+                                                          Must not be absolute or
+                                                          contain the ''..'' path.
+                                                          Must be utf-8 encoded. The
+                                                          first item of the relative
+                                                          path must not start with
+                                                          ''..'''
+                                                        type: string
+                                                      resourceFieldRef:
+                                                        description: |-
+                                                          Selects a resource of the container: only resources limits and requests
+                                                          (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+                                                        properties:
+                                                          containerName:
+                                                            description: 'Container
+                                                              name: required for volumes,
+                                                              optional for env vars'
+                                                            type: string
+                                                          divisor:
+                                                            anyOf:
+                                                            - type: integer
+                                                            - type: string
+                                                            description: Specifies
+                                                              the output format of
+                                                              the exposed resources,
+                                                              defaults to "1"
+                                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                            x-kubernetes-int-or-string: true
+                                                          resource:
+                                                            description: 'Required:
+                                                              resource to select'
+                                                            type: string
+                                                        required:
+                                                        - resource
+                                                        type: object
+                                                        x-kubernetes-map-type: atomic
+                                                    required:
+                                                    - path
+                                                    type: object
+                                                  type: array
+                                              type: object
+                                            secret:
+                                              description: secret information about
+                                                the secret data to project
+                                              properties:
+                                                items:
+                                                  description: |-
+                                                    items if unspecified, each key-value pair in the Data field of the referenced
+                                                    Secret will be projected into the volume as a file whose name is the
+                                                    key and content is the value. If specified, the listed keys will be
+                                                    projected into the specified paths, and unlisted keys will not be
+                                                    present.
+                                                  items:
+                                                    description: Maps a string key
+                                                      to a path within a volume.
+                                                    properties:
+                                                      key:
+                                                        description: key is the key
+                                                          to project.
+                                                        type: string
+                                                      mode:
+                                                        description: |-
+                                                          mode is Optional: mode bits used to set permissions on this file.
+                                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                          If not specified, the volume defaultMode will be used.
+                                                        format: int32
+                                                        type: integer
+                                                      path:
+                                                        description: |-
+                                                          path is the relative path of the file to map the key to.
+                                                          May not be an absolute path.
+                                                          May not contain the path element '..'.
+                                                          May not start with the string '..'.
+                                                        type: string
+                                                    required:
+                                                    - key
+                                                    - path
+                                                    type: object
+                                                  type: array
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: optional field specify
+                                                    whether the Secret or its key
+                                                    must be defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            serviceAccountToken:
+                                              description: serviceAccountToken is
+                                                information about the serviceAccountToken
+                                                data to project
+                                              properties:
+                                                audience:
+                                                  description: |-
+                                                    audience is the intended audience of the token. A recipient of a token
+                                                    must identify itself with an identifier specified in the audience of the
+                                                    token, and otherwise should reject the token. The audience defaults to the
+                                                    identifier of the apiserver.
+                                                  type: string
+                                                expirationSeconds:
+                                                  description: |-
+                                                    expirationSeconds is the requested duration of validity of the service
+                                                    account token. As the token approaches expiration, the kubelet volume
+                                                    plugin will proactively rotate the service account token. The kubelet will
+                                                    start trying to rotate the token if the token is older than 80 percent of
+                                                    its time to live or if the token is older than 24 hours.Defaults to 1 hour
+                                                    and must be at least 10 minutes.
+                                                  format: int64
+                                                  type: integer
+                                                path:
+                                                  description: |-
+                                                    path is the path relative to the mount point of the file to project the
+                                                    token into.
+                                                  type: string
+                                              required:
+                                              - path
+                                              type: object
+                                          type: object
+                                        type: array
+                                    type: object
+                                  quobyte:
+                                    description: quobyte represents a Quobyte mount
+                                      on the host that shares a pod's lifetime
+                                    properties:
+                                      group:
+                                        description: |-
+                                          group to map volume access to
+                                          Default is no group
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the Quobyte volume to be mounted with read-only permissions.
+                                          Defaults to false.
+                                        type: boolean
+                                      registry:
+                                        description: |-
+                                          registry represents a single or multiple Quobyte Registry services
+                                          specified as a string as host:port pair (multiple entries are separated with commas)
+                                          which acts as the central registry for volumes
+                                        type: string
+                                      tenant:
+                                        description: |-
+                                          tenant owning the given Quobyte volume in the Backend
+                                          Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+                                        type: string
+                                      user:
+                                        description: |-
+                                          user to map volume access to
+                                          Defaults to serivceaccount user
+                                        type: string
+                                      volume:
+                                        description: volume is a string that references
+                                          an already created Quobyte volume by name.
+                                        type: string
+                                    required:
+                                    - registry
+                                    - volume
+                                    type: object
+                                  rbd:
+                                    description: |-
+                                      rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
+                                      More info: https://examples.k8s.io/volumes/rbd/README.md
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      image:
+                                        description: |-
+                                          image is the rados image name.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                      keyring:
+                                        description: |-
+                                          keyring is the path to key ring for RBDUser.
+                                          Default is /etc/ceph/keyring.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                      monitors:
+                                        description: |-
+                                          monitors is a collection of Ceph monitors.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        items:
+                                          type: string
+                                        type: array
+                                      pool:
+                                        description: |-
+                                          pool is the rados pool name.
+                                          Default is rbd.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the ReadOnly setting in VolumeMounts.
+                                          Defaults to false.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef is name of the authentication secret for RBDUser. If provided
+                                          overrides keyring.
+                                          Default is nil.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      user:
+                                        description: |-
+                                          user is the rados user name.
+                                          Default is admin.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                    required:
+                                    - image
+                                    - monitors
+                                    type: object
+                                  scaleIO:
+                                    description: scaleIO represents a ScaleIO persistent
+                                      volume attached and mounted on Kubernetes nodes.
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs".
+                                          Default is "xfs".
+                                        type: string
+                                      gateway:
+                                        description: gateway is the host address of
+                                          the ScaleIO API Gateway.
+                                        type: string
+                                      protectionDomain:
+                                        description: protectionDomain is the name
+                                          of the ScaleIO Protection Domain for the
+                                          configured storage.
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef references to the secret for ScaleIO user and other
+                                          sensitive information. If this is not provided, Login operation will fail.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      sslEnabled:
+                                        description: sslEnabled Flag enable/disable
+                                          SSL communication with Gateway, default
+                                          false
+                                        type: boolean
+                                      storageMode:
+                                        description: |-
+                                          storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
+                                          Default is ThinProvisioned.
+                                        type: string
+                                      storagePool:
+                                        description: storagePool is the ScaleIO Storage
+                                          Pool associated with the protection domain.
+                                        type: string
+                                      system:
+                                        description: system is the name of the storage
+                                          system as configured in ScaleIO.
+                                        type: string
+                                      volumeName:
+                                        description: |-
+                                          volumeName is the name of a volume already created in the ScaleIO system
+                                          that is associated with this volume source.
+                                        type: string
+                                    required:
+                                    - gateway
+                                    - secretRef
+                                    - system
+                                    type: object
+                                  secret:
+                                    description: |-
+                                      secret represents a secret that should populate this volume.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          defaultMode is Optional: mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values
+                                          for mode bits. Defaults to 0644.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      items:
+                                        description: |-
+                                          items If unspecified, each key-value pair in the Data field of the referenced
+                                          Secret will be projected into the volume as a file whose name is the
+                                          key and content is the value. If specified, the listed keys will be
+                                          projected into the specified paths, and unlisted keys will not be
+                                          present.
+                                        items:
+                                          description: Maps a string key to a path
+                                            within a volume.
+                                          properties:
+                                            key:
+                                              description: key is the key to project.
+                                              type: string
+                                            mode:
+                                              description: |-
+                                                mode is Optional: mode bits used to set permissions on this file.
+                                                Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                If not specified, the volume defaultMode will be used.
+                                              format: int32
+                                              type: integer
+                                            path:
+                                              description: |-
+                                                path is the relative path of the file to map the key to.
+                                                May not be an absolute path.
+                                                May not contain the path element '..'.
+                                                May not start with the string '..'.
+                                              type: string
+                                          required:
+                                          - key
+                                          - path
+                                          type: object
+                                        type: array
+                                      optional:
+                                        description: optional field specify whether
+                                          the Secret or its keys must be defined
+                                        type: boolean
+                                      secretName:
+                                        description: |-
+                                          secretName is the name of the secret in the pod's namespace to use.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+                                        type: string
+                                    type: object
+                                  storageos:
+                                    description: storageOS represents a StorageOS
+                                      volume attached and mounted on Kubernetes nodes.
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef specifies the secret to use for obtaining the StorageOS API
+                                          credentials.  If not specified, default values will be attempted.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      volumeName:
+                                        description: |-
+                                          volumeName is the human-readable name of the StorageOS volume.  Volume
+                                          names are only unique within a namespace.
+                                        type: string
+                                      volumeNamespace:
+                                        description: |-
+                                          volumeNamespace specifies the scope of the volume within StorageOS.  If no
+                                          namespace is specified then the Pod's namespace will be used.  This allows the
+                                          Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
+                                          Set VolumeName to any name to override the default behaviour.
+                                          Set to "default" if you are not using namespaces within StorageOS.
+                                        type: string
+                                    type: object
+                                  vsphereVolume:
+                                    description: vsphereVolume represents a vSphere
+                                      volume attached and mounted on kubelets host
+                                      machine
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      storagePolicyID:
+                                        description: storagePolicyID is the storage
+                                          Policy Based Management (SPBM) profile ID
+                                          associated with the StoragePolicyName.
+                                        type: string
+                                      storagePolicyName:
+                                        description: storagePolicyName is the storage
+                                          Policy Based Management (SPBM) profile name.
+                                        type: string
+                                      volumePath:
+                                        description: volumePath is the path that identifies
+                                          vSphere volume vmdk
+                                        type: string
+                                    required:
+                                    - volumePath
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                          required:
+                          - containers
+                          type: object
+                      type: object
+                  type: object
+                description: |-
+                  `MPIReplicaSpecs` contains maps from `MPIReplicaType` to `ReplicaSpec` that
+                  specify the MPI replicas to run.
+                type: object
+              runPolicy:
+                description: |-
+                  `RunPolicy` encapsulates various runtime policies of the distributed training
+                  job, for example how to clean up resources and how long the job can stay
+                  active.
+                properties:
+                  activeDeadlineSeconds:
+                    description: |-
+                      Specifies the duration in seconds relative to the startTime that the job may be active
+                      before the system tries to terminate it; value must be positive integer.
+                    format: int64
+                    type: integer
+                  backoffLimit:
+                    description: Optional number of retries before marking this job
+                      failed.
+                    format: int32
+                    type: integer
+                  cleanPodPolicy:
+                    description: |-
+                      CleanPodPolicy defines the policy to kill pods after the job completes.
+                      Default to None.
+                    type: string
+                  schedulingPolicy:
+                    description: SchedulingPolicy defines the policy related to scheduling,
+                      e.g. gang-scheduling
+                    properties:
+                      minAvailable:
+                        format: int32
+                        type: integer
+                      minResources:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        type: object
+                      priorityClass:
+                        type: string
+                      queue:
+                        type: string
+                        x-kubernetes-validations:
+                        - message: spec.runPolicy.schedulingPolicy.queue is immutable
+                          rule: self == oldSelf
+                      scheduleTimeoutSeconds:
+                        format: int32
+                        type: integer
+                    type: object
+                  suspend:
+                    default: false
+                    description: |-
+                      suspend specifies whether the Job controller should create Pods or not.
+                      If a Job is created with suspend set to true, no Pods are created by
+                      the Job controller. If a Job is suspended after creation (i.e. the
+                      flag goes from false to true), the Job controller will delete all
+                      active Pods and PodGroups associated with this Job.
+                      Users must design their workload to gracefully handle this.
+                    type: boolean
+                  ttlSecondsAfterFinished:
+                    description: |-
+                      TTLSecondsAfterFinished is the TTL to clean up jobs.
+                      It may take extra ReconcilePeriod seconds for the cleanup, since
+                      reconcile gets called periodically.
+                      Default to infinite.
+                    format: int32
+                    type: integer
+                type: object
+              slotsPerWorker:
+                description: |-
+                  Specifies the number of slots per worker used in hostfile.
+                  Defaults to 1.
+                format: int32
+                type: integer
+            required:
+            - mpiReplicaSpecs
+            type: object
+          status:
+            description: JobStatus represents the current observed state of the training
+              Job.
+            properties:
+              completionTime:
+                description: |-
+                  Represents time when the job was completed. It is not guaranteed to
+                  be set in happens-before order across separate operations.
+                  It is represented in RFC3339 form and is in UTC.
+                format: date-time
+                type: string
+              conditions:
+                description: Conditions is an array of current observed job conditions.
+                items:
+                  description: JobCondition describes the state of the job at a certain
+                    point.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another.
+                      format: date-time
+                      type: string
+                    lastUpdateTime:
+                      description: The last time this condition was updated.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of job condition.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              lastReconcileTime:
+                description: |-
+                  Represents last time when the job was reconciled. It is not guaranteed to
+                  be set in happens-before order across separate operations.
+                  It is represented in RFC3339 form and is in UTC.
+                format: date-time
+                type: string
+              replicaStatuses:
+                additionalProperties:
+                  description: ReplicaStatus represents the current observed state
+                    of the replica.
+                  properties:
+                    active:
+                      description: The number of actively running pods.
+                      format: int32
+                      type: integer
+                    failed:
+                      description: The number of pods which reached phase Failed.
+                      format: int32
+                      type: integer
+                    labelSelector:
+                      description: 'Deprecated: Use Selector instead'
+                      properties:
+                        matchExpressions:
+                          description: matchExpressions is a list of label selector
+                            requirements. The requirements are ANDed.
+                          items:
+                            description: |-
+                              A label selector requirement is a selector that contains values, a key, and an operator that
+                              relates the key and values.
+                            properties:
+                              key:
+                                description: key is the label key that the selector
+                                  applies to.
+                                type: string
+                              operator:
+                                description: |-
+                                  operator represents a key's relationship to a set of values.
+                                  Valid operators are In, NotIn, Exists and DoesNotExist.
+                                type: string
+                              values:
+                                description: |-
+                                  values is an array of string values. If the operator is In or NotIn,
+                                  the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                  the values array must be empty. This array is replaced during a strategic
+                                  merge patch.
+                                items:
+                                  type: string
+                                type: array
+                            required:
+                            - key
+                            - operator
+                            type: object
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: |-
+                            matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                            map is equivalent to an element of matchExpressions, whose key field is "key", the
+                            operator is "In", and the values array contains only "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                      x-kubernetes-map-type: atomic
+                    selector:
+                      description: |-
+                        A Selector is a label query over a set of resources. The result of matchLabels and
+                        matchExpressions are ANDed. An empty Selector matches all objects. A null
+                        Selector matches no objects.
+                      type: string
+                    succeeded:
+                      description: The number of pods which reached phase Succeeded.
+                      format: int32
+                      type: integer
+                  type: object
+                description: |-
+                  ReplicaStatuses is map of ReplicaType and ReplicaStatus,
+                  specifies the status of each replica.
+                type: object
+              startTime:
+                description: |-
+                  Represents time when the job was acknowledged by the job controller.
+                  It is not guaranteed to be set in happens-before order across separate operations.
+                  It is represented in RFC3339 form and is in UTC.
+                format: date-time
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+{{- end }}
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_mxjobs.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_mxjobs.yaml
new file mode 100644
index 00000000..900f42f7
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_mxjobs.yaml
@@ -0,0 +1,7544 @@
+{{- if (include "kubeflowCrds.trainingOperator.enabled" . | eq "true") -}}
+{{- if .Values.crds.minimized }}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }}
+  name: {{ include "kubeflowCrds.trainingOperator.mxFullName" . }}
+spec:
+  group: {{ include "kubeflowCrds.trainingOperator.group" . }}
+  names:
+    kind: MXJob
+    listKind: MXJobList
+    plural: {{ include "kubeflowCrds.trainingOperator.mxPluralName" . }}
+    singular: {{ include "kubeflowCrds.trainingOperator.mxSingularName" . }}
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[-1:].type
+      name: State
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1
+    schema:
+      openAPIV3Schema:
+        description: MXJob is the Schema for the mxjobs API
+        type: object
+        x-kubernetes-preserve-unknown-fields: true
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+{{- else }}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }}
+  name: {{ include "kubeflowCrds.trainingOperator.mxFullName" . }}
+spec:
+  group: {{ include "kubeflowCrds.trainingOperator.group" . }}
+  names:
+    kind: MXJob
+    listKind: MXJobList
+    plural: {{ include "kubeflowCrds.trainingOperator.mxPluralName" . }}
+    singular: {{ include "kubeflowCrds.trainingOperator.mxSingularName" . }}
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[-1:].type
+      name: State
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1
+    schema:
+      openAPIV3Schema:
+        description: MXJob is the Schema for the mxjobs API
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MXJobSpec defines the desired state of MXJob
+            properties:
+              jobMode:
+                description: |-
+                  JobMode specify the kind of MXjob to do. Different mode may have
+                  different MXReplicaSpecs request
+                type: string
+              mxReplicaSpecs:
+                additionalProperties:
+                  description: ReplicaSpec is a description of the replica
+                  properties:
+                    replicas:
+                      description: |-
+                        Replicas is the desired number of replicas of the given template.
+                        If unspecified, defaults to 1.
+                      format: int32
+                      type: integer
+                    restartPolicy:
+                      description: |-
+                        Restart policy for all replicas within the job.
+                        One of Always, OnFailure, Never and ExitCode.
+                        Default to Never.
+                      type: string
+                    template:
+                      description: |-
+                        Template is the object that describes the pod that
+                        will be created for this replica. RestartPolicy in PodTemplateSpec
+                        will be overide by RestartPolicy in ReplicaSpec
+                      properties:
+                        metadata:
+                          description: |-
+                            Standard object's metadata.
+                            More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+                          properties:
+                            annotations:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            finalizers:
+                              items:
+                                type: string
+                              type: array
+                            labels:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                          type: object
+                        spec:
+                          description: |-
+                            Specification of the desired behavior of the pod.
+                            More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+                          properties:
+                            activeDeadlineSeconds:
+                              description: |-
+                                Optional duration in seconds the pod may be active on the node relative to
+                                StartTime before the system will actively try to mark it failed and kill associated containers.
+                                Value must be a positive integer.
+                              format: int64
+                              type: integer
+                            affinity:
+                              description: If specified, the pod's scheduling constraints
+                              properties:
+                                nodeAffinity:
+                                  description: Describes node affinity scheduling
+                                    rules for the pod.
+                                  properties:
+                                    preferredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        The scheduler will prefer to schedule pods to nodes that satisfy
+                                        the affinity expressions specified by this field, but it may choose
+                                        a node that violates one or more of the expressions. The node that is
+                                        most preferred is the one with the greatest sum of weights, i.e.
+                                        for each node that meets all of the scheduling requirements (resource
+                                        request, requiredDuringScheduling affinity expressions, etc.
+                                      items:
+                                        description: |-
+                                          An empty preferred scheduling term matches all objects with implicit weight 0
+                                          (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+                                        properties:
+                                          preference:
+                                            description: A node selector term, associated
+                                              with the corresponding weight.
+                                            properties:
+                                              matchExpressions:
+                                                description: A list of node selector
+                                                  requirements by node's labels.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchFields:
+                                                description: A list of node selector
+                                                  requirements by node's fields.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          weight:
+                                            description: Weight associated with matching
+                                              the corresponding nodeSelectorTerm,
+                                              in the range 1-100.
+                                            format: int32
+                                            type: integer
+                                        required:
+                                        - preference
+                                        - weight
+                                        type: object
+                                      type: array
+                                    requiredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        If the affinity requirements specified by this field are not met at
+                                        scheduling time, the pod will not be scheduled onto the node.
+                                        If the affinity requirements specified by this field cease to be met
+                                        at some point during pod execution (e.g. due to an update), the system
+                                        may or may not try to eventually evict the pod from its node.
+                                      properties:
+                                        nodeSelectorTerms:
+                                          description: Required. A list of node selector
+                                            terms. The terms are ORed.
+                                          items:
+                                            description: |-
+                                              A null or empty node selector term matches no objects. The requirements of
+                                              them are ANDed.
+                                              The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+                                            properties:
+                                              matchExpressions:
+                                                description: A list of node selector
+                                                  requirements by node's labels.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchFields:
+                                                description: A list of node selector
+                                                  requirements by node's fields.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          type: array
+                                      required:
+                                      - nodeSelectorTerms
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                  type: object
+                                podAffinity:
+                                  description: Describes pod affinity scheduling rules
+                                    (e.g. co-locate this pod in the same node, zone,
+                                    etc. as some other pod(s)).
+                                  properties:
+                                    preferredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        The scheduler will prefer to schedule pods to nodes that satisfy
+                                        the affinity expressions specified by this field, but it may choose
+                                        a node that violates one or more of the expressions. The node that is
+                                        most preferred is the one with the greatest sum of weights, i.e.
+                                        for each node that meets all of the scheduling requirements (resource
+                                        request, requiredDuringScheduling affinity expressions, etc.
+                                      items:
+                                        description: The weights of all of the matched
+                                          WeightedPodAffinityTerm fields are added
+                                          per-node to find the most preferred node(s)
+                                        properties:
+                                          podAffinityTerm:
+                                            description: Required. A pod affinity
+                                              term, associated with the corresponding
+                                              weight.
+                                            properties:
+                                              labelSelector:
+                                                description: |-
+                                                  A label query over a set of resources, in this case pods.
+                                                  If it's null, this PodAffinityTerm matches with no Pods.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              matchLabelKeys:
+                                                description: |-
+                                                  MatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              mismatchLabelKeys:
+                                                description: |-
+                                                  MismatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              namespaceSelector:
+                                                description: |-
+                                                  A label query over the set of namespaces that the term applies to.
+                                                  The term is applied to the union of the namespaces selected by this field
+                                                  and the ones listed in the namespaces field.
+                                                  null selector and null or empty namespaces list means "this pod's namespace".
+                                                  An empty selector ({}) matches all namespaces.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              namespaces:
+                                                description: |-
+                                                  namespaces specifies a static list of namespace names that the term applies to.
+                                                  The term is applied to the union of the namespaces listed in this field
+                                                  and the ones selected by namespaceSelector.
+                                                  null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                                items:
+                                                  type: string
+                                                type: array
+                                              topologyKey:
+                                                description: |-
+                                                  This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                                  the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                                  whose value of the label with key topologyKey matches that of any node on which any of the
+                                                  selected pods is running.
+                                                  Empty topologyKey is not allowed.
+                                                type: string
+                                            required:
+                                            - topologyKey
+                                            type: object
+                                          weight:
+                                            description: |-
+                                              weight associated with matching the corresponding podAffinityTerm,
+                                              in the range 1-100.
+                                            format: int32
+                                            type: integer
+                                        required:
+                                        - podAffinityTerm
+                                        - weight
+                                        type: object
+                                      type: array
+                                    requiredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        If the affinity requirements specified by this field are not met at
+                                        scheduling time, the pod will not be scheduled onto the node.
+                                        If the affinity requirements specified by this field cease to be met
+                                        at some point during pod execution (e.g. due to a pod label update), the
+                                        system may or may not try to eventually evict the pod from its node.
+                                      items:
+                                        description: |-
+                                          Defines a set of pods (namely those matching the labelSelector
+                                          relative to the given namespace(s)) that this pod should be
+                                          co-located (affinity) or not co-located (anti-affinity) with,
+                                          where co-located is defined as running on a node whose value of
+                                          the label with key <topologyKey> matches that of any node on which
+                                          a pod of the set of pods is running
+                                        properties:
+                                          labelSelector:
+                                            description: |-
+                                              A label query over a set of resources, in this case pods.
+                                              If it's null, this PodAffinityTerm matches with no Pods.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          matchLabelKeys:
+                                            description: |-
+                                              MatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          mismatchLabelKeys:
+                                            description: |-
+                                              MismatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          namespaceSelector:
+                                            description: |-
+                                              A label query over the set of namespaces that the term applies to.
+                                              The term is applied to the union of the namespaces selected by this field
+                                              and the ones listed in the namespaces field.
+                                              null selector and null or empty namespaces list means "this pod's namespace".
+                                              An empty selector ({}) matches all namespaces.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          namespaces:
+                                            description: |-
+                                              namespaces specifies a static list of namespace names that the term applies to.
+                                              The term is applied to the union of the namespaces listed in this field
+                                              and the ones selected by namespaceSelector.
+                                              null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                            items:
+                                              type: string
+                                            type: array
+                                          topologyKey:
+                                            description: |-
+                                              This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                              the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                              whose value of the label with key topologyKey matches that of any node on which any of the
+                                              selected pods is running.
+                                              Empty topologyKey is not allowed.
+                                            type: string
+                                        required:
+                                        - topologyKey
+                                        type: object
+                                      type: array
+                                  type: object
+                                podAntiAffinity:
+                                  description: Describes pod anti-affinity scheduling
+                                    rules (e.g. avoid putting this pod in the same
+                                    node, zone, etc. as some other pod(s)).
+                                  properties:
+                                    preferredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        The scheduler will prefer to schedule pods to nodes that satisfy
+                                        the anti-affinity expressions specified by this field, but it may choose
+                                        a node that violates one or more of the expressions. The node that is
+                                        most preferred is the one with the greatest sum of weights, i.e.
+                                      items:
+                                        description: The weights of all of the matched
+                                          WeightedPodAffinityTerm fields are added
+                                          per-node to find the most preferred node(s)
+                                        properties:
+                                          podAffinityTerm:
+                                            description: Required. A pod affinity
+                                              term, associated with the corresponding
+                                              weight.
+                                            properties:
+                                              labelSelector:
+                                                description: |-
+                                                  A label query over a set of resources, in this case pods.
+                                                  If it's null, this PodAffinityTerm matches with no Pods.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              matchLabelKeys:
+                                                description: |-
+                                                  MatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              mismatchLabelKeys:
+                                                description: |-
+                                                  MismatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              namespaceSelector:
+                                                description: |-
+                                                  A label query over the set of namespaces that the term applies to.
+                                                  The term is applied to the union of the namespaces selected by this field
+                                                  and the ones listed in the namespaces field.
+                                                  null selector and null or empty namespaces list means "this pod's namespace".
+                                                  An empty selector ({}) matches all namespaces.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              namespaces:
+                                                description: |-
+                                                  namespaces specifies a static list of namespace names that the term applies to.
+                                                  The term is applied to the union of the namespaces listed in this field
+                                                  and the ones selected by namespaceSelector.
+                                                  null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                                items:
+                                                  type: string
+                                                type: array
+                                              topologyKey:
+                                                description: |-
+                                                  This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                                  the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                                  whose value of the label with key topologyKey matches that of any node on which any of the
+                                                  selected pods is running.
+                                                  Empty topologyKey is not allowed.
+                                                type: string
+                                            required:
+                                            - topologyKey
+                                            type: object
+                                          weight:
+                                            description: |-
+                                              weight associated with matching the corresponding podAffinityTerm,
+                                              in the range 1-100.
+                                            format: int32
+                                            type: integer
+                                        required:
+                                        - podAffinityTerm
+                                        - weight
+                                        type: object
+                                      type: array
+                                    requiredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        If the anti-affinity requirements specified by this field are not met at
+                                        scheduling time, the pod will not be scheduled onto the node.
+                                        If the anti-affinity requirements specified by this field cease to be met
+                                        at some point during pod execution (e.g. due to a pod label update), the
+                                        system may or may not try to eventually evict the pod from its node.
+                                      items:
+                                        description: |-
+                                          Defines a set of pods (namely those matching the labelSelector
+                                          relative to the given namespace(s)) that this pod should be
+                                          co-located (affinity) or not co-located (anti-affinity) with,
+                                          where co-located is defined as running on a node whose value of
+                                          the label with key <topologyKey> matches that of any node on which
+                                          a pod of the set of pods is running
+                                        properties:
+                                          labelSelector:
+                                            description: |-
+                                              A label query over a set of resources, in this case pods.
+                                              If it's null, this PodAffinityTerm matches with no Pods.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          matchLabelKeys:
+                                            description: |-
+                                              MatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          mismatchLabelKeys:
+                                            description: |-
+                                              MismatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          namespaceSelector:
+                                            description: |-
+                                              A label query over the set of namespaces that the term applies to.
+                                              The term is applied to the union of the namespaces selected by this field
+                                              and the ones listed in the namespaces field.
+                                              null selector and null or empty namespaces list means "this pod's namespace".
+                                              An empty selector ({}) matches all namespaces.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          namespaces:
+                                            description: |-
+                                              namespaces specifies a static list of namespace names that the term applies to.
+                                              The term is applied to the union of the namespaces listed in this field
+                                              and the ones selected by namespaceSelector.
+                                              null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                            items:
+                                              type: string
+                                            type: array
+                                          topologyKey:
+                                            description: |-
+                                              This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                              the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                              whose value of the label with key topologyKey matches that of any node on which any of the
+                                              selected pods is running.
+                                              Empty topologyKey is not allowed.
+                                            type: string
+                                        required:
+                                        - topologyKey
+                                        type: object
+                                      type: array
+                                  type: object
+                              type: object
+                            automountServiceAccountToken:
+                              description: AutomountServiceAccountToken indicates
+                                whether a service account token should be automatically
+                                mounted.
+                              type: boolean
+                            containers:
+                              description: |-
+                                List of containers belonging to the pod.
+                                Containers cannot currently be added or removed.
+                                There must be at least one container in a Pod.
+                                Cannot be updated.
+                              items:
+                                description: A single application container that you
+                                  want to run within a pod.
+                                properties:
+                                  args:
+                                    description: |-
+                                      Arguments to the entrypoint.
+                                      The container image's CMD is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  command:
+                                    description: |-
+                                      Entrypoint array. Not executed within a shell.
+                                      The container image's ENTRYPOINT is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  env:
+                                    description: |-
+                                      List of environment variables to set in the container.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvVar represents an environment
+                                        variable present in a Container.
+                                      properties:
+                                        name:
+                                          description: Name of the environment variable.
+                                            Must be a C_IDENTIFIER.
+                                          type: string
+                                        value:
+                                          description: |-
+                                            Variable references $(VAR_NAME) are expanded
+                                            using the previously defined environment variables in the container and
+                                            any service environment variables. If a variable cannot be resolved,
+                                            the reference in the input string will be unchanged. Double $$ are reduced
+                                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                          type: string
+                                        valueFrom:
+                                          description: Source for the environment
+                                            variable's value. Cannot be used if value
+                                            is not empty.
+                                          properties:
+                                            configMapKeyRef:
+                                              description: Selects a key of a ConfigMap.
+                                              properties:
+                                                key:
+                                                  description: The key to select.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    ConfigMap or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            fieldRef:
+                                              description: |-
+                                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            secretKeyRef:
+                                              description: Selects a key of a secret
+                                                in the pod's namespace
+                                              properties:
+                                                key:
+                                                  description: The key of the secret
+                                                    to select from.  Must be a valid
+                                                    secret key.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    Secret or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  envFrom:
+                                    description: |-
+                                      List of sources to populate environment variables in the container.
+                                      The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                      will be reported as an event when the container is starting. When a key exists in multiple
+                                      sources, the value associated with the last source will take precedence.
+                                      Values defined by an Env with a duplicate key will take precedence.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvFromSource represents the source
+                                        of a set of ConfigMaps
+                                      properties:
+                                        configMapRef:
+                                          description: The ConfigMap to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the ConfigMap
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        prefix:
+                                          description: An optional identifier to prepend
+                                            to each key in the ConfigMap. Must be
+                                            a C_IDENTIFIER.
+                                          type: string
+                                        secretRef:
+                                          description: The Secret to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the Secret
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                      type: object
+                                    type: array
+                                  image:
+                                    description: |-
+                                      Container image name.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images
+                                      This field is optional to allow higher level config management to default or override
+                                      container images in workload controllers like Deployments and StatefulSets.
+                                    type: string
+                                  imagePullPolicy:
+                                    description: |-
+                                      Image pull policy.
+                                      One of Always, Never, IfNotPresent.
+                                      Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                    type: string
+                                  lifecycle:
+                                    description: |-
+                                      Actions that the management system should take in response to container lifecycle events.
+                                      Cannot be updated.
+                                    properties:
+                                      postStart:
+                                        description: |-
+                                          PostStart is called immediately after a container is created. If the handler fails,
+                                          the container is terminated and restarted according to its restart policy.
+                                          Other management of the container blocks until the hook completes.
+                                          More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                      preStop:
+                                        description: |-
+                                          PreStop is called immediately before a container is terminated due to an
+                                          API request or management event such as liveness/startup probe failure,
+                                          preemption, resource contention, etc. The handler is not called if the
+                                          container crashes or exits. The Pod's termination grace period countdown begins before the
+                                          PreStop hook is executed.
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                    type: object
+                                  livenessProbe:
+                                    description: |-
+                                      Periodic probe of container liveness.
+                                      Container will be restarted if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  name:
+                                    description: |-
+                                      Name of the container specified as a DNS_LABEL.
+                                      Each container in a pod must have a unique name (DNS_LABEL).
+                                      Cannot be updated.
+                                    type: string
+                                  ports:
+                                    description: |-
+                                      List of ports to expose from the container. Not specifying a port here
+                                      DOES NOT prevent that port from being exposed. Any port which is
+                                      listening on the default "0.0.0.0" address inside a container will be
+                                      accessible from the network.
+                                      Modifying this array with strategic merge patch may corrupt the data.
+                                      For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+                                    items:
+                                      description: ContainerPort represents a network
+                                        port in a single container.
+                                      properties:
+                                        containerPort:
+                                          description: |-
+                                            Number of port to expose on the pod's IP address.
+                                            This must be a valid port number, 0 < x < 65536.
+                                          format: int32
+                                          type: integer
+                                        hostIP:
+                                          description: What host IP to bind the external
+                                            port to.
+                                          type: string
+                                        hostPort:
+                                          description: |-
+                                            Number of port to expose on the host.
+                                            If specified, this must be a valid port number, 0 < x < 65536.
+                                            If HostNetwork is specified, this must match ContainerPort.
+                                            Most containers do not need this.
+                                          format: int32
+                                          type: integer
+                                        name:
+                                          description: |-
+                                            If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                            named port in a pod must have a unique name. Name for the port that can be
+                                            referred to by services.
+                                          type: string
+                                        protocol:
+                                          default: TCP
+                                          description: |-
+                                            Protocol for port. Must be UDP, TCP, or SCTP.
+                                            Defaults to "TCP".
+                                          type: string
+                                      required:
+                                      - containerPort
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-map-keys:
+                                    - containerPort
+                                    - protocol
+                                    x-kubernetes-list-type: map
+                                  readinessProbe:
+                                    description: |-
+                                      Periodic probe of container service readiness.
+                                      Container will be removed from service endpoints if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  resizePolicy:
+                                    description: Resources resize policy for the container.
+                                    items:
+                                      description: ContainerResizePolicy represents
+                                        resource resize policy for the container.
+                                      properties:
+                                        resourceName:
+                                          description: |-
+                                            Name of the resource to which this resource resize policy applies.
+                                            Supported values: cpu, memory.
+                                          type: string
+                                        restartPolicy:
+                                          description: |-
+                                            Restart policy to apply when specified resource is resized.
+                                            If not specified, it defaults to NotRequired.
+                                          type: string
+                                      required:
+                                      - resourceName
+                                      - restartPolicy
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  resources:
+                                    description: |-
+                                      Compute Resources required by this container.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                    properties:
+                                      claims:
+                                        description: |-
+                                          Claims lists the names of resources, defined in spec.resourceClaims,
+                                          that are used by this container.
+
+
+                                          This is an alpha field and requires enabling the
+                                          DynamicResourceAllocation feature gate.
+
+
+                                          This field is immutable. It can only be set for containers.
+                                        items:
+                                          description: ResourceClaim references one
+                                            entry in PodSpec.ResourceClaims.
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name must match the name of one entry in pod.spec.resourceClaims of
+                                                the Pod where this field is used. It makes that resource available
+                                                inside a container.
+                                              type: string
+                                          required:
+                                          - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                        - name
+                                        x-kubernetes-list-type: map
+                                      limits:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Limits describes the maximum amount of compute resources allowed.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                      requests:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Requests describes the minimum amount of compute resources required.
+                                          If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                          otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                    type: object
+                                  restartPolicy:
+                                    description: |-
+                                      RestartPolicy defines the restart behavior of individual containers in a pod.
+                                      This field may only be set for init containers, and the only allowed value is "Always".
+                                      For non-init containers or when this field is not specified,
+                                      the restart behavior is defined by the Pod's restart policy and the container type.
+                                    type: string
+                                  securityContext:
+                                    description: |-
+                                      SecurityContext defines the security options the container should be run with.
+                                      If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                      More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+                                    properties:
+                                      allowPrivilegeEscalation:
+                                        description: |-
+                                          AllowPrivilegeEscalation controls whether a process can gain more
+                                          privileges than its parent process. This bool directly controls if
+                                          the no_new_privs flag will be set on the container process.
+                                          AllowPrivilegeEscalation is true always when the container is:
+                                          1) run as Privileged
+                                          2) has CAP_SYS_ADMIN
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      capabilities:
+                                        description: |-
+                                          The capabilities to add/drop when running containers.
+                                          Defaults to the default set of capabilities granted by the container runtime.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          add:
+                                            description: Added capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                          drop:
+                                            description: Removed capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                        type: object
+                                      privileged:
+                                        description: |-
+                                          Run container in privileged mode.
+                                          Processes in privileged containers are essentially equivalent to root on the host.
+                                          Defaults to false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      procMount:
+                                        description: |-
+                                          procMount denotes the type of proc mount to use for the containers.
+                                          The default is DefaultProcMount which uses the container runtime defaults for
+                                          readonly paths and masked paths.
+                                          This requires the ProcMountType feature flag to be enabled.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: string
+                                      readOnlyRootFilesystem:
+                                        description: |-
+                                          Whether this container has a read-only root filesystem.
+                                          Default is false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      runAsGroup:
+                                        description: |-
+                                          The GID to run the entrypoint of the container process.
+                                          Uses runtime default if unset.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      runAsNonRoot:
+                                        description: |-
+                                          Indicates that the container must run as a non-root user.
+                                          If true, the Kubelet will validate the image at runtime to ensure that it
+                                          does not run as UID 0 (root) and fail to start the container if it does.
+                                          If unset or false, no such validation will be performed.
+                                          May also be set in PodSecurityContext.
+                                        type: boolean
+                                      runAsUser:
+                                        description: |-
+                                          The UID to run the entrypoint of the container process.
+                                          Defaults to user specified in image metadata if unspecified.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      seLinuxOptions:
+                                        description: |-
+                                          The SELinux context to be applied to the container.
+                                          If unspecified, the container runtime will allocate a random SELinux context for each
+                                          container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          level:
+                                            description: Level is SELinux level label
+                                              that applies to the container.
+                                            type: string
+                                          role:
+                                            description: Role is a SELinux role label
+                                              that applies to the container.
+                                            type: string
+                                          type:
+                                            description: Type is a SELinux type label
+                                              that applies to the container.
+                                            type: string
+                                          user:
+                                            description: User is a SELinux user label
+                                              that applies to the container.
+                                            type: string
+                                        type: object
+                                      seccompProfile:
+                                        description: |-
+                                          The seccomp options to use by this container. If seccomp options are
+                                          provided at both the pod & container level, the container options
+                                          override the pod options.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          localhostProfile:
+                                            description: |-
+                                              localhostProfile indicates a profile defined in a file on the node should be used.
+                                              The profile must be preconfigured on the node to work.
+                                              Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                              Must be set if type is "Localhost". Must NOT be set for any other type.
+                                            type: string
+                                          type:
+                                            description: |-
+                                              type indicates which kind of seccomp profile will be applied.
+                                              Valid options are:
+
+
+                                              Localhost - a profile defined in a file on the node should be used.
+                                              RuntimeDefault - the container runtime default profile should be used.
+                                              Unconfined - no profile should be applied.
+                                            type: string
+                                        required:
+                                        - type
+                                        type: object
+                                      windowsOptions:
+                                        description: |-
+                                          The Windows specific settings applied to all containers.
+                                          If unspecified, the options from the PodSecurityContext will be used.
+                                          If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is linux.
+                                        properties:
+                                          gmsaCredentialSpec:
+                                            description: |-
+                                              GMSACredentialSpec is where the GMSA admission webhook
+                                              (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                              GMSA credential spec named by the GMSACredentialSpecName field.
+                                            type: string
+                                          gmsaCredentialSpecName:
+                                            description: GMSACredentialSpecName is
+                                              the name of the GMSA credential spec
+                                              to use.
+                                            type: string
+                                          hostProcess:
+                                            description: |-
+                                              HostProcess determines if a container should be run as a 'Host Process' container.
+                                              All of a Pod's containers must have the same effective HostProcess value
+                                              (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                              In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                            type: boolean
+                                          runAsUserName:
+                                            description: |-
+                                              The UserName in Windows to run the entrypoint of the container process.
+                                              Defaults to the user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext. If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: string
+                                        type: object
+                                    type: object
+                                  startupProbe:
+                                    description: |-
+                                      StartupProbe indicates that the Pod has successfully initialized.
+                                      If specified, no other probes are executed until this completes successfully.
+                                      If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  stdin:
+                                    description: |-
+                                      Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                      is not set, reads from stdin in the container will always result in EOF.
+                                      Default is false.
+                                    type: boolean
+                                  stdinOnce:
+                                    description: |-
+                                      Whether the container runtime should close the stdin channel after it has been opened by
+                                      a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                      sessions.
+                                    type: boolean
+                                  terminationMessagePath:
+                                    description: |-
+                                      Optional: Path at which the file to which the container's termination message
+                                      will be written is mounted into the container's filesystem.
+                                      Message written is intended to be brief final status, such as an assertion failure message.
+                                      Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                      all containers will be limited to 12kb.
+                                      Defaults to /dev/termination-log.
+                                    type: string
+                                  terminationMessagePolicy:
+                                    description: |-
+                                      Indicate how the termination message should be populated. File will use the contents of
+                                      terminationMessagePath to populate the container status message on both success and failure.
+                                      FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                      message file is empty and the container exited with an error.
+                                    type: string
+                                  tty:
+                                    description: |-
+                                      Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                      Default is false.
+                                    type: boolean
+                                  volumeDevices:
+                                    description: volumeDevices is the list of block
+                                      devices to be used by the container.
+                                    items:
+                                      description: volumeDevice describes a mapping
+                                        of a raw block device within a container.
+                                      properties:
+                                        devicePath:
+                                          description: devicePath is the path inside
+                                            of the container that the device will
+                                            be mapped to.
+                                          type: string
+                                        name:
+                                          description: name must match the name of
+                                            a persistentVolumeClaim in the pod
+                                          type: string
+                                      required:
+                                      - devicePath
+                                      - name
+                                      type: object
+                                    type: array
+                                  volumeMounts:
+                                    description: |-
+                                      Pod volumes to mount into the container's filesystem.
+                                      Cannot be updated.
+                                    items:
+                                      description: VolumeMount describes a mounting
+                                        of a Volume within a container.
+                                      properties:
+                                        mountPath:
+                                          description: |-
+                                            Path within the container at which the volume should be mounted.  Must
+                                            not contain ':'.
+                                          type: string
+                                        mountPropagation:
+                                          description: |-
+                                            mountPropagation determines how mounts are propagated from the host
+                                            to container and the other way around.
+                                            When not set, MountPropagationNone is used.
+                                            This field is beta in 1.10.
+                                          type: string
+                                        name:
+                                          description: This must match the Name of
+                                            a Volume.
+                                          type: string
+                                        readOnly:
+                                          description: |-
+                                            Mounted read-only if true, read-write otherwise (false or unspecified).
+                                            Defaults to false.
+                                          type: boolean
+                                        subPath:
+                                          description: |-
+                                            Path within the volume from which the container's volume should be mounted.
+                                            Defaults to "" (volume's root).
+                                          type: string
+                                        subPathExpr:
+                                          description: |-
+                                            Expanded path within the volume from which the container's volume should be mounted.
+                                            Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                            Defaults to "" (volume's root).
+                                            SubPathExpr and SubPath are mutually exclusive.
+                                          type: string
+                                      required:
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                  workingDir:
+                                    description: |-
+                                      Container's working directory.
+                                      If not specified, the container runtime's default will be used, which
+                                      might be configured in the container image.
+                                      Cannot be updated.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            dnsConfig:
+                              description: |-
+                                Specifies the DNS parameters of a pod.
+                                Parameters specified here will be merged to the generated DNS
+                                configuration based on DNSPolicy.
+                              properties:
+                                nameservers:
+                                  description: |-
+                                    A list of DNS name server IP addresses.
+                                    This will be appended to the base nameservers generated from DNSPolicy.
+                                    Duplicated nameservers will be removed.
+                                  items:
+                                    type: string
+                                  type: array
+                                options:
+                                  description: |-
+                                    A list of DNS resolver options.
+                                    This will be merged with the base options generated from DNSPolicy.
+                                    Duplicated entries will be removed. Resolution options given in Options
+                                    will override those that appear in the base DNSPolicy.
+                                  items:
+                                    description: PodDNSConfigOption defines DNS resolver
+                                      options of a pod.
+                                    properties:
+                                      name:
+                                        description: Required.
+                                        type: string
+                                      value:
+                                        type: string
+                                    type: object
+                                  type: array
+                                searches:
+                                  description: |-
+                                    A list of DNS search domains for host-name lookup.
+                                    This will be appended to the base search paths generated from DNSPolicy.
+                                    Duplicated search paths will be removed.
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            dnsPolicy:
+                              description: |-
+                                Set DNS policy for the pod.
+                                Defaults to "ClusterFirst".
+                                Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
+                                DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
+                                To have DNS options set along with hostNetwork, you have to specify DNS policy
+                                explicitly to 'ClusterFirstWithHostNet'.
+                              type: string
+                            enableServiceLinks:
+                              description: |-
+                                EnableServiceLinks indicates whether information about services should be injected into pod's
+                                environment variables, matching the syntax of Docker links.
+                                Optional: Defaults to true.
+                              type: boolean
+                            ephemeralContainers:
+                              description: |-
+                                List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing
+                                pod to perform user-initiated actions such as debugging. This list cannot be specified when
+                                creating a pod, and it cannot be modified by updating the pod spec. In order to add an
+                                ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
+                              items:
+                                description: |-
+                                  An EphemeralContainer is a temporary container that you may add to an existing Pod for
+                                  user-initiated activities such as debugging. Ephemeral containers have no resource or
+                                  scheduling guarantees, and they will not be restarted when they exit or when a Pod is
+                                  removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the
+                                  Pod to exceed its resource allocation.
+                                properties:
+                                  args:
+                                    description: |-
+                                      Arguments to the entrypoint.
+                                      The image's CMD is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+                                      produce the string literal "$(VAR_NAME)".
+                                    items:
+                                      type: string
+                                    type: array
+                                  command:
+                                    description: |-
+                                      Entrypoint array. Not executed within a shell.
+                                      The image's ENTRYPOINT is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  env:
+                                    description: |-
+                                      List of environment variables to set in the container.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvVar represents an environment
+                                        variable present in a Container.
+                                      properties:
+                                        name:
+                                          description: Name of the environment variable.
+                                            Must be a C_IDENTIFIER.
+                                          type: string
+                                        value:
+                                          description: |-
+                                            Variable references $(VAR_NAME) are expanded
+                                            using the previously defined environment variables in the container and
+                                            any service environment variables. If a variable cannot be resolved,
+                                            the reference in the input string will be unchanged. Double $$ are reduced
+                                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                          type: string
+                                        valueFrom:
+                                          description: Source for the environment
+                                            variable's value. Cannot be used if value
+                                            is not empty.
+                                          properties:
+                                            configMapKeyRef:
+                                              description: Selects a key of a ConfigMap.
+                                              properties:
+                                                key:
+                                                  description: The key to select.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    ConfigMap or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            fieldRef:
+                                              description: |-
+                                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            secretKeyRef:
+                                              description: Selects a key of a secret
+                                                in the pod's namespace
+                                              properties:
+                                                key:
+                                                  description: The key of the secret
+                                                    to select from.  Must be a valid
+                                                    secret key.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    Secret or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  envFrom:
+                                    description: |-
+                                      List of sources to populate environment variables in the container.
+                                      The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                      will be reported as an event when the container is starting. When a key exists in multiple
+                                      sources, the value associated with the last source will take precedence.
+                                      Values defined by an Env with a duplicate key will take precedence.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvFromSource represents the source
+                                        of a set of ConfigMaps
+                                      properties:
+                                        configMapRef:
+                                          description: The ConfigMap to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the ConfigMap
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        prefix:
+                                          description: An optional identifier to prepend
+                                            to each key in the ConfigMap. Must be
+                                            a C_IDENTIFIER.
+                                          type: string
+                                        secretRef:
+                                          description: The Secret to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the Secret
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                      type: object
+                                    type: array
+                                  image:
+                                    description: |-
+                                      Container image name.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images
+                                    type: string
+                                  imagePullPolicy:
+                                    description: |-
+                                      Image pull policy.
+                                      One of Always, Never, IfNotPresent.
+                                      Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                    type: string
+                                  lifecycle:
+                                    description: Lifecycle is not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      postStart:
+                                        description: |-
+                                          PostStart is called immediately after a container is created. If the handler fails,
+                                          the container is terminated and restarted according to its restart policy.
+                                          Other management of the container blocks until the hook completes.
+                                          More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                      preStop:
+                                        description: |-
+                                          PreStop is called immediately before a container is terminated due to an
+                                          API request or management event such as liveness/startup probe failure,
+                                          preemption, resource contention, etc. The handler is not called if the
+                                          container crashes or exits. The Pod's termination grace period countdown begins before the
+                                          PreStop hook is executed.
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                    type: object
+                                  livenessProbe:
+                                    description: Probes are not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  name:
+                                    description: |-
+                                      Name of the ephemeral container specified as a DNS_LABEL.
+                                      This name must be unique among all containers, init containers and ephemeral containers.
+                                    type: string
+                                  ports:
+                                    description: Ports are not allowed for ephemeral
+                                      containers.
+                                    items:
+                                      description: ContainerPort represents a network
+                                        port in a single container.
+                                      properties:
+                                        containerPort:
+                                          description: |-
+                                            Number of port to expose on the pod's IP address.
+                                            This must be a valid port number, 0 < x < 65536.
+                                          format: int32
+                                          type: integer
+                                        hostIP:
+                                          description: What host IP to bind the external
+                                            port to.
+                                          type: string
+                                        hostPort:
+                                          description: |-
+                                            Number of port to expose on the host.
+                                            If specified, this must be a valid port number, 0 < x < 65536.
+                                            If HostNetwork is specified, this must match ContainerPort.
+                                            Most containers do not need this.
+                                          format: int32
+                                          type: integer
+                                        name:
+                                          description: |-
+                                            If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                            named port in a pod must have a unique name. Name for the port that can be
+                                            referred to by services.
+                                          type: string
+                                        protocol:
+                                          default: TCP
+                                          description: |-
+                                            Protocol for port. Must be UDP, TCP, or SCTP.
+                                            Defaults to "TCP".
+                                          type: string
+                                      required:
+                                      - containerPort
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-map-keys:
+                                    - containerPort
+                                    - protocol
+                                    x-kubernetes-list-type: map
+                                  readinessProbe:
+                                    description: Probes are not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  resizePolicy:
+                                    description: Resources resize policy for the container.
+                                    items:
+                                      description: ContainerResizePolicy represents
+                                        resource resize policy for the container.
+                                      properties:
+                                        resourceName:
+                                          description: |-
+                                            Name of the resource to which this resource resize policy applies.
+                                            Supported values: cpu, memory.
+                                          type: string
+                                        restartPolicy:
+                                          description: |-
+                                            Restart policy to apply when specified resource is resized.
+                                            If not specified, it defaults to NotRequired.
+                                          type: string
+                                      required:
+                                      - resourceName
+                                      - restartPolicy
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  resources:
+                                    description: |-
+                                      Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources
+                                      already allocated to the pod.
+                                    properties:
+                                      claims:
+                                        description: |-
+                                          Claims lists the names of resources, defined in spec.resourceClaims,
+                                          that are used by this container.
+
+
+                                          This is an alpha field and requires enabling the
+                                          DynamicResourceAllocation feature gate.
+
+
+                                          This field is immutable. It can only be set for containers.
+                                        items:
+                                          description: ResourceClaim references one
+                                            entry in PodSpec.ResourceClaims.
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name must match the name of one entry in pod.spec.resourceClaims of
+                                                the Pod where this field is used. It makes that resource available
+                                                inside a container.
+                                              type: string
+                                          required:
+                                          - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                        - name
+                                        x-kubernetes-list-type: map
+                                      limits:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Limits describes the maximum amount of compute resources allowed.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                      requests:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Requests describes the minimum amount of compute resources required.
+                                          If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                          otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                    type: object
+                                  restartPolicy:
+                                    description: |-
+                                      Restart policy for the container to manage the restart behavior of each
+                                      container within a pod.
+                                      This may only be set for init containers. You cannot set this field on
+                                      ephemeral containers.
+                                    type: string
+                                  securityContext:
+                                    description: |-
+                                      Optional: SecurityContext defines the security options the ephemeral container should be run with.
+                                      If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                    properties:
+                                      allowPrivilegeEscalation:
+                                        description: |-
+                                          AllowPrivilegeEscalation controls whether a process can gain more
+                                          privileges than its parent process. This bool directly controls if
+                                          the no_new_privs flag will be set on the container process.
+                                          AllowPrivilegeEscalation is true always when the container is:
+                                          1) run as Privileged
+                                          2) has CAP_SYS_ADMIN
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      capabilities:
+                                        description: |-
+                                          The capabilities to add/drop when running containers.
+                                          Defaults to the default set of capabilities granted by the container runtime.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          add:
+                                            description: Added capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                          drop:
+                                            description: Removed capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                        type: object
+                                      privileged:
+                                        description: |-
+                                          Run container in privileged mode.
+                                          Processes in privileged containers are essentially equivalent to root on the host.
+                                          Defaults to false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      procMount:
+                                        description: |-
+                                          procMount denotes the type of proc mount to use for the containers.
+                                          The default is DefaultProcMount which uses the container runtime defaults for
+                                          readonly paths and masked paths.
+                                          This requires the ProcMountType feature flag to be enabled.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: string
+                                      readOnlyRootFilesystem:
+                                        description: |-
+                                          Whether this container has a read-only root filesystem.
+                                          Default is false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      runAsGroup:
+                                        description: |-
+                                          The GID to run the entrypoint of the container process.
+                                          Uses runtime default if unset.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      runAsNonRoot:
+                                        description: |-
+                                          Indicates that the container must run as a non-root user.
+                                          If true, the Kubelet will validate the image at runtime to ensure that it
+                                          does not run as UID 0 (root) and fail to start the container if it does.
+                                          If unset or false, no such validation will be performed.
+                                          May also be set in PodSecurityContext.
+                                        type: boolean
+                                      runAsUser:
+                                        description: |-
+                                          The UID to run the entrypoint of the container process.
+                                          Defaults to user specified in image metadata if unspecified.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      seLinuxOptions:
+                                        description: |-
+                                          The SELinux context to be applied to the container.
+                                          If unspecified, the container runtime will allocate a random SELinux context for each
+                                          container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          level:
+                                            description: Level is SELinux level label
+                                              that applies to the container.
+                                            type: string
+                                          role:
+                                            description: Role is a SELinux role label
+                                              that applies to the container.
+                                            type: string
+                                          type:
+                                            description: Type is a SELinux type label
+                                              that applies to the container.
+                                            type: string
+                                          user:
+                                            description: User is a SELinux user label
+                                              that applies to the container.
+                                            type: string
+                                        type: object
+                                      seccompProfile:
+                                        description: |-
+                                          The seccomp options to use by this container. If seccomp options are
+                                          provided at both the pod & container level, the container options
+                                          override the pod options.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          localhostProfile:
+                                            description: |-
+                                              localhostProfile indicates a profile defined in a file on the node should be used.
+                                              The profile must be preconfigured on the node to work.
+                                              Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                              Must be set if type is "Localhost". Must NOT be set for any other type.
+                                            type: string
+                                          type:
+                                            description: |-
+                                              type indicates which kind of seccomp profile will be applied.
+                                              Valid options are:
+
+
+                                              Localhost - a profile defined in a file on the node should be used.
+                                              RuntimeDefault - the container runtime default profile should be used.
+                                              Unconfined - no profile should be applied.
+                                            type: string
+                                        required:
+                                        - type
+                                        type: object
+                                      windowsOptions:
+                                        description: |-
+                                          The Windows specific settings applied to all containers.
+                                          If unspecified, the options from the PodSecurityContext will be used.
+                                          If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is linux.
+                                        properties:
+                                          gmsaCredentialSpec:
+                                            description: |-
+                                              GMSACredentialSpec is where the GMSA admission webhook
+                                              (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                              GMSA credential spec named by the GMSACredentialSpecName field.
+                                            type: string
+                                          gmsaCredentialSpecName:
+                                            description: GMSACredentialSpecName is
+                                              the name of the GMSA credential spec
+                                              to use.
+                                            type: string
+                                          hostProcess:
+                                            description: |-
+                                              HostProcess determines if a container should be run as a 'Host Process' container.
+                                              All of a Pod's containers must have the same effective HostProcess value
+                                              (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                              In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                            type: boolean
+                                          runAsUserName:
+                                            description: |-
+                                              The UserName in Windows to run the entrypoint of the container process.
+                                              Defaults to the user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext. If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: string
+                                        type: object
+                                    type: object
+                                  startupProbe:
+                                    description: Probes are not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  stdin:
+                                    description: |-
+                                      Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                      is not set, reads from stdin in the container will always result in EOF.
+                                      Default is false.
+                                    type: boolean
+                                  stdinOnce:
+                                    description: |-
+                                      Whether the container runtime should close the stdin channel after it has been opened by
+                                      a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                      sessions.
+                                    type: boolean
+                                  targetContainerName:
+                                    description: |-
+                                      If set, the name of the container from PodSpec that this ephemeral container targets.
+                                      The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.
+                                      If not set then the ephemeral container uses the namespaces configured in the Pod spec.
+
+
+                                      The container runtime must implement support for this feature.
+                                    type: string
+                                  terminationMessagePath:
+                                    description: |-
+                                      Optional: Path at which the file to which the container's termination message
+                                      will be written is mounted into the container's filesystem.
+                                      Message written is intended to be brief final status, such as an assertion failure message.
+                                      Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                      all containers will be limited to 12kb.
+                                      Defaults to /dev/termination-log.
+                                    type: string
+                                  terminationMessagePolicy:
+                                    description: |-
+                                      Indicate how the termination message should be populated. File will use the contents of
+                                      terminationMessagePath to populate the container status message on both success and failure.
+                                      FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                      message file is empty and the container exited with an error.
+                                    type: string
+                                  tty:
+                                    description: |-
+                                      Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                      Default is false.
+                                    type: boolean
+                                  volumeDevices:
+                                    description: volumeDevices is the list of block
+                                      devices to be used by the container.
+                                    items:
+                                      description: volumeDevice describes a mapping
+                                        of a raw block device within a container.
+                                      properties:
+                                        devicePath:
+                                          description: devicePath is the path inside
+                                            of the container that the device will
+                                            be mapped to.
+                                          type: string
+                                        name:
+                                          description: name must match the name of
+                                            a persistentVolumeClaim in the pod
+                                          type: string
+                                      required:
+                                      - devicePath
+                                      - name
+                                      type: object
+                                    type: array
+                                  volumeMounts:
+                                    description: |-
+                                      Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.
+                                      Cannot be updated.
+                                    items:
+                                      description: VolumeMount describes a mounting
+                                        of a Volume within a container.
+                                      properties:
+                                        mountPath:
+                                          description: |-
+                                            Path within the container at which the volume should be mounted.  Must
+                                            not contain ':'.
+                                          type: string
+                                        mountPropagation:
+                                          description: |-
+                                            mountPropagation determines how mounts are propagated from the host
+                                            to container and the other way around.
+                                            When not set, MountPropagationNone is used.
+                                            This field is beta in 1.10.
+                                          type: string
+                                        name:
+                                          description: This must match the Name of
+                                            a Volume.
+                                          type: string
+                                        readOnly:
+                                          description: |-
+                                            Mounted read-only if true, read-write otherwise (false or unspecified).
+                                            Defaults to false.
+                                          type: boolean
+                                        subPath:
+                                          description: |-
+                                            Path within the volume from which the container's volume should be mounted.
+                                            Defaults to "" (volume's root).
+                                          type: string
+                                        subPathExpr:
+                                          description: |-
+                                            Expanded path within the volume from which the container's volume should be mounted.
+                                            Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                            Defaults to "" (volume's root).
+                                            SubPathExpr and SubPath are mutually exclusive.
+                                          type: string
+                                      required:
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                  workingDir:
+                                    description: |-
+                                      Container's working directory.
+                                      If not specified, the container runtime's default will be used, which
+                                      might be configured in the container image.
+                                      Cannot be updated.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            hostAliases:
+                              description: |-
+                                HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
+                                file if specified. This is only valid for non-hostNetwork pods.
+                              items:
+                                description: |-
+                                  HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
+                                  pod's hosts file.
+                                properties:
+                                  hostnames:
+                                    description: Hostnames for the above IP address.
+                                    items:
+                                      type: string
+                                    type: array
+                                  ip:
+                                    description: IP address of the host file entry.
+                                    type: string
+                                type: object
+                              type: array
+                            hostIPC:
+                              description: |-
+                                Use the host's ipc namespace.
+                                Optional: Default to false.
+                              type: boolean
+                            hostNetwork:
+                              description: |-
+                                Host networking requested for this pod. Use the host's network namespace.
+                                If this option is set, the ports that will be used must be specified.
+                                Default to false.
+                              type: boolean
+                            hostPID:
+                              description: |-
+                                Use the host's pid namespace.
+                                Optional: Default to false.
+                              type: boolean
+                            hostUsers:
+                              description: |-
+                                Use the host's user namespace.
+                                Optional: Default to true.
+                                If set to true or not present, the pod will be run in the host user namespace, useful
+                                for when the pod needs a feature only available to the host user namespace, such as
+                                loading a kernel module with CAP_SYS_MODULE.
+                                When set to false, a new userns is created for the pod.
+                              type: boolean
+                            hostname:
+                              description: |-
+                                Specifies the hostname of the Pod
+                                If not specified, the pod's hostname will be set to a system-defined value.
+                              type: string
+                            imagePullSecrets:
+                              description: |-
+                                ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+                                If specified, these secrets will be passed to individual puller implementations for them to use.
+                                More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+                              items:
+                                description: |-
+                                  LocalObjectReference contains enough information to let you locate the
+                                  referenced object inside the same namespace.
+                                properties:
+                                  name:
+                                    description: |-
+                                      Name of the referent.
+                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                      TODO: Add other useful fields. apiVersion, kind, uid?
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              type: array
+                            initContainers:
+                              description: |-
+                                List of initialization containers belonging to the pod.
+                                Init containers are executed in order prior to containers being started. If any
+                                init container fails, the pod is considered to have failed and is handled according
+                                to its restartPolicy. The name for an init container or normal container must be
+                                unique among all containers.
+                              items:
+                                description: A single application container that you
+                                  want to run within a pod.
+                                properties:
+                                  args:
+                                    description: |-
+                                      Arguments to the entrypoint.
+                                      The container image's CMD is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  command:
+                                    description: |-
+                                      Entrypoint array. Not executed within a shell.
+                                      The container image's ENTRYPOINT is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  env:
+                                    description: |-
+                                      List of environment variables to set in the container.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvVar represents an environment
+                                        variable present in a Container.
+                                      properties:
+                                        name:
+                                          description: Name of the environment variable.
+                                            Must be a C_IDENTIFIER.
+                                          type: string
+                                        value:
+                                          description: |-
+                                            Variable references $(VAR_NAME) are expanded
+                                            using the previously defined environment variables in the container and
+                                            any service environment variables. If a variable cannot be resolved,
+                                            the reference in the input string will be unchanged. Double $$ are reduced
+                                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                          type: string
+                                        valueFrom:
+                                          description: Source for the environment
+                                            variable's value. Cannot be used if value
+                                            is not empty.
+                                          properties:
+                                            configMapKeyRef:
+                                              description: Selects a key of a ConfigMap.
+                                              properties:
+                                                key:
+                                                  description: The key to select.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    ConfigMap or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            fieldRef:
+                                              description: |-
+                                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            secretKeyRef:
+                                              description: Selects a key of a secret
+                                                in the pod's namespace
+                                              properties:
+                                                key:
+                                                  description: The key of the secret
+                                                    to select from.  Must be a valid
+                                                    secret key.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    Secret or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  envFrom:
+                                    description: |-
+                                      List of sources to populate environment variables in the container.
+                                      The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                      will be reported as an event when the container is starting. When a key exists in multiple
+                                      sources, the value associated with the last source will take precedence.
+                                      Values defined by an Env with a duplicate key will take precedence.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvFromSource represents the source
+                                        of a set of ConfigMaps
+                                      properties:
+                                        configMapRef:
+                                          description: The ConfigMap to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the ConfigMap
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        prefix:
+                                          description: An optional identifier to prepend
+                                            to each key in the ConfigMap. Must be
+                                            a C_IDENTIFIER.
+                                          type: string
+                                        secretRef:
+                                          description: The Secret to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the Secret
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                      type: object
+                                    type: array
+                                  image:
+                                    description: |-
+                                      Container image name.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images
+                                      This field is optional to allow higher level config management to default or override
+                                      container images in workload controllers like Deployments and StatefulSets.
+                                    type: string
+                                  imagePullPolicy:
+                                    description: |-
+                                      Image pull policy.
+                                      One of Always, Never, IfNotPresent.
+                                      Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                    type: string
+                                  lifecycle:
+                                    description: |-
+                                      Actions that the management system should take in response to container lifecycle events.
+                                      Cannot be updated.
+                                    properties:
+                                      postStart:
+                                        description: |-
+                                          PostStart is called immediately after a container is created. If the handler fails,
+                                          the container is terminated and restarted according to its restart policy.
+                                          Other management of the container blocks until the hook completes.
+                                          More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                      preStop:
+                                        description: |-
+                                          PreStop is called immediately before a container is terminated due to an
+                                          API request or management event such as liveness/startup probe failure,
+                                          preemption, resource contention, etc. The handler is not called if the
+                                          container crashes or exits. The Pod's termination grace period countdown begins before the
+                                          PreStop hook is executed.
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                    type: object
+                                  livenessProbe:
+                                    description: |-
+                                      Periodic probe of container liveness.
+                                      Container will be restarted if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  name:
+                                    description: |-
+                                      Name of the container specified as a DNS_LABEL.
+                                      Each container in a pod must have a unique name (DNS_LABEL).
+                                      Cannot be updated.
+                                    type: string
+                                  ports:
+                                    description: |-
+                                      List of ports to expose from the container. Not specifying a port here
+                                      DOES NOT prevent that port from being exposed. Any port which is
+                                      listening on the default "0.0.0.0" address inside a container will be
+                                      accessible from the network.
+                                      Modifying this array with strategic merge patch may corrupt the data.
+                                      For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+                                    items:
+                                      description: ContainerPort represents a network
+                                        port in a single container.
+                                      properties:
+                                        containerPort:
+                                          description: |-
+                                            Number of port to expose on the pod's IP address.
+                                            This must be a valid port number, 0 < x < 65536.
+                                          format: int32
+                                          type: integer
+                                        hostIP:
+                                          description: What host IP to bind the external
+                                            port to.
+                                          type: string
+                                        hostPort:
+                                          description: |-
+                                            Number of port to expose on the host.
+                                            If specified, this must be a valid port number, 0 < x < 65536.
+                                            If HostNetwork is specified, this must match ContainerPort.
+                                            Most containers do not need this.
+                                          format: int32
+                                          type: integer
+                                        name:
+                                          description: |-
+                                            If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                            named port in a pod must have a unique name. Name for the port that can be
+                                            referred to by services.
+                                          type: string
+                                        protocol:
+                                          default: TCP
+                                          description: |-
+                                            Protocol for port. Must be UDP, TCP, or SCTP.
+                                            Defaults to "TCP".
+                                          type: string
+                                      required:
+                                      - containerPort
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-map-keys:
+                                    - containerPort
+                                    - protocol
+                                    x-kubernetes-list-type: map
+                                  readinessProbe:
+                                    description: |-
+                                      Periodic probe of container service readiness.
+                                      Container will be removed from service endpoints if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  resizePolicy:
+                                    description: Resources resize policy for the container.
+                                    items:
+                                      description: ContainerResizePolicy represents
+                                        resource resize policy for the container.
+                                      properties:
+                                        resourceName:
+                                          description: |-
+                                            Name of the resource to which this resource resize policy applies.
+                                            Supported values: cpu, memory.
+                                          type: string
+                                        restartPolicy:
+                                          description: |-
+                                            Restart policy to apply when specified resource is resized.
+                                            If not specified, it defaults to NotRequired.
+                                          type: string
+                                      required:
+                                      - resourceName
+                                      - restartPolicy
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  resources:
+                                    description: |-
+                                      Compute Resources required by this container.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                    properties:
+                                      claims:
+                                        description: |-
+                                          Claims lists the names of resources, defined in spec.resourceClaims,
+                                          that are used by this container.
+
+
+                                          This is an alpha field and requires enabling the
+                                          DynamicResourceAllocation feature gate.
+
+
+                                          This field is immutable. It can only be set for containers.
+                                        items:
+                                          description: ResourceClaim references one
+                                            entry in PodSpec.ResourceClaims.
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name must match the name of one entry in pod.spec.resourceClaims of
+                                                the Pod where this field is used. It makes that resource available
+                                                inside a container.
+                                              type: string
+                                          required:
+                                          - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                        - name
+                                        x-kubernetes-list-type: map
+                                      limits:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Limits describes the maximum amount of compute resources allowed.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                      requests:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Requests describes the minimum amount of compute resources required.
+                                          If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                          otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                    type: object
+                                  restartPolicy:
+                                    description: |-
+                                      RestartPolicy defines the restart behavior of individual containers in a pod.
+                                      This field may only be set for init containers, and the only allowed value is "Always".
+                                      For non-init containers or when this field is not specified,
+                                      the restart behavior is defined by the Pod's restart policy and the container type.
+                                    type: string
+                                  securityContext:
+                                    description: |-
+                                      SecurityContext defines the security options the container should be run with.
+                                      If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                      More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+                                    properties:
+                                      allowPrivilegeEscalation:
+                                        description: |-
+                                          AllowPrivilegeEscalation controls whether a process can gain more
+                                          privileges than its parent process. This bool directly controls if
+                                          the no_new_privs flag will be set on the container process.
+                                          AllowPrivilegeEscalation is true always when the container is:
+                                          1) run as Privileged
+                                          2) has CAP_SYS_ADMIN
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      capabilities:
+                                        description: |-
+                                          The capabilities to add/drop when running containers.
+                                          Defaults to the default set of capabilities granted by the container runtime.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          add:
+                                            description: Added capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                          drop:
+                                            description: Removed capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                        type: object
+                                      privileged:
+                                        description: |-
+                                          Run container in privileged mode.
+                                          Processes in privileged containers are essentially equivalent to root on the host.
+                                          Defaults to false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      procMount:
+                                        description: |-
+                                          procMount denotes the type of proc mount to use for the containers.
+                                          The default is DefaultProcMount which uses the container runtime defaults for
+                                          readonly paths and masked paths.
+                                          This requires the ProcMountType feature flag to be enabled.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: string
+                                      readOnlyRootFilesystem:
+                                        description: |-
+                                          Whether this container has a read-only root filesystem.
+                                          Default is false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      runAsGroup:
+                                        description: |-
+                                          The GID to run the entrypoint of the container process.
+                                          Uses runtime default if unset.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      runAsNonRoot:
+                                        description: |-
+                                          Indicates that the container must run as a non-root user.
+                                          If true, the Kubelet will validate the image at runtime to ensure that it
+                                          does not run as UID 0 (root) and fail to start the container if it does.
+                                          If unset or false, no such validation will be performed.
+                                          May also be set in PodSecurityContext.
+                                        type: boolean
+                                      runAsUser:
+                                        description: |-
+                                          The UID to run the entrypoint of the container process.
+                                          Defaults to user specified in image metadata if unspecified.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      seLinuxOptions:
+                                        description: |-
+                                          The SELinux context to be applied to the container.
+                                          If unspecified, the container runtime will allocate a random SELinux context for each
+                                          container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          level:
+                                            description: Level is SELinux level label
+                                              that applies to the container.
+                                            type: string
+                                          role:
+                                            description: Role is a SELinux role label
+                                              that applies to the container.
+                                            type: string
+                                          type:
+                                            description: Type is a SELinux type label
+                                              that applies to the container.
+                                            type: string
+                                          user:
+                                            description: User is a SELinux user label
+                                              that applies to the container.
+                                            type: string
+                                        type: object
+                                      seccompProfile:
+                                        description: |-
+                                          The seccomp options to use by this container. If seccomp options are
+                                          provided at both the pod & container level, the container options
+                                          override the pod options.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          localhostProfile:
+                                            description: |-
+                                              localhostProfile indicates a profile defined in a file on the node should be used.
+                                              The profile must be preconfigured on the node to work.
+                                              Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                              Must be set if type is "Localhost". Must NOT be set for any other type.
+                                            type: string
+                                          type:
+                                            description: |-
+                                              type indicates which kind of seccomp profile will be applied.
+                                              Valid options are:
+
+
+                                              Localhost - a profile defined in a file on the node should be used.
+                                              RuntimeDefault - the container runtime default profile should be used.
+                                              Unconfined - no profile should be applied.
+                                            type: string
+                                        required:
+                                        - type
+                                        type: object
+                                      windowsOptions:
+                                        description: |-
+                                          The Windows specific settings applied to all containers.
+                                          If unspecified, the options from the PodSecurityContext will be used.
+                                          If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is linux.
+                                        properties:
+                                          gmsaCredentialSpec:
+                                            description: |-
+                                              GMSACredentialSpec is where the GMSA admission webhook
+                                              (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                              GMSA credential spec named by the GMSACredentialSpecName field.
+                                            type: string
+                                          gmsaCredentialSpecName:
+                                            description: GMSACredentialSpecName is
+                                              the name of the GMSA credential spec
+                                              to use.
+                                            type: string
+                                          hostProcess:
+                                            description: |-
+                                              HostProcess determines if a container should be run as a 'Host Process' container.
+                                              All of a Pod's containers must have the same effective HostProcess value
+                                              (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                              In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                            type: boolean
+                                          runAsUserName:
+                                            description: |-
+                                              The UserName in Windows to run the entrypoint of the container process.
+                                              Defaults to the user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext. If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: string
+                                        type: object
+                                    type: object
+                                  startupProbe:
+                                    description: |-
+                                      StartupProbe indicates that the Pod has successfully initialized.
+                                      If specified, no other probes are executed until this completes successfully.
+                                      If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  stdin:
+                                    description: |-
+                                      Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                      is not set, reads from stdin in the container will always result in EOF.
+                                      Default is false.
+                                    type: boolean
+                                  stdinOnce:
+                                    description: |-
+                                      Whether the container runtime should close the stdin channel after it has been opened by
+                                      a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                      sessions.
+                                    type: boolean
+                                  terminationMessagePath:
+                                    description: |-
+                                      Optional: Path at which the file to which the container's termination message
+                                      will be written is mounted into the container's filesystem.
+                                      Message written is intended to be brief final status, such as an assertion failure message.
+                                      Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                      all containers will be limited to 12kb.
+                                      Defaults to /dev/termination-log.
+                                    type: string
+                                  terminationMessagePolicy:
+                                    description: |-
+                                      Indicate how the termination message should be populated. File will use the contents of
+                                      terminationMessagePath to populate the container status message on both success and failure.
+                                      FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                      message file is empty and the container exited with an error.
+                                    type: string
+                                  tty:
+                                    description: |-
+                                      Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                      Default is false.
+                                    type: boolean
+                                  volumeDevices:
+                                    description: volumeDevices is the list of block
+                                      devices to be used by the container.
+                                    items:
+                                      description: volumeDevice describes a mapping
+                                        of a raw block device within a container.
+                                      properties:
+                                        devicePath:
+                                          description: devicePath is the path inside
+                                            of the container that the device will
+                                            be mapped to.
+                                          type: string
+                                        name:
+                                          description: name must match the name of
+                                            a persistentVolumeClaim in the pod
+                                          type: string
+                                      required:
+                                      - devicePath
+                                      - name
+                                      type: object
+                                    type: array
+                                  volumeMounts:
+                                    description: |-
+                                      Pod volumes to mount into the container's filesystem.
+                                      Cannot be updated.
+                                    items:
+                                      description: VolumeMount describes a mounting
+                                        of a Volume within a container.
+                                      properties:
+                                        mountPath:
+                                          description: |-
+                                            Path within the container at which the volume should be mounted.  Must
+                                            not contain ':'.
+                                          type: string
+                                        mountPropagation:
+                                          description: |-
+                                            mountPropagation determines how mounts are propagated from the host
+                                            to container and the other way around.
+                                            When not set, MountPropagationNone is used.
+                                            This field is beta in 1.10.
+                                          type: string
+                                        name:
+                                          description: This must match the Name of
+                                            a Volume.
+                                          type: string
+                                        readOnly:
+                                          description: |-
+                                            Mounted read-only if true, read-write otherwise (false or unspecified).
+                                            Defaults to false.
+                                          type: boolean
+                                        subPath:
+                                          description: |-
+                                            Path within the volume from which the container's volume should be mounted.
+                                            Defaults to "" (volume's root).
+                                          type: string
+                                        subPathExpr:
+                                          description: |-
+                                            Expanded path within the volume from which the container's volume should be mounted.
+                                            Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                            Defaults to "" (volume's root).
+                                            SubPathExpr and SubPath are mutually exclusive.
+                                          type: string
+                                      required:
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                  workingDir:
+                                    description: |-
+                                      Container's working directory.
+                                      If not specified, the container runtime's default will be used, which
+                                      might be configured in the container image.
+                                      Cannot be updated.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            nodeName:
+                              description: |-
+                                NodeName is a request to schedule this pod onto a specific node. If it is non-empty,
+                                the scheduler simply schedules this pod onto that node, assuming that it fits resource
+                                requirements.
+                              type: string
+                            nodeSelector:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                NodeSelector is a selector which must be true for the pod to fit on a node.
+                                Selector which must match a node's labels for the pod to be scheduled on that node.
+                                More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            os:
+                              description: |-
+                                Specifies the OS of the containers in the pod.
+                                Some pod and container fields are restricted if this is set.
+
+
+                                If the OS field is set to linux, the following fields must be unset:
+                                -securityContext.windowsOptions
+
+
+                                If the OS field is set to windows, following fields must be unset:
+                                - spec.hostPID
+                                - spec.hostIPC
+                                - spec.hostUsers
+                                - spec.securityContext.seLinuxOptions
+                                - spec.securityContext.
+                              properties:
+                                name:
+                                  description: |-
+                                    Name is the name of the operating system. The currently supported values are linux and windows.
+                                    Additional value may be defined in future and can be one of:
+                                    https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
+                                    Clients should expect to handle additional values and treat unrecognized values in this field as os: null
+                                  type: string
+                              required:
+                              - name
+                              type: object
+                            overhead:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              description: |-
+                                Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.
+                                This field will be autopopulated at admission time by the RuntimeClass admission controller. If
+                                the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.
+                                The RuntimeClass admission controller will reject Pod create requests which have the overhead already
+                                set.
+                              type: object
+                            preemptionPolicy:
+                              description: |-
+                                PreemptionPolicy is the Policy for preempting pods with lower priority.
+                                One of Never, PreemptLowerPriority.
+                                Defaults to PreemptLowerPriority if unset.
+                              type: string
+                            priority:
+                              description: |-
+                                The priority value. Various system components use this field to find the
+                                priority of the pod. When Priority Admission Controller is enabled, it
+                                prevents users from setting this field. The admission controller populates
+                                this field from PriorityClassName.
+                                The higher the value, the higher the priority.
+                              format: int32
+                              type: integer
+                            priorityClassName:
+                              description: |-
+                                If specified, indicates the pod's priority. "system-node-critical" and
+                                "system-cluster-critical" are two special keywords which indicate the
+                                highest priorities with the former being the highest priority. Any other
+                                name must be defined by creating a PriorityClass object with that name.
+                                If not specified, the pod priority will be default or zero if there is no
+                                default.
+                              type: string
+                            readinessGates:
+                              description: |-
+                                If specified, all readiness gates will be evaluated for pod readiness.
+                                A pod is ready when all its containers are ready AND
+                                all conditions specified in the readiness gates have status equal to "True"
+                                More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
+                              items:
+                                description: PodReadinessGate contains the reference
+                                  to a pod condition
+                                properties:
+                                  conditionType:
+                                    description: ConditionType refers to a condition
+                                      in the pod's condition list with matching type.
+                                    type: string
+                                required:
+                                - conditionType
+                                type: object
+                              type: array
+                            resourceClaims:
+                              description: |-
+                                ResourceClaims defines which ResourceClaims must be allocated
+                                and reserved before the Pod is allowed to start. The resources
+                                will be made available to those containers which consume them
+                                by name.
+
+
+                                This is an alpha field and requires enabling the
+                                DynamicResourceAllocation feature gate.
+
+
+                                This field is immutable.
+                              items:
+                                description: |-
+                                  PodResourceClaim references exactly one ResourceClaim through a ClaimSource.
+                                  It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
+                                  Containers that need access to the ResourceClaim reference it with this name.
+                                properties:
+                                  name:
+                                    description: |-
+                                      Name uniquely identifies this resource claim inside the pod.
+                                      This must be a DNS_LABEL.
+                                    type: string
+                                  source:
+                                    description: Source describes where to find the
+                                      ResourceClaim.
+                                    properties:
+                                      resourceClaimName:
+                                        description: |-
+                                          ResourceClaimName is the name of a ResourceClaim object in the same
+                                          namespace as this pod.
+                                        type: string
+                                      resourceClaimTemplateName:
+                                        description: |-
+                                          ResourceClaimTemplateName is the name of a ResourceClaimTemplate
+                                          object in the same namespace as this pod.
+
+
+                                          The template will be used to create a new ResourceClaim, which will
+                                          be bound to this pod. When this pod is deleted, the ResourceClaim
+                                          will also be deleted.
+                                        type: string
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
+                            restartPolicy:
+                              description: |-
+                                Restart policy for all containers within the pod.
+                                One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.
+                                Default to Always.
+                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
+                              type: string
+                            runtimeClassName:
+                              description: |-
+                                RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
+                                to run this pod.  If no RuntimeClass resource matches the named class, the pod will not be run.
+                                If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
+                                empty definition that uses the default runtime handler.
+                                More info: https://git.k8s.
+                              type: string
+                            schedulerName:
+                              description: |-
+                                If specified, the pod will be dispatched by specified scheduler.
+                                If not specified, the pod will be dispatched by default scheduler.
+                              type: string
+                            schedulingGates:
+                              description: |-
+                                SchedulingGates is an opaque list of values that if specified will block scheduling the pod.
+                                If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the
+                                scheduler will not attempt to schedule the pod.
+
+
+                                SchedulingGates can only be set at pod creation time, and be removed only afterwards.
+
+
+                                This is a beta feature enabled by the PodSchedulingReadiness feature gate.
+                              items:
+                                description: PodSchedulingGate is associated to a
+                                  Pod to guard its scheduling.
+                                properties:
+                                  name:
+                                    description: |-
+                                      Name of the scheduling gate.
+                                      Each scheduling gate must have a unique name field.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
+                            securityContext:
+                              description: |-
+                                SecurityContext holds pod-level security attributes and common container settings.
+                                Optional: Defaults to empty.  See type description for default values of each field.
+                              properties:
+                                fsGroup:
+                                  description: |-
+                                    A special supplemental group that applies to all containers in a pod.
+                                    Some volume types allow the Kubelet to change the ownership of that volume
+                                    to be owned by the pod:
+
+
+                                    1. The owning GID will be the FSGroup
+                                    2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
+                                    3.
+                                  format: int64
+                                  type: integer
+                                fsGroupChangePolicy:
+                                  description: |-
+                                    fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
+                                    before being exposed inside Pod. This field will only apply to
+                                    volume types which support fsGroup based ownership(and permissions).
+                                    It will have no effect on ephemeral volume types such as: secret, configmaps
+                                    and emptydir.
+                                    Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
+                                  type: string
+                                runAsGroup:
+                                  description: |-
+                                    The GID to run the entrypoint of the container process.
+                                    Uses runtime default if unset.
+                                    May also be set in SecurityContext.  If set in both SecurityContext and
+                                    PodSecurityContext, the value specified in SecurityContext takes precedence
+                                    for that container.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  format: int64
+                                  type: integer
+                                runAsNonRoot:
+                                  description: |-
+                                    Indicates that the container must run as a non-root user.
+                                    If true, the Kubelet will validate the image at runtime to ensure that it
+                                    does not run as UID 0 (root) and fail to start the container if it does.
+                                    If unset or false, no such validation will be performed.
+                                    May also be set in SecurityContext.
+                                  type: boolean
+                                runAsUser:
+                                  description: |-
+                                    The UID to run the entrypoint of the container process.
+                                    Defaults to user specified in image metadata if unspecified.
+                                    May also be set in SecurityContext.  If set in both SecurityContext and
+                                    PodSecurityContext, the value specified in SecurityContext takes precedence
+                                    for that container.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  format: int64
+                                  type: integer
+                                seLinuxOptions:
+                                  description: |-
+                                    The SELinux context to be applied to all containers.
+                                    If unspecified, the container runtime will allocate a random SELinux context for each
+                                    container.  May also be set in SecurityContext.  If set in
+                                    both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+                                    takes precedence for that container.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  properties:
+                                    level:
+                                      description: Level is SELinux level label that
+                                        applies to the container.
+                                      type: string
+                                    role:
+                                      description: Role is a SELinux role label that
+                                        applies to the container.
+                                      type: string
+                                    type:
+                                      description: Type is a SELinux type label that
+                                        applies to the container.
+                                      type: string
+                                    user:
+                                      description: User is a SELinux user label that
+                                        applies to the container.
+                                      type: string
+                                  type: object
+                                seccompProfile:
+                                  description: |-
+                                    The seccomp options to use by the containers in this pod.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  properties:
+                                    localhostProfile:
+                                      description: |-
+                                        localhostProfile indicates a profile defined in a file on the node should be used.
+                                        The profile must be preconfigured on the node to work.
+                                        Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                        Must be set if type is "Localhost". Must NOT be set for any other type.
+                                      type: string
+                                    type:
+                                      description: |-
+                                        type indicates which kind of seccomp profile will be applied.
+                                        Valid options are:
+
+
+                                        Localhost - a profile defined in a file on the node should be used.
+                                        RuntimeDefault - the container runtime default profile should be used.
+                                        Unconfined - no profile should be applied.
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                supplementalGroups:
+                                  description: |-
+                                    A list of groups applied to the first process run in each container, in addition
+                                    to the container's primary GID, the fsGroup (if specified), and group memberships
+                                    defined in the container image for the uid of the container process. If unspecified,
+                                    no additional groups are added to any container.
+                                  items:
+                                    format: int64
+                                    type: integer
+                                  type: array
+                                sysctls:
+                                  description: |-
+                                    Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
+                                    sysctls (by the container runtime) might fail to launch.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  items:
+                                    description: Sysctl defines a kernel parameter
+                                      to be set
+                                    properties:
+                                      name:
+                                        description: Name of a property to set
+                                        type: string
+                                      value:
+                                        description: Value of a property to set
+                                        type: string
+                                    required:
+                                    - name
+                                    - value
+                                    type: object
+                                  type: array
+                                windowsOptions:
+                                  description: |-
+                                    The Windows specific settings applied to all containers.
+                                    If unspecified, the options within a container's SecurityContext will be used.
+                                    If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                    Note that this field cannot be set when spec.os.name is linux.
+                                  properties:
+                                    gmsaCredentialSpec:
+                                      description: |-
+                                        GMSACredentialSpec is where the GMSA admission webhook
+                                        (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                        GMSA credential spec named by the GMSACredentialSpecName field.
+                                      type: string
+                                    gmsaCredentialSpecName:
+                                      description: GMSACredentialSpecName is the name
+                                        of the GMSA credential spec to use.
+                                      type: string
+                                    hostProcess:
+                                      description: |-
+                                        HostProcess determines if a container should be run as a 'Host Process' container.
+                                        All of a Pod's containers must have the same effective HostProcess value
+                                        (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                        In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                      type: boolean
+                                    runAsUserName:
+                                      description: |-
+                                        The UserName in Windows to run the entrypoint of the container process.
+                                        Defaults to the user specified in image metadata if unspecified.
+                                        May also be set in PodSecurityContext. If set in both SecurityContext and
+                                        PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                      type: string
+                                  type: object
+                              type: object
+                            serviceAccount:
+                              description: |-
+                                DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
+                                Deprecated: Use serviceAccountName instead.
+                              type: string
+                            serviceAccountName:
+                              description: |-
+                                ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+                                More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+                              type: string
+                            setHostnameAsFQDN:
+                              description: |-
+                                If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
+                                In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).
+                              type: boolean
+                            shareProcessNamespace:
+                              description: |-
+                                Share a single process namespace between all of the containers in a pod.
+                                When this is set containers will be able to view and signal processes from other containers
+                                in the same pod, and the first process in each container will not be assigned PID 1.
+                                HostPID and ShareProcessNamespace cannot both be set.
+                                Optional: Default to false.
+                              type: boolean
+                            subdomain:
+                              description: |-
+                                If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>".
+                                If not specified, the pod will not have a domainname at all.
+                              type: string
+                            terminationGracePeriodSeconds:
+                              description: |-
+                                Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.
+                                Value must be non-negative integer. The value zero indicates stop immediately via
+                                the kill signal (no opportunity to shut down).
+                                If this value is nil, the default grace period will be used instead.
+                              format: int64
+                              type: integer
+                            tolerations:
+                              description: If specified, the pod's tolerations.
+                              items:
+                                description: |-
+                                  The pod this Toleration is attached to tolerates any taint that matches
+                                  the triple <key,value,effect> using the matching operator <operator>.
+                                properties:
+                                  effect:
+                                    description: |-
+                                      Effect indicates the taint effect to match. Empty means match all taint effects.
+                                      When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+                                    type: string
+                                  key:
+                                    description: |-
+                                      Key is the taint key that the toleration applies to. Empty means match all taint keys.
+                                      If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+                                    type: string
+                                  operator:
+                                    description: |-
+                                      Operator represents a key's relationship to the value.
+                                      Valid operators are Exists and Equal. Defaults to Equal.
+                                      Exists is equivalent to wildcard for value, so that a pod can
+                                      tolerate all taints of a particular category.
+                                    type: string
+                                  tolerationSeconds:
+                                    description: |-
+                                      TolerationSeconds represents the period of time the toleration (which must be
+                                      of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+                                      it is not set, which means tolerate the taint forever (do not evict). Zero and
+                                      negative values will be treated as 0 (evict immediately) by the system.
+                                    format: int64
+                                    type: integer
+                                  value:
+                                    description: |-
+                                      Value is the taint value the toleration matches to.
+                                      If the operator is Exists, the value should be empty, otherwise just a regular string.
+                                    type: string
+                                type: object
+                              type: array
+                            topologySpreadConstraints:
+                              description: |-
+                                TopologySpreadConstraints describes how a group of pods ought to spread across topology
+                                domains. Scheduler will schedule pods in a way which abides by the constraints.
+                                All topologySpreadConstraints are ANDed.
+                              items:
+                                description: TopologySpreadConstraint specifies how
+                                  to spread matching pods among the given topology.
+                                properties:
+                                  labelSelector:
+                                    description: |-
+                                      LabelSelector is used to find matching pods.
+                                      Pods that match this label selector are counted to determine the number of pods
+                                      in their corresponding topology domain.
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of
+                                          label selector requirements. The requirements
+                                          are ANDed.
+                                        items:
+                                          description: |-
+                                            A label selector requirement is a selector that contains values, a key, and an operator that
+                                            relates the key and values.
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              type: string
+                                            operator:
+                                              description: |-
+                                                operator represents a key's relationship to a set of values.
+                                                Valid operators are In, NotIn, Exists and DoesNotExist.
+                                              type: string
+                                            values:
+                                              description: |-
+                                                values is an array of string values. If the operator is In or NotIn,
+                                                the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                the values array must be empty. This array is replaced during a strategic
+                                                merge patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                          - key
+                                          - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        description: |-
+                                          matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                          map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                          operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  matchLabelKeys:
+                                    description: |-
+                                      MatchLabelKeys is a set of pod label keys to select the pods over which
+                                      spreading will be calculated. The keys are used to lookup values from the
+                                      incoming pod labels, those key-value labels are ANDed with labelSelector
+                                      to select the group of existing pods over which spreading will be calculated
+                                      for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+                                    items:
+                                      type: string
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  maxSkew:
+                                    description: |-
+                                      MaxSkew describes the degree to which pods may be unevenly distributed.
+                                      When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
+                                      between the number of matching pods in the target topology and the global minimum.
+                                      The global minimum is the minimum number of matching pods in an eligible domain
+                                      or zero if the number of eligible domains is less than MinDomains.
+                                    format: int32
+                                    type: integer
+                                  minDomains:
+                                    description: |-
+                                      MinDomains indicates a minimum number of eligible domains.
+                                      When the number of eligible domains with matching topology keys is less than minDomains,
+                                      Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
+                                      And when the number of eligible domains with matching topology keys equals or greater than minDomains,
+                                      this value has no effect on scheduling.
+                                    format: int32
+                                    type: integer
+                                  nodeAffinityPolicy:
+                                    description: |-
+                                      NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
+                                      when calculating pod topology spread skew. Options are:
+                                      - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
+                                      - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
+
+
+                                      If this value is nil, the behavior is equivalent to the Honor policy.
+                                    type: string
+                                  nodeTaintsPolicy:
+                                    description: |-
+                                      NodeTaintsPolicy indicates how we will treat node taints when calculating
+                                      pod topology spread skew. Options are:
+                                      - Honor: nodes without taints, along with tainted nodes for which the incoming pod
+                                      has a toleration, are included.
+                                      - Ignore: node taints are ignored. All nodes are included.
+
+
+                                      If this value is nil, the behavior is equivalent to the Ignore policy.
+                                    type: string
+                                  topologyKey:
+                                    description: |-
+                                      TopologyKey is the key of node labels. Nodes that have a label with this key
+                                      and identical values are considered to be in the same topology.
+                                      We consider each <key, value> as a "bucket", and try to put balanced number
+                                      of pods into each bucket.
+                                      We define a domain as a particular instance of a topology.
+                                    type: string
+                                  whenUnsatisfiable:
+                                    description: |-
+                                      WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
+                                      the spread constraint.
+                                      - DoNotSchedule (default) tells the scheduler not to schedule it.
+                                      - ScheduleAnyway tells the scheduler to schedule the pod in any location,
+                                        but giving higher precedence to topologies that would help reduce the
+                                        skew.
+                                    type: string
+                                required:
+                                - maxSkew
+                                - topologyKey
+                                - whenUnsatisfiable
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - topologyKey
+                              - whenUnsatisfiable
+                              x-kubernetes-list-type: map
+                            volumes:
+                              description: |-
+                                List of volumes that can be mounted by containers belonging to the pod.
+                                More info: https://kubernetes.io/docs/concepts/storage/volumes
+                              items:
+                                description: Volume represents a named volume in a
+                                  pod that may be accessed by any container in the
+                                  pod.
+                                properties:
+                                  awsElasticBlockStore:
+                                    description: |-
+                                      awsElasticBlockStore represents an AWS Disk resource that is attached to a
+                                      kubelet's host machine and then exposed to the pod.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      partition:
+                                        description: |-
+                                          partition is the partition in the volume that you want to mount.
+                                          If omitted, the default is to mount by volume name.
+                                          Examples: For volume /dev/sda1, you specify the partition as "1".
+                                          Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+                                        format: int32
+                                        type: integer
+                                      readOnly:
+                                        description: |-
+                                          readOnly value true will force the readOnly setting in VolumeMounts.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                        type: boolean
+                                      volumeID:
+                                        description: |-
+                                          volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                        type: string
+                                    required:
+                                    - volumeID
+                                    type: object
+                                  azureDisk:
+                                    description: azureDisk represents an Azure Data
+                                      Disk mount on the host and bind mount to the
+                                      pod.
+                                    properties:
+                                      cachingMode:
+                                        description: 'cachingMode is the Host Caching
+                                          mode: None, Read Only, Read Write.'
+                                        type: string
+                                      diskName:
+                                        description: diskName is the Name of the data
+                                          disk in the blob storage
+                                        type: string
+                                      diskURI:
+                                        description: diskURI is the URI of data disk
+                                          in the blob storage
+                                        type: string
+                                      fsType:
+                                        description: |-
+                                          fsType is Filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      kind:
+                                        description: 'kind expected values are Shared:
+                                          multiple blob disks per storage account  Dedicated:
+                                          single blob disk per storage account  Managed:
+                                          azure managed data disk (only in managed
+                                          availability set). defaults to shared'
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                    required:
+                                    - diskName
+                                    - diskURI
+                                    type: object
+                                  azureFile:
+                                    description: azureFile represents an Azure File
+                                      Service mount on the host and bind mount to
+                                      the pod.
+                                    properties:
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretName:
+                                        description: secretName is the  name of secret
+                                          that contains Azure Storage Account Name
+                                          and Key
+                                        type: string
+                                      shareName:
+                                        description: shareName is the azure share
+                                          Name
+                                        type: string
+                                    required:
+                                    - secretName
+                                    - shareName
+                                    type: object
+                                  cephfs:
+                                    description: cephFS represents a Ceph FS mount
+                                      on the host that shares a pod's lifetime
+                                    properties:
+                                      monitors:
+                                        description: |-
+                                          monitors is Required: Monitors is a collection of Ceph monitors
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        items:
+                                          type: string
+                                        type: array
+                                      path:
+                                        description: 'path is Optional: Used as the
+                                          mounted root, rather than the full Ceph
+                                          tree, default is /'
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        type: boolean
+                                      secretFile:
+                                        description: |-
+                                          secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        type: string
+                                      secretRef:
+                                        description: |-
+                                          secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      user:
+                                        description: |-
+                                          user is optional: User is the rados user name, default is admin
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        type: string
+                                    required:
+                                    - monitors
+                                    type: object
+                                  cinder:
+                                    description: |-
+                                      cinder represents a cinder volume attached and mounted on kubelets host machine.
+                                      More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef is optional: points to a secret object containing parameters used to connect
+                                          to OpenStack.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      volumeID:
+                                        description: |-
+                                          volumeID used to identify the volume in cinder.
+                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                        type: string
+                                    required:
+                                    - volumeID
+                                    type: object
+                                  configMap:
+                                    description: configMap represents a configMap
+                                      that should populate this volume
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          defaultMode is optional: mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                          Defaults to 0644.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      items:
+                                        description: |-
+                                          items if unspecified, each key-value pair in the Data field of the referenced
+                                          ConfigMap will be projected into the volume as a file whose name is the
+                                          key and content is the value. If specified, the listed keys will be
+                                          projected into the specified paths, and unlisted keys will not be
+                                          present.
+                                        items:
+                                          description: Maps a string key to a path
+                                            within a volume.
+                                          properties:
+                                            key:
+                                              description: key is the key to project.
+                                              type: string
+                                            mode:
+                                              description: |-
+                                                mode is Optional: mode bits used to set permissions on this file.
+                                                Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                If not specified, the volume defaultMode will be used.
+                                              format: int32
+                                              type: integer
+                                            path:
+                                              description: |-
+                                                path is the relative path of the file to map the key to.
+                                                May not be an absolute path.
+                                                May not contain the path element '..'.
+                                                May not start with the string '..'.
+                                              type: string
+                                          required:
+                                          - key
+                                          - path
+                                          type: object
+                                        type: array
+                                      name:
+                                        description: |-
+                                          Name of the referent.
+                                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                          TODO: Add other useful fields. apiVersion, kind, uid?
+                                        type: string
+                                      optional:
+                                        description: optional specify whether the
+                                          ConfigMap or its keys must be defined
+                                        type: boolean
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  csi:
+                                    description: csi (Container Storage Interface)
+                                      represents ephemeral storage that is handled
+                                      by certain external CSI drivers (Beta feature).
+                                    properties:
+                                      driver:
+                                        description: |-
+                                          driver is the name of the CSI driver that handles this volume.
+                                          Consult with your admin for the correct name as registered in the cluster.
+                                        type: string
+                                      fsType:
+                                        description: |-
+                                          fsType to mount. Ex. "ext4", "xfs", "ntfs".
+                                          If not provided, the empty value is passed to the associated CSI driver
+                                          which will determine the default filesystem to apply.
+                                        type: string
+                                      nodePublishSecretRef:
+                                        description: |-
+                                          nodePublishSecretRef is a reference to the secret object containing
+                                          sensitive information to pass to the CSI driver to complete the CSI
+                                          NodePublishVolume and NodeUnpublishVolume calls.
+                                          This field is optional, and  may be empty if no secret is required. If the
+                                          secret object contains more than one secret, all secret references are passed.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      readOnly:
+                                        description: |-
+                                          readOnly specifies a read-only configuration for the volume.
+                                          Defaults to false (read/write).
+                                        type: boolean
+                                      volumeAttributes:
+                                        additionalProperties:
+                                          type: string
+                                        description: |-
+                                          volumeAttributes stores driver-specific properties that are passed to the CSI
+                                          driver. Consult your driver's documentation for supported values.
+                                        type: object
+                                    required:
+                                    - driver
+                                    type: object
+                                  downwardAPI:
+                                    description: downwardAPI represents downward API
+                                      about the pod that should populate this volume
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          Optional: mode bits to use on created files by default. Must be a
+                                          Optional: mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                          Defaults to 0644.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      items:
+                                        description: Items is a list of downward API
+                                          volume file
+                                        items:
+                                          description: DownwardAPIVolumeFile represents
+                                            information to create the file containing
+                                            the pod field
+                                          properties:
+                                            fieldRef:
+                                              description: 'Required: Selects a field
+                                                of the pod: only annotations, labels,
+                                                name and namespace are supported.'
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            mode:
+                                              description: |-
+                                                Optional: mode bits used to set permissions on this file, must be an octal value
+                                                between 0000 and 0777 or a decimal value between 0 and 511.
+                                                YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                If not specified, the volume defaultMode will be used.
+                                              format: int32
+                                              type: integer
+                                            path:
+                                              description: 'Required: Path is  the
+                                                relative path name of the file to
+                                                be created. Must not be absolute or
+                                                contain the ''..'' path. Must be utf-8
+                                                encoded. The first item of the relative
+                                                path must not start with ''..'''
+                                              type: string
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          required:
+                                          - path
+                                          type: object
+                                        type: array
+                                    type: object
+                                  emptyDir:
+                                    description: |-
+                                      emptyDir represents a temporary directory that shares a pod's lifetime.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+                                    properties:
+                                      medium:
+                                        description: |-
+                                          medium represents what type of storage medium should back this directory.
+                                          The default is "" which means to use the node's default medium.
+                                          Must be an empty string (default) or Memory.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+                                        type: string
+                                      sizeLimit:
+                                        anyOf:
+                                        - type: integer
+                                        - type: string
+                                        description: |-
+                                          sizeLimit is the total amount of local storage required for this EmptyDir volume.
+                                          The size limit is also applicable for memory medium.
+                                          The maximum usage on memory medium EmptyDir would be the minimum value between
+                                          the SizeLimit specified here and the sum of memory limits of all containers in a pod.
+                                          The default is nil which means that the limit is undefined.
+                                          More info: https://kubernetes.
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  ephemeral:
+                                    description: |-
+                                      ephemeral represents a volume that is handled by a cluster storage driver.
+                                      The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
+                                      and deleted when the pod is removed.
+                                    properties:
+                                      volumeClaimTemplate:
+                                        description: |-
+                                          Will be used to create a stand-alone PVC to provision the volume.
+                                          The pod in which this EphemeralVolumeSource is embedded will be the
+                                          owner of the PVC, i.e. the PVC will be deleted together with the
+                                          pod.  The name of the PVC will be `<pod name>-<volume name>` where
+                                          `<volume name>` is the name from the `PodSpec.Volumes` array
+                                          entry.
+                                        properties:
+                                          metadata:
+                                            description: |-
+                                              May contain labels and annotations that will be copied into the PVC
+                                              when creating it. No other fields are allowed and will be rejected during
+                                              validation.
+                                            properties:
+                                              annotations:
+                                                additionalProperties:
+                                                  type: string
+                                                type: object
+                                              finalizers:
+                                                items:
+                                                  type: string
+                                                type: array
+                                              labels:
+                                                additionalProperties:
+                                                  type: string
+                                                type: object
+                                              name:
+                                                type: string
+                                              namespace:
+                                                type: string
+                                            type: object
+                                          spec:
+                                            description: |-
+                                              The specification for the PersistentVolumeClaim. The entire content is
+                                              copied unchanged into the PVC that gets created from this
+                                              template. The same fields as in a PersistentVolumeClaim
+                                              are also valid here.
+                                            properties:
+                                              accessModes:
+                                                description: |-
+                                                  accessModes contains the desired access modes the volume should have.
+                                                  More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+                                                items:
+                                                  type: string
+                                                type: array
+                                              dataSource:
+                                                description: |-
+                                                  dataSource field can be used to specify either:
+                                                  * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+                                                  * An existing PVC (PersistentVolumeClaim)
+                                                  If the provisioner or an external controller can support the specified data source,
+                                                  it will create a new volume based on the contents of the specified data source.
+                                                properties:
+                                                  apiGroup:
+                                                    description: |-
+                                                      APIGroup is the group for the resource being referenced.
+                                                      If APIGroup is not specified, the specified Kind must be in the core API group.
+                                                      For any other third-party types, APIGroup is required.
+                                                    type: string
+                                                  kind:
+                                                    description: Kind is the type
+                                                      of resource being referenced
+                                                    type: string
+                                                  name:
+                                                    description: Name is the name
+                                                      of resource being referenced
+                                                    type: string
+                                                required:
+                                                - kind
+                                                - name
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              dataSourceRef:
+                                                description: |-
+                                                  dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+                                                  volume is desired. This may be any object from a non-empty API group (non
+                                                  core object) or a PersistentVolumeClaim object.
+                                                  When this field is specified, volume binding will only succeed if the type of
+                                                  the specified object matches some installed volume populator or dynamic
+                                                  provisioner.
+                                                properties:
+                                                  apiGroup:
+                                                    description: |-
+                                                      APIGroup is the group for the resource being referenced.
+                                                      If APIGroup is not specified, the specified Kind must be in the core API group.
+                                                      For any other third-party types, APIGroup is required.
+                                                    type: string
+                                                  kind:
+                                                    description: Kind is the type
+                                                      of resource being referenced
+                                                    type: string
+                                                  name:
+                                                    description: Name is the name
+                                                      of resource being referenced
+                                                    type: string
+                                                  namespace:
+                                                    description: |-
+                                                      Namespace is the namespace of resource being referenced
+                                                      Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+                                                      (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+                                                    type: string
+                                                required:
+                                                - kind
+                                                - name
+                                                type: object
+                                              resources:
+                                                description: |-
+                                                  resources represents the minimum resources the volume should have.
+                                                  If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+                                                  that are lower than previous value but must still be higher than capacity recorded in the
+                                                  status field of the claim.
+                                                  More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+                                                properties:
+                                                  limits:
+                                                    additionalProperties:
+                                                      anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    description: |-
+                                                      Limits describes the maximum amount of compute resources allowed.
+                                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                                    type: object
+                                                  requests:
+                                                    additionalProperties:
+                                                      anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    description: |-
+                                                      Requests describes the minimum amount of compute resources required.
+                                                      If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                                      otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                                    type: object
+                                                type: object
+                                              selector:
+                                                description: selector is a label query
+                                                  over volumes to consider for binding.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              storageClassName:
+                                                description: |-
+                                                  storageClassName is the name of the StorageClass required by the claim.
+                                                  More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+                                                type: string
+                                              volumeAttributesClassName:
+                                                description: |-
+                                                  volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+                                                  If specified, the CSI driver will create or update the volume with the attributes defined
+                                                  in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+                                                  it can be changed after the claim is created.
+                                                type: string
+                                              volumeMode:
+                                                description: |-
+                                                  volumeMode defines what type of volume is required by the claim.
+                                                  Value of Filesystem is implied when not included in claim spec.
+                                                type: string
+                                              volumeName:
+                                                description: volumeName is the binding
+                                                  reference to the PersistentVolume
+                                                  backing this claim.
+                                                type: string
+                                            type: object
+                                        required:
+                                        - spec
+                                        type: object
+                                    type: object
+                                  fc:
+                                    description: fc represents a Fibre Channel resource
+                                      that is attached to a kubelet's host machine
+                                      and then exposed to the pod.
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      lun:
+                                        description: 'lun is Optional: FC target lun
+                                          number'
+                                        format: int32
+                                        type: integer
+                                      readOnly:
+                                        description: |-
+                                          readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      targetWWNs:
+                                        description: 'targetWWNs is Optional: FC target
+                                          worldwide names (WWNs)'
+                                        items:
+                                          type: string
+                                        type: array
+                                      wwids:
+                                        description: |-
+                                          wwids Optional: FC volume world wide identifiers (wwids)
+                                          Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+                                        items:
+                                          type: string
+                                        type: array
+                                    type: object
+                                  flexVolume:
+                                    description: |-
+                                      flexVolume represents a generic volume resource that is
+                                      provisioned/attached using an exec based plugin.
+                                    properties:
+                                      driver:
+                                        description: driver is the name of the driver
+                                          to use for this volume.
+                                        type: string
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+                                        type: string
+                                      options:
+                                        additionalProperties:
+                                          type: string
+                                        description: 'options is Optional: this field
+                                          holds extra command options if any.'
+                                        type: object
+                                      readOnly:
+                                        description: |-
+                                          readOnly is Optional: defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef is Optional: secretRef is reference to the secret object containing
+                                          sensitive information to pass to the plugin scripts. This may be
+                                          empty if no secret object is specified. If the secret object
+                                          contains more than one secret, all secrets are passed to the plugin
+                                          scripts.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                    required:
+                                    - driver
+                                    type: object
+                                  flocker:
+                                    description: flocker represents a Flocker volume
+                                      attached to a kubelet's host machine. This depends
+                                      on the Flocker control service being running
+                                    properties:
+                                      datasetName:
+                                        description: |-
+                                          datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
+                                          should be considered as deprecated
+                                        type: string
+                                      datasetUUID:
+                                        description: datasetUUID is the UUID of the
+                                          dataset. This is unique identifier of a
+                                          Flocker dataset
+                                        type: string
+                                    type: object
+                                  gcePersistentDisk:
+                                    description: |-
+                                      gcePersistentDisk represents a GCE Disk resource that is attached to a
+                                      kubelet's host machine and then exposed to the pod.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      partition:
+                                        description: |-
+                                          partition is the partition in the volume that you want to mount.
+                                          If omitted, the default is to mount by volume name.
+                                          Examples: For volume /dev/sda1, you specify the partition as "1".
+                                          Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                        format: int32
+                                        type: integer
+                                      pdName:
+                                        description: |-
+                                          pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the ReadOnly setting in VolumeMounts.
+                                          Defaults to false.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                        type: boolean
+                                    required:
+                                    - pdName
+                                    type: object
+                                  gitRepo:
+                                    description: |-
+                                      gitRepo represents a git repository at a particular revision.
+                                      DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
+                                      EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
+                                      into the Pod's container.
+                                    properties:
+                                      directory:
+                                        description: |-
+                                          directory is the target directory name.
+                                          Must not contain or start with '..'.  If '.' is supplied, the volume directory will be the
+                                          git repository.  Otherwise, if specified, the volume will contain the git repository in
+                                          the subdirectory with the given name.
+                                        type: string
+                                      repository:
+                                        description: repository is the URL
+                                        type: string
+                                      revision:
+                                        description: revision is the commit hash for
+                                          the specified revision.
+                                        type: string
+                                    required:
+                                    - repository
+                                    type: object
+                                  glusterfs:
+                                    description: |-
+                                      glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
+                                      More info: https://examples.k8s.io/volumes/glusterfs/README.md
+                                    properties:
+                                      endpoints:
+                                        description: |-
+                                          endpoints is the endpoint name that details Glusterfs topology.
+                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                        type: string
+                                      path:
+                                        description: |-
+                                          path is the Glusterfs volume path.
+                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
+                                          Defaults to false.
+                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                        type: boolean
+                                    required:
+                                    - endpoints
+                                    - path
+                                    type: object
+                                  hostPath:
+                                    description: |-
+                                      hostPath represents a pre-existing file or directory on the host
+                                      machine that is directly exposed to the container. This is generally
+                                      used for system agents or other privileged things that are allowed
+                                      to see the host machine. Most containers will NOT need this.
+                                      More info: https://kubernetes.
+                                    properties:
+                                      path:
+                                        description: |-
+                                          path of the directory on the host.
+                                          If the path is a symlink, it will follow the link to the real path.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+                                        type: string
+                                      type:
+                                        description: |-
+                                          type for HostPath Volume
+                                          Defaults to ""
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+                                        type: string
+                                    required:
+                                    - path
+                                    type: object
+                                  iscsi:
+                                    description: |-
+                                      iscsi represents an ISCSI Disk resource that is attached to a
+                                      kubelet's host machine and then exposed to the pod.
+                                      More info: https://examples.k8s.io/volumes/iscsi/README.md
+                                    properties:
+                                      chapAuthDiscovery:
+                                        description: chapAuthDiscovery defines whether
+                                          support iSCSI Discovery CHAP authentication
+                                        type: boolean
+                                      chapAuthSession:
+                                        description: chapAuthSession defines whether
+                                          support iSCSI Session CHAP authentication
+                                        type: boolean
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      initiatorName:
+                                        description: |-
+                                          initiatorName is the custom iSCSI Initiator Name.
+                                          If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
+                                          <target portal>:<volume name> will be created for the connection.
+                                        type: string
+                                      iqn:
+                                        description: iqn is the target iSCSI Qualified
+                                          Name.
+                                        type: string
+                                      iscsiInterface:
+                                        description: |-
+                                          iscsiInterface is the interface Name that uses an iSCSI transport.
+                                          Defaults to 'default' (tcp).
+                                        type: string
+                                      lun:
+                                        description: lun represents iSCSI Target Lun
+                                          number.
+                                        format: int32
+                                        type: integer
+                                      portals:
+                                        description: |-
+                                          portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
+                                          is other than default (typically TCP ports 860 and 3260).
+                                        items:
+                                          type: string
+                                        type: array
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the ReadOnly setting in VolumeMounts.
+                                          Defaults to false.
+                                        type: boolean
+                                      secretRef:
+                                        description: secretRef is the CHAP Secret
+                                          for iSCSI target and initiator authentication
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      targetPortal:
+                                        description: |-
+                                          targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
+                                          is other than default (typically TCP ports 860 and 3260).
+                                        type: string
+                                    required:
+                                    - iqn
+                                    - lun
+                                    - targetPortal
+                                    type: object
+                                  name:
+                                    description: |-
+                                      name of the volume.
+                                      Must be a DNS_LABEL and unique within the pod.
+                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    type: string
+                                  nfs:
+                                    description: |-
+                                      nfs represents an NFS mount on the host that shares a pod's lifetime
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                    properties:
+                                      path:
+                                        description: |-
+                                          path that is exported by the NFS server.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the NFS export to be mounted with read-only permissions.
+                                          Defaults to false.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                        type: boolean
+                                      server:
+                                        description: |-
+                                          server is the hostname or IP address of the NFS server.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                        type: string
+                                    required:
+                                    - path
+                                    - server
+                                    type: object
+                                  persistentVolumeClaim:
+                                    description: |-
+                                      persistentVolumeClaimVolumeSource represents a reference to a
+                                      PersistentVolumeClaim in the same namespace.
+                                      More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+                                    properties:
+                                      claimName:
+                                        description: |-
+                                          claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
+                                          More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly Will force the ReadOnly setting in VolumeMounts.
+                                          Default false.
+                                        type: boolean
+                                    required:
+                                    - claimName
+                                    type: object
+                                  photonPersistentDisk:
+                                    description: photonPersistentDisk represents a
+                                      PhotonController persistent disk attached and
+                                      mounted on kubelets host machine
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      pdID:
+                                        description: pdID is the ID that identifies
+                                          Photon Controller persistent disk
+                                        type: string
+                                    required:
+                                    - pdID
+                                    type: object
+                                  portworxVolume:
+                                    description: portworxVolume represents a portworx
+                                      volume attached and mounted on kubelets host
+                                      machine
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fSType represents the filesystem type to mount
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      volumeID:
+                                        description: volumeID uniquely identifies
+                                          a Portworx volume
+                                        type: string
+                                    required:
+                                    - volumeID
+                                    type: object
+                                  projected:
+                                    description: projected items for all in one resources
+                                      secrets, configmaps, and downward API
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          defaultMode are the mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      sources:
+                                        description: sources is the list of volume
+                                          projections
+                                        items:
+                                          description: Projection that may be projected
+                                            along with other supported volume types
+                                          properties:
+                                            clusterTrustBundle:
+                                              description: |-
+                                                ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
+                                                of ClusterTrustBundle objects in an auto-updating file.
+
+
+                                                Alpha, gated by the ClusterTrustBundleProjection feature gate.
+
+
+                                                ClusterTrustBundle objects can either be selected by name, or by the
+                                                combination of signer name and a label selector.
+                                              properties:
+                                                labelSelector:
+                                                  description: |-
+                                                    Select all ClusterTrustBundles that match this label selector.  Only has
+                                                    effect if signerName is set.  Mutually-exclusive with name.  If unset,
+                                                    interpreted as "match nothing".  If set but empty, interpreted as "match
+                                                    everything".
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: |-
+                                                          A label selector requirement is a selector that contains values, a key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: |-
+                                                              operator represents a key's relationship to a set of values.
+                                                              Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: |-
+                                                              values is an array of string values. If the operator is In or NotIn,
+                                                              the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                              the values array must be empty. This array is replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: |-
+                                                        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                        map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                        operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                name:
+                                                  description: |-
+                                                    Select a single ClusterTrustBundle by object name.  Mutually-exclusive
+                                                    with signerName and labelSelector.
+                                                  type: string
+                                                optional:
+                                                  description: |-
+                                                    If true, don't block pod startup if the referenced ClusterTrustBundle(s)
+                                                    aren't available.  If using name, then the named ClusterTrustBundle is
+                                                    allowed not to exist.  If using signerName, then the combination of
+                                                    signerName and labelSelector is allowed to match zero
+                                                    ClusterTrustBundles.
+                                                  type: boolean
+                                                path:
+                                                  description: Relative path from
+                                                    the volume root to write the bundle.
+                                                  type: string
+                                                signerName:
+                                                  description: |-
+                                                    Select all ClusterTrustBundles that match this signer name.
+                                                    Mutually-exclusive with name.  The contents of all selected
+                                                    ClusterTrustBundles will be unified and deduplicated.
+                                                  type: string
+                                              required:
+                                              - path
+                                              type: object
+                                            configMap:
+                                              description: configMap information about
+                                                the configMap data to project
+                                              properties:
+                                                items:
+                                                  description: |-
+                                                    items if unspecified, each key-value pair in the Data field of the referenced
+                                                    ConfigMap will be projected into the volume as a file whose name is the
+                                                    key and content is the value. If specified, the listed keys will be
+                                                    projected into the specified paths, and unlisted keys will not be
+                                                    present.
+                                                  items:
+                                                    description: Maps a string key
+                                                      to a path within a volume.
+                                                    properties:
+                                                      key:
+                                                        description: key is the key
+                                                          to project.
+                                                        type: string
+                                                      mode:
+                                                        description: |-
+                                                          mode is Optional: mode bits used to set permissions on this file.
+                                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                          If not specified, the volume defaultMode will be used.
+                                                        format: int32
+                                                        type: integer
+                                                      path:
+                                                        description: |-
+                                                          path is the relative path of the file to map the key to.
+                                                          May not be an absolute path.
+                                                          May not contain the path element '..'.
+                                                          May not start with the string '..'.
+                                                        type: string
+                                                    required:
+                                                    - key
+                                                    - path
+                                                    type: object
+                                                  type: array
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: optional specify whether
+                                                    the ConfigMap or its keys must
+                                                    be defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            downwardAPI:
+                                              description: downwardAPI information
+                                                about the downwardAPI data to project
+                                              properties:
+                                                items:
+                                                  description: Items is a list of
+                                                    DownwardAPIVolume file
+                                                  items:
+                                                    description: DownwardAPIVolumeFile
+                                                      represents information to create
+                                                      the file containing the pod
+                                                      field
+                                                    properties:
+                                                      fieldRef:
+                                                        description: 'Required: Selects
+                                                          a field of the pod: only
+                                                          annotations, labels, name
+                                                          and namespace are supported.'
+                                                        properties:
+                                                          apiVersion:
+                                                            description: Version of
+                                                              the schema the FieldPath
+                                                              is written in terms
+                                                              of, defaults to "v1".
+                                                            type: string
+                                                          fieldPath:
+                                                            description: Path of the
+                                                              field to select in the
+                                                              specified API version.
+                                                            type: string
+                                                        required:
+                                                        - fieldPath
+                                                        type: object
+                                                        x-kubernetes-map-type: atomic
+                                                      mode:
+                                                        description: |-
+                                                          Optional: mode bits used to set permissions on this file, must be an octal value
+                                                          between 0000 and 0777 or a decimal value between 0 and 511.
+                                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                          If not specified, the volume defaultMode will be used.
+                                                        format: int32
+                                                        type: integer
+                                                      path:
+                                                        description: 'Required: Path
+                                                          is  the relative path name
+                                                          of the file to be created.
+                                                          Must not be absolute or
+                                                          contain the ''..'' path.
+                                                          Must be utf-8 encoded. The
+                                                          first item of the relative
+                                                          path must not start with
+                                                          ''..'''
+                                                        type: string
+                                                      resourceFieldRef:
+                                                        description: |-
+                                                          Selects a resource of the container: only resources limits and requests
+                                                          (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+                                                        properties:
+                                                          containerName:
+                                                            description: 'Container
+                                                              name: required for volumes,
+                                                              optional for env vars'
+                                                            type: string
+                                                          divisor:
+                                                            anyOf:
+                                                            - type: integer
+                                                            - type: string
+                                                            description: Specifies
+                                                              the output format of
+                                                              the exposed resources,
+                                                              defaults to "1"
+                                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                            x-kubernetes-int-or-string: true
+                                                          resource:
+                                                            description: 'Required:
+                                                              resource to select'
+                                                            type: string
+                                                        required:
+                                                        - resource
+                                                        type: object
+                                                        x-kubernetes-map-type: atomic
+                                                    required:
+                                                    - path
+                                                    type: object
+                                                  type: array
+                                              type: object
+                                            secret:
+                                              description: secret information about
+                                                the secret data to project
+                                              properties:
+                                                items:
+                                                  description: |-
+                                                    items if unspecified, each key-value pair in the Data field of the referenced
+                                                    Secret will be projected into the volume as a file whose name is the
+                                                    key and content is the value. If specified, the listed keys will be
+                                                    projected into the specified paths, and unlisted keys will not be
+                                                    present.
+                                                  items:
+                                                    description: Maps a string key
+                                                      to a path within a volume.
+                                                    properties:
+                                                      key:
+                                                        description: key is the key
+                                                          to project.
+                                                        type: string
+                                                      mode:
+                                                        description: |-
+                                                          mode is Optional: mode bits used to set permissions on this file.
+                                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                          If not specified, the volume defaultMode will be used.
+                                                        format: int32
+                                                        type: integer
+                                                      path:
+                                                        description: |-
+                                                          path is the relative path of the file to map the key to.
+                                                          May not be an absolute path.
+                                                          May not contain the path element '..'.
+                                                          May not start with the string '..'.
+                                                        type: string
+                                                    required:
+                                                    - key
+                                                    - path
+                                                    type: object
+                                                  type: array
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: optional field specify
+                                                    whether the Secret or its key
+                                                    must be defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            serviceAccountToken:
+                                              description: serviceAccountToken is
+                                                information about the serviceAccountToken
+                                                data to project
+                                              properties:
+                                                audience:
+                                                  description: |-
+                                                    audience is the intended audience of the token. A recipient of a token
+                                                    must identify itself with an identifier specified in the audience of the
+                                                    token, and otherwise should reject the token. The audience defaults to the
+                                                    identifier of the apiserver.
+                                                  type: string
+                                                expirationSeconds:
+                                                  description: |-
+                                                    expirationSeconds is the requested duration of validity of the service
+                                                    account token. As the token approaches expiration, the kubelet volume
+                                                    plugin will proactively rotate the service account token. The kubelet will
+                                                    start trying to rotate the token if the token is older than 80 percent of
+                                                    its time to live or if the token is older than 24 hours.Defaults to 1 hour
+                                                    and must be at least 10 minutes.
+                                                  format: int64
+                                                  type: integer
+                                                path:
+                                                  description: |-
+                                                    path is the path relative to the mount point of the file to project the
+                                                    token into.
+                                                  type: string
+                                              required:
+                                              - path
+                                              type: object
+                                          type: object
+                                        type: array
+                                    type: object
+                                  quobyte:
+                                    description: quobyte represents a Quobyte mount
+                                      on the host that shares a pod's lifetime
+                                    properties:
+                                      group:
+                                        description: |-
+                                          group to map volume access to
+                                          Default is no group
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the Quobyte volume to be mounted with read-only permissions.
+                                          Defaults to false.
+                                        type: boolean
+                                      registry:
+                                        description: |-
+                                          registry represents a single or multiple Quobyte Registry services
+                                          specified as a string as host:port pair (multiple entries are separated with commas)
+                                          which acts as the central registry for volumes
+                                        type: string
+                                      tenant:
+                                        description: |-
+                                          tenant owning the given Quobyte volume in the Backend
+                                          Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+                                        type: string
+                                      user:
+                                        description: |-
+                                          user to map volume access to
+                                          Defaults to serivceaccount user
+                                        type: string
+                                      volume:
+                                        description: volume is a string that references
+                                          an already created Quobyte volume by name.
+                                        type: string
+                                    required:
+                                    - registry
+                                    - volume
+                                    type: object
+                                  rbd:
+                                    description: |-
+                                      rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
+                                      More info: https://examples.k8s.io/volumes/rbd/README.md
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      image:
+                                        description: |-
+                                          image is the rados image name.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                      keyring:
+                                        description: |-
+                                          keyring is the path to key ring for RBDUser.
+                                          Default is /etc/ceph/keyring.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                      monitors:
+                                        description: |-
+                                          monitors is a collection of Ceph monitors.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        items:
+                                          type: string
+                                        type: array
+                                      pool:
+                                        description: |-
+                                          pool is the rados pool name.
+                                          Default is rbd.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the ReadOnly setting in VolumeMounts.
+                                          Defaults to false.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef is name of the authentication secret for RBDUser. If provided
+                                          overrides keyring.
+                                          Default is nil.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      user:
+                                        description: |-
+                                          user is the rados user name.
+                                          Default is admin.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                    required:
+                                    - image
+                                    - monitors
+                                    type: object
+                                  scaleIO:
+                                    description: scaleIO represents a ScaleIO persistent
+                                      volume attached and mounted on Kubernetes nodes.
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs".
+                                          Default is "xfs".
+                                        type: string
+                                      gateway:
+                                        description: gateway is the host address of
+                                          the ScaleIO API Gateway.
+                                        type: string
+                                      protectionDomain:
+                                        description: protectionDomain is the name
+                                          of the ScaleIO Protection Domain for the
+                                          configured storage.
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef references to the secret for ScaleIO user and other
+                                          sensitive information. If this is not provided, Login operation will fail.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      sslEnabled:
+                                        description: sslEnabled Flag enable/disable
+                                          SSL communication with Gateway, default
+                                          false
+                                        type: boolean
+                                      storageMode:
+                                        description: |-
+                                          storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
+                                          Default is ThinProvisioned.
+                                        type: string
+                                      storagePool:
+                                        description: storagePool is the ScaleIO Storage
+                                          Pool associated with the protection domain.
+                                        type: string
+                                      system:
+                                        description: system is the name of the storage
+                                          system as configured in ScaleIO.
+                                        type: string
+                                      volumeName:
+                                        description: |-
+                                          volumeName is the name of a volume already created in the ScaleIO system
+                                          that is associated with this volume source.
+                                        type: string
+                                    required:
+                                    - gateway
+                                    - secretRef
+                                    - system
+                                    type: object
+                                  secret:
+                                    description: |-
+                                      secret represents a secret that should populate this volume.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          defaultMode is Optional: mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values
+                                          for mode bits. Defaults to 0644.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      items:
+                                        description: |-
+                                          items If unspecified, each key-value pair in the Data field of the referenced
+                                          Secret will be projected into the volume as a file whose name is the
+                                          key and content is the value. If specified, the listed keys will be
+                                          projected into the specified paths, and unlisted keys will not be
+                                          present.
+                                        items:
+                                          description: Maps a string key to a path
+                                            within a volume.
+                                          properties:
+                                            key:
+                                              description: key is the key to project.
+                                              type: string
+                                            mode:
+                                              description: |-
+                                                mode is Optional: mode bits used to set permissions on this file.
+                                                Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                If not specified, the volume defaultMode will be used.
+                                              format: int32
+                                              type: integer
+                                            path:
+                                              description: |-
+                                                path is the relative path of the file to map the key to.
+                                                May not be an absolute path.
+                                                May not contain the path element '..'.
+                                                May not start with the string '..'.
+                                              type: string
+                                          required:
+                                          - key
+                                          - path
+                                          type: object
+                                        type: array
+                                      optional:
+                                        description: optional field specify whether
+                                          the Secret or its keys must be defined
+                                        type: boolean
+                                      secretName:
+                                        description: |-
+                                          secretName is the name of the secret in the pod's namespace to use.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+                                        type: string
+                                    type: object
+                                  storageos:
+                                    description: storageOS represents a StorageOS
+                                      volume attached and mounted on Kubernetes nodes.
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef specifies the secret to use for obtaining the StorageOS API
+                                          credentials.  If not specified, default values will be attempted.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      volumeName:
+                                        description: |-
+                                          volumeName is the human-readable name of the StorageOS volume.  Volume
+                                          names are only unique within a namespace.
+                                        type: string
+                                      volumeNamespace:
+                                        description: |-
+                                          volumeNamespace specifies the scope of the volume within StorageOS.  If no
+                                          namespace is specified then the Pod's namespace will be used.  This allows the
+                                          Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
+                                          Set VolumeName to any name to override the default behaviour.
+                                          Set to "default" if you are not using namespaces within StorageOS.
+                                        type: string
+                                    type: object
+                                  vsphereVolume:
+                                    description: vsphereVolume represents a vSphere
+                                      volume attached and mounted on kubelets host
+                                      machine
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      storagePolicyID:
+                                        description: storagePolicyID is the storage
+                                          Policy Based Management (SPBM) profile ID
+                                          associated with the StoragePolicyName.
+                                        type: string
+                                      storagePolicyName:
+                                        description: storagePolicyName is the storage
+                                          Policy Based Management (SPBM) profile name.
+                                        type: string
+                                      volumePath:
+                                        description: volumePath is the path that identifies
+                                          vSphere volume vmdk
+                                        type: string
+                                    required:
+                                    - volumePath
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                          required:
+                          - containers
+                          type: object
+                      type: object
+                  type: object
+                description: |-
+                  MXReplicaSpecs is map of ReplicaType and ReplicaSpec
+                  specifies the MX replicas to run.
+                  For example,
+                    {
+                      "Scheduler": ReplicaSpec,
+                      "Server": ReplicaSpec,
+                      "Worker": ReplicaSpec,
+                    }
+                type: object
+              runPolicy:
+                description: |-
+                  RunPolicy encapsulates various runtime policies of the distributed training
+                  job, for example how to clean up resources and how long the job can stay
+                  active.
+                properties:
+                  activeDeadlineSeconds:
+                    description: |-
+                      Specifies the duration in seconds relative to the startTime that the job may be active
+                      before the system tries to terminate it; value must be positive integer.
+                    format: int64
+                    type: integer
+                  backoffLimit:
+                    description: Optional number of retries before marking this job
+                      failed.
+                    format: int32
+                    type: integer
+                  cleanPodPolicy:
+                    description: |-
+                      CleanPodPolicy defines the policy to kill pods after the job completes.
+                      Default to None.
+                    type: string
+                  schedulingPolicy:
+                    description: SchedulingPolicy defines the policy related to scheduling,
+                      e.g. gang-scheduling
+                    properties:
+                      minAvailable:
+                        format: int32
+                        type: integer
+                      minResources:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        type: object
+                      priorityClass:
+                        type: string
+                      queue:
+                        type: string
+                        x-kubernetes-validations:
+                        - message: spec.runPolicy.schedulingPolicy.queue is immutable
+                          rule: self == oldSelf
+                      scheduleTimeoutSeconds:
+                        format: int32
+                        type: integer
+                    type: object
+                  suspend:
+                    default: false
+                    description: |-
+                      suspend specifies whether the Job controller should create Pods or not.
+                      If a Job is created with suspend set to true, no Pods are created by
+                      the Job controller. If a Job is suspended after creation (i.e. the
+                      flag goes from false to true), the Job controller will delete all
+                      active Pods and PodGroups associated with this Job.
+                      Users must design their workload to gracefully handle this.
+                    type: boolean
+                  ttlSecondsAfterFinished:
+                    description: |-
+                      TTLSecondsAfterFinished is the TTL to clean up jobs.
+                      It may take extra ReconcilePeriod seconds for the cleanup, since
+                      reconcile gets called periodically.
+                      Default to infinite.
+                    format: int32
+                    type: integer
+                type: object
+            required:
+            - jobMode
+            - mxReplicaSpecs
+            type: object
+          status:
+            description: JobStatus represents the current observed state of the training
+              Job.
+            properties:
+              completionTime:
+                description: |-
+                  Represents time when the job was completed. It is not guaranteed to
+                  be set in happens-before order across separate operations.
+                  It is represented in RFC3339 form and is in UTC.
+                format: date-time
+                type: string
+              conditions:
+                description: Conditions is an array of current observed job conditions.
+                items:
+                  description: JobCondition describes the state of the job at a certain
+                    point.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another.
+                      format: date-time
+                      type: string
+                    lastUpdateTime:
+                      description: The last time this condition was updated.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of job condition.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              lastReconcileTime:
+                description: |-
+                  Represents last time when the job was reconciled. It is not guaranteed to
+                  be set in happens-before order across separate operations.
+                  It is represented in RFC3339 form and is in UTC.
+                format: date-time
+                type: string
+              replicaStatuses:
+                additionalProperties:
+                  description: ReplicaStatus represents the current observed state
+                    of the replica.
+                  properties:
+                    active:
+                      description: The number of actively running pods.
+                      format: int32
+                      type: integer
+                    failed:
+                      description: The number of pods which reached phase Failed.
+                      format: int32
+                      type: integer
+                    labelSelector:
+                      description: 'Deprecated: Use Selector instead'
+                      properties:
+                        matchExpressions:
+                          description: matchExpressions is a list of label selector
+                            requirements. The requirements are ANDed.
+                          items:
+                            description: |-
+                              A label selector requirement is a selector that contains values, a key, and an operator that
+                              relates the key and values.
+                            properties:
+                              key:
+                                description: key is the label key that the selector
+                                  applies to.
+                                type: string
+                              operator:
+                                description: |-
+                                  operator represents a key's relationship to a set of values.
+                                  Valid operators are In, NotIn, Exists and DoesNotExist.
+                                type: string
+                              values:
+                                description: |-
+                                  values is an array of string values. If the operator is In or NotIn,
+                                  the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                  the values array must be empty. This array is replaced during a strategic
+                                  merge patch.
+                                items:
+                                  type: string
+                                type: array
+                            required:
+                            - key
+                            - operator
+                            type: object
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: |-
+                            matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                            map is equivalent to an element of matchExpressions, whose key field is "key", the
+                            operator is "In", and the values array contains only "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                      x-kubernetes-map-type: atomic
+                    selector:
+                      description: |-
+                        A Selector is a label query over a set of resources. The result of matchLabels and
+                        matchExpressions are ANDed. An empty Selector matches all objects. A null
+                        Selector matches no objects.
+                      type: string
+                    succeeded:
+                      description: The number of pods which reached phase Succeeded.
+                      format: int32
+                      type: integer
+                  type: object
+                description: |-
+                  ReplicaStatuses is map of ReplicaType and ReplicaStatus,
+                  specifies the status of each replica.
+                type: object
+              startTime:
+                description: |-
+                  Represents time when the job was acknowledged by the job controller.
+                  It is not guaranteed to be set in happens-before order across separate operations.
+                  It is represented in RFC3339 form and is in UTC.
+                format: date-time
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+{{- end }}
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_paddlejobs.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_paddlejobs.yaml
new file mode 100644
index 00000000..dd413a56
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_paddlejobs.yaml
@@ -0,0 +1,8031 @@
+{{- if (include "kubeflowCrds.trainingOperator.enabled" . | eq "true") -}}
+{{- if .Values.crds.minimized }}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }}
+  name: {{ include "kubeflowCrds.trainingOperator.paddleFullName" . }}
+spec:
+  group: {{ include "kubeflowCrds.trainingOperator.group" . }}
+  names:
+    kind: PaddleJob
+    listKind: PaddleJobList
+    plural: {{ include "kubeflowCrds.trainingOperator.paddlePluralName" . }}
+    singular: {{ include "kubeflowCrds.trainingOperator.paddleSingularName" . }}
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[-1:].type
+      name: State
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1
+    schema:
+      openAPIV3Schema:
+        description: PaddleJob Represents a PaddleJob resource.
+        type: object
+        x-kubernetes-preserve-unknown-fields: true
+    served: true
+    storage: true
+    subresources:
+      scale:
+        labelSelectorPath: .status.replicaStatuses.Worker.selector
+        specReplicasPath: .spec.paddleReplicaSpecs.Worker.replicas
+        statusReplicasPath: .status.replicaStatuses.Worker.active
+      status: {}
+
+{{- else }}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }}
+  name: {{ include "kubeflowCrds.trainingOperator.paddleFullName" . }}
+spec:
+  group: {{ include "kubeflowCrds.trainingOperator.group" . }}
+  names:
+    kind: PaddleJob
+    listKind: PaddleJobList
+    plural: {{ include "kubeflowCrds.trainingOperator.paddlePluralName" . }}
+    singular: {{ include "kubeflowCrds.trainingOperator.paddleSingularName" . }}
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[-1:].type
+      name: State
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1
+    schema:
+      openAPIV3Schema:
+        description: PaddleJob Represents a PaddleJob resource.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Specification of the desired state of the PaddleJob.
+            properties:
+              elasticPolicy:
+                description: ElasticPolicy holds the elastic policy for paddle job.
+                properties:
+                  maxReplicas:
+                    description: upper limit for the number of pods that can be set
+                      by the autoscaler; cannot be smaller than MinReplicas, defaults
+                      to null.
+                    format: int32
+                    type: integer
+                  maxRestarts:
+                    description: MaxRestarts is the limit for restart times of pods
+                      in elastic mode.
+                    format: int32
+                    type: integer
+                  metrics:
+                    description: |-
+                      Metrics contains the specifications which are used to calculate the
+                      desired replica count (the maximum replica count across all metrics will
+                      be used).  The desired replica count is calculated with multiplying the
+                      ratio between the target value and the current value by the current
+                      number of pods. Ergo, metrics used must decrease as the pod count is
+                      increased, and vice-versa.
+                    items:
+                      description: |-
+                        MetricSpec specifies how to scale based on a single metric
+                        (only `type` and one other matching field should be set at once).
+                      properties:
+                        containerResource:
+                          description: |-
+                            containerResource refers to a resource metric (such as those specified in
+                            requests and limits) known to Kubernetes describing a single container in
+                            each pod of the current scale target (e.g. CPU or memory). Such metrics are
+                            built in to Kubernetes, and have special scaling options on top of those
+                            available to normal per-pod metrics using the "pods" source.
+                          properties:
+                            container:
+                              description: container is the name of the container
+                                in the pods of the scaling target
+                              type: string
+                            name:
+                              description: name is the name of the resource in question.
+                              type: string
+                            target:
+                              description: target specifies the target value for the
+                                given metric
+                              properties:
+                                averageUtilization:
+                                  description: |-
+                                    averageUtilization is the target value of the average of the
+                                    resource metric across all relevant pods, represented as a percentage of
+                                    the requested value of the resource for the pods.
+                                    Currently only valid for Resource metric source type
+                                  format: int32
+                                  type: integer
+                                averageValue:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: |-
+                                    averageValue is the target value of the average of the
+                                    metric across all relevant pods (as a quantity)
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                type:
+                                  description: type represents whether the metric
+                                    type is Utilization, Value, or AverageValue
+                                  type: string
+                                value:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: value is the target value of the metric
+                                    (as a quantity).
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                              required:
+                              - type
+                              type: object
+                          required:
+                          - container
+                          - name
+                          - target
+                          type: object
+                        external:
+                          description: |-
+                            external refers to a global metric that is not associated
+                            with any Kubernetes object. It allows autoscaling based on information
+                            coming from components running outside of cluster
+                            (for example length of queue in cloud messaging service, or
+                            QPS from loadbalancer running outside of cluster).
+                          properties:
+                            metric:
+                              description: metric identifies the target metric by
+                                name and selector
+                              properties:
+                                name:
+                                  description: name is the name of the given metric
+                                  type: string
+                                selector:
+                                  description: |-
+                                    selector is the string-encoded form of a standard kubernetes label selector for the given metric
+                                    When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping.
+                                    When unset, just the metricName will be used to gather metrics.
+                                  properties:
+                                    matchExpressions:
+                                      description: matchExpressions is a list of label
+                                        selector requirements. The requirements are
+                                        ANDed.
+                                      items:
+                                        description: |-
+                                          A label selector requirement is a selector that contains values, a key, and an operator that
+                                          relates the key and values.
+                                        properties:
+                                          key:
+                                            description: key is the label key that
+                                              the selector applies to.
+                                            type: string
+                                          operator:
+                                            description: |-
+                                              operator represents a key's relationship to a set of values.
+                                              Valid operators are In, NotIn, Exists and DoesNotExist.
+                                            type: string
+                                          values:
+                                            description: |-
+                                              values is an array of string values. If the operator is In or NotIn,
+                                              the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                              the values array must be empty. This array is replaced during a strategic
+                                              merge patch.
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        type: string
+                                      description: |-
+                                        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                        map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                        operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                      type: object
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              required:
+                              - name
+                              type: object
+                            target:
+                              description: target specifies the target value for the
+                                given metric
+                              properties:
+                                averageUtilization:
+                                  description: |-
+                                    averageUtilization is the target value of the average of the
+                                    resource metric across all relevant pods, represented as a percentage of
+                                    the requested value of the resource for the pods.
+                                    Currently only valid for Resource metric source type
+                                  format: int32
+                                  type: integer
+                                averageValue:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: |-
+                                    averageValue is the target value of the average of the
+                                    metric across all relevant pods (as a quantity)
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                type:
+                                  description: type represents whether the metric
+                                    type is Utilization, Value, or AverageValue
+                                  type: string
+                                value:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: value is the target value of the metric
+                                    (as a quantity).
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                              required:
+                              - type
+                              type: object
+                          required:
+                          - metric
+                          - target
+                          type: object
+                        object:
+                          description: |-
+                            object refers to a metric describing a single kubernetes object
+                            (for example, hits-per-second on an Ingress object).
+                          properties:
+                            describedObject:
+                              description: describedObject specifies the descriptions
+                                of a object,such as kind,name apiVersion
+                              properties:
+                                apiVersion:
+                                  description: apiVersion is the API version of the
+                                    referent
+                                  type: string
+                                kind:
+                                  description: 'kind is the kind of the referent;
+                                    More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                  type: string
+                                name:
+                                  description: 'name is the name of the referent;
+                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                  type: string
+                              required:
+                              - kind
+                              - name
+                              type: object
+                            metric:
+                              description: metric identifies the target metric by
+                                name and selector
+                              properties:
+                                name:
+                                  description: name is the name of the given metric
+                                  type: string
+                                selector:
+                                  description: |-
+                                    selector is the string-encoded form of a standard kubernetes label selector for the given metric
+                                    When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping.
+                                    When unset, just the metricName will be used to gather metrics.
+                                  properties:
+                                    matchExpressions:
+                                      description: matchExpressions is a list of label
+                                        selector requirements. The requirements are
+                                        ANDed.
+                                      items:
+                                        description: |-
+                                          A label selector requirement is a selector that contains values, a key, and an operator that
+                                          relates the key and values.
+                                        properties:
+                                          key:
+                                            description: key is the label key that
+                                              the selector applies to.
+                                            type: string
+                                          operator:
+                                            description: |-
+                                              operator represents a key's relationship to a set of values.
+                                              Valid operators are In, NotIn, Exists and DoesNotExist.
+                                            type: string
+                                          values:
+                                            description: |-
+                                              values is an array of string values. If the operator is In or NotIn,
+                                              the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                              the values array must be empty. This array is replaced during a strategic
+                                              merge patch.
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        type: string
+                                      description: |-
+                                        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                        map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                        operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                      type: object
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              required:
+                              - name
+                              type: object
+                            target:
+                              description: target specifies the target value for the
+                                given metric
+                              properties:
+                                averageUtilization:
+                                  description: |-
+                                    averageUtilization is the target value of the average of the
+                                    resource metric across all relevant pods, represented as a percentage of
+                                    the requested value of the resource for the pods.
+                                    Currently only valid for Resource metric source type
+                                  format: int32
+                                  type: integer
+                                averageValue:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: |-
+                                    averageValue is the target value of the average of the
+                                    metric across all relevant pods (as a quantity)
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                type:
+                                  description: type represents whether the metric
+                                    type is Utilization, Value, or AverageValue
+                                  type: string
+                                value:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: value is the target value of the metric
+                                    (as a quantity).
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                              required:
+                              - type
+                              type: object
+                          required:
+                          - describedObject
+                          - metric
+                          - target
+                          type: object
+                        pods:
+                          description: |-
+                            pods refers to a metric describing each pod in the current scale target
+                            (for example, transactions-processed-per-second).  The values will be
+                            averaged together before being compared to the target value.
+                          properties:
+                            metric:
+                              description: metric identifies the target metric by
+                                name and selector
+                              properties:
+                                name:
+                                  description: name is the name of the given metric
+                                  type: string
+                                selector:
+                                  description: |-
+                                    selector is the string-encoded form of a standard kubernetes label selector for the given metric
+                                    When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping.
+                                    When unset, just the metricName will be used to gather metrics.
+                                  properties:
+                                    matchExpressions:
+                                      description: matchExpressions is a list of label
+                                        selector requirements. The requirements are
+                                        ANDed.
+                                      items:
+                                        description: |-
+                                          A label selector requirement is a selector that contains values, a key, and an operator that
+                                          relates the key and values.
+                                        properties:
+                                          key:
+                                            description: key is the label key that
+                                              the selector applies to.
+                                            type: string
+                                          operator:
+                                            description: |-
+                                              operator represents a key's relationship to a set of values.
+                                              Valid operators are In, NotIn, Exists and DoesNotExist.
+                                            type: string
+                                          values:
+                                            description: |-
+                                              values is an array of string values. If the operator is In or NotIn,
+                                              the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                              the values array must be empty. This array is replaced during a strategic
+                                              merge patch.
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        type: string
+                                      description: |-
+                                        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                        map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                        operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                      type: object
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              required:
+                              - name
+                              type: object
+                            target:
+                              description: target specifies the target value for the
+                                given metric
+                              properties:
+                                averageUtilization:
+                                  description: |-
+                                    averageUtilization is the target value of the average of the
+                                    resource metric across all relevant pods, represented as a percentage of
+                                    the requested value of the resource for the pods.
+                                    Currently only valid for Resource metric source type
+                                  format: int32
+                                  type: integer
+                                averageValue:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: |-
+                                    averageValue is the target value of the average of the
+                                    metric across all relevant pods (as a quantity)
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                type:
+                                  description: type represents whether the metric
+                                    type is Utilization, Value, or AverageValue
+                                  type: string
+                                value:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: value is the target value of the metric
+                                    (as a quantity).
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                              required:
+                              - type
+                              type: object
+                          required:
+                          - metric
+                          - target
+                          type: object
+                        resource:
+                          description: |-
+                            resource refers to a resource metric (such as those specified in
+                            requests and limits) known to Kubernetes describing each pod in the
+                            current scale target (e.g. CPU or memory). Such metrics are built in to
+                            Kubernetes, and have special scaling options on top of those available
+                            to normal per-pod metrics using the "pods" source.
+                          properties:
+                            name:
+                              description: name is the name of the resource in question.
+                              type: string
+                            target:
+                              description: target specifies the target value for the
+                                given metric
+                              properties:
+                                averageUtilization:
+                                  description: |-
+                                    averageUtilization is the target value of the average of the
+                                    resource metric across all relevant pods, represented as a percentage of
+                                    the requested value of the resource for the pods.
+                                    Currently only valid for Resource metric source type
+                                  format: int32
+                                  type: integer
+                                averageValue:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: |-
+                                    averageValue is the target value of the average of the
+                                    metric across all relevant pods (as a quantity)
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                type:
+                                  description: type represents whether the metric
+                                    type is Utilization, Value, or AverageValue
+                                  type: string
+                                value:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: value is the target value of the metric
+                                    (as a quantity).
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                              required:
+                              - type
+                              type: object
+                          required:
+                          - name
+                          - target
+                          type: object
+                        type:
+                          description: |-
+                            type is the type of metric source.  It should be one of "ContainerResource", "External",
+                            "Object", "Pods" or "Resource", each mapping to a matching field in the object.
+                            Note: "ContainerResource" type is available on when the feature-gate
+                            HPAContainerMetrics is enabled
+                          type: string
+                      required:
+                      - type
+                      type: object
+                    type: array
+                  minReplicas:
+                    description: |-
+                      minReplicas is the lower limit for the number of replicas to which the training job
+                      can scale down.  It defaults to null.
+                    format: int32
+                    type: integer
+                type: object
+              paddleReplicaSpecs:
+                additionalProperties:
+                  description: ReplicaSpec is a description of the replica
+                  properties:
+                    replicas:
+                      description: |-
+                        Replicas is the desired number of replicas of the given template.
+                        If unspecified, defaults to 1.
+                      format: int32
+                      type: integer
+                    restartPolicy:
+                      description: |-
+                        Restart policy for all replicas within the job.
+                        One of Always, OnFailure, Never and ExitCode.
+                        Default to Never.
+                      type: string
+                    template:
+                      description: |-
+                        Template is the object that describes the pod that
+                        will be created for this replica. RestartPolicy in PodTemplateSpec
+                        will be overide by RestartPolicy in ReplicaSpec
+                      properties:
+                        metadata:
+                          description: |-
+                            Standard object's metadata.
+                            More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+                          properties:
+                            annotations:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            finalizers:
+                              items:
+                                type: string
+                              type: array
+                            labels:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                          type: object
+                        spec:
+                          description: |-
+                            Specification of the desired behavior of the pod.
+                            More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+                          properties:
+                            activeDeadlineSeconds:
+                              description: |-
+                                Optional duration in seconds the pod may be active on the node relative to
+                                StartTime before the system will actively try to mark it failed and kill associated containers.
+                                Value must be a positive integer.
+                              format: int64
+                              type: integer
+                            affinity:
+                              description: If specified, the pod's scheduling constraints
+                              properties:
+                                nodeAffinity:
+                                  description: Describes node affinity scheduling
+                                    rules for the pod.
+                                  properties:
+                                    preferredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        The scheduler will prefer to schedule pods to nodes that satisfy
+                                        the affinity expressions specified by this field, but it may choose
+                                        a node that violates one or more of the expressions. The node that is
+                                        most preferred is the one with the greatest sum of weights, i.e.
+                                        for each node that meets all of the scheduling requirements (resource
+                                        request, requiredDuringScheduling affinity expressions, etc.
+                                      items:
+                                        description: |-
+                                          An empty preferred scheduling term matches all objects with implicit weight 0
+                                          (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+                                        properties:
+                                          preference:
+                                            description: A node selector term, associated
+                                              with the corresponding weight.
+                                            properties:
+                                              matchExpressions:
+                                                description: A list of node selector
+                                                  requirements by node's labels.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchFields:
+                                                description: A list of node selector
+                                                  requirements by node's fields.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          weight:
+                                            description: Weight associated with matching
+                                              the corresponding nodeSelectorTerm,
+                                              in the range 1-100.
+                                            format: int32
+                                            type: integer
+                                        required:
+                                        - preference
+                                        - weight
+                                        type: object
+                                      type: array
+                                    requiredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        If the affinity requirements specified by this field are not met at
+                                        scheduling time, the pod will not be scheduled onto the node.
+                                        If the affinity requirements specified by this field cease to be met
+                                        at some point during pod execution (e.g. due to an update), the system
+                                        may or may not try to eventually evict the pod from its node.
+                                      properties:
+                                        nodeSelectorTerms:
+                                          description: Required. A list of node selector
+                                            terms. The terms are ORed.
+                                          items:
+                                            description: |-
+                                              A null or empty node selector term matches no objects. The requirements of
+                                              them are ANDed.
+                                              The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+                                            properties:
+                                              matchExpressions:
+                                                description: A list of node selector
+                                                  requirements by node's labels.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchFields:
+                                                description: A list of node selector
+                                                  requirements by node's fields.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          type: array
+                                      required:
+                                      - nodeSelectorTerms
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                  type: object
+                                podAffinity:
+                                  description: Describes pod affinity scheduling rules
+                                    (e.g. co-locate this pod in the same node, zone,
+                                    etc. as some other pod(s)).
+                                  properties:
+                                    preferredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        The scheduler will prefer to schedule pods to nodes that satisfy
+                                        the affinity expressions specified by this field, but it may choose
+                                        a node that violates one or more of the expressions. The node that is
+                                        most preferred is the one with the greatest sum of weights, i.e.
+                                        for each node that meets all of the scheduling requirements (resource
+                                        request, requiredDuringScheduling affinity expressions, etc.
+                                      items:
+                                        description: The weights of all of the matched
+                                          WeightedPodAffinityTerm fields are added
+                                          per-node to find the most preferred node(s)
+                                        properties:
+                                          podAffinityTerm:
+                                            description: Required. A pod affinity
+                                              term, associated with the corresponding
+                                              weight.
+                                            properties:
+                                              labelSelector:
+                                                description: |-
+                                                  A label query over a set of resources, in this case pods.
+                                                  If it's null, this PodAffinityTerm matches with no Pods.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              matchLabelKeys:
+                                                description: |-
+                                                  MatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              mismatchLabelKeys:
+                                                description: |-
+                                                  MismatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              namespaceSelector:
+                                                description: |-
+                                                  A label query over the set of namespaces that the term applies to.
+                                                  The term is applied to the union of the namespaces selected by this field
+                                                  and the ones listed in the namespaces field.
+                                                  null selector and null or empty namespaces list means "this pod's namespace".
+                                                  An empty selector ({}) matches all namespaces.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              namespaces:
+                                                description: |-
+                                                  namespaces specifies a static list of namespace names that the term applies to.
+                                                  The term is applied to the union of the namespaces listed in this field
+                                                  and the ones selected by namespaceSelector.
+                                                  null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                                items:
+                                                  type: string
+                                                type: array
+                                              topologyKey:
+                                                description: |-
+                                                  This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                                  the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                                  whose value of the label with key topologyKey matches that of any node on which any of the
+                                                  selected pods is running.
+                                                  Empty topologyKey is not allowed.
+                                                type: string
+                                            required:
+                                            - topologyKey
+                                            type: object
+                                          weight:
+                                            description: |-
+                                              weight associated with matching the corresponding podAffinityTerm,
+                                              in the range 1-100.
+                                            format: int32
+                                            type: integer
+                                        required:
+                                        - podAffinityTerm
+                                        - weight
+                                        type: object
+                                      type: array
+                                    requiredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        If the affinity requirements specified by this field are not met at
+                                        scheduling time, the pod will not be scheduled onto the node.
+                                        If the affinity requirements specified by this field cease to be met
+                                        at some point during pod execution (e.g. due to a pod label update), the
+                                        system may or may not try to eventually evict the pod from its node.
+                                      items:
+                                        description: |-
+                                          Defines a set of pods (namely those matching the labelSelector
+                                          relative to the given namespace(s)) that this pod should be
+                                          co-located (affinity) or not co-located (anti-affinity) with,
+                                          where co-located is defined as running on a node whose value of
+                                          the label with key <topologyKey> matches that of any node on which
+                                          a pod of the set of pods is running
+                                        properties:
+                                          labelSelector:
+                                            description: |-
+                                              A label query over a set of resources, in this case pods.
+                                              If it's null, this PodAffinityTerm matches with no Pods.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          matchLabelKeys:
+                                            description: |-
+                                              MatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          mismatchLabelKeys:
+                                            description: |-
+                                              MismatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          namespaceSelector:
+                                            description: |-
+                                              A label query over the set of namespaces that the term applies to.
+                                              The term is applied to the union of the namespaces selected by this field
+                                              and the ones listed in the namespaces field.
+                                              null selector and null or empty namespaces list means "this pod's namespace".
+                                              An empty selector ({}) matches all namespaces.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          namespaces:
+                                            description: |-
+                                              namespaces specifies a static list of namespace names that the term applies to.
+                                              The term is applied to the union of the namespaces listed in this field
+                                              and the ones selected by namespaceSelector.
+                                              null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                            items:
+                                              type: string
+                                            type: array
+                                          topologyKey:
+                                            description: |-
+                                              This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                              the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                              whose value of the label with key topologyKey matches that of any node on which any of the
+                                              selected pods is running.
+                                              Empty topologyKey is not allowed.
+                                            type: string
+                                        required:
+                                        - topologyKey
+                                        type: object
+                                      type: array
+                                  type: object
+                                podAntiAffinity:
+                                  description: Describes pod anti-affinity scheduling
+                                    rules (e.g. avoid putting this pod in the same
+                                    node, zone, etc. as some other pod(s)).
+                                  properties:
+                                    preferredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        The scheduler will prefer to schedule pods to nodes that satisfy
+                                        the anti-affinity expressions specified by this field, but it may choose
+                                        a node that violates one or more of the expressions. The node that is
+                                        most preferred is the one with the greatest sum of weights, i.e.
+                                      items:
+                                        description: The weights of all of the matched
+                                          WeightedPodAffinityTerm fields are added
+                                          per-node to find the most preferred node(s)
+                                        properties:
+                                          podAffinityTerm:
+                                            description: Required. A pod affinity
+                                              term, associated with the corresponding
+                                              weight.
+                                            properties:
+                                              labelSelector:
+                                                description: |-
+                                                  A label query over a set of resources, in this case pods.
+                                                  If it's null, this PodAffinityTerm matches with no Pods.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              matchLabelKeys:
+                                                description: |-
+                                                  MatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              mismatchLabelKeys:
+                                                description: |-
+                                                  MismatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              namespaceSelector:
+                                                description: |-
+                                                  A label query over the set of namespaces that the term applies to.
+                                                  The term is applied to the union of the namespaces selected by this field
+                                                  and the ones listed in the namespaces field.
+                                                  null selector and null or empty namespaces list means "this pod's namespace".
+                                                  An empty selector ({}) matches all namespaces.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              namespaces:
+                                                description: |-
+                                                  namespaces specifies a static list of namespace names that the term applies to.
+                                                  The term is applied to the union of the namespaces listed in this field
+                                                  and the ones selected by namespaceSelector.
+                                                  null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                                items:
+                                                  type: string
+                                                type: array
+                                              topologyKey:
+                                                description: |-
+                                                  This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                                  the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                                  whose value of the label with key topologyKey matches that of any node on which any of the
+                                                  selected pods is running.
+                                                  Empty topologyKey is not allowed.
+                                                type: string
+                                            required:
+                                            - topologyKey
+                                            type: object
+                                          weight:
+                                            description: |-
+                                              weight associated with matching the corresponding podAffinityTerm,
+                                              in the range 1-100.
+                                            format: int32
+                                            type: integer
+                                        required:
+                                        - podAffinityTerm
+                                        - weight
+                                        type: object
+                                      type: array
+                                    requiredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        If the anti-affinity requirements specified by this field are not met at
+                                        scheduling time, the pod will not be scheduled onto the node.
+                                        If the anti-affinity requirements specified by this field cease to be met
+                                        at some point during pod execution (e.g. due to a pod label update), the
+                                        system may or may not try to eventually evict the pod from its node.
+                                      items:
+                                        description: |-
+                                          Defines a set of pods (namely those matching the labelSelector
+                                          relative to the given namespace(s)) that this pod should be
+                                          co-located (affinity) or not co-located (anti-affinity) with,
+                                          where co-located is defined as running on a node whose value of
+                                          the label with key <topologyKey> matches that of any node on which
+                                          a pod of the set of pods is running
+                                        properties:
+                                          labelSelector:
+                                            description: |-
+                                              A label query over a set of resources, in this case pods.
+                                              If it's null, this PodAffinityTerm matches with no Pods.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          matchLabelKeys:
+                                            description: |-
+                                              MatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          mismatchLabelKeys:
+                                            description: |-
+                                              MismatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          namespaceSelector:
+                                            description: |-
+                                              A label query over the set of namespaces that the term applies to.
+                                              The term is applied to the union of the namespaces selected by this field
+                                              and the ones listed in the namespaces field.
+                                              null selector and null or empty namespaces list means "this pod's namespace".
+                                              An empty selector ({}) matches all namespaces.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          namespaces:
+                                            description: |-
+                                              namespaces specifies a static list of namespace names that the term applies to.
+                                              The term is applied to the union of the namespaces listed in this field
+                                              and the ones selected by namespaceSelector.
+                                              null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                            items:
+                                              type: string
+                                            type: array
+                                          topologyKey:
+                                            description: |-
+                                              This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                              the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                              whose value of the label with key topologyKey matches that of any node on which any of the
+                                              selected pods is running.
+                                              Empty topologyKey is not allowed.
+                                            type: string
+                                        required:
+                                        - topologyKey
+                                        type: object
+                                      type: array
+                                  type: object
+                              type: object
+                            automountServiceAccountToken:
+                              description: AutomountServiceAccountToken indicates
+                                whether a service account token should be automatically
+                                mounted.
+                              type: boolean
+                            containers:
+                              description: |-
+                                List of containers belonging to the pod.
+                                Containers cannot currently be added or removed.
+                                There must be at least one container in a Pod.
+                                Cannot be updated.
+                              items:
+                                description: A single application container that you
+                                  want to run within a pod.
+                                properties:
+                                  args:
+                                    description: |-
+                                      Arguments to the entrypoint.
+                                      The container image's CMD is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  command:
+                                    description: |-
+                                      Entrypoint array. Not executed within a shell.
+                                      The container image's ENTRYPOINT is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  env:
+                                    description: |-
+                                      List of environment variables to set in the container.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvVar represents an environment
+                                        variable present in a Container.
+                                      properties:
+                                        name:
+                                          description: Name of the environment variable.
+                                            Must be a C_IDENTIFIER.
+                                          type: string
+                                        value:
+                                          description: |-
+                                            Variable references $(VAR_NAME) are expanded
+                                            using the previously defined environment variables in the container and
+                                            any service environment variables. If a variable cannot be resolved,
+                                            the reference in the input string will be unchanged. Double $$ are reduced
+                                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                          type: string
+                                        valueFrom:
+                                          description: Source for the environment
+                                            variable's value. Cannot be used if value
+                                            is not empty.
+                                          properties:
+                                            configMapKeyRef:
+                                              description: Selects a key of a ConfigMap.
+                                              properties:
+                                                key:
+                                                  description: The key to select.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    ConfigMap or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            fieldRef:
+                                              description: |-
+                                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            secretKeyRef:
+                                              description: Selects a key of a secret
+                                                in the pod's namespace
+                                              properties:
+                                                key:
+                                                  description: The key of the secret
+                                                    to select from.  Must be a valid
+                                                    secret key.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    Secret or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  envFrom:
+                                    description: |-
+                                      List of sources to populate environment variables in the container.
+                                      The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                      will be reported as an event when the container is starting. When a key exists in multiple
+                                      sources, the value associated with the last source will take precedence.
+                                      Values defined by an Env with a duplicate key will take precedence.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvFromSource represents the source
+                                        of a set of ConfigMaps
+                                      properties:
+                                        configMapRef:
+                                          description: The ConfigMap to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the ConfigMap
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        prefix:
+                                          description: An optional identifier to prepend
+                                            to each key in the ConfigMap. Must be
+                                            a C_IDENTIFIER.
+                                          type: string
+                                        secretRef:
+                                          description: The Secret to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the Secret
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                      type: object
+                                    type: array
+                                  image:
+                                    description: |-
+                                      Container image name.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images
+                                      This field is optional to allow higher level config management to default or override
+                                      container images in workload controllers like Deployments and StatefulSets.
+                                    type: string
+                                  imagePullPolicy:
+                                    description: |-
+                                      Image pull policy.
+                                      One of Always, Never, IfNotPresent.
+                                      Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                    type: string
+                                  lifecycle:
+                                    description: |-
+                                      Actions that the management system should take in response to container lifecycle events.
+                                      Cannot be updated.
+                                    properties:
+                                      postStart:
+                                        description: |-
+                                          PostStart is called immediately after a container is created. If the handler fails,
+                                          the container is terminated and restarted according to its restart policy.
+                                          Other management of the container blocks until the hook completes.
+                                          More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                      preStop:
+                                        description: |-
+                                          PreStop is called immediately before a container is terminated due to an
+                                          API request or management event such as liveness/startup probe failure,
+                                          preemption, resource contention, etc. The handler is not called if the
+                                          container crashes or exits. The Pod's termination grace period countdown begins before the
+                                          PreStop hook is executed.
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                    type: object
+                                  livenessProbe:
+                                    description: |-
+                                      Periodic probe of container liveness.
+                                      Container will be restarted if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  name:
+                                    description: |-
+                                      Name of the container specified as a DNS_LABEL.
+                                      Each container in a pod must have a unique name (DNS_LABEL).
+                                      Cannot be updated.
+                                    type: string
+                                  ports:
+                                    description: |-
+                                      List of ports to expose from the container. Not specifying a port here
+                                      DOES NOT prevent that port from being exposed. Any port which is
+                                      listening on the default "0.0.0.0" address inside a container will be
+                                      accessible from the network.
+                                      Modifying this array with strategic merge patch may corrupt the data.
+                                      For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+                                    items:
+                                      description: ContainerPort represents a network
+                                        port in a single container.
+                                      properties:
+                                        containerPort:
+                                          description: |-
+                                            Number of port to expose on the pod's IP address.
+                                            This must be a valid port number, 0 < x < 65536.
+                                          format: int32
+                                          type: integer
+                                        hostIP:
+                                          description: What host IP to bind the external
+                                            port to.
+                                          type: string
+                                        hostPort:
+                                          description: |-
+                                            Number of port to expose on the host.
+                                            If specified, this must be a valid port number, 0 < x < 65536.
+                                            If HostNetwork is specified, this must match ContainerPort.
+                                            Most containers do not need this.
+                                          format: int32
+                                          type: integer
+                                        name:
+                                          description: |-
+                                            If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                            named port in a pod must have a unique name. Name for the port that can be
+                                            referred to by services.
+                                          type: string
+                                        protocol:
+                                          default: TCP
+                                          description: |-
+                                            Protocol for port. Must be UDP, TCP, or SCTP.
+                                            Defaults to "TCP".
+                                          type: string
+                                      required:
+                                      - containerPort
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-map-keys:
+                                    - containerPort
+                                    - protocol
+                                    x-kubernetes-list-type: map
+                                  readinessProbe:
+                                    description: |-
+                                      Periodic probe of container service readiness.
+                                      Container will be removed from service endpoints if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  resizePolicy:
+                                    description: Resources resize policy for the container.
+                                    items:
+                                      description: ContainerResizePolicy represents
+                                        resource resize policy for the container.
+                                      properties:
+                                        resourceName:
+                                          description: |-
+                                            Name of the resource to which this resource resize policy applies.
+                                            Supported values: cpu, memory.
+                                          type: string
+                                        restartPolicy:
+                                          description: |-
+                                            Restart policy to apply when specified resource is resized.
+                                            If not specified, it defaults to NotRequired.
+                                          type: string
+                                      required:
+                                      - resourceName
+                                      - restartPolicy
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  resources:
+                                    description: |-
+                                      Compute Resources required by this container.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                    properties:
+                                      claims:
+                                        description: |-
+                                          Claims lists the names of resources, defined in spec.resourceClaims,
+                                          that are used by this container.
+
+
+                                          This is an alpha field and requires enabling the
+                                          DynamicResourceAllocation feature gate.
+
+
+                                          This field is immutable. It can only be set for containers.
+                                        items:
+                                          description: ResourceClaim references one
+                                            entry in PodSpec.ResourceClaims.
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name must match the name of one entry in pod.spec.resourceClaims of
+                                                the Pod where this field is used. It makes that resource available
+                                                inside a container.
+                                              type: string
+                                          required:
+                                          - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                        - name
+                                        x-kubernetes-list-type: map
+                                      limits:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Limits describes the maximum amount of compute resources allowed.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                      requests:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Requests describes the minimum amount of compute resources required.
+                                          If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                          otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                    type: object
+                                  restartPolicy:
+                                    description: |-
+                                      RestartPolicy defines the restart behavior of individual containers in a pod.
+                                      This field may only be set for init containers, and the only allowed value is "Always".
+                                      For non-init containers or when this field is not specified,
+                                      the restart behavior is defined by the Pod's restart policy and the container type.
+                                    type: string
+                                  securityContext:
+                                    description: |-
+                                      SecurityContext defines the security options the container should be run with.
+                                      If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                      More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+                                    properties:
+                                      allowPrivilegeEscalation:
+                                        description: |-
+                                          AllowPrivilegeEscalation controls whether a process can gain more
+                                          privileges than its parent process. This bool directly controls if
+                                          the no_new_privs flag will be set on the container process.
+                                          AllowPrivilegeEscalation is true always when the container is:
+                                          1) run as Privileged
+                                          2) has CAP_SYS_ADMIN
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      capabilities:
+                                        description: |-
+                                          The capabilities to add/drop when running containers.
+                                          Defaults to the default set of capabilities granted by the container runtime.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          add:
+                                            description: Added capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                          drop:
+                                            description: Removed capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                        type: object
+                                      privileged:
+                                        description: |-
+                                          Run container in privileged mode.
+                                          Processes in privileged containers are essentially equivalent to root on the host.
+                                          Defaults to false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      procMount:
+                                        description: |-
+                                          procMount denotes the type of proc mount to use for the containers.
+                                          The default is DefaultProcMount which uses the container runtime defaults for
+                                          readonly paths and masked paths.
+                                          This requires the ProcMountType feature flag to be enabled.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: string
+                                      readOnlyRootFilesystem:
+                                        description: |-
+                                          Whether this container has a read-only root filesystem.
+                                          Default is false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      runAsGroup:
+                                        description: |-
+                                          The GID to run the entrypoint of the container process.
+                                          Uses runtime default if unset.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      runAsNonRoot:
+                                        description: |-
+                                          Indicates that the container must run as a non-root user.
+                                          If true, the Kubelet will validate the image at runtime to ensure that it
+                                          does not run as UID 0 (root) and fail to start the container if it does.
+                                          If unset or false, no such validation will be performed.
+                                          May also be set in PodSecurityContext.
+                                        type: boolean
+                                      runAsUser:
+                                        description: |-
+                                          The UID to run the entrypoint of the container process.
+                                          Defaults to user specified in image metadata if unspecified.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      seLinuxOptions:
+                                        description: |-
+                                          The SELinux context to be applied to the container.
+                                          If unspecified, the container runtime will allocate a random SELinux context for each
+                                          container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          level:
+                                            description: Level is SELinux level label
+                                              that applies to the container.
+                                            type: string
+                                          role:
+                                            description: Role is a SELinux role label
+                                              that applies to the container.
+                                            type: string
+                                          type:
+                                            description: Type is a SELinux type label
+                                              that applies to the container.
+                                            type: string
+                                          user:
+                                            description: User is a SELinux user label
+                                              that applies to the container.
+                                            type: string
+                                        type: object
+                                      seccompProfile:
+                                        description: |-
+                                          The seccomp options to use by this container. If seccomp options are
+                                          provided at both the pod & container level, the container options
+                                          override the pod options.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          localhostProfile:
+                                            description: |-
+                                              localhostProfile indicates a profile defined in a file on the node should be used.
+                                              The profile must be preconfigured on the node to work.
+                                              Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                              Must be set if type is "Localhost". Must NOT be set for any other type.
+                                            type: string
+                                          type:
+                                            description: |-
+                                              type indicates which kind of seccomp profile will be applied.
+                                              Valid options are:
+
+
+                                              Localhost - a profile defined in a file on the node should be used.
+                                              RuntimeDefault - the container runtime default profile should be used.
+                                              Unconfined - no profile should be applied.
+                                            type: string
+                                        required:
+                                        - type
+                                        type: object
+                                      windowsOptions:
+                                        description: |-
+                                          The Windows specific settings applied to all containers.
+                                          If unspecified, the options from the PodSecurityContext will be used.
+                                          If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is linux.
+                                        properties:
+                                          gmsaCredentialSpec:
+                                            description: |-
+                                              GMSACredentialSpec is where the GMSA admission webhook
+                                              (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                              GMSA credential spec named by the GMSACredentialSpecName field.
+                                            type: string
+                                          gmsaCredentialSpecName:
+                                            description: GMSACredentialSpecName is
+                                              the name of the GMSA credential spec
+                                              to use.
+                                            type: string
+                                          hostProcess:
+                                            description: |-
+                                              HostProcess determines if a container should be run as a 'Host Process' container.
+                                              All of a Pod's containers must have the same effective HostProcess value
+                                              (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                              In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                            type: boolean
+                                          runAsUserName:
+                                            description: |-
+                                              The UserName in Windows to run the entrypoint of the container process.
+                                              Defaults to the user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext. If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: string
+                                        type: object
+                                    type: object
+                                  startupProbe:
+                                    description: |-
+                                      StartupProbe indicates that the Pod has successfully initialized.
+                                      If specified, no other probes are executed until this completes successfully.
+                                      If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  stdin:
+                                    description: |-
+                                      Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                      is not set, reads from stdin in the container will always result in EOF.
+                                      Default is false.
+                                    type: boolean
+                                  stdinOnce:
+                                    description: |-
+                                      Whether the container runtime should close the stdin channel after it has been opened by
+                                      a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                      sessions.
+                                    type: boolean
+                                  terminationMessagePath:
+                                    description: |-
+                                      Optional: Path at which the file to which the container's termination message
+                                      will be written is mounted into the container's filesystem.
+                                      Message written is intended to be brief final status, such as an assertion failure message.
+                                      Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                      all containers will be limited to 12kb.
+                                      Defaults to /dev/termination-log.
+                                    type: string
+                                  terminationMessagePolicy:
+                                    description: |-
+                                      Indicate how the termination message should be populated. File will use the contents of
+                                      terminationMessagePath to populate the container status message on both success and failure.
+                                      FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                      message file is empty and the container exited with an error.
+                                    type: string
+                                  tty:
+                                    description: |-
+                                      Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                      Default is false.
+                                    type: boolean
+                                  volumeDevices:
+                                    description: volumeDevices is the list of block
+                                      devices to be used by the container.
+                                    items:
+                                      description: volumeDevice describes a mapping
+                                        of a raw block device within a container.
+                                      properties:
+                                        devicePath:
+                                          description: devicePath is the path inside
+                                            of the container that the device will
+                                            be mapped to.
+                                          type: string
+                                        name:
+                                          description: name must match the name of
+                                            a persistentVolumeClaim in the pod
+                                          type: string
+                                      required:
+                                      - devicePath
+                                      - name
+                                      type: object
+                                    type: array
+                                  volumeMounts:
+                                    description: |-
+                                      Pod volumes to mount into the container's filesystem.
+                                      Cannot be updated.
+                                    items:
+                                      description: VolumeMount describes a mounting
+                                        of a Volume within a container.
+                                      properties:
+                                        mountPath:
+                                          description: |-
+                                            Path within the container at which the volume should be mounted.  Must
+                                            not contain ':'.
+                                          type: string
+                                        mountPropagation:
+                                          description: |-
+                                            mountPropagation determines how mounts are propagated from the host
+                                            to container and the other way around.
+                                            When not set, MountPropagationNone is used.
+                                            This field is beta in 1.10.
+                                          type: string
+                                        name:
+                                          description: This must match the Name of
+                                            a Volume.
+                                          type: string
+                                        readOnly:
+                                          description: |-
+                                            Mounted read-only if true, read-write otherwise (false or unspecified).
+                                            Defaults to false.
+                                          type: boolean
+                                        subPath:
+                                          description: |-
+                                            Path within the volume from which the container's volume should be mounted.
+                                            Defaults to "" (volume's root).
+                                          type: string
+                                        subPathExpr:
+                                          description: |-
+                                            Expanded path within the volume from which the container's volume should be mounted.
+                                            Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                            Defaults to "" (volume's root).
+                                            SubPathExpr and SubPath are mutually exclusive.
+                                          type: string
+                                      required:
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                  workingDir:
+                                    description: |-
+                                      Container's working directory.
+                                      If not specified, the container runtime's default will be used, which
+                                      might be configured in the container image.
+                                      Cannot be updated.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            dnsConfig:
+                              description: |-
+                                Specifies the DNS parameters of a pod.
+                                Parameters specified here will be merged to the generated DNS
+                                configuration based on DNSPolicy.
+                              properties:
+                                nameservers:
+                                  description: |-
+                                    A list of DNS name server IP addresses.
+                                    This will be appended to the base nameservers generated from DNSPolicy.
+                                    Duplicated nameservers will be removed.
+                                  items:
+                                    type: string
+                                  type: array
+                                options:
+                                  description: |-
+                                    A list of DNS resolver options.
+                                    This will be merged with the base options generated from DNSPolicy.
+                                    Duplicated entries will be removed. Resolution options given in Options
+                                    will override those that appear in the base DNSPolicy.
+                                  items:
+                                    description: PodDNSConfigOption defines DNS resolver
+                                      options of a pod.
+                                    properties:
+                                      name:
+                                        description: Required.
+                                        type: string
+                                      value:
+                                        type: string
+                                    type: object
+                                  type: array
+                                searches:
+                                  description: |-
+                                    A list of DNS search domains for host-name lookup.
+                                    This will be appended to the base search paths generated from DNSPolicy.
+                                    Duplicated search paths will be removed.
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            dnsPolicy:
+                              description: |-
+                                Set DNS policy for the pod.
+                                Defaults to "ClusterFirst".
+                                Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
+                                DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
+                                To have DNS options set along with hostNetwork, you have to specify DNS policy
+                                explicitly to 'ClusterFirstWithHostNet'.
+                              type: string
+                            enableServiceLinks:
+                              description: |-
+                                EnableServiceLinks indicates whether information about services should be injected into pod's
+                                environment variables, matching the syntax of Docker links.
+                                Optional: Defaults to true.
+                              type: boolean
+                            ephemeralContainers:
+                              description: |-
+                                List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing
+                                pod to perform user-initiated actions such as debugging. This list cannot be specified when
+                                creating a pod, and it cannot be modified by updating the pod spec. In order to add an
+                                ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
+                              items:
+                                description: |-
+                                  An EphemeralContainer is a temporary container that you may add to an existing Pod for
+                                  user-initiated activities such as debugging. Ephemeral containers have no resource or
+                                  scheduling guarantees, and they will not be restarted when they exit or when a Pod is
+                                  removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the
+                                  Pod to exceed its resource allocation.
+                                properties:
+                                  args:
+                                    description: |-
+                                      Arguments to the entrypoint.
+                                      The image's CMD is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+                                      produce the string literal "$(VAR_NAME)".
+                                    items:
+                                      type: string
+                                    type: array
+                                  command:
+                                    description: |-
+                                      Entrypoint array. Not executed within a shell.
+                                      The image's ENTRYPOINT is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  env:
+                                    description: |-
+                                      List of environment variables to set in the container.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvVar represents an environment
+                                        variable present in a Container.
+                                      properties:
+                                        name:
+                                          description: Name of the environment variable.
+                                            Must be a C_IDENTIFIER.
+                                          type: string
+                                        value:
+                                          description: |-
+                                            Variable references $(VAR_NAME) are expanded
+                                            using the previously defined environment variables in the container and
+                                            any service environment variables. If a variable cannot be resolved,
+                                            the reference in the input string will be unchanged. Double $$ are reduced
+                                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                          type: string
+                                        valueFrom:
+                                          description: Source for the environment
+                                            variable's value. Cannot be used if value
+                                            is not empty.
+                                          properties:
+                                            configMapKeyRef:
+                                              description: Selects a key of a ConfigMap.
+                                              properties:
+                                                key:
+                                                  description: The key to select.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    ConfigMap or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            fieldRef:
+                                              description: |-
+                                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            secretKeyRef:
+                                              description: Selects a key of a secret
+                                                in the pod's namespace
+                                              properties:
+                                                key:
+                                                  description: The key of the secret
+                                                    to select from.  Must be a valid
+                                                    secret key.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    Secret or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  envFrom:
+                                    description: |-
+                                      List of sources to populate environment variables in the container.
+                                      The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                      will be reported as an event when the container is starting. When a key exists in multiple
+                                      sources, the value associated with the last source will take precedence.
+                                      Values defined by an Env with a duplicate key will take precedence.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvFromSource represents the source
+                                        of a set of ConfigMaps
+                                      properties:
+                                        configMapRef:
+                                          description: The ConfigMap to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the ConfigMap
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        prefix:
+                                          description: An optional identifier to prepend
+                                            to each key in the ConfigMap. Must be
+                                            a C_IDENTIFIER.
+                                          type: string
+                                        secretRef:
+                                          description: The Secret to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the Secret
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                      type: object
+                                    type: array
+                                  image:
+                                    description: |-
+                                      Container image name.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images
+                                    type: string
+                                  imagePullPolicy:
+                                    description: |-
+                                      Image pull policy.
+                                      One of Always, Never, IfNotPresent.
+                                      Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                    type: string
+                                  lifecycle:
+                                    description: Lifecycle is not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      postStart:
+                                        description: |-
+                                          PostStart is called immediately after a container is created. If the handler fails,
+                                          the container is terminated and restarted according to its restart policy.
+                                          Other management of the container blocks until the hook completes.
+                                          More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                      preStop:
+                                        description: |-
+                                          PreStop is called immediately before a container is terminated due to an
+                                          API request or management event such as liveness/startup probe failure,
+                                          preemption, resource contention, etc. The handler is not called if the
+                                          container crashes or exits. The Pod's termination grace period countdown begins before the
+                                          PreStop hook is executed.
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                    type: object
+                                  livenessProbe:
+                                    description: Probes are not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  name:
+                                    description: |-
+                                      Name of the ephemeral container specified as a DNS_LABEL.
+                                      This name must be unique among all containers, init containers and ephemeral containers.
+                                    type: string
+                                  ports:
+                                    description: Ports are not allowed for ephemeral
+                                      containers.
+                                    items:
+                                      description: ContainerPort represents a network
+                                        port in a single container.
+                                      properties:
+                                        containerPort:
+                                          description: |-
+                                            Number of port to expose on the pod's IP address.
+                                            This must be a valid port number, 0 < x < 65536.
+                                          format: int32
+                                          type: integer
+                                        hostIP:
+                                          description: What host IP to bind the external
+                                            port to.
+                                          type: string
+                                        hostPort:
+                                          description: |-
+                                            Number of port to expose on the host.
+                                            If specified, this must be a valid port number, 0 < x < 65536.
+                                            If HostNetwork is specified, this must match ContainerPort.
+                                            Most containers do not need this.
+                                          format: int32
+                                          type: integer
+                                        name:
+                                          description: |-
+                                            If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                            named port in a pod must have a unique name. Name for the port that can be
+                                            referred to by services.
+                                          type: string
+                                        protocol:
+                                          default: TCP
+                                          description: |-
+                                            Protocol for port. Must be UDP, TCP, or SCTP.
+                                            Defaults to "TCP".
+                                          type: string
+                                      required:
+                                      - containerPort
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-map-keys:
+                                    - containerPort
+                                    - protocol
+                                    x-kubernetes-list-type: map
+                                  readinessProbe:
+                                    description: Probes are not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  resizePolicy:
+                                    description: Resources resize policy for the container.
+                                    items:
+                                      description: ContainerResizePolicy represents
+                                        resource resize policy for the container.
+                                      properties:
+                                        resourceName:
+                                          description: |-
+                                            Name of the resource to which this resource resize policy applies.
+                                            Supported values: cpu, memory.
+                                          type: string
+                                        restartPolicy:
+                                          description: |-
+                                            Restart policy to apply when specified resource is resized.
+                                            If not specified, it defaults to NotRequired.
+                                          type: string
+                                      required:
+                                      - resourceName
+                                      - restartPolicy
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  resources:
+                                    description: |-
+                                      Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources
+                                      already allocated to the pod.
+                                    properties:
+                                      claims:
+                                        description: |-
+                                          Claims lists the names of resources, defined in spec.resourceClaims,
+                                          that are used by this container.
+
+
+                                          This is an alpha field and requires enabling the
+                                          DynamicResourceAllocation feature gate.
+
+
+                                          This field is immutable. It can only be set for containers.
+                                        items:
+                                          description: ResourceClaim references one
+                                            entry in PodSpec.ResourceClaims.
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name must match the name of one entry in pod.spec.resourceClaims of
+                                                the Pod where this field is used. It makes that resource available
+                                                inside a container.
+                                              type: string
+                                          required:
+                                          - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                        - name
+                                        x-kubernetes-list-type: map
+                                      limits:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Limits describes the maximum amount of compute resources allowed.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                      requests:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Requests describes the minimum amount of compute resources required.
+                                          If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                          otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                    type: object
+                                  restartPolicy:
+                                    description: |-
+                                      Restart policy for the container to manage the restart behavior of each
+                                      container within a pod.
+                                      This may only be set for init containers. You cannot set this field on
+                                      ephemeral containers.
+                                    type: string
+                                  securityContext:
+                                    description: |-
+                                      Optional: SecurityContext defines the security options the ephemeral container should be run with.
+                                      If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                    properties:
+                                      allowPrivilegeEscalation:
+                                        description: |-
+                                          AllowPrivilegeEscalation controls whether a process can gain more
+                                          privileges than its parent process. This bool directly controls if
+                                          the no_new_privs flag will be set on the container process.
+                                          AllowPrivilegeEscalation is true always when the container is:
+                                          1) run as Privileged
+                                          2) has CAP_SYS_ADMIN
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      capabilities:
+                                        description: |-
+                                          The capabilities to add/drop when running containers.
+                                          Defaults to the default set of capabilities granted by the container runtime.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          add:
+                                            description: Added capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                          drop:
+                                            description: Removed capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                        type: object
+                                      privileged:
+                                        description: |-
+                                          Run container in privileged mode.
+                                          Processes in privileged containers are essentially equivalent to root on the host.
+                                          Defaults to false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      procMount:
+                                        description: |-
+                                          procMount denotes the type of proc mount to use for the containers.
+                                          The default is DefaultProcMount which uses the container runtime defaults for
+                                          readonly paths and masked paths.
+                                          This requires the ProcMountType feature flag to be enabled.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: string
+                                      readOnlyRootFilesystem:
+                                        description: |-
+                                          Whether this container has a read-only root filesystem.
+                                          Default is false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      runAsGroup:
+                                        description: |-
+                                          The GID to run the entrypoint of the container process.
+                                          Uses runtime default if unset.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      runAsNonRoot:
+                                        description: |-
+                                          Indicates that the container must run as a non-root user.
+                                          If true, the Kubelet will validate the image at runtime to ensure that it
+                                          does not run as UID 0 (root) and fail to start the container if it does.
+                                          If unset or false, no such validation will be performed.
+                                          May also be set in PodSecurityContext.
+                                        type: boolean
+                                      runAsUser:
+                                        description: |-
+                                          The UID to run the entrypoint of the container process.
+                                          Defaults to user specified in image metadata if unspecified.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      seLinuxOptions:
+                                        description: |-
+                                          The SELinux context to be applied to the container.
+                                          If unspecified, the container runtime will allocate a random SELinux context for each
+                                          container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          level:
+                                            description: Level is SELinux level label
+                                              that applies to the container.
+                                            type: string
+                                          role:
+                                            description: Role is a SELinux role label
+                                              that applies to the container.
+                                            type: string
+                                          type:
+                                            description: Type is a SELinux type label
+                                              that applies to the container.
+                                            type: string
+                                          user:
+                                            description: User is a SELinux user label
+                                              that applies to the container.
+                                            type: string
+                                        type: object
+                                      seccompProfile:
+                                        description: |-
+                                          The seccomp options to use by this container. If seccomp options are
+                                          provided at both the pod & container level, the container options
+                                          override the pod options.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          localhostProfile:
+                                            description: |-
+                                              localhostProfile indicates a profile defined in a file on the node should be used.
+                                              The profile must be preconfigured on the node to work.
+                                              Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                              Must be set if type is "Localhost". Must NOT be set for any other type.
+                                            type: string
+                                          type:
+                                            description: |-
+                                              type indicates which kind of seccomp profile will be applied.
+                                              Valid options are:
+
+
+                                              Localhost - a profile defined in a file on the node should be used.
+                                              RuntimeDefault - the container runtime default profile should be used.
+                                              Unconfined - no profile should be applied.
+                                            type: string
+                                        required:
+                                        - type
+                                        type: object
+                                      windowsOptions:
+                                        description: |-
+                                          The Windows specific settings applied to all containers.
+                                          If unspecified, the options from the PodSecurityContext will be used.
+                                          If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is linux.
+                                        properties:
+                                          gmsaCredentialSpec:
+                                            description: |-
+                                              GMSACredentialSpec is where the GMSA admission webhook
+                                              (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                              GMSA credential spec named by the GMSACredentialSpecName field.
+                                            type: string
+                                          gmsaCredentialSpecName:
+                                            description: GMSACredentialSpecName is
+                                              the name of the GMSA credential spec
+                                              to use.
+                                            type: string
+                                          hostProcess:
+                                            description: |-
+                                              HostProcess determines if a container should be run as a 'Host Process' container.
+                                              All of a Pod's containers must have the same effective HostProcess value
+                                              (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                              In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                            type: boolean
+                                          runAsUserName:
+                                            description: |-
+                                              The UserName in Windows to run the entrypoint of the container process.
+                                              Defaults to the user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext. If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: string
+                                        type: object
+                                    type: object
+                                  startupProbe:
+                                    description: Probes are not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  stdin:
+                                    description: |-
+                                      Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                      is not set, reads from stdin in the container will always result in EOF.
+                                      Default is false.
+                                    type: boolean
+                                  stdinOnce:
+                                    description: |-
+                                      Whether the container runtime should close the stdin channel after it has been opened by
+                                      a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                      sessions.
+                                    type: boolean
+                                  targetContainerName:
+                                    description: |-
+                                      If set, the name of the container from PodSpec that this ephemeral container targets.
+                                      The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.
+                                      If not set then the ephemeral container uses the namespaces configured in the Pod spec.
+
+
+                                      The container runtime must implement support for this feature.
+                                    type: string
+                                  terminationMessagePath:
+                                    description: |-
+                                      Optional: Path at which the file to which the container's termination message
+                                      will be written is mounted into the container's filesystem.
+                                      Message written is intended to be brief final status, such as an assertion failure message.
+                                      Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                      all containers will be limited to 12kb.
+                                      Defaults to /dev/termination-log.
+                                    type: string
+                                  terminationMessagePolicy:
+                                    description: |-
+                                      Indicate how the termination message should be populated. File will use the contents of
+                                      terminationMessagePath to populate the container status message on both success and failure.
+                                      FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                      message file is empty and the container exited with an error.
+                                    type: string
+                                  tty:
+                                    description: |-
+                                      Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                      Default is false.
+                                    type: boolean
+                                  volumeDevices:
+                                    description: volumeDevices is the list of block
+                                      devices to be used by the container.
+                                    items:
+                                      description: volumeDevice describes a mapping
+                                        of a raw block device within a container.
+                                      properties:
+                                        devicePath:
+                                          description: devicePath is the path inside
+                                            of the container that the device will
+                                            be mapped to.
+                                          type: string
+                                        name:
+                                          description: name must match the name of
+                                            a persistentVolumeClaim in the pod
+                                          type: string
+                                      required:
+                                      - devicePath
+                                      - name
+                                      type: object
+                                    type: array
+                                  volumeMounts:
+                                    description: |-
+                                      Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.
+                                      Cannot be updated.
+                                    items:
+                                      description: VolumeMount describes a mounting
+                                        of a Volume within a container.
+                                      properties:
+                                        mountPath:
+                                          description: |-
+                                            Path within the container at which the volume should be mounted.  Must
+                                            not contain ':'.
+                                          type: string
+                                        mountPropagation:
+                                          description: |-
+                                            mountPropagation determines how mounts are propagated from the host
+                                            to container and the other way around.
+                                            When not set, MountPropagationNone is used.
+                                            This field is beta in 1.10.
+                                          type: string
+                                        name:
+                                          description: This must match the Name of
+                                            a Volume.
+                                          type: string
+                                        readOnly:
+                                          description: |-
+                                            Mounted read-only if true, read-write otherwise (false or unspecified).
+                                            Defaults to false.
+                                          type: boolean
+                                        subPath:
+                                          description: |-
+                                            Path within the volume from which the container's volume should be mounted.
+                                            Defaults to "" (volume's root).
+                                          type: string
+                                        subPathExpr:
+                                          description: |-
+                                            Expanded path within the volume from which the container's volume should be mounted.
+                                            Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                            Defaults to "" (volume's root).
+                                            SubPathExpr and SubPath are mutually exclusive.
+                                          type: string
+                                      required:
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                  workingDir:
+                                    description: |-
+                                      Container's working directory.
+                                      If not specified, the container runtime's default will be used, which
+                                      might be configured in the container image.
+                                      Cannot be updated.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            hostAliases:
+                              description: |-
+                                HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
+                                file if specified. This is only valid for non-hostNetwork pods.
+                              items:
+                                description: |-
+                                  HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
+                                  pod's hosts file.
+                                properties:
+                                  hostnames:
+                                    description: Hostnames for the above IP address.
+                                    items:
+                                      type: string
+                                    type: array
+                                  ip:
+                                    description: IP address of the host file entry.
+                                    type: string
+                                type: object
+                              type: array
+                            hostIPC:
+                              description: |-
+                                Use the host's ipc namespace.
+                                Optional: Default to false.
+                              type: boolean
+                            hostNetwork:
+                              description: |-
+                                Host networking requested for this pod. Use the host's network namespace.
+                                If this option is set, the ports that will be used must be specified.
+                                Default to false.
+                              type: boolean
+                            hostPID:
+                              description: |-
+                                Use the host's pid namespace.
+                                Optional: Default to false.
+                              type: boolean
+                            hostUsers:
+                              description: |-
+                                Use the host's user namespace.
+                                Optional: Default to true.
+                                If set to true or not present, the pod will be run in the host user namespace, useful
+                                for when the pod needs a feature only available to the host user namespace, such as
+                                loading a kernel module with CAP_SYS_MODULE.
+                                When set to false, a new userns is created for the pod.
+                              type: boolean
+                            hostname:
+                              description: |-
+                                Specifies the hostname of the Pod
+                                If not specified, the pod's hostname will be set to a system-defined value.
+                              type: string
+                            imagePullSecrets:
+                              description: |-
+                                ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+                                If specified, these secrets will be passed to individual puller implementations for them to use.
+                                More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+                              items:
+                                description: |-
+                                  LocalObjectReference contains enough information to let you locate the
+                                  referenced object inside the same namespace.
+                                properties:
+                                  name:
+                                    description: |-
+                                      Name of the referent.
+                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                      TODO: Add other useful fields. apiVersion, kind, uid?
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              type: array
+                            initContainers:
+                              description: |-
+                                List of initialization containers belonging to the pod.
+                                Init containers are executed in order prior to containers being started. If any
+                                init container fails, the pod is considered to have failed and is handled according
+                                to its restartPolicy. The name for an init container or normal container must be
+                                unique among all containers.
+                              items:
+                                description: A single application container that you
+                                  want to run within a pod.
+                                properties:
+                                  args:
+                                    description: |-
+                                      Arguments to the entrypoint.
+                                      The container image's CMD is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  command:
+                                    description: |-
+                                      Entrypoint array. Not executed within a shell.
+                                      The container image's ENTRYPOINT is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  env:
+                                    description: |-
+                                      List of environment variables to set in the container.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvVar represents an environment
+                                        variable present in a Container.
+                                      properties:
+                                        name:
+                                          description: Name of the environment variable.
+                                            Must be a C_IDENTIFIER.
+                                          type: string
+                                        value:
+                                          description: |-
+                                            Variable references $(VAR_NAME) are expanded
+                                            using the previously defined environment variables in the container and
+                                            any service environment variables. If a variable cannot be resolved,
+                                            the reference in the input string will be unchanged. Double $$ are reduced
+                                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                          type: string
+                                        valueFrom:
+                                          description: Source for the environment
+                                            variable's value. Cannot be used if value
+                                            is not empty.
+                                          properties:
+                                            configMapKeyRef:
+                                              description: Selects a key of a ConfigMap.
+                                              properties:
+                                                key:
+                                                  description: The key to select.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    ConfigMap or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            fieldRef:
+                                              description: |-
+                                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            secretKeyRef:
+                                              description: Selects a key of a secret
+                                                in the pod's namespace
+                                              properties:
+                                                key:
+                                                  description: The key of the secret
+                                                    to select from.  Must be a valid
+                                                    secret key.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    Secret or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  envFrom:
+                                    description: |-
+                                      List of sources to populate environment variables in the container.
+                                      The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                      will be reported as an event when the container is starting. When a key exists in multiple
+                                      sources, the value associated with the last source will take precedence.
+                                      Values defined by an Env with a duplicate key will take precedence.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvFromSource represents the source
+                                        of a set of ConfigMaps
+                                      properties:
+                                        configMapRef:
+                                          description: The ConfigMap to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the ConfigMap
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        prefix:
+                                          description: An optional identifier to prepend
+                                            to each key in the ConfigMap. Must be
+                                            a C_IDENTIFIER.
+                                          type: string
+                                        secretRef:
+                                          description: The Secret to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the Secret
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                      type: object
+                                    type: array
+                                  image:
+                                    description: |-
+                                      Container image name.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images
+                                      This field is optional to allow higher level config management to default or override
+                                      container images in workload controllers like Deployments and StatefulSets.
+                                    type: string
+                                  imagePullPolicy:
+                                    description: |-
+                                      Image pull policy.
+                                      One of Always, Never, IfNotPresent.
+                                      Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                    type: string
+                                  lifecycle:
+                                    description: |-
+                                      Actions that the management system should take in response to container lifecycle events.
+                                      Cannot be updated.
+                                    properties:
+                                      postStart:
+                                        description: |-
+                                          PostStart is called immediately after a container is created. If the handler fails,
+                                          the container is terminated and restarted according to its restart policy.
+                                          Other management of the container blocks until the hook completes.
+                                          More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                      preStop:
+                                        description: |-
+                                          PreStop is called immediately before a container is terminated due to an
+                                          API request or management event such as liveness/startup probe failure,
+                                          preemption, resource contention, etc. The handler is not called if the
+                                          container crashes or exits. The Pod's termination grace period countdown begins before the
+                                          PreStop hook is executed.
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                    type: object
+                                  livenessProbe:
+                                    description: |-
+                                      Periodic probe of container liveness.
+                                      Container will be restarted if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  name:
+                                    description: |-
+                                      Name of the container specified as a DNS_LABEL.
+                                      Each container in a pod must have a unique name (DNS_LABEL).
+                                      Cannot be updated.
+                                    type: string
+                                  ports:
+                                    description: |-
+                                      List of ports to expose from the container. Not specifying a port here
+                                      DOES NOT prevent that port from being exposed. Any port which is
+                                      listening on the default "0.0.0.0" address inside a container will be
+                                      accessible from the network.
+                                      Modifying this array with strategic merge patch may corrupt the data.
+                                      For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+                                    items:
+                                      description: ContainerPort represents a network
+                                        port in a single container.
+                                      properties:
+                                        containerPort:
+                                          description: |-
+                                            Number of port to expose on the pod's IP address.
+                                            This must be a valid port number, 0 < x < 65536.
+                                          format: int32
+                                          type: integer
+                                        hostIP:
+                                          description: What host IP to bind the external
+                                            port to.
+                                          type: string
+                                        hostPort:
+                                          description: |-
+                                            Number of port to expose on the host.
+                                            If specified, this must be a valid port number, 0 < x < 65536.
+                                            If HostNetwork is specified, this must match ContainerPort.
+                                            Most containers do not need this.
+                                          format: int32
+                                          type: integer
+                                        name:
+                                          description: |-
+                                            If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                            named port in a pod must have a unique name. Name for the port that can be
+                                            referred to by services.
+                                          type: string
+                                        protocol:
+                                          default: TCP
+                                          description: |-
+                                            Protocol for port. Must be UDP, TCP, or SCTP.
+                                            Defaults to "TCP".
+                                          type: string
+                                      required:
+                                      - containerPort
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-map-keys:
+                                    - containerPort
+                                    - protocol
+                                    x-kubernetes-list-type: map
+                                  readinessProbe:
+                                    description: |-
+                                      Periodic probe of container service readiness.
+                                      Container will be removed from service endpoints if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  resizePolicy:
+                                    description: Resources resize policy for the container.
+                                    items:
+                                      description: ContainerResizePolicy represents
+                                        resource resize policy for the container.
+                                      properties:
+                                        resourceName:
+                                          description: |-
+                                            Name of the resource to which this resource resize policy applies.
+                                            Supported values: cpu, memory.
+                                          type: string
+                                        restartPolicy:
+                                          description: |-
+                                            Restart policy to apply when specified resource is resized.
+                                            If not specified, it defaults to NotRequired.
+                                          type: string
+                                      required:
+                                      - resourceName
+                                      - restartPolicy
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  resources:
+                                    description: |-
+                                      Compute Resources required by this container.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                    properties:
+                                      claims:
+                                        description: |-
+                                          Claims lists the names of resources, defined in spec.resourceClaims,
+                                          that are used by this container.
+
+
+                                          This is an alpha field and requires enabling the
+                                          DynamicResourceAllocation feature gate.
+
+
+                                          This field is immutable. It can only be set for containers.
+                                        items:
+                                          description: ResourceClaim references one
+                                            entry in PodSpec.ResourceClaims.
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name must match the name of one entry in pod.spec.resourceClaims of
+                                                the Pod where this field is used. It makes that resource available
+                                                inside a container.
+                                              type: string
+                                          required:
+                                          - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                        - name
+                                        x-kubernetes-list-type: map
+                                      limits:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Limits describes the maximum amount of compute resources allowed.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                      requests:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Requests describes the minimum amount of compute resources required.
+                                          If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                          otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                    type: object
+                                  restartPolicy:
+                                    description: |-
+                                      RestartPolicy defines the restart behavior of individual containers in a pod.
+                                      This field may only be set for init containers, and the only allowed value is "Always".
+                                      For non-init containers or when this field is not specified,
+                                      the restart behavior is defined by the Pod's restart policy and the container type.
+                                    type: string
+                                  securityContext:
+                                    description: |-
+                                      SecurityContext defines the security options the container should be run with.
+                                      If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                      More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+                                    properties:
+                                      allowPrivilegeEscalation:
+                                        description: |-
+                                          AllowPrivilegeEscalation controls whether a process can gain more
+                                          privileges than its parent process. This bool directly controls if
+                                          the no_new_privs flag will be set on the container process.
+                                          AllowPrivilegeEscalation is true always when the container is:
+                                          1) run as Privileged
+                                          2) has CAP_SYS_ADMIN
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      capabilities:
+                                        description: |-
+                                          The capabilities to add/drop when running containers.
+                                          Defaults to the default set of capabilities granted by the container runtime.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          add:
+                                            description: Added capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                          drop:
+                                            description: Removed capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                        type: object
+                                      privileged:
+                                        description: |-
+                                          Run container in privileged mode.
+                                          Processes in privileged containers are essentially equivalent to root on the host.
+                                          Defaults to false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      procMount:
+                                        description: |-
+                                          procMount denotes the type of proc mount to use for the containers.
+                                          The default is DefaultProcMount which uses the container runtime defaults for
+                                          readonly paths and masked paths.
+                                          This requires the ProcMountType feature flag to be enabled.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: string
+                                      readOnlyRootFilesystem:
+                                        description: |-
+                                          Whether this container has a read-only root filesystem.
+                                          Default is false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      runAsGroup:
+                                        description: |-
+                                          The GID to run the entrypoint of the container process.
+                                          Uses runtime default if unset.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      runAsNonRoot:
+                                        description: |-
+                                          Indicates that the container must run as a non-root user.
+                                          If true, the Kubelet will validate the image at runtime to ensure that it
+                                          does not run as UID 0 (root) and fail to start the container if it does.
+                                          If unset or false, no such validation will be performed.
+                                          May also be set in PodSecurityContext.
+                                        type: boolean
+                                      runAsUser:
+                                        description: |-
+                                          The UID to run the entrypoint of the container process.
+                                          Defaults to user specified in image metadata if unspecified.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      seLinuxOptions:
+                                        description: |-
+                                          The SELinux context to be applied to the container.
+                                          If unspecified, the container runtime will allocate a random SELinux context for each
+                                          container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          level:
+                                            description: Level is SELinux level label
+                                              that applies to the container.
+                                            type: string
+                                          role:
+                                            description: Role is a SELinux role label
+                                              that applies to the container.
+                                            type: string
+                                          type:
+                                            description: Type is a SELinux type label
+                                              that applies to the container.
+                                            type: string
+                                          user:
+                                            description: User is a SELinux user label
+                                              that applies to the container.
+                                            type: string
+                                        type: object
+                                      seccompProfile:
+                                        description: |-
+                                          The seccomp options to use by this container. If seccomp options are
+                                          provided at both the pod & container level, the container options
+                                          override the pod options.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          localhostProfile:
+                                            description: |-
+                                              localhostProfile indicates a profile defined in a file on the node should be used.
+                                              The profile must be preconfigured on the node to work.
+                                              Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                              Must be set if type is "Localhost". Must NOT be set for any other type.
+                                            type: string
+                                          type:
+                                            description: |-
+                                              type indicates which kind of seccomp profile will be applied.
+                                              Valid options are:
+
+
+                                              Localhost - a profile defined in a file on the node should be used.
+                                              RuntimeDefault - the container runtime default profile should be used.
+                                              Unconfined - no profile should be applied.
+                                            type: string
+                                        required:
+                                        - type
+                                        type: object
+                                      windowsOptions:
+                                        description: |-
+                                          The Windows specific settings applied to all containers.
+                                          If unspecified, the options from the PodSecurityContext will be used.
+                                          If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is linux.
+                                        properties:
+                                          gmsaCredentialSpec:
+                                            description: |-
+                                              GMSACredentialSpec is where the GMSA admission webhook
+                                              (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                              GMSA credential spec named by the GMSACredentialSpecName field.
+                                            type: string
+                                          gmsaCredentialSpecName:
+                                            description: GMSACredentialSpecName is
+                                              the name of the GMSA credential spec
+                                              to use.
+                                            type: string
+                                          hostProcess:
+                                            description: |-
+                                              HostProcess determines if a container should be run as a 'Host Process' container.
+                                              All of a Pod's containers must have the same effective HostProcess value
+                                              (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                              In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                            type: boolean
+                                          runAsUserName:
+                                            description: |-
+                                              The UserName in Windows to run the entrypoint of the container process.
+                                              Defaults to the user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext. If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: string
+                                        type: object
+                                    type: object
+                                  startupProbe:
+                                    description: |-
+                                      StartupProbe indicates that the Pod has successfully initialized.
+                                      If specified, no other probes are executed until this completes successfully.
+                                      If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  stdin:
+                                    description: |-
+                                      Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                      is not set, reads from stdin in the container will always result in EOF.
+                                      Default is false.
+                                    type: boolean
+                                  stdinOnce:
+                                    description: |-
+                                      Whether the container runtime should close the stdin channel after it has been opened by
+                                      a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                      sessions.
+                                    type: boolean
+                                  terminationMessagePath:
+                                    description: |-
+                                      Optional: Path at which the file to which the container's termination message
+                                      will be written is mounted into the container's filesystem.
+                                      Message written is intended to be brief final status, such as an assertion failure message.
+                                      Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                      all containers will be limited to 12kb.
+                                      Defaults to /dev/termination-log.
+                                    type: string
+                                  terminationMessagePolicy:
+                                    description: |-
+                                      Indicate how the termination message should be populated. File will use the contents of
+                                      terminationMessagePath to populate the container status message on both success and failure.
+                                      FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                      message file is empty and the container exited with an error.
+                                    type: string
+                                  tty:
+                                    description: |-
+                                      Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                      Default is false.
+                                    type: boolean
+                                  volumeDevices:
+                                    description: volumeDevices is the list of block
+                                      devices to be used by the container.
+                                    items:
+                                      description: volumeDevice describes a mapping
+                                        of a raw block device within a container.
+                                      properties:
+                                        devicePath:
+                                          description: devicePath is the path inside
+                                            of the container that the device will
+                                            be mapped to.
+                                          type: string
+                                        name:
+                                          description: name must match the name of
+                                            a persistentVolumeClaim in the pod
+                                          type: string
+                                      required:
+                                      - devicePath
+                                      - name
+                                      type: object
+                                    type: array
+                                  volumeMounts:
+                                    description: |-
+                                      Pod volumes to mount into the container's filesystem.
+                                      Cannot be updated.
+                                    items:
+                                      description: VolumeMount describes a mounting
+                                        of a Volume within a container.
+                                      properties:
+                                        mountPath:
+                                          description: |-
+                                            Path within the container at which the volume should be mounted.  Must
+                                            not contain ':'.
+                                          type: string
+                                        mountPropagation:
+                                          description: |-
+                                            mountPropagation determines how mounts are propagated from the host
+                                            to container and the other way around.
+                                            When not set, MountPropagationNone is used.
+                                            This field is beta in 1.10.
+                                          type: string
+                                        name:
+                                          description: This must match the Name of
+                                            a Volume.
+                                          type: string
+                                        readOnly:
+                                          description: |-
+                                            Mounted read-only if true, read-write otherwise (false or unspecified).
+                                            Defaults to false.
+                                          type: boolean
+                                        subPath:
+                                          description: |-
+                                            Path within the volume from which the container's volume should be mounted.
+                                            Defaults to "" (volume's root).
+                                          type: string
+                                        subPathExpr:
+                                          description: |-
+                                            Expanded path within the volume from which the container's volume should be mounted.
+                                            Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                            Defaults to "" (volume's root).
+                                            SubPathExpr and SubPath are mutually exclusive.
+                                          type: string
+                                      required:
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                  workingDir:
+                                    description: |-
+                                      Container's working directory.
+                                      If not specified, the container runtime's default will be used, which
+                                      might be configured in the container image.
+                                      Cannot be updated.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            nodeName:
+                              description: |-
+                                NodeName is a request to schedule this pod onto a specific node. If it is non-empty,
+                                the scheduler simply schedules this pod onto that node, assuming that it fits resource
+                                requirements.
+                              type: string
+                            nodeSelector:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                NodeSelector is a selector which must be true for the pod to fit on a node.
+                                Selector which must match a node's labels for the pod to be scheduled on that node.
+                                More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            os:
+                              description: |-
+                                Specifies the OS of the containers in the pod.
+                                Some pod and container fields are restricted if this is set.
+
+
+                                If the OS field is set to linux, the following fields must be unset:
+                                -securityContext.windowsOptions
+
+
+                                If the OS field is set to windows, following fields must be unset:
+                                - spec.hostPID
+                                - spec.hostIPC
+                                - spec.hostUsers
+                                - spec.securityContext.seLinuxOptions
+                                - spec.securityContext.
+                              properties:
+                                name:
+                                  description: |-
+                                    Name is the name of the operating system. The currently supported values are linux and windows.
+                                    Additional value may be defined in future and can be one of:
+                                    https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
+                                    Clients should expect to handle additional values and treat unrecognized values in this field as os: null
+                                  type: string
+                              required:
+                              - name
+                              type: object
+                            overhead:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              description: |-
+                                Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.
+                                This field will be autopopulated at admission time by the RuntimeClass admission controller. If
+                                the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.
+                                The RuntimeClass admission controller will reject Pod create requests which have the overhead already
+                                set.
+                              type: object
+                            preemptionPolicy:
+                              description: |-
+                                PreemptionPolicy is the Policy for preempting pods with lower priority.
+                                One of Never, PreemptLowerPriority.
+                                Defaults to PreemptLowerPriority if unset.
+                              type: string
+                            priority:
+                              description: |-
+                                The priority value. Various system components use this field to find the
+                                priority of the pod. When Priority Admission Controller is enabled, it
+                                prevents users from setting this field. The admission controller populates
+                                this field from PriorityClassName.
+                                The higher the value, the higher the priority.
+                              format: int32
+                              type: integer
+                            priorityClassName:
+                              description: |-
+                                If specified, indicates the pod's priority. "system-node-critical" and
+                                "system-cluster-critical" are two special keywords which indicate the
+                                highest priorities with the former being the highest priority. Any other
+                                name must be defined by creating a PriorityClass object with that name.
+                                If not specified, the pod priority will be default or zero if there is no
+                                default.
+                              type: string
+                            readinessGates:
+                              description: |-
+                                If specified, all readiness gates will be evaluated for pod readiness.
+                                A pod is ready when all its containers are ready AND
+                                all conditions specified in the readiness gates have status equal to "True"
+                                More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
+                              items:
+                                description: PodReadinessGate contains the reference
+                                  to a pod condition
+                                properties:
+                                  conditionType:
+                                    description: ConditionType refers to a condition
+                                      in the pod's condition list with matching type.
+                                    type: string
+                                required:
+                                - conditionType
+                                type: object
+                              type: array
+                            resourceClaims:
+                              description: |-
+                                ResourceClaims defines which ResourceClaims must be allocated
+                                and reserved before the Pod is allowed to start. The resources
+                                will be made available to those containers which consume them
+                                by name.
+
+
+                                This is an alpha field and requires enabling the
+                                DynamicResourceAllocation feature gate.
+
+
+                                This field is immutable.
+                              items:
+                                description: |-
+                                  PodResourceClaim references exactly one ResourceClaim through a ClaimSource.
+                                  It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
+                                  Containers that need access to the ResourceClaim reference it with this name.
+                                properties:
+                                  name:
+                                    description: |-
+                                      Name uniquely identifies this resource claim inside the pod.
+                                      This must be a DNS_LABEL.
+                                    type: string
+                                  source:
+                                    description: Source describes where to find the
+                                      ResourceClaim.
+                                    properties:
+                                      resourceClaimName:
+                                        description: |-
+                                          ResourceClaimName is the name of a ResourceClaim object in the same
+                                          namespace as this pod.
+                                        type: string
+                                      resourceClaimTemplateName:
+                                        description: |-
+                                          ResourceClaimTemplateName is the name of a ResourceClaimTemplate
+                                          object in the same namespace as this pod.
+
+
+                                          The template will be used to create a new ResourceClaim, which will
+                                          be bound to this pod. When this pod is deleted, the ResourceClaim
+                                          will also be deleted.
+                                        type: string
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
+                            restartPolicy:
+                              description: |-
+                                Restart policy for all containers within the pod.
+                                One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.
+                                Default to Always.
+                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
+                              type: string
+                            runtimeClassName:
+                              description: |-
+                                RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
+                                to run this pod.  If no RuntimeClass resource matches the named class, the pod will not be run.
+                                If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
+                                empty definition that uses the default runtime handler.
+                                More info: https://git.k8s.
+                              type: string
+                            schedulerName:
+                              description: |-
+                                If specified, the pod will be dispatched by specified scheduler.
+                                If not specified, the pod will be dispatched by default scheduler.
+                              type: string
+                            schedulingGates:
+                              description: |-
+                                SchedulingGates is an opaque list of values that if specified will block scheduling the pod.
+                                If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the
+                                scheduler will not attempt to schedule the pod.
+
+
+                                SchedulingGates can only be set at pod creation time, and be removed only afterwards.
+
+
+                                This is a beta feature enabled by the PodSchedulingReadiness feature gate.
+                              items:
+                                description: PodSchedulingGate is associated to a
+                                  Pod to guard its scheduling.
+                                properties:
+                                  name:
+                                    description: |-
+                                      Name of the scheduling gate.
+                                      Each scheduling gate must have a unique name field.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
+                            securityContext:
+                              description: |-
+                                SecurityContext holds pod-level security attributes and common container settings.
+                                Optional: Defaults to empty.  See type description for default values of each field.
+                              properties:
+                                fsGroup:
+                                  description: |-
+                                    A special supplemental group that applies to all containers in a pod.
+                                    Some volume types allow the Kubelet to change the ownership of that volume
+                                    to be owned by the pod:
+
+
+                                    1. The owning GID will be the FSGroup
+                                    2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
+                                    3.
+                                  format: int64
+                                  type: integer
+                                fsGroupChangePolicy:
+                                  description: |-
+                                    fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
+                                    before being exposed inside Pod. This field will only apply to
+                                    volume types which support fsGroup based ownership(and permissions).
+                                    It will have no effect on ephemeral volume types such as: secret, configmaps
+                                    and emptydir.
+                                    Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
+                                  type: string
+                                runAsGroup:
+                                  description: |-
+                                    The GID to run the entrypoint of the container process.
+                                    Uses runtime default if unset.
+                                    May also be set in SecurityContext.  If set in both SecurityContext and
+                                    PodSecurityContext, the value specified in SecurityContext takes precedence
+                                    for that container.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  format: int64
+                                  type: integer
+                                runAsNonRoot:
+                                  description: |-
+                                    Indicates that the container must run as a non-root user.
+                                    If true, the Kubelet will validate the image at runtime to ensure that it
+                                    does not run as UID 0 (root) and fail to start the container if it does.
+                                    If unset or false, no such validation will be performed.
+                                    May also be set in SecurityContext.
+                                  type: boolean
+                                runAsUser:
+                                  description: |-
+                                    The UID to run the entrypoint of the container process.
+                                    Defaults to user specified in image metadata if unspecified.
+                                    May also be set in SecurityContext.  If set in both SecurityContext and
+                                    PodSecurityContext, the value specified in SecurityContext takes precedence
+                                    for that container.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  format: int64
+                                  type: integer
+                                seLinuxOptions:
+                                  description: |-
+                                    The SELinux context to be applied to all containers.
+                                    If unspecified, the container runtime will allocate a random SELinux context for each
+                                    container.  May also be set in SecurityContext.  If set in
+                                    both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+                                    takes precedence for that container.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  properties:
+                                    level:
+                                      description: Level is SELinux level label that
+                                        applies to the container.
+                                      type: string
+                                    role:
+                                      description: Role is a SELinux role label that
+                                        applies to the container.
+                                      type: string
+                                    type:
+                                      description: Type is a SELinux type label that
+                                        applies to the container.
+                                      type: string
+                                    user:
+                                      description: User is a SELinux user label that
+                                        applies to the container.
+                                      type: string
+                                  type: object
+                                seccompProfile:
+                                  description: |-
+                                    The seccomp options to use by the containers in this pod.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  properties:
+                                    localhostProfile:
+                                      description: |-
+                                        localhostProfile indicates a profile defined in a file on the node should be used.
+                                        The profile must be preconfigured on the node to work.
+                                        Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                        Must be set if type is "Localhost". Must NOT be set for any other type.
+                                      type: string
+                                    type:
+                                      description: |-
+                                        type indicates which kind of seccomp profile will be applied.
+                                        Valid options are:
+
+
+                                        Localhost - a profile defined in a file on the node should be used.
+                                        RuntimeDefault - the container runtime default profile should be used.
+                                        Unconfined - no profile should be applied.
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                supplementalGroups:
+                                  description: |-
+                                    A list of groups applied to the first process run in each container, in addition
+                                    to the container's primary GID, the fsGroup (if specified), and group memberships
+                                    defined in the container image for the uid of the container process. If unspecified,
+                                    no additional groups are added to any container.
+                                  items:
+                                    format: int64
+                                    type: integer
+                                  type: array
+                                sysctls:
+                                  description: |-
+                                    Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
+                                    sysctls (by the container runtime) might fail to launch.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  items:
+                                    description: Sysctl defines a kernel parameter
+                                      to be set
+                                    properties:
+                                      name:
+                                        description: Name of a property to set
+                                        type: string
+                                      value:
+                                        description: Value of a property to set
+                                        type: string
+                                    required:
+                                    - name
+                                    - value
+                                    type: object
+                                  type: array
+                                windowsOptions:
+                                  description: |-
+                                    The Windows specific settings applied to all containers.
+                                    If unspecified, the options within a container's SecurityContext will be used.
+                                    If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                    Note that this field cannot be set when spec.os.name is linux.
+                                  properties:
+                                    gmsaCredentialSpec:
+                                      description: |-
+                                        GMSACredentialSpec is where the GMSA admission webhook
+                                        (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                        GMSA credential spec named by the GMSACredentialSpecName field.
+                                      type: string
+                                    gmsaCredentialSpecName:
+                                      description: GMSACredentialSpecName is the name
+                                        of the GMSA credential spec to use.
+                                      type: string
+                                    hostProcess:
+                                      description: |-
+                                        HostProcess determines if a container should be run as a 'Host Process' container.
+                                        All of a Pod's containers must have the same effective HostProcess value
+                                        (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                        In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                      type: boolean
+                                    runAsUserName:
+                                      description: |-
+                                        The UserName in Windows to run the entrypoint of the container process.
+                                        Defaults to the user specified in image metadata if unspecified.
+                                        May also be set in PodSecurityContext. If set in both SecurityContext and
+                                        PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                      type: string
+                                  type: object
+                              type: object
+                            serviceAccount:
+                              description: |-
+                                DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
+                                Deprecated: Use serviceAccountName instead.
+                              type: string
+                            serviceAccountName:
+                              description: |-
+                                ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+                                More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+                              type: string
+                            setHostnameAsFQDN:
+                              description: |-
+                                If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
+                                In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).
+                              type: boolean
+                            shareProcessNamespace:
+                              description: |-
+                                Share a single process namespace between all of the containers in a pod.
+                                When this is set containers will be able to view and signal processes from other containers
+                                in the same pod, and the first process in each container will not be assigned PID 1.
+                                HostPID and ShareProcessNamespace cannot both be set.
+                                Optional: Default to false.
+                              type: boolean
+                            subdomain:
+                              description: |-
+                                If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>".
+                                If not specified, the pod will not have a domainname at all.
+                              type: string
+                            terminationGracePeriodSeconds:
+                              description: |-
+                                Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.
+                                Value must be non-negative integer. The value zero indicates stop immediately via
+                                the kill signal (no opportunity to shut down).
+                                If this value is nil, the default grace period will be used instead.
+                              format: int64
+                              type: integer
+                            tolerations:
+                              description: If specified, the pod's tolerations.
+                              items:
+                                description: |-
+                                  The pod this Toleration is attached to tolerates any taint that matches
+                                  the triple <key,value,effect> using the matching operator <operator>.
+                                properties:
+                                  effect:
+                                    description: |-
+                                      Effect indicates the taint effect to match. Empty means match all taint effects.
+                                      When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+                                    type: string
+                                  key:
+                                    description: |-
+                                      Key is the taint key that the toleration applies to. Empty means match all taint keys.
+                                      If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+                                    type: string
+                                  operator:
+                                    description: |-
+                                      Operator represents a key's relationship to the value.
+                                      Valid operators are Exists and Equal. Defaults to Equal.
+                                      Exists is equivalent to wildcard for value, so that a pod can
+                                      tolerate all taints of a particular category.
+                                    type: string
+                                  tolerationSeconds:
+                                    description: |-
+                                      TolerationSeconds represents the period of time the toleration (which must be
+                                      of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+                                      it is not set, which means tolerate the taint forever (do not evict). Zero and
+                                      negative values will be treated as 0 (evict immediately) by the system.
+                                    format: int64
+                                    type: integer
+                                  value:
+                                    description: |-
+                                      Value is the taint value the toleration matches to.
+                                      If the operator is Exists, the value should be empty, otherwise just a regular string.
+                                    type: string
+                                type: object
+                              type: array
+                            topologySpreadConstraints:
+                              description: |-
+                                TopologySpreadConstraints describes how a group of pods ought to spread across topology
+                                domains. Scheduler will schedule pods in a way which abides by the constraints.
+                                All topologySpreadConstraints are ANDed.
+                              items:
+                                description: TopologySpreadConstraint specifies how
+                                  to spread matching pods among the given topology.
+                                properties:
+                                  labelSelector:
+                                    description: |-
+                                      LabelSelector is used to find matching pods.
+                                      Pods that match this label selector are counted to determine the number of pods
+                                      in their corresponding topology domain.
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of
+                                          label selector requirements. The requirements
+                                          are ANDed.
+                                        items:
+                                          description: |-
+                                            A label selector requirement is a selector that contains values, a key, and an operator that
+                                            relates the key and values.
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              type: string
+                                            operator:
+                                              description: |-
+                                                operator represents a key's relationship to a set of values.
+                                                Valid operators are In, NotIn, Exists and DoesNotExist.
+                                              type: string
+                                            values:
+                                              description: |-
+                                                values is an array of string values. If the operator is In or NotIn,
+                                                the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                the values array must be empty. This array is replaced during a strategic
+                                                merge patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                          - key
+                                          - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        description: |-
+                                          matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                          map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                          operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  matchLabelKeys:
+                                    description: |-
+                                      MatchLabelKeys is a set of pod label keys to select the pods over which
+                                      spreading will be calculated. The keys are used to lookup values from the
+                                      incoming pod labels, those key-value labels are ANDed with labelSelector
+                                      to select the group of existing pods over which spreading will be calculated
+                                      for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+                                    items:
+                                      type: string
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  maxSkew:
+                                    description: |-
+                                      MaxSkew describes the degree to which pods may be unevenly distributed.
+                                      When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
+                                      between the number of matching pods in the target topology and the global minimum.
+                                      The global minimum is the minimum number of matching pods in an eligible domain
+                                      or zero if the number of eligible domains is less than MinDomains.
+                                    format: int32
+                                    type: integer
+                                  minDomains:
+                                    description: |-
+                                      MinDomains indicates a minimum number of eligible domains.
+                                      When the number of eligible domains with matching topology keys is less than minDomains,
+                                      Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
+                                      And when the number of eligible domains with matching topology keys equals or greater than minDomains,
+                                      this value has no effect on scheduling.
+                                    format: int32
+                                    type: integer
+                                  nodeAffinityPolicy:
+                                    description: |-
+                                      NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
+                                      when calculating pod topology spread skew. Options are:
+                                      - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
+                                      - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
+
+
+                                      If this value is nil, the behavior is equivalent to the Honor policy.
+                                    type: string
+                                  nodeTaintsPolicy:
+                                    description: |-
+                                      NodeTaintsPolicy indicates how we will treat node taints when calculating
+                                      pod topology spread skew. Options are:
+                                      - Honor: nodes without taints, along with tainted nodes for which the incoming pod
+                                      has a toleration, are included.
+                                      - Ignore: node taints are ignored. All nodes are included.
+
+
+                                      If this value is nil, the behavior is equivalent to the Ignore policy.
+                                    type: string
+                                  topologyKey:
+                                    description: |-
+                                      TopologyKey is the key of node labels. Nodes that have a label with this key
+                                      and identical values are considered to be in the same topology.
+                                      We consider each <key, value> as a "bucket", and try to put balanced number
+                                      of pods into each bucket.
+                                      We define a domain as a particular instance of a topology.
+                                    type: string
+                                  whenUnsatisfiable:
+                                    description: |-
+                                      WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
+                                      the spread constraint.
+                                      - DoNotSchedule (default) tells the scheduler not to schedule it.
+                                      - ScheduleAnyway tells the scheduler to schedule the pod in any location,
+                                        but giving higher precedence to topologies that would help reduce the
+                                        skew.
+                                    type: string
+                                required:
+                                - maxSkew
+                                - topologyKey
+                                - whenUnsatisfiable
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - topologyKey
+                              - whenUnsatisfiable
+                              x-kubernetes-list-type: map
+                            volumes:
+                              description: |-
+                                List of volumes that can be mounted by containers belonging to the pod.
+                                More info: https://kubernetes.io/docs/concepts/storage/volumes
+                              items:
+                                description: Volume represents a named volume in a
+                                  pod that may be accessed by any container in the
+                                  pod.
+                                properties:
+                                  awsElasticBlockStore:
+                                    description: |-
+                                      awsElasticBlockStore represents an AWS Disk resource that is attached to a
+                                      kubelet's host machine and then exposed to the pod.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      partition:
+                                        description: |-
+                                          partition is the partition in the volume that you want to mount.
+                                          If omitted, the default is to mount by volume name.
+                                          Examples: For volume /dev/sda1, you specify the partition as "1".
+                                          Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+                                        format: int32
+                                        type: integer
+                                      readOnly:
+                                        description: |-
+                                          readOnly value true will force the readOnly setting in VolumeMounts.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                        type: boolean
+                                      volumeID:
+                                        description: |-
+                                          volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                        type: string
+                                    required:
+                                    - volumeID
+                                    type: object
+                                  azureDisk:
+                                    description: azureDisk represents an Azure Data
+                                      Disk mount on the host and bind mount to the
+                                      pod.
+                                    properties:
+                                      cachingMode:
+                                        description: 'cachingMode is the Host Caching
+                                          mode: None, Read Only, Read Write.'
+                                        type: string
+                                      diskName:
+                                        description: diskName is the Name of the data
+                                          disk in the blob storage
+                                        type: string
+                                      diskURI:
+                                        description: diskURI is the URI of data disk
+                                          in the blob storage
+                                        type: string
+                                      fsType:
+                                        description: |-
+                                          fsType is Filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      kind:
+                                        description: 'kind expected values are Shared:
+                                          multiple blob disks per storage account  Dedicated:
+                                          single blob disk per storage account  Managed:
+                                          azure managed data disk (only in managed
+                                          availability set). defaults to shared'
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                    required:
+                                    - diskName
+                                    - diskURI
+                                    type: object
+                                  azureFile:
+                                    description: azureFile represents an Azure File
+                                      Service mount on the host and bind mount to
+                                      the pod.
+                                    properties:
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretName:
+                                        description: secretName is the  name of secret
+                                          that contains Azure Storage Account Name
+                                          and Key
+                                        type: string
+                                      shareName:
+                                        description: shareName is the azure share
+                                          Name
+                                        type: string
+                                    required:
+                                    - secretName
+                                    - shareName
+                                    type: object
+                                  cephfs:
+                                    description: cephFS represents a Ceph FS mount
+                                      on the host that shares a pod's lifetime
+                                    properties:
+                                      monitors:
+                                        description: |-
+                                          monitors is Required: Monitors is a collection of Ceph monitors
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        items:
+                                          type: string
+                                        type: array
+                                      path:
+                                        description: 'path is Optional: Used as the
+                                          mounted root, rather than the full Ceph
+                                          tree, default is /'
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        type: boolean
+                                      secretFile:
+                                        description: |-
+                                          secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        type: string
+                                      secretRef:
+                                        description: |-
+                                          secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      user:
+                                        description: |-
+                                          user is optional: User is the rados user name, default is admin
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        type: string
+                                    required:
+                                    - monitors
+                                    type: object
+                                  cinder:
+                                    description: |-
+                                      cinder represents a cinder volume attached and mounted on kubelets host machine.
+                                      More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef is optional: points to a secret object containing parameters used to connect
+                                          to OpenStack.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      volumeID:
+                                        description: |-
+                                          volumeID used to identify the volume in cinder.
+                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                        type: string
+                                    required:
+                                    - volumeID
+                                    type: object
+                                  configMap:
+                                    description: configMap represents a configMap
+                                      that should populate this volume
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          defaultMode is optional: mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                          Defaults to 0644.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      items:
+                                        description: |-
+                                          items if unspecified, each key-value pair in the Data field of the referenced
+                                          ConfigMap will be projected into the volume as a file whose name is the
+                                          key and content is the value. If specified, the listed keys will be
+                                          projected into the specified paths, and unlisted keys will not be
+                                          present.
+                                        items:
+                                          description: Maps a string key to a path
+                                            within a volume.
+                                          properties:
+                                            key:
+                                              description: key is the key to project.
+                                              type: string
+                                            mode:
+                                              description: |-
+                                                mode is Optional: mode bits used to set permissions on this file.
+                                                Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                If not specified, the volume defaultMode will be used.
+                                              format: int32
+                                              type: integer
+                                            path:
+                                              description: |-
+                                                path is the relative path of the file to map the key to.
+                                                May not be an absolute path.
+                                                May not contain the path element '..'.
+                                                May not start with the string '..'.
+                                              type: string
+                                          required:
+                                          - key
+                                          - path
+                                          type: object
+                                        type: array
+                                      name:
+                                        description: |-
+                                          Name of the referent.
+                                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                          TODO: Add other useful fields. apiVersion, kind, uid?
+                                        type: string
+                                      optional:
+                                        description: optional specify whether the
+                                          ConfigMap or its keys must be defined
+                                        type: boolean
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  csi:
+                                    description: csi (Container Storage Interface)
+                                      represents ephemeral storage that is handled
+                                      by certain external CSI drivers (Beta feature).
+                                    properties:
+                                      driver:
+                                        description: |-
+                                          driver is the name of the CSI driver that handles this volume.
+                                          Consult with your admin for the correct name as registered in the cluster.
+                                        type: string
+                                      fsType:
+                                        description: |-
+                                          fsType to mount. Ex. "ext4", "xfs", "ntfs".
+                                          If not provided, the empty value is passed to the associated CSI driver
+                                          which will determine the default filesystem to apply.
+                                        type: string
+                                      nodePublishSecretRef:
+                                        description: |-
+                                          nodePublishSecretRef is a reference to the secret object containing
+                                          sensitive information to pass to the CSI driver to complete the CSI
+                                          NodePublishVolume and NodeUnpublishVolume calls.
+                                          This field is optional, and  may be empty if no secret is required. If the
+                                          secret object contains more than one secret, all secret references are passed.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      readOnly:
+                                        description: |-
+                                          readOnly specifies a read-only configuration for the volume.
+                                          Defaults to false (read/write).
+                                        type: boolean
+                                      volumeAttributes:
+                                        additionalProperties:
+                                          type: string
+                                        description: |-
+                                          volumeAttributes stores driver-specific properties that are passed to the CSI
+                                          driver. Consult your driver's documentation for supported values.
+                                        type: object
+                                    required:
+                                    - driver
+                                    type: object
+                                  downwardAPI:
+                                    description: downwardAPI represents downward API
+                                      about the pod that should populate this volume
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          Optional: mode bits to use on created files by default. Must be a
+                                          Optional: mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                          Defaults to 0644.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      items:
+                                        description: Items is a list of downward API
+                                          volume file
+                                        items:
+                                          description: DownwardAPIVolumeFile represents
+                                            information to create the file containing
+                                            the pod field
+                                          properties:
+                                            fieldRef:
+                                              description: 'Required: Selects a field
+                                                of the pod: only annotations, labels,
+                                                name and namespace are supported.'
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            mode:
+                                              description: |-
+                                                Optional: mode bits used to set permissions on this file, must be an octal value
+                                                between 0000 and 0777 or a decimal value between 0 and 511.
+                                                YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                If not specified, the volume defaultMode will be used.
+                                              format: int32
+                                              type: integer
+                                            path:
+                                              description: 'Required: Path is  the
+                                                relative path name of the file to
+                                                be created. Must not be absolute or
+                                                contain the ''..'' path. Must be utf-8
+                                                encoded. The first item of the relative
+                                                path must not start with ''..'''
+                                              type: string
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          required:
+                                          - path
+                                          type: object
+                                        type: array
+                                    type: object
+                                  emptyDir:
+                                    description: |-
+                                      emptyDir represents a temporary directory that shares a pod's lifetime.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+                                    properties:
+                                      medium:
+                                        description: |-
+                                          medium represents what type of storage medium should back this directory.
+                                          The default is "" which means to use the node's default medium.
+                                          Must be an empty string (default) or Memory.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+                                        type: string
+                                      sizeLimit:
+                                        anyOf:
+                                        - type: integer
+                                        - type: string
+                                        description: |-
+                                          sizeLimit is the total amount of local storage required for this EmptyDir volume.
+                                          The size limit is also applicable for memory medium.
+                                          The maximum usage on memory medium EmptyDir would be the minimum value between
+                                          the SizeLimit specified here and the sum of memory limits of all containers in a pod.
+                                          The default is nil which means that the limit is undefined.
+                                          More info: https://kubernetes.
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  ephemeral:
+                                    description: |-
+                                      ephemeral represents a volume that is handled by a cluster storage driver.
+                                      The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
+                                      and deleted when the pod is removed.
+                                    properties:
+                                      volumeClaimTemplate:
+                                        description: |-
+                                          Will be used to create a stand-alone PVC to provision the volume.
+                                          The pod in which this EphemeralVolumeSource is embedded will be the
+                                          owner of the PVC, i.e. the PVC will be deleted together with the
+                                          pod.  The name of the PVC will be `<pod name>-<volume name>` where
+                                          `<volume name>` is the name from the `PodSpec.Volumes` array
+                                          entry.
+                                        properties:
+                                          metadata:
+                                            description: |-
+                                              May contain labels and annotations that will be copied into the PVC
+                                              when creating it. No other fields are allowed and will be rejected during
+                                              validation.
+                                            properties:
+                                              annotations:
+                                                additionalProperties:
+                                                  type: string
+                                                type: object
+                                              finalizers:
+                                                items:
+                                                  type: string
+                                                type: array
+                                              labels:
+                                                additionalProperties:
+                                                  type: string
+                                                type: object
+                                              name:
+                                                type: string
+                                              namespace:
+                                                type: string
+                                            type: object
+                                          spec:
+                                            description: |-
+                                              The specification for the PersistentVolumeClaim. The entire content is
+                                              copied unchanged into the PVC that gets created from this
+                                              template. The same fields as in a PersistentVolumeClaim
+                                              are also valid here.
+                                            properties:
+                                              accessModes:
+                                                description: |-
+                                                  accessModes contains the desired access modes the volume should have.
+                                                  More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+                                                items:
+                                                  type: string
+                                                type: array
+                                              dataSource:
+                                                description: |-
+                                                  dataSource field can be used to specify either:
+                                                  * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+                                                  * An existing PVC (PersistentVolumeClaim)
+                                                  If the provisioner or an external controller can support the specified data source,
+                                                  it will create a new volume based on the contents of the specified data source.
+                                                properties:
+                                                  apiGroup:
+                                                    description: |-
+                                                      APIGroup is the group for the resource being referenced.
+                                                      If APIGroup is not specified, the specified Kind must be in the core API group.
+                                                      For any other third-party types, APIGroup is required.
+                                                    type: string
+                                                  kind:
+                                                    description: Kind is the type
+                                                      of resource being referenced
+                                                    type: string
+                                                  name:
+                                                    description: Name is the name
+                                                      of resource being referenced
+                                                    type: string
+                                                required:
+                                                - kind
+                                                - name
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              dataSourceRef:
+                                                description: |-
+                                                  dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+                                                  volume is desired. This may be any object from a non-empty API group (non
+                                                  core object) or a PersistentVolumeClaim object.
+                                                  When this field is specified, volume binding will only succeed if the type of
+                                                  the specified object matches some installed volume populator or dynamic
+                                                  provisioner.
+                                                properties:
+                                                  apiGroup:
+                                                    description: |-
+                                                      APIGroup is the group for the resource being referenced.
+                                                      If APIGroup is not specified, the specified Kind must be in the core API group.
+                                                      For any other third-party types, APIGroup is required.
+                                                    type: string
+                                                  kind:
+                                                    description: Kind is the type
+                                                      of resource being referenced
+                                                    type: string
+                                                  name:
+                                                    description: Name is the name
+                                                      of resource being referenced
+                                                    type: string
+                                                  namespace:
+                                                    description: |-
+                                                      Namespace is the namespace of resource being referenced
+                                                      Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+                                                      (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+                                                    type: string
+                                                required:
+                                                - kind
+                                                - name
+                                                type: object
+                                              resources:
+                                                description: |-
+                                                  resources represents the minimum resources the volume should have.
+                                                  If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+                                                  that are lower than previous value but must still be higher than capacity recorded in the
+                                                  status field of the claim.
+                                                  More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+                                                properties:
+                                                  limits:
+                                                    additionalProperties:
+                                                      anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    description: |-
+                                                      Limits describes the maximum amount of compute resources allowed.
+                                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                                    type: object
+                                                  requests:
+                                                    additionalProperties:
+                                                      anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    description: |-
+                                                      Requests describes the minimum amount of compute resources required.
+                                                      If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                                      otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                                    type: object
+                                                type: object
+                                              selector:
+                                                description: selector is a label query
+                                                  over volumes to consider for binding.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              storageClassName:
+                                                description: |-
+                                                  storageClassName is the name of the StorageClass required by the claim.
+                                                  More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+                                                type: string
+                                              volumeAttributesClassName:
+                                                description: |-
+                                                  volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+                                                  If specified, the CSI driver will create or update the volume with the attributes defined
+                                                  in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+                                                  it can be changed after the claim is created.
+                                                type: string
+                                              volumeMode:
+                                                description: |-
+                                                  volumeMode defines what type of volume is required by the claim.
+                                                  Value of Filesystem is implied when not included in claim spec.
+                                                type: string
+                                              volumeName:
+                                                description: volumeName is the binding
+                                                  reference to the PersistentVolume
+                                                  backing this claim.
+                                                type: string
+                                            type: object
+                                        required:
+                                        - spec
+                                        type: object
+                                    type: object
+                                  fc:
+                                    description: fc represents a Fibre Channel resource
+                                      that is attached to a kubelet's host machine
+                                      and then exposed to the pod.
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      lun:
+                                        description: 'lun is Optional: FC target lun
+                                          number'
+                                        format: int32
+                                        type: integer
+                                      readOnly:
+                                        description: |-
+                                          readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      targetWWNs:
+                                        description: 'targetWWNs is Optional: FC target
+                                          worldwide names (WWNs)'
+                                        items:
+                                          type: string
+                                        type: array
+                                      wwids:
+                                        description: |-
+                                          wwids Optional: FC volume world wide identifiers (wwids)
+                                          Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+                                        items:
+                                          type: string
+                                        type: array
+                                    type: object
+                                  flexVolume:
+                                    description: |-
+                                      flexVolume represents a generic volume resource that is
+                                      provisioned/attached using an exec based plugin.
+                                    properties:
+                                      driver:
+                                        description: driver is the name of the driver
+                                          to use for this volume.
+                                        type: string
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+                                        type: string
+                                      options:
+                                        additionalProperties:
+                                          type: string
+                                        description: 'options is Optional: this field
+                                          holds extra command options if any.'
+                                        type: object
+                                      readOnly:
+                                        description: |-
+                                          readOnly is Optional: defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef is Optional: secretRef is reference to the secret object containing
+                                          sensitive information to pass to the plugin scripts. This may be
+                                          empty if no secret object is specified. If the secret object
+                                          contains more than one secret, all secrets are passed to the plugin
+                                          scripts.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                    required:
+                                    - driver
+                                    type: object
+                                  flocker:
+                                    description: flocker represents a Flocker volume
+                                      attached to a kubelet's host machine. This depends
+                                      on the Flocker control service being running
+                                    properties:
+                                      datasetName:
+                                        description: |-
+                                          datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
+                                          should be considered as deprecated
+                                        type: string
+                                      datasetUUID:
+                                        description: datasetUUID is the UUID of the
+                                          dataset. This is unique identifier of a
+                                          Flocker dataset
+                                        type: string
+                                    type: object
+                                  gcePersistentDisk:
+                                    description: |-
+                                      gcePersistentDisk represents a GCE Disk resource that is attached to a
+                                      kubelet's host machine and then exposed to the pod.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      partition:
+                                        description: |-
+                                          partition is the partition in the volume that you want to mount.
+                                          If omitted, the default is to mount by volume name.
+                                          Examples: For volume /dev/sda1, you specify the partition as "1".
+                                          Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                        format: int32
+                                        type: integer
+                                      pdName:
+                                        description: |-
+                                          pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the ReadOnly setting in VolumeMounts.
+                                          Defaults to false.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                        type: boolean
+                                    required:
+                                    - pdName
+                                    type: object
+                                  gitRepo:
+                                    description: |-
+                                      gitRepo represents a git repository at a particular revision.
+                                      DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
+                                      EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
+                                      into the Pod's container.
+                                    properties:
+                                      directory:
+                                        description: |-
+                                          directory is the target directory name.
+                                          Must not contain or start with '..'.  If '.' is supplied, the volume directory will be the
+                                          git repository.  Otherwise, if specified, the volume will contain the git repository in
+                                          the subdirectory with the given name.
+                                        type: string
+                                      repository:
+                                        description: repository is the URL
+                                        type: string
+                                      revision:
+                                        description: revision is the commit hash for
+                                          the specified revision.
+                                        type: string
+                                    required:
+                                    - repository
+                                    type: object
+                                  glusterfs:
+                                    description: |-
+                                      glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
+                                      More info: https://examples.k8s.io/volumes/glusterfs/README.md
+                                    properties:
+                                      endpoints:
+                                        description: |-
+                                          endpoints is the endpoint name that details Glusterfs topology.
+                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                        type: string
+                                      path:
+                                        description: |-
+                                          path is the Glusterfs volume path.
+                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
+                                          Defaults to false.
+                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                        type: boolean
+                                    required:
+                                    - endpoints
+                                    - path
+                                    type: object
+                                  hostPath:
+                                    description: |-
+                                      hostPath represents a pre-existing file or directory on the host
+                                      machine that is directly exposed to the container. This is generally
+                                      used for system agents or other privileged things that are allowed
+                                      to see the host machine. Most containers will NOT need this.
+                                      More info: https://kubernetes.
+                                    properties:
+                                      path:
+                                        description: |-
+                                          path of the directory on the host.
+                                          If the path is a symlink, it will follow the link to the real path.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+                                        type: string
+                                      type:
+                                        description: |-
+                                          type for HostPath Volume
+                                          Defaults to ""
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+                                        type: string
+                                    required:
+                                    - path
+                                    type: object
+                                  iscsi:
+                                    description: |-
+                                      iscsi represents an ISCSI Disk resource that is attached to a
+                                      kubelet's host machine and then exposed to the pod.
+                                      More info: https://examples.k8s.io/volumes/iscsi/README.md
+                                    properties:
+                                      chapAuthDiscovery:
+                                        description: chapAuthDiscovery defines whether
+                                          support iSCSI Discovery CHAP authentication
+                                        type: boolean
+                                      chapAuthSession:
+                                        description: chapAuthSession defines whether
+                                          support iSCSI Session CHAP authentication
+                                        type: boolean
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      initiatorName:
+                                        description: |-
+                                          initiatorName is the custom iSCSI Initiator Name.
+                                          If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
+                                          <target portal>:<volume name> will be created for the connection.
+                                        type: string
+                                      iqn:
+                                        description: iqn is the target iSCSI Qualified
+                                          Name.
+                                        type: string
+                                      iscsiInterface:
+                                        description: |-
+                                          iscsiInterface is the interface Name that uses an iSCSI transport.
+                                          Defaults to 'default' (tcp).
+                                        type: string
+                                      lun:
+                                        description: lun represents iSCSI Target Lun
+                                          number.
+                                        format: int32
+                                        type: integer
+                                      portals:
+                                        description: |-
+                                          portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
+                                          is other than default (typically TCP ports 860 and 3260).
+                                        items:
+                                          type: string
+                                        type: array
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the ReadOnly setting in VolumeMounts.
+                                          Defaults to false.
+                                        type: boolean
+                                      secretRef:
+                                        description: secretRef is the CHAP Secret
+                                          for iSCSI target and initiator authentication
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      targetPortal:
+                                        description: |-
+                                          targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
+                                          is other than default (typically TCP ports 860 and 3260).
+                                        type: string
+                                    required:
+                                    - iqn
+                                    - lun
+                                    - targetPortal
+                                    type: object
+                                  name:
+                                    description: |-
+                                      name of the volume.
+                                      Must be a DNS_LABEL and unique within the pod.
+                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    type: string
+                                  nfs:
+                                    description: |-
+                                      nfs represents an NFS mount on the host that shares a pod's lifetime
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                    properties:
+                                      path:
+                                        description: |-
+                                          path that is exported by the NFS server.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the NFS export to be mounted with read-only permissions.
+                                          Defaults to false.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                        type: boolean
+                                      server:
+                                        description: |-
+                                          server is the hostname or IP address of the NFS server.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                        type: string
+                                    required:
+                                    - path
+                                    - server
+                                    type: object
+                                  persistentVolumeClaim:
+                                    description: |-
+                                      persistentVolumeClaimVolumeSource represents a reference to a
+                                      PersistentVolumeClaim in the same namespace.
+                                      More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+                                    properties:
+                                      claimName:
+                                        description: |-
+                                          claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
+                                          More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly Will force the ReadOnly setting in VolumeMounts.
+                                          Default false.
+                                        type: boolean
+                                    required:
+                                    - claimName
+                                    type: object
+                                  photonPersistentDisk:
+                                    description: photonPersistentDisk represents a
+                                      PhotonController persistent disk attached and
+                                      mounted on kubelets host machine
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      pdID:
+                                        description: pdID is the ID that identifies
+                                          Photon Controller persistent disk
+                                        type: string
+                                    required:
+                                    - pdID
+                                    type: object
+                                  portworxVolume:
+                                    description: portworxVolume represents a portworx
+                                      volume attached and mounted on kubelets host
+                                      machine
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fSType represents the filesystem type to mount
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      volumeID:
+                                        description: volumeID uniquely identifies
+                                          a Portworx volume
+                                        type: string
+                                    required:
+                                    - volumeID
+                                    type: object
+                                  projected:
+                                    description: projected items for all in one resources
+                                      secrets, configmaps, and downward API
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          defaultMode are the mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      sources:
+                                        description: sources is the list of volume
+                                          projections
+                                        items:
+                                          description: Projection that may be projected
+                                            along with other supported volume types
+                                          properties:
+                                            clusterTrustBundle:
+                                              description: |-
+                                                ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
+                                                of ClusterTrustBundle objects in an auto-updating file.
+
+
+                                                Alpha, gated by the ClusterTrustBundleProjection feature gate.
+
+
+                                                ClusterTrustBundle objects can either be selected by name, or by the
+                                                combination of signer name and a label selector.
+                                              properties:
+                                                labelSelector:
+                                                  description: |-
+                                                    Select all ClusterTrustBundles that match this label selector.  Only has
+                                                    effect if signerName is set.  Mutually-exclusive with name.  If unset,
+                                                    interpreted as "match nothing".  If set but empty, interpreted as "match
+                                                    everything".
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: |-
+                                                          A label selector requirement is a selector that contains values, a key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: |-
+                                                              operator represents a key's relationship to a set of values.
+                                                              Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: |-
+                                                              values is an array of string values. If the operator is In or NotIn,
+                                                              the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                              the values array must be empty. This array is replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: |-
+                                                        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                        map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                        operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                name:
+                                                  description: |-
+                                                    Select a single ClusterTrustBundle by object name.  Mutually-exclusive
+                                                    with signerName and labelSelector.
+                                                  type: string
+                                                optional:
+                                                  description: |-
+                                                    If true, don't block pod startup if the referenced ClusterTrustBundle(s)
+                                                    aren't available.  If using name, then the named ClusterTrustBundle is
+                                                    allowed not to exist.  If using signerName, then the combination of
+                                                    signerName and labelSelector is allowed to match zero
+                                                    ClusterTrustBundles.
+                                                  type: boolean
+                                                path:
+                                                  description: Relative path from
+                                                    the volume root to write the bundle.
+                                                  type: string
+                                                signerName:
+                                                  description: |-
+                                                    Select all ClusterTrustBundles that match this signer name.
+                                                    Mutually-exclusive with name.  The contents of all selected
+                                                    ClusterTrustBundles will be unified and deduplicated.
+                                                  type: string
+                                              required:
+                                              - path
+                                              type: object
+                                            configMap:
+                                              description: configMap information about
+                                                the configMap data to project
+                                              properties:
+                                                items:
+                                                  description: |-
+                                                    items if unspecified, each key-value pair in the Data field of the referenced
+                                                    ConfigMap will be projected into the volume as a file whose name is the
+                                                    key and content is the value. If specified, the listed keys will be
+                                                    projected into the specified paths, and unlisted keys will not be
+                                                    present.
+                                                  items:
+                                                    description: Maps a string key
+                                                      to a path within a volume.
+                                                    properties:
+                                                      key:
+                                                        description: key is the key
+                                                          to project.
+                                                        type: string
+                                                      mode:
+                                                        description: |-
+                                                          mode is Optional: mode bits used to set permissions on this file.
+                                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                          If not specified, the volume defaultMode will be used.
+                                                        format: int32
+                                                        type: integer
+                                                      path:
+                                                        description: |-
+                                                          path is the relative path of the file to map the key to.
+                                                          May not be an absolute path.
+                                                          May not contain the path element '..'.
+                                                          May not start with the string '..'.
+                                                        type: string
+                                                    required:
+                                                    - key
+                                                    - path
+                                                    type: object
+                                                  type: array
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: optional specify whether
+                                                    the ConfigMap or its keys must
+                                                    be defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            downwardAPI:
+                                              description: downwardAPI information
+                                                about the downwardAPI data to project
+                                              properties:
+                                                items:
+                                                  description: Items is a list of
+                                                    DownwardAPIVolume file
+                                                  items:
+                                                    description: DownwardAPIVolumeFile
+                                                      represents information to create
+                                                      the file containing the pod
+                                                      field
+                                                    properties:
+                                                      fieldRef:
+                                                        description: 'Required: Selects
+                                                          a field of the pod: only
+                                                          annotations, labels, name
+                                                          and namespace are supported.'
+                                                        properties:
+                                                          apiVersion:
+                                                            description: Version of
+                                                              the schema the FieldPath
+                                                              is written in terms
+                                                              of, defaults to "v1".
+                                                            type: string
+                                                          fieldPath:
+                                                            description: Path of the
+                                                              field to select in the
+                                                              specified API version.
+                                                            type: string
+                                                        required:
+                                                        - fieldPath
+                                                        type: object
+                                                        x-kubernetes-map-type: atomic
+                                                      mode:
+                                                        description: |-
+                                                          Optional: mode bits used to set permissions on this file, must be an octal value
+                                                          between 0000 and 0777 or a decimal value between 0 and 511.
+                                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                          If not specified, the volume defaultMode will be used.
+                                                        format: int32
+                                                        type: integer
+                                                      path:
+                                                        description: 'Required: Path
+                                                          is  the relative path name
+                                                          of the file to be created.
+                                                          Must not be absolute or
+                                                          contain the ''..'' path.
+                                                          Must be utf-8 encoded. The
+                                                          first item of the relative
+                                                          path must not start with
+                                                          ''..'''
+                                                        type: string
+                                                      resourceFieldRef:
+                                                        description: |-
+                                                          Selects a resource of the container: only resources limits and requests
+                                                          (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+                                                        properties:
+                                                          containerName:
+                                                            description: 'Container
+                                                              name: required for volumes,
+                                                              optional for env vars'
+                                                            type: string
+                                                          divisor:
+                                                            anyOf:
+                                                            - type: integer
+                                                            - type: string
+                                                            description: Specifies
+                                                              the output format of
+                                                              the exposed resources,
+                                                              defaults to "1"
+                                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                            x-kubernetes-int-or-string: true
+                                                          resource:
+                                                            description: 'Required:
+                                                              resource to select'
+                                                            type: string
+                                                        required:
+                                                        - resource
+                                                        type: object
+                                                        x-kubernetes-map-type: atomic
+                                                    required:
+                                                    - path
+                                                    type: object
+                                                  type: array
+                                              type: object
+                                            secret:
+                                              description: secret information about
+                                                the secret data to project
+                                              properties:
+                                                items:
+                                                  description: |-
+                                                    items if unspecified, each key-value pair in the Data field of the referenced
+                                                    Secret will be projected into the volume as a file whose name is the
+                                                    key and content is the value. If specified, the listed keys will be
+                                                    projected into the specified paths, and unlisted keys will not be
+                                                    present.
+                                                  items:
+                                                    description: Maps a string key
+                                                      to a path within a volume.
+                                                    properties:
+                                                      key:
+                                                        description: key is the key
+                                                          to project.
+                                                        type: string
+                                                      mode:
+                                                        description: |-
+                                                          mode is Optional: mode bits used to set permissions on this file.
+                                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                          If not specified, the volume defaultMode will be used.
+                                                        format: int32
+                                                        type: integer
+                                                      path:
+                                                        description: |-
+                                                          path is the relative path of the file to map the key to.
+                                                          May not be an absolute path.
+                                                          May not contain the path element '..'.
+                                                          May not start with the string '..'.
+                                                        type: string
+                                                    required:
+                                                    - key
+                                                    - path
+                                                    type: object
+                                                  type: array
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: optional field specify
+                                                    whether the Secret or its key
+                                                    must be defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            serviceAccountToken:
+                                              description: serviceAccountToken is
+                                                information about the serviceAccountToken
+                                                data to project
+                                              properties:
+                                                audience:
+                                                  description: |-
+                                                    audience is the intended audience of the token. A recipient of a token
+                                                    must identify itself with an identifier specified in the audience of the
+                                                    token, and otherwise should reject the token. The audience defaults to the
+                                                    identifier of the apiserver.
+                                                  type: string
+                                                expirationSeconds:
+                                                  description: |-
+                                                    expirationSeconds is the requested duration of validity of the service
+                                                    account token. As the token approaches expiration, the kubelet volume
+                                                    plugin will proactively rotate the service account token. The kubelet will
+                                                    start trying to rotate the token if the token is older than 80 percent of
+                                                    its time to live or if the token is older than 24 hours.Defaults to 1 hour
+                                                    and must be at least 10 minutes.
+                                                  format: int64
+                                                  type: integer
+                                                path:
+                                                  description: |-
+                                                    path is the path relative to the mount point of the file to project the
+                                                    token into.
+                                                  type: string
+                                              required:
+                                              - path
+                                              type: object
+                                          type: object
+                                        type: array
+                                    type: object
+                                  quobyte:
+                                    description: quobyte represents a Quobyte mount
+                                      on the host that shares a pod's lifetime
+                                    properties:
+                                      group:
+                                        description: |-
+                                          group to map volume access to
+                                          Default is no group
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the Quobyte volume to be mounted with read-only permissions.
+                                          Defaults to false.
+                                        type: boolean
+                                      registry:
+                                        description: |-
+                                          registry represents a single or multiple Quobyte Registry services
+                                          specified as a string as host:port pair (multiple entries are separated with commas)
+                                          which acts as the central registry for volumes
+                                        type: string
+                                      tenant:
+                                        description: |-
+                                          tenant owning the given Quobyte volume in the Backend
+                                          Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+                                        type: string
+                                      user:
+                                        description: |-
+                                          user to map volume access to
+                                          Defaults to serivceaccount user
+                                        type: string
+                                      volume:
+                                        description: volume is a string that references
+                                          an already created Quobyte volume by name.
+                                        type: string
+                                    required:
+                                    - registry
+                                    - volume
+                                    type: object
+                                  rbd:
+                                    description: |-
+                                      rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
+                                      More info: https://examples.k8s.io/volumes/rbd/README.md
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      image:
+                                        description: |-
+                                          image is the rados image name.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                      keyring:
+                                        description: |-
+                                          keyring is the path to key ring for RBDUser.
+                                          Default is /etc/ceph/keyring.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                      monitors:
+                                        description: |-
+                                          monitors is a collection of Ceph monitors.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        items:
+                                          type: string
+                                        type: array
+                                      pool:
+                                        description: |-
+                                          pool is the rados pool name.
+                                          Default is rbd.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the ReadOnly setting in VolumeMounts.
+                                          Defaults to false.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef is name of the authentication secret for RBDUser. If provided
+                                          overrides keyring.
+                                          Default is nil.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      user:
+                                        description: |-
+                                          user is the rados user name.
+                                          Default is admin.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                    required:
+                                    - image
+                                    - monitors
+                                    type: object
+                                  scaleIO:
+                                    description: scaleIO represents a ScaleIO persistent
+                                      volume attached and mounted on Kubernetes nodes.
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs".
+                                          Default is "xfs".
+                                        type: string
+                                      gateway:
+                                        description: gateway is the host address of
+                                          the ScaleIO API Gateway.
+                                        type: string
+                                      protectionDomain:
+                                        description: protectionDomain is the name
+                                          of the ScaleIO Protection Domain for the
+                                          configured storage.
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef references to the secret for ScaleIO user and other
+                                          sensitive information. If this is not provided, Login operation will fail.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      sslEnabled:
+                                        description: sslEnabled Flag enable/disable
+                                          SSL communication with Gateway, default
+                                          false
+                                        type: boolean
+                                      storageMode:
+                                        description: |-
+                                          storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
+                                          Default is ThinProvisioned.
+                                        type: string
+                                      storagePool:
+                                        description: storagePool is the ScaleIO Storage
+                                          Pool associated with the protection domain.
+                                        type: string
+                                      system:
+                                        description: system is the name of the storage
+                                          system as configured in ScaleIO.
+                                        type: string
+                                      volumeName:
+                                        description: |-
+                                          volumeName is the name of a volume already created in the ScaleIO system
+                                          that is associated with this volume source.
+                                        type: string
+                                    required:
+                                    - gateway
+                                    - secretRef
+                                    - system
+                                    type: object
+                                  secret:
+                                    description: |-
+                                      secret represents a secret that should populate this volume.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          defaultMode is Optional: mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values
+                                          for mode bits. Defaults to 0644.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      items:
+                                        description: |-
+                                          items If unspecified, each key-value pair in the Data field of the referenced
+                                          Secret will be projected into the volume as a file whose name is the
+                                          key and content is the value. If specified, the listed keys will be
+                                          projected into the specified paths, and unlisted keys will not be
+                                          present.
+                                        items:
+                                          description: Maps a string key to a path
+                                            within a volume.
+                                          properties:
+                                            key:
+                                              description: key is the key to project.
+                                              type: string
+                                            mode:
+                                              description: |-
+                                                mode is Optional: mode bits used to set permissions on this file.
+                                                Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                If not specified, the volume defaultMode will be used.
+                                              format: int32
+                                              type: integer
+                                            path:
+                                              description: |-
+                                                path is the relative path of the file to map the key to.
+                                                May not be an absolute path.
+                                                May not contain the path element '..'.
+                                                May not start with the string '..'.
+                                              type: string
+                                          required:
+                                          - key
+                                          - path
+                                          type: object
+                                        type: array
+                                      optional:
+                                        description: optional field specify whether
+                                          the Secret or its keys must be defined
+                                        type: boolean
+                                      secretName:
+                                        description: |-
+                                          secretName is the name of the secret in the pod's namespace to use.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+                                        type: string
+                                    type: object
+                                  storageos:
+                                    description: storageOS represents a StorageOS
+                                      volume attached and mounted on Kubernetes nodes.
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef specifies the secret to use for obtaining the StorageOS API
+                                          credentials.  If not specified, default values will be attempted.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      volumeName:
+                                        description: |-
+                                          volumeName is the human-readable name of the StorageOS volume.  Volume
+                                          names are only unique within a namespace.
+                                        type: string
+                                      volumeNamespace:
+                                        description: |-
+                                          volumeNamespace specifies the scope of the volume within StorageOS.  If no
+                                          namespace is specified then the Pod's namespace will be used.  This allows the
+                                          Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
+                                          Set VolumeName to any name to override the default behaviour.
+                                          Set to "default" if you are not using namespaces within StorageOS.
+                                        type: string
+                                    type: object
+                                  vsphereVolume:
+                                    description: vsphereVolume represents a vSphere
+                                      volume attached and mounted on kubelets host
+                                      machine
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      storagePolicyID:
+                                        description: storagePolicyID is the storage
+                                          Policy Based Management (SPBM) profile ID
+                                          associated with the StoragePolicyName.
+                                        type: string
+                                      storagePolicyName:
+                                        description: storagePolicyName is the storage
+                                          Policy Based Management (SPBM) profile name.
+                                        type: string
+                                      volumePath:
+                                        description: volumePath is the path that identifies
+                                          vSphere volume vmdk
+                                        type: string
+                                    required:
+                                    - volumePath
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                          required:
+                          - containers
+                          type: object
+                      type: object
+                  type: object
+                description: |-
+                  A map of PaddleReplicaType (type) to ReplicaSpec (value). Specifies the Paddle cluster configuration.
+                  For example,
+                    {
+                      "Master": PaddleReplicaSpec,
+                      "Worker": PaddleReplicaSpec,
+                    }
+                type: object
+              runPolicy:
+                description: |-
+                  RunPolicy encapsulates various runtime policies of the distributed training
+                  job, for example how to clean up resources and how long the job can stay
+                  active.
+                properties:
+                  activeDeadlineSeconds:
+                    description: |-
+                      Specifies the duration in seconds relative to the startTime that the job may be active
+                      before the system tries to terminate it; value must be positive integer.
+                    format: int64
+                    type: integer
+                  backoffLimit:
+                    description: Optional number of retries before marking this job
+                      failed.
+                    format: int32
+                    type: integer
+                  cleanPodPolicy:
+                    description: |-
+                      CleanPodPolicy defines the policy to kill pods after the job completes.
+                      Default to None.
+                    type: string
+                  schedulingPolicy:
+                    description: SchedulingPolicy defines the policy related to scheduling,
+                      e.g. gang-scheduling
+                    properties:
+                      minAvailable:
+                        format: int32
+                        type: integer
+                      minResources:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        type: object
+                      priorityClass:
+                        type: string
+                      queue:
+                        type: string
+                        x-kubernetes-validations:
+                        - message: spec.runPolicy.schedulingPolicy.queue is immutable
+                          rule: self == oldSelf
+                      scheduleTimeoutSeconds:
+                        format: int32
+                        type: integer
+                    type: object
+                  suspend:
+                    default: false
+                    description: |-
+                      suspend specifies whether the Job controller should create Pods or not.
+                      If a Job is created with suspend set to true, no Pods are created by
+                      the Job controller. If a Job is suspended after creation (i.e. the
+                      flag goes from false to true), the Job controller will delete all
+                      active Pods and PodGroups associated with this Job.
+                      Users must design their workload to gracefully handle this.
+                    type: boolean
+                  ttlSecondsAfterFinished:
+                    description: |-
+                      TTLSecondsAfterFinished is the TTL to clean up jobs.
+                      It may take extra ReconcilePeriod seconds for the cleanup, since
+                      reconcile gets called periodically.
+                      Default to infinite.
+                    format: int32
+                    type: integer
+                type: object
+            required:
+            - paddleReplicaSpecs
+            type: object
+          status:
+            description: |-
+              Most recently observed status of the PaddleJob.
+              Read-only (modified by the system).
+            properties:
+              completionTime:
+                description: |-
+                  Represents time when the job was completed. It is not guaranteed to
+                  be set in happens-before order across separate operations.
+                  It is represented in RFC3339 form and is in UTC.
+                format: date-time
+                type: string
+              conditions:
+                description: Conditions is an array of current observed job conditions.
+                items:
+                  description: JobCondition describes the state of the job at a certain
+                    point.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another.
+                      format: date-time
+                      type: string
+                    lastUpdateTime:
+                      description: The last time this condition was updated.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of job condition.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              lastReconcileTime:
+                description: |-
+                  Represents last time when the job was reconciled. It is not guaranteed to
+                  be set in happens-before order across separate operations.
+                  It is represented in RFC3339 form and is in UTC.
+                format: date-time
+                type: string
+              replicaStatuses:
+                additionalProperties:
+                  description: ReplicaStatus represents the current observed state
+                    of the replica.
+                  properties:
+                    active:
+                      description: The number of actively running pods.
+                      format: int32
+                      type: integer
+                    failed:
+                      description: The number of pods which reached phase Failed.
+                      format: int32
+                      type: integer
+                    labelSelector:
+                      description: 'Deprecated: Use Selector instead'
+                      properties:
+                        matchExpressions:
+                          description: matchExpressions is a list of label selector
+                            requirements. The requirements are ANDed.
+                          items:
+                            description: |-
+                              A label selector requirement is a selector that contains values, a key, and an operator that
+                              relates the key and values.
+                            properties:
+                              key:
+                                description: key is the label key that the selector
+                                  applies to.
+                                type: string
+                              operator:
+                                description: |-
+                                  operator represents a key's relationship to a set of values.
+                                  Valid operators are In, NotIn, Exists and DoesNotExist.
+                                type: string
+                              values:
+                                description: |-
+                                  values is an array of string values. If the operator is In or NotIn,
+                                  the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                  the values array must be empty. This array is replaced during a strategic
+                                  merge patch.
+                                items:
+                                  type: string
+                                type: array
+                            required:
+                            - key
+                            - operator
+                            type: object
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: |-
+                            matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                            map is equivalent to an element of matchExpressions, whose key field is "key", the
+                            operator is "In", and the values array contains only "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                      x-kubernetes-map-type: atomic
+                    selector:
+                      description: |-
+                        A Selector is a label query over a set of resources. The result of matchLabels and
+                        matchExpressions are ANDed. An empty Selector matches all objects. A null
+                        Selector matches no objects.
+                      type: string
+                    succeeded:
+                      description: The number of pods which reached phase Succeeded.
+                      format: int32
+                      type: integer
+                  type: object
+                description: |-
+                  ReplicaStatuses is map of ReplicaType and ReplicaStatus,
+                  specifies the status of each replica.
+                type: object
+              startTime:
+                description: |-
+                  Represents time when the job was acknowledged by the job controller.
+                  It is not guaranteed to be set in happens-before order across separate operations.
+                  It is represented in RFC3339 form and is in UTC.
+                format: date-time
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      scale:
+        labelSelectorPath: .status.replicaStatuses.Worker.selector
+        specReplicasPath: .spec.paddleReplicaSpecs.Worker.replicas
+        statusReplicasPath: .status.replicaStatuses.Worker.active
+      status: {}
+{{- end }}
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_pytorchjobs.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_pytorchjobs.yaml
new file mode 100644
index 00000000..9419380a
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_pytorchjobs.yaml
@@ -0,0 +1,8068 @@
+{{- if (include "kubeflowCrds.trainingOperator.enabled" . | eq "true") -}}
+{{- if .Values.crds.minimized }}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }}
+  name: {{ include "kubeflowCrds.trainingOperator.pytorchFullName" . }}
+spec:
+  group: {{ include "kubeflowCrds.trainingOperator.group" . }}
+  names:
+    kind: PyTorchJob
+    listKind: PyTorchJobList
+    plural: {{ include "kubeflowCrds.trainingOperator.pytorchPluralName" . }}
+    singular: {{ include "kubeflowCrds.trainingOperator.pytorchSingularName" . }}
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[-1:].type
+      name: State
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1
+    schema:
+      openAPIV3Schema:
+        description: PyTorchJob Represents a PyTorchJob resource.
+        type: object
+        x-kubernetes-preserve-unknown-fields: true
+    served: true
+    storage: true
+    subresources:
+      scale:
+        labelSelectorPath: .status.replicaStatuses.Worker.selector
+        specReplicasPath: .spec.pytorchReplicaSpecs.Worker.replicas
+        statusReplicasPath: .status.replicaStatuses.Worker.active
+      status: {}
+
+{{- else }}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }}
+  name: {{ include "kubeflowCrds.trainingOperator.pytorchFullName" . }}
+spec:
+  group: {{ include "kubeflowCrds.trainingOperator.group" . }}
+  names:
+    kind: PyTorchJob
+    listKind: PyTorchJobList
+    plural: {{ include "kubeflowCrds.trainingOperator.pytorchPluralName" . }}
+    singular: {{ include "kubeflowCrds.trainingOperator.pytorchSingularName" . }}
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[-1:].type
+      name: State
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1
+    schema:
+      openAPIV3Schema:
+        description: PyTorchJob Represents a PyTorchJob resource.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Specification of the desired state of the PyTorchJob.
+            properties:
+              elasticPolicy:
+                properties:
+                  maxReplicas:
+                    description: upper limit for the number of pods that can be set
+                      by the autoscaler; cannot be smaller than MinReplicas, defaults
+                      to null.
+                    format: int32
+                    type: integer
+                  maxRestarts:
+                    format: int32
+                    type: integer
+                  metrics:
+                    description: |-
+                      Metrics contains the specifications which are used to calculate the
+                      desired replica count (the maximum replica count across all metrics will
+                      be used).  The desired replica count is calculated with multiplying the
+                      ratio between the target value and the current value by the current
+                      number of pods. Ergo, metrics used must decrease as the pod count is
+                      increased, and vice-versa.
+                    items:
+                      description: |-
+                        MetricSpec specifies how to scale based on a single metric
+                        (only `type` and one other matching field should be set at once).
+                      properties:
+                        containerResource:
+                          description: |-
+                            containerResource refers to a resource metric (such as those specified in
+                            requests and limits) known to Kubernetes describing a single container in
+                            each pod of the current scale target (e.g. CPU or memory). Such metrics are
+                            built in to Kubernetes, and have special scaling options on top of those
+                            available to normal per-pod metrics using the "pods" source.
+                          properties:
+                            container:
+                              description: container is the name of the container
+                                in the pods of the scaling target
+                              type: string
+                            name:
+                              description: name is the name of the resource in question.
+                              type: string
+                            target:
+                              description: target specifies the target value for the
+                                given metric
+                              properties:
+                                averageUtilization:
+                                  description: |-
+                                    averageUtilization is the target value of the average of the
+                                    resource metric across all relevant pods, represented as a percentage of
+                                    the requested value of the resource for the pods.
+                                    Currently only valid for Resource metric source type
+                                  format: int32
+                                  type: integer
+                                averageValue:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: |-
+                                    averageValue is the target value of the average of the
+                                    metric across all relevant pods (as a quantity)
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                type:
+                                  description: type represents whether the metric
+                                    type is Utilization, Value, or AverageValue
+                                  type: string
+                                value:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: value is the target value of the metric
+                                    (as a quantity).
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                              required:
+                              - type
+                              type: object
+                          required:
+                          - container
+                          - name
+                          - target
+                          type: object
+                        external:
+                          description: |-
+                            external refers to a global metric that is not associated
+                            with any Kubernetes object. It allows autoscaling based on information
+                            coming from components running outside of cluster
+                            (for example length of queue in cloud messaging service, or
+                            QPS from loadbalancer running outside of cluster).
+                          properties:
+                            metric:
+                              description: metric identifies the target metric by
+                                name and selector
+                              properties:
+                                name:
+                                  description: name is the name of the given metric
+                                  type: string
+                                selector:
+                                  description: |-
+                                    selector is the string-encoded form of a standard kubernetes label selector for the given metric
+                                    When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping.
+                                    When unset, just the metricName will be used to gather metrics.
+                                  properties:
+                                    matchExpressions:
+                                      description: matchExpressions is a list of label
+                                        selector requirements. The requirements are
+                                        ANDed.
+                                      items:
+                                        description: |-
+                                          A label selector requirement is a selector that contains values, a key, and an operator that
+                                          relates the key and values.
+                                        properties:
+                                          key:
+                                            description: key is the label key that
+                                              the selector applies to.
+                                            type: string
+                                          operator:
+                                            description: |-
+                                              operator represents a key's relationship to a set of values.
+                                              Valid operators are In, NotIn, Exists and DoesNotExist.
+                                            type: string
+                                          values:
+                                            description: |-
+                                              values is an array of string values. If the operator is In or NotIn,
+                                              the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                              the values array must be empty. This array is replaced during a strategic
+                                              merge patch.
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        type: string
+                                      description: |-
+                                        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                        map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                        operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                      type: object
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              required:
+                              - name
+                              type: object
+                            target:
+                              description: target specifies the target value for the
+                                given metric
+                              properties:
+                                averageUtilization:
+                                  description: |-
+                                    averageUtilization is the target value of the average of the
+                                    resource metric across all relevant pods, represented as a percentage of
+                                    the requested value of the resource for the pods.
+                                    Currently only valid for Resource metric source type
+                                  format: int32
+                                  type: integer
+                                averageValue:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: |-
+                                    averageValue is the target value of the average of the
+                                    metric across all relevant pods (as a quantity)
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                type:
+                                  description: type represents whether the metric
+                                    type is Utilization, Value, or AverageValue
+                                  type: string
+                                value:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: value is the target value of the metric
+                                    (as a quantity).
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                              required:
+                              - type
+                              type: object
+                          required:
+                          - metric
+                          - target
+                          type: object
+                        object:
+                          description: |-
+                            object refers to a metric describing a single kubernetes object
+                            (for example, hits-per-second on an Ingress object).
+                          properties:
+                            describedObject:
+                              description: describedObject specifies the descriptions
+                                of a object,such as kind,name apiVersion
+                              properties:
+                                apiVersion:
+                                  description: apiVersion is the API version of the
+                                    referent
+                                  type: string
+                                kind:
+                                  description: 'kind is the kind of the referent;
+                                    More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                                  type: string
+                                name:
+                                  description: 'name is the name of the referent;
+                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                                  type: string
+                              required:
+                              - kind
+                              - name
+                              type: object
+                            metric:
+                              description: metric identifies the target metric by
+                                name and selector
+                              properties:
+                                name:
+                                  description: name is the name of the given metric
+                                  type: string
+                                selector:
+                                  description: |-
+                                    selector is the string-encoded form of a standard kubernetes label selector for the given metric
+                                    When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping.
+                                    When unset, just the metricName will be used to gather metrics.
+                                  properties:
+                                    matchExpressions:
+                                      description: matchExpressions is a list of label
+                                        selector requirements. The requirements are
+                                        ANDed.
+                                      items:
+                                        description: |-
+                                          A label selector requirement is a selector that contains values, a key, and an operator that
+                                          relates the key and values.
+                                        properties:
+                                          key:
+                                            description: key is the label key that
+                                              the selector applies to.
+                                            type: string
+                                          operator:
+                                            description: |-
+                                              operator represents a key's relationship to a set of values.
+                                              Valid operators are In, NotIn, Exists and DoesNotExist.
+                                            type: string
+                                          values:
+                                            description: |-
+                                              values is an array of string values. If the operator is In or NotIn,
+                                              the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                              the values array must be empty. This array is replaced during a strategic
+                                              merge patch.
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        type: string
+                                      description: |-
+                                        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                        map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                        operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                      type: object
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              required:
+                              - name
+                              type: object
+                            target:
+                              description: target specifies the target value for the
+                                given metric
+                              properties:
+                                averageUtilization:
+                                  description: |-
+                                    averageUtilization is the target value of the average of the
+                                    resource metric across all relevant pods, represented as a percentage of
+                                    the requested value of the resource for the pods.
+                                    Currently only valid for Resource metric source type
+                                  format: int32
+                                  type: integer
+                                averageValue:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: |-
+                                    averageValue is the target value of the average of the
+                                    metric across all relevant pods (as a quantity)
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                type:
+                                  description: type represents whether the metric
+                                    type is Utilization, Value, or AverageValue
+                                  type: string
+                                value:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: value is the target value of the metric
+                                    (as a quantity).
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                              required:
+                              - type
+                              type: object
+                          required:
+                          - describedObject
+                          - metric
+                          - target
+                          type: object
+                        pods:
+                          description: |-
+                            pods refers to a metric describing each pod in the current scale target
+                            (for example, transactions-processed-per-second).  The values will be
+                            averaged together before being compared to the target value.
+                          properties:
+                            metric:
+                              description: metric identifies the target metric by
+                                name and selector
+                              properties:
+                                name:
+                                  description: name is the name of the given metric
+                                  type: string
+                                selector:
+                                  description: |-
+                                    selector is the string-encoded form of a standard kubernetes label selector for the given metric
+                                    When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping.
+                                    When unset, just the metricName will be used to gather metrics.
+                                  properties:
+                                    matchExpressions:
+                                      description: matchExpressions is a list of label
+                                        selector requirements. The requirements are
+                                        ANDed.
+                                      items:
+                                        description: |-
+                                          A label selector requirement is a selector that contains values, a key, and an operator that
+                                          relates the key and values.
+                                        properties:
+                                          key:
+                                            description: key is the label key that
+                                              the selector applies to.
+                                            type: string
+                                          operator:
+                                            description: |-
+                                              operator represents a key's relationship to a set of values.
+                                              Valid operators are In, NotIn, Exists and DoesNotExist.
+                                            type: string
+                                          values:
+                                            description: |-
+                                              values is an array of string values. If the operator is In or NotIn,
+                                              the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                              the values array must be empty. This array is replaced during a strategic
+                                              merge patch.
+                                            items:
+                                              type: string
+                                            type: array
+                                        required:
+                                        - key
+                                        - operator
+                                        type: object
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        type: string
+                                      description: |-
+                                        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                        map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                        operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                      type: object
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              required:
+                              - name
+                              type: object
+                            target:
+                              description: target specifies the target value for the
+                                given metric
+                              properties:
+                                averageUtilization:
+                                  description: |-
+                                    averageUtilization is the target value of the average of the
+                                    resource metric across all relevant pods, represented as a percentage of
+                                    the requested value of the resource for the pods.
+                                    Currently only valid for Resource metric source type
+                                  format: int32
+                                  type: integer
+                                averageValue:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: |-
+                                    averageValue is the target value of the average of the
+                                    metric across all relevant pods (as a quantity)
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                type:
+                                  description: type represents whether the metric
+                                    type is Utilization, Value, or AverageValue
+                                  type: string
+                                value:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: value is the target value of the metric
+                                    (as a quantity).
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                              required:
+                              - type
+                              type: object
+                          required:
+                          - metric
+                          - target
+                          type: object
+                        resource:
+                          description: |-
+                            resource refers to a resource metric (such as those specified in
+                            requests and limits) known to Kubernetes describing each pod in the
+                            current scale target (e.g. CPU or memory). Such metrics are built in to
+                            Kubernetes, and have special scaling options on top of those available
+                            to normal per-pod metrics using the "pods" source.
+                          properties:
+                            name:
+                              description: name is the name of the resource in question.
+                              type: string
+                            target:
+                              description: target specifies the target value for the
+                                given metric
+                              properties:
+                                averageUtilization:
+                                  description: |-
+                                    averageUtilization is the target value of the average of the
+                                    resource metric across all relevant pods, represented as a percentage of
+                                    the requested value of the resource for the pods.
+                                    Currently only valid for Resource metric source type
+                                  format: int32
+                                  type: integer
+                                averageValue:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: |-
+                                    averageValue is the target value of the average of the
+                                    metric across all relevant pods (as a quantity)
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                type:
+                                  description: type represents whether the metric
+                                    type is Utilization, Value, or AverageValue
+                                  type: string
+                                value:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: value is the target value of the metric
+                                    (as a quantity).
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                              required:
+                              - type
+                              type: object
+                          required:
+                          - name
+                          - target
+                          type: object
+                        type:
+                          description: |-
+                            type is the type of metric source.  It should be one of "ContainerResource", "External",
+                            "Object", "Pods" or "Resource", each mapping to a matching field in the object.
+                            Note: "ContainerResource" type is available on when the feature-gate
+                            HPAContainerMetrics is enabled
+                          type: string
+                      required:
+                      - type
+                      type: object
+                    type: array
+                  minReplicas:
+                    description: |-
+                      minReplicas is the lower limit for the number of replicas to which the training job
+                      can scale down.  It defaults to null.
+                    format: int32
+                    type: integer
+                  nProcPerNode:
+                    description: |-
+                      Number of workers per node; supported values: [auto, cpu, gpu, int].
+                      Deprecated: This API is deprecated in v1.7+
+                      Use .spec.nprocPerNode instead.
+                    format: int32
+                    type: integer
+                  rdzvBackend:
+                    type: string
+                  rdzvConf:
+                    description: RDZVConf contains additional rendezvous configuration
+                      (<key1>=<value1>,<key2>=<value2>,...).
+                    items:
+                      properties:
+                        key:
+                          type: string
+                        value:
+                          type: string
+                      type: object
+                    type: array
+                  rdzvHost:
+                    type: string
+                  rdzvId:
+                    type: string
+                  rdzvPort:
+                    format: int32
+                    type: integer
+                  standalone:
+                    description: |-
+                      Start a local standalone rendezvous backend that is represented by a C10d TCP store
+                      on port 29400. Useful when launching single-node, multi-worker job. If specified
+                      --rdzv_backend, --rdzv_endpoint, --rdzv_id are auto-assigned; any explicitly set values
+                      are ignored.
+                    type: boolean
+                type: object
+              nprocPerNode:
+                description: |-
+                  Number of workers per node; supported values: [auto, cpu, gpu, int].
+                  For more, https://github.com/pytorch/pytorch/blob/26f7f470df64d90e092081e39507e4ac751f55d6/torch/distributed/run.py#L629-L658.
+                  Defaults to auto.
+                type: string
+              pytorchReplicaSpecs:
+                additionalProperties:
+                  description: ReplicaSpec is a description of the replica
+                  properties:
+                    replicas:
+                      description: |-
+                        Replicas is the desired number of replicas of the given template.
+                        If unspecified, defaults to 1.
+                      format: int32
+                      type: integer
+                    restartPolicy:
+                      description: |-
+                        Restart policy for all replicas within the job.
+                        One of Always, OnFailure, Never and ExitCode.
+                        Default to Never.
+                      type: string
+                    template:
+                      description: |-
+                        Template is the object that describes the pod that
+                        will be created for this replica. RestartPolicy in PodTemplateSpec
+                        will be overide by RestartPolicy in ReplicaSpec
+                      properties:
+                        metadata:
+                          description: |-
+                            Standard object's metadata.
+                            More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+                          properties:
+                            annotations:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            finalizers:
+                              items:
+                                type: string
+                              type: array
+                            labels:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                          type: object
+                        spec:
+                          description: |-
+                            Specification of the desired behavior of the pod.
+                            More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+                          properties:
+                            activeDeadlineSeconds:
+                              description: |-
+                                Optional duration in seconds the pod may be active on the node relative to
+                                StartTime before the system will actively try to mark it failed and kill associated containers.
+                                Value must be a positive integer.
+                              format: int64
+                              type: integer
+                            affinity:
+                              description: If specified, the pod's scheduling constraints
+                              properties:
+                                nodeAffinity:
+                                  description: Describes node affinity scheduling
+                                    rules for the pod.
+                                  properties:
+                                    preferredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        The scheduler will prefer to schedule pods to nodes that satisfy
+                                        the affinity expressions specified by this field, but it may choose
+                                        a node that violates one or more of the expressions. The node that is
+                                        most preferred is the one with the greatest sum of weights, i.e.
+                                        for each node that meets all of the scheduling requirements (resource
+                                        request, requiredDuringScheduling affinity expressions, etc.
+                                      items:
+                                        description: |-
+                                          An empty preferred scheduling term matches all objects with implicit weight 0
+                                          (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+                                        properties:
+                                          preference:
+                                            description: A node selector term, associated
+                                              with the corresponding weight.
+                                            properties:
+                                              matchExpressions:
+                                                description: A list of node selector
+                                                  requirements by node's labels.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchFields:
+                                                description: A list of node selector
+                                                  requirements by node's fields.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          weight:
+                                            description: Weight associated with matching
+                                              the corresponding nodeSelectorTerm,
+                                              in the range 1-100.
+                                            format: int32
+                                            type: integer
+                                        required:
+                                        - preference
+                                        - weight
+                                        type: object
+                                      type: array
+                                    requiredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        If the affinity requirements specified by this field are not met at
+                                        scheduling time, the pod will not be scheduled onto the node.
+                                        If the affinity requirements specified by this field cease to be met
+                                        at some point during pod execution (e.g. due to an update), the system
+                                        may or may not try to eventually evict the pod from its node.
+                                      properties:
+                                        nodeSelectorTerms:
+                                          description: Required. A list of node selector
+                                            terms. The terms are ORed.
+                                          items:
+                                            description: |-
+                                              A null or empty node selector term matches no objects. The requirements of
+                                              them are ANDed.
+                                              The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+                                            properties:
+                                              matchExpressions:
+                                                description: A list of node selector
+                                                  requirements by node's labels.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchFields:
+                                                description: A list of node selector
+                                                  requirements by node's fields.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          type: array
+                                      required:
+                                      - nodeSelectorTerms
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                  type: object
+                                podAffinity:
+                                  description: Describes pod affinity scheduling rules
+                                    (e.g. co-locate this pod in the same node, zone,
+                                    etc. as some other pod(s)).
+                                  properties:
+                                    preferredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        The scheduler will prefer to schedule pods to nodes that satisfy
+                                        the affinity expressions specified by this field, but it may choose
+                                        a node that violates one or more of the expressions. The node that is
+                                        most preferred is the one with the greatest sum of weights, i.e.
+                                        for each node that meets all of the scheduling requirements (resource
+                                        request, requiredDuringScheduling affinity expressions, etc.
+                                      items:
+                                        description: The weights of all of the matched
+                                          WeightedPodAffinityTerm fields are added
+                                          per-node to find the most preferred node(s)
+                                        properties:
+                                          podAffinityTerm:
+                                            description: Required. A pod affinity
+                                              term, associated with the corresponding
+                                              weight.
+                                            properties:
+                                              labelSelector:
+                                                description: |-
+                                                  A label query over a set of resources, in this case pods.
+                                                  If it's null, this PodAffinityTerm matches with no Pods.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              matchLabelKeys:
+                                                description: |-
+                                                  MatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              mismatchLabelKeys:
+                                                description: |-
+                                                  MismatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              namespaceSelector:
+                                                description: |-
+                                                  A label query over the set of namespaces that the term applies to.
+                                                  The term is applied to the union of the namespaces selected by this field
+                                                  and the ones listed in the namespaces field.
+                                                  null selector and null or empty namespaces list means "this pod's namespace".
+                                                  An empty selector ({}) matches all namespaces.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              namespaces:
+                                                description: |-
+                                                  namespaces specifies a static list of namespace names that the term applies to.
+                                                  The term is applied to the union of the namespaces listed in this field
+                                                  and the ones selected by namespaceSelector.
+                                                  null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                                items:
+                                                  type: string
+                                                type: array
+                                              topologyKey:
+                                                description: |-
+                                                  This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                                  the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                                  whose value of the label with key topologyKey matches that of any node on which any of the
+                                                  selected pods is running.
+                                                  Empty topologyKey is not allowed.
+                                                type: string
+                                            required:
+                                            - topologyKey
+                                            type: object
+                                          weight:
+                                            description: |-
+                                              weight associated with matching the corresponding podAffinityTerm,
+                                              in the range 1-100.
+                                            format: int32
+                                            type: integer
+                                        required:
+                                        - podAffinityTerm
+                                        - weight
+                                        type: object
+                                      type: array
+                                    requiredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        If the affinity requirements specified by this field are not met at
+                                        scheduling time, the pod will not be scheduled onto the node.
+                                        If the affinity requirements specified by this field cease to be met
+                                        at some point during pod execution (e.g. due to a pod label update), the
+                                        system may or may not try to eventually evict the pod from its node.
+                                      items:
+                                        description: |-
+                                          Defines a set of pods (namely those matching the labelSelector
+                                          relative to the given namespace(s)) that this pod should be
+                                          co-located (affinity) or not co-located (anti-affinity) with,
+                                          where co-located is defined as running on a node whose value of
+                                          the label with key <topologyKey> matches that of any node on which
+                                          a pod of the set of pods is running
+                                        properties:
+                                          labelSelector:
+                                            description: |-
+                                              A label query over a set of resources, in this case pods.
+                                              If it's null, this PodAffinityTerm matches with no Pods.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          matchLabelKeys:
+                                            description: |-
+                                              MatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          mismatchLabelKeys:
+                                            description: |-
+                                              MismatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          namespaceSelector:
+                                            description: |-
+                                              A label query over the set of namespaces that the term applies to.
+                                              The term is applied to the union of the namespaces selected by this field
+                                              and the ones listed in the namespaces field.
+                                              null selector and null or empty namespaces list means "this pod's namespace".
+                                              An empty selector ({}) matches all namespaces.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          namespaces:
+                                            description: |-
+                                              namespaces specifies a static list of namespace names that the term applies to.
+                                              The term is applied to the union of the namespaces listed in this field
+                                              and the ones selected by namespaceSelector.
+                                              null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                            items:
+                                              type: string
+                                            type: array
+                                          topologyKey:
+                                            description: |-
+                                              This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                              the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                              whose value of the label with key topologyKey matches that of any node on which any of the
+                                              selected pods is running.
+                                              Empty topologyKey is not allowed.
+                                            type: string
+                                        required:
+                                        - topologyKey
+                                        type: object
+                                      type: array
+                                  type: object
+                                podAntiAffinity:
+                                  description: Describes pod anti-affinity scheduling
+                                    rules (e.g. avoid putting this pod in the same
+                                    node, zone, etc. as some other pod(s)).
+                                  properties:
+                                    preferredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        The scheduler will prefer to schedule pods to nodes that satisfy
+                                        the anti-affinity expressions specified by this field, but it may choose
+                                        a node that violates one or more of the expressions. The node that is
+                                        most preferred is the one with the greatest sum of weights, i.e.
+                                      items:
+                                        description: The weights of all of the matched
+                                          WeightedPodAffinityTerm fields are added
+                                          per-node to find the most preferred node(s)
+                                        properties:
+                                          podAffinityTerm:
+                                            description: Required. A pod affinity
+                                              term, associated with the corresponding
+                                              weight.
+                                            properties:
+                                              labelSelector:
+                                                description: |-
+                                                  A label query over a set of resources, in this case pods.
+                                                  If it's null, this PodAffinityTerm matches with no Pods.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              matchLabelKeys:
+                                                description: |-
+                                                  MatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              mismatchLabelKeys:
+                                                description: |-
+                                                  MismatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              namespaceSelector:
+                                                description: |-
+                                                  A label query over the set of namespaces that the term applies to.
+                                                  The term is applied to the union of the namespaces selected by this field
+                                                  and the ones listed in the namespaces field.
+                                                  null selector and null or empty namespaces list means "this pod's namespace".
+                                                  An empty selector ({}) matches all namespaces.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              namespaces:
+                                                description: |-
+                                                  namespaces specifies a static list of namespace names that the term applies to.
+                                                  The term is applied to the union of the namespaces listed in this field
+                                                  and the ones selected by namespaceSelector.
+                                                  null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                                items:
+                                                  type: string
+                                                type: array
+                                              topologyKey:
+                                                description: |-
+                                                  This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                                  the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                                  whose value of the label with key topologyKey matches that of any node on which any of the
+                                                  selected pods is running.
+                                                  Empty topologyKey is not allowed.
+                                                type: string
+                                            required:
+                                            - topologyKey
+                                            type: object
+                                          weight:
+                                            description: |-
+                                              weight associated with matching the corresponding podAffinityTerm,
+                                              in the range 1-100.
+                                            format: int32
+                                            type: integer
+                                        required:
+                                        - podAffinityTerm
+                                        - weight
+                                        type: object
+                                      type: array
+                                    requiredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        If the anti-affinity requirements specified by this field are not met at
+                                        scheduling time, the pod will not be scheduled onto the node.
+                                        If the anti-affinity requirements specified by this field cease to be met
+                                        at some point during pod execution (e.g. due to a pod label update), the
+                                        system may or may not try to eventually evict the pod from its node.
+                                      items:
+                                        description: |-
+                                          Defines a set of pods (namely those matching the labelSelector
+                                          relative to the given namespace(s)) that this pod should be
+                                          co-located (affinity) or not co-located (anti-affinity) with,
+                                          where co-located is defined as running on a node whose value of
+                                          the label with key <topologyKey> matches that of any node on which
+                                          a pod of the set of pods is running
+                                        properties:
+                                          labelSelector:
+                                            description: |-
+                                              A label query over a set of resources, in this case pods.
+                                              If it's null, this PodAffinityTerm matches with no Pods.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          matchLabelKeys:
+                                            description: |-
+                                              MatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          mismatchLabelKeys:
+                                            description: |-
+                                              MismatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          namespaceSelector:
+                                            description: |-
+                                              A label query over the set of namespaces that the term applies to.
+                                              The term is applied to the union of the namespaces selected by this field
+                                              and the ones listed in the namespaces field.
+                                              null selector and null or empty namespaces list means "this pod's namespace".
+                                              An empty selector ({}) matches all namespaces.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          namespaces:
+                                            description: |-
+                                              namespaces specifies a static list of namespace names that the term applies to.
+                                              The term is applied to the union of the namespaces listed in this field
+                                              and the ones selected by namespaceSelector.
+                                              null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                            items:
+                                              type: string
+                                            type: array
+                                          topologyKey:
+                                            description: |-
+                                              This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                              the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                              whose value of the label with key topologyKey matches that of any node on which any of the
+                                              selected pods is running.
+                                              Empty topologyKey is not allowed.
+                                            type: string
+                                        required:
+                                        - topologyKey
+                                        type: object
+                                      type: array
+                                  type: object
+                              type: object
+                            automountServiceAccountToken:
+                              description: AutomountServiceAccountToken indicates
+                                whether a service account token should be automatically
+                                mounted.
+                              type: boolean
+                            containers:
+                              description: |-
+                                List of containers belonging to the pod.
+                                Containers cannot currently be added or removed.
+                                There must be at least one container in a Pod.
+                                Cannot be updated.
+                              items:
+                                description: A single application container that you
+                                  want to run within a pod.
+                                properties:
+                                  args:
+                                    description: |-
+                                      Arguments to the entrypoint.
+                                      The container image's CMD is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  command:
+                                    description: |-
+                                      Entrypoint array. Not executed within a shell.
+                                      The container image's ENTRYPOINT is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  env:
+                                    description: |-
+                                      List of environment variables to set in the container.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvVar represents an environment
+                                        variable present in a Container.
+                                      properties:
+                                        name:
+                                          description: Name of the environment variable.
+                                            Must be a C_IDENTIFIER.
+                                          type: string
+                                        value:
+                                          description: |-
+                                            Variable references $(VAR_NAME) are expanded
+                                            using the previously defined environment variables in the container and
+                                            any service environment variables. If a variable cannot be resolved,
+                                            the reference in the input string will be unchanged. Double $$ are reduced
+                                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                          type: string
+                                        valueFrom:
+                                          description: Source for the environment
+                                            variable's value. Cannot be used if value
+                                            is not empty.
+                                          properties:
+                                            configMapKeyRef:
+                                              description: Selects a key of a ConfigMap.
+                                              properties:
+                                                key:
+                                                  description: The key to select.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    ConfigMap or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            fieldRef:
+                                              description: |-
+                                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            secretKeyRef:
+                                              description: Selects a key of a secret
+                                                in the pod's namespace
+                                              properties:
+                                                key:
+                                                  description: The key of the secret
+                                                    to select from.  Must be a valid
+                                                    secret key.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    Secret or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  envFrom:
+                                    description: |-
+                                      List of sources to populate environment variables in the container.
+                                      The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                      will be reported as an event when the container is starting. When a key exists in multiple
+                                      sources, the value associated with the last source will take precedence.
+                                      Values defined by an Env with a duplicate key will take precedence.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvFromSource represents the source
+                                        of a set of ConfigMaps
+                                      properties:
+                                        configMapRef:
+                                          description: The ConfigMap to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the ConfigMap
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        prefix:
+                                          description: An optional identifier to prepend
+                                            to each key in the ConfigMap. Must be
+                                            a C_IDENTIFIER.
+                                          type: string
+                                        secretRef:
+                                          description: The Secret to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the Secret
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                      type: object
+                                    type: array
+                                  image:
+                                    description: |-
+                                      Container image name.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images
+                                      This field is optional to allow higher level config management to default or override
+                                      container images in workload controllers like Deployments and StatefulSets.
+                                    type: string
+                                  imagePullPolicy:
+                                    description: |-
+                                      Image pull policy.
+                                      One of Always, Never, IfNotPresent.
+                                      Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                    type: string
+                                  lifecycle:
+                                    description: |-
+                                      Actions that the management system should take in response to container lifecycle events.
+                                      Cannot be updated.
+                                    properties:
+                                      postStart:
+                                        description: |-
+                                          PostStart is called immediately after a container is created. If the handler fails,
+                                          the container is terminated and restarted according to its restart policy.
+                                          Other management of the container blocks until the hook completes.
+                                          More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                      preStop:
+                                        description: |-
+                                          PreStop is called immediately before a container is terminated due to an
+                                          API request or management event such as liveness/startup probe failure,
+                                          preemption, resource contention, etc. The handler is not called if the
+                                          container crashes or exits. The Pod's termination grace period countdown begins before the
+                                          PreStop hook is executed.
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                    type: object
+                                  livenessProbe:
+                                    description: |-
+                                      Periodic probe of container liveness.
+                                      Container will be restarted if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  name:
+                                    description: |-
+                                      Name of the container specified as a DNS_LABEL.
+                                      Each container in a pod must have a unique name (DNS_LABEL).
+                                      Cannot be updated.
+                                    type: string
+                                  ports:
+                                    description: |-
+                                      List of ports to expose from the container. Not specifying a port here
+                                      DOES NOT prevent that port from being exposed. Any port which is
+                                      listening on the default "0.0.0.0" address inside a container will be
+                                      accessible from the network.
+                                      Modifying this array with strategic merge patch may corrupt the data.
+                                      For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+                                    items:
+                                      description: ContainerPort represents a network
+                                        port in a single container.
+                                      properties:
+                                        containerPort:
+                                          description: |-
+                                            Number of port to expose on the pod's IP address.
+                                            This must be a valid port number, 0 < x < 65536.
+                                          format: int32
+                                          type: integer
+                                        hostIP:
+                                          description: What host IP to bind the external
+                                            port to.
+                                          type: string
+                                        hostPort:
+                                          description: |-
+                                            Number of port to expose on the host.
+                                            If specified, this must be a valid port number, 0 < x < 65536.
+                                            If HostNetwork is specified, this must match ContainerPort.
+                                            Most containers do not need this.
+                                          format: int32
+                                          type: integer
+                                        name:
+                                          description: |-
+                                            If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                            named port in a pod must have a unique name. Name for the port that can be
+                                            referred to by services.
+                                          type: string
+                                        protocol:
+                                          default: TCP
+                                          description: |-
+                                            Protocol for port. Must be UDP, TCP, or SCTP.
+                                            Defaults to "TCP".
+                                          type: string
+                                      required:
+                                      - containerPort
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-map-keys:
+                                    - containerPort
+                                    - protocol
+                                    x-kubernetes-list-type: map
+                                  readinessProbe:
+                                    description: |-
+                                      Periodic probe of container service readiness.
+                                      Container will be removed from service endpoints if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  resizePolicy:
+                                    description: Resources resize policy for the container.
+                                    items:
+                                      description: ContainerResizePolicy represents
+                                        resource resize policy for the container.
+                                      properties:
+                                        resourceName:
+                                          description: |-
+                                            Name of the resource to which this resource resize policy applies.
+                                            Supported values: cpu, memory.
+                                          type: string
+                                        restartPolicy:
+                                          description: |-
+                                            Restart policy to apply when specified resource is resized.
+                                            If not specified, it defaults to NotRequired.
+                                          type: string
+                                      required:
+                                      - resourceName
+                                      - restartPolicy
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  resources:
+                                    description: |-
+                                      Compute Resources required by this container.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                    properties:
+                                      claims:
+                                        description: |-
+                                          Claims lists the names of resources, defined in spec.resourceClaims,
+                                          that are used by this container.
+
+
+                                          This is an alpha field and requires enabling the
+                                          DynamicResourceAllocation feature gate.
+
+
+                                          This field is immutable. It can only be set for containers.
+                                        items:
+                                          description: ResourceClaim references one
+                                            entry in PodSpec.ResourceClaims.
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name must match the name of one entry in pod.spec.resourceClaims of
+                                                the Pod where this field is used. It makes that resource available
+                                                inside a container.
+                                              type: string
+                                          required:
+                                          - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                        - name
+                                        x-kubernetes-list-type: map
+                                      limits:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Limits describes the maximum amount of compute resources allowed.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                      requests:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Requests describes the minimum amount of compute resources required.
+                                          If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                          otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                    type: object
+                                  restartPolicy:
+                                    description: |-
+                                      RestartPolicy defines the restart behavior of individual containers in a pod.
+                                      This field may only be set for init containers, and the only allowed value is "Always".
+                                      For non-init containers or when this field is not specified,
+                                      the restart behavior is defined by the Pod's restart policy and the container type.
+                                    type: string
+                                  securityContext:
+                                    description: |-
+                                      SecurityContext defines the security options the container should be run with.
+                                      If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                      More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+                                    properties:
+                                      allowPrivilegeEscalation:
+                                        description: |-
+                                          AllowPrivilegeEscalation controls whether a process can gain more
+                                          privileges than its parent process. This bool directly controls if
+                                          the no_new_privs flag will be set on the container process.
+                                          AllowPrivilegeEscalation is true always when the container is:
+                                          1) run as Privileged
+                                          2) has CAP_SYS_ADMIN
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      capabilities:
+                                        description: |-
+                                          The capabilities to add/drop when running containers.
+                                          Defaults to the default set of capabilities granted by the container runtime.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          add:
+                                            description: Added capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                          drop:
+                                            description: Removed capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                        type: object
+                                      privileged:
+                                        description: |-
+                                          Run container in privileged mode.
+                                          Processes in privileged containers are essentially equivalent to root on the host.
+                                          Defaults to false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      procMount:
+                                        description: |-
+                                          procMount denotes the type of proc mount to use for the containers.
+                                          The default is DefaultProcMount which uses the container runtime defaults for
+                                          readonly paths and masked paths.
+                                          This requires the ProcMountType feature flag to be enabled.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: string
+                                      readOnlyRootFilesystem:
+                                        description: |-
+                                          Whether this container has a read-only root filesystem.
+                                          Default is false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      runAsGroup:
+                                        description: |-
+                                          The GID to run the entrypoint of the container process.
+                                          Uses runtime default if unset.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      runAsNonRoot:
+                                        description: |-
+                                          Indicates that the container must run as a non-root user.
+                                          If true, the Kubelet will validate the image at runtime to ensure that it
+                                          does not run as UID 0 (root) and fail to start the container if it does.
+                                          If unset or false, no such validation will be performed.
+                                          May also be set in PodSecurityContext.
+                                        type: boolean
+                                      runAsUser:
+                                        description: |-
+                                          The UID to run the entrypoint of the container process.
+                                          Defaults to user specified in image metadata if unspecified.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      seLinuxOptions:
+                                        description: |-
+                                          The SELinux context to be applied to the container.
+                                          If unspecified, the container runtime will allocate a random SELinux context for each
+                                          container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          level:
+                                            description: Level is SELinux level label
+                                              that applies to the container.
+                                            type: string
+                                          role:
+                                            description: Role is a SELinux role label
+                                              that applies to the container.
+                                            type: string
+                                          type:
+                                            description: Type is a SELinux type label
+                                              that applies to the container.
+                                            type: string
+                                          user:
+                                            description: User is a SELinux user label
+                                              that applies to the container.
+                                            type: string
+                                        type: object
+                                      seccompProfile:
+                                        description: |-
+                                          The seccomp options to use by this container. If seccomp options are
+                                          provided at both the pod & container level, the container options
+                                          override the pod options.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          localhostProfile:
+                                            description: |-
+                                              localhostProfile indicates a profile defined in a file on the node should be used.
+                                              The profile must be preconfigured on the node to work.
+                                              Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                              Must be set if type is "Localhost". Must NOT be set for any other type.
+                                            type: string
+                                          type:
+                                            description: |-
+                                              type indicates which kind of seccomp profile will be applied.
+                                              Valid options are:
+
+
+                                              Localhost - a profile defined in a file on the node should be used.
+                                              RuntimeDefault - the container runtime default profile should be used.
+                                              Unconfined - no profile should be applied.
+                                            type: string
+                                        required:
+                                        - type
+                                        type: object
+                                      windowsOptions:
+                                        description: |-
+                                          The Windows specific settings applied to all containers.
+                                          If unspecified, the options from the PodSecurityContext will be used.
+                                          If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is linux.
+                                        properties:
+                                          gmsaCredentialSpec:
+                                            description: |-
+                                              GMSACredentialSpec is where the GMSA admission webhook
+                                              (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                              GMSA credential spec named by the GMSACredentialSpecName field.
+                                            type: string
+                                          gmsaCredentialSpecName:
+                                            description: GMSACredentialSpecName is
+                                              the name of the GMSA credential spec
+                                              to use.
+                                            type: string
+                                          hostProcess:
+                                            description: |-
+                                              HostProcess determines if a container should be run as a 'Host Process' container.
+                                              All of a Pod's containers must have the same effective HostProcess value
+                                              (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                              In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                            type: boolean
+                                          runAsUserName:
+                                            description: |-
+                                              The UserName in Windows to run the entrypoint of the container process.
+                                              Defaults to the user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext. If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: string
+                                        type: object
+                                    type: object
+                                  startupProbe:
+                                    description: |-
+                                      StartupProbe indicates that the Pod has successfully initialized.
+                                      If specified, no other probes are executed until this completes successfully.
+                                      If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  stdin:
+                                    description: |-
+                                      Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                      is not set, reads from stdin in the container will always result in EOF.
+                                      Default is false.
+                                    type: boolean
+                                  stdinOnce:
+                                    description: |-
+                                      Whether the container runtime should close the stdin channel after it has been opened by
+                                      a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                      sessions.
+                                    type: boolean
+                                  terminationMessagePath:
+                                    description: |-
+                                      Optional: Path at which the file to which the container's termination message
+                                      will be written is mounted into the container's filesystem.
+                                      Message written is intended to be brief final status, such as an assertion failure message.
+                                      Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                      all containers will be limited to 12kb.
+                                      Defaults to /dev/termination-log.
+                                    type: string
+                                  terminationMessagePolicy:
+                                    description: |-
+                                      Indicate how the termination message should be populated. File will use the contents of
+                                      terminationMessagePath to populate the container status message on both success and failure.
+                                      FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                      message file is empty and the container exited with an error.
+                                    type: string
+                                  tty:
+                                    description: |-
+                                      Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                      Default is false.
+                                    type: boolean
+                                  volumeDevices:
+                                    description: volumeDevices is the list of block
+                                      devices to be used by the container.
+                                    items:
+                                      description: volumeDevice describes a mapping
+                                        of a raw block device within a container.
+                                      properties:
+                                        devicePath:
+                                          description: devicePath is the path inside
+                                            of the container that the device will
+                                            be mapped to.
+                                          type: string
+                                        name:
+                                          description: name must match the name of
+                                            a persistentVolumeClaim in the pod
+                                          type: string
+                                      required:
+                                      - devicePath
+                                      - name
+                                      type: object
+                                    type: array
+                                  volumeMounts:
+                                    description: |-
+                                      Pod volumes to mount into the container's filesystem.
+                                      Cannot be updated.
+                                    items:
+                                      description: VolumeMount describes a mounting
+                                        of a Volume within a container.
+                                      properties:
+                                        mountPath:
+                                          description: |-
+                                            Path within the container at which the volume should be mounted.  Must
+                                            not contain ':'.
+                                          type: string
+                                        mountPropagation:
+                                          description: |-
+                                            mountPropagation determines how mounts are propagated from the host
+                                            to container and the other way around.
+                                            When not set, MountPropagationNone is used.
+                                            This field is beta in 1.10.
+                                          type: string
+                                        name:
+                                          description: This must match the Name of
+                                            a Volume.
+                                          type: string
+                                        readOnly:
+                                          description: |-
+                                            Mounted read-only if true, read-write otherwise (false or unspecified).
+                                            Defaults to false.
+                                          type: boolean
+                                        subPath:
+                                          description: |-
+                                            Path within the volume from which the container's volume should be mounted.
+                                            Defaults to "" (volume's root).
+                                          type: string
+                                        subPathExpr:
+                                          description: |-
+                                            Expanded path within the volume from which the container's volume should be mounted.
+                                            Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                            Defaults to "" (volume's root).
+                                            SubPathExpr and SubPath are mutually exclusive.
+                                          type: string
+                                      required:
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                  workingDir:
+                                    description: |-
+                                      Container's working directory.
+                                      If not specified, the container runtime's default will be used, which
+                                      might be configured in the container image.
+                                      Cannot be updated.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            dnsConfig:
+                              description: |-
+                                Specifies the DNS parameters of a pod.
+                                Parameters specified here will be merged to the generated DNS
+                                configuration based on DNSPolicy.
+                              properties:
+                                nameservers:
+                                  description: |-
+                                    A list of DNS name server IP addresses.
+                                    This will be appended to the base nameservers generated from DNSPolicy.
+                                    Duplicated nameservers will be removed.
+                                  items:
+                                    type: string
+                                  type: array
+                                options:
+                                  description: |-
+                                    A list of DNS resolver options.
+                                    This will be merged with the base options generated from DNSPolicy.
+                                    Duplicated entries will be removed. Resolution options given in Options
+                                    will override those that appear in the base DNSPolicy.
+                                  items:
+                                    description: PodDNSConfigOption defines DNS resolver
+                                      options of a pod.
+                                    properties:
+                                      name:
+                                        description: Required.
+                                        type: string
+                                      value:
+                                        type: string
+                                    type: object
+                                  type: array
+                                searches:
+                                  description: |-
+                                    A list of DNS search domains for host-name lookup.
+                                    This will be appended to the base search paths generated from DNSPolicy.
+                                    Duplicated search paths will be removed.
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            dnsPolicy:
+                              description: |-
+                                Set DNS policy for the pod.
+                                Defaults to "ClusterFirst".
+                                Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
+                                DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
+                                To have DNS options set along with hostNetwork, you have to specify DNS policy
+                                explicitly to 'ClusterFirstWithHostNet'.
+                              type: string
+                            enableServiceLinks:
+                              description: |-
+                                EnableServiceLinks indicates whether information about services should be injected into pod's
+                                environment variables, matching the syntax of Docker links.
+                                Optional: Defaults to true.
+                              type: boolean
+                            ephemeralContainers:
+                              description: |-
+                                List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing
+                                pod to perform user-initiated actions such as debugging. This list cannot be specified when
+                                creating a pod, and it cannot be modified by updating the pod spec. In order to add an
+                                ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
+                              items:
+                                description: |-
+                                  An EphemeralContainer is a temporary container that you may add to an existing Pod for
+                                  user-initiated activities such as debugging. Ephemeral containers have no resource or
+                                  scheduling guarantees, and they will not be restarted when they exit or when a Pod is
+                                  removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the
+                                  Pod to exceed its resource allocation.
+                                properties:
+                                  args:
+                                    description: |-
+                                      Arguments to the entrypoint.
+                                      The image's CMD is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+                                      produce the string literal "$(VAR_NAME)".
+                                    items:
+                                      type: string
+                                    type: array
+                                  command:
+                                    description: |-
+                                      Entrypoint array. Not executed within a shell.
+                                      The image's ENTRYPOINT is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  env:
+                                    description: |-
+                                      List of environment variables to set in the container.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvVar represents an environment
+                                        variable present in a Container.
+                                      properties:
+                                        name:
+                                          description: Name of the environment variable.
+                                            Must be a C_IDENTIFIER.
+                                          type: string
+                                        value:
+                                          description: |-
+                                            Variable references $(VAR_NAME) are expanded
+                                            using the previously defined environment variables in the container and
+                                            any service environment variables. If a variable cannot be resolved,
+                                            the reference in the input string will be unchanged. Double $$ are reduced
+                                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                          type: string
+                                        valueFrom:
+                                          description: Source for the environment
+                                            variable's value. Cannot be used if value
+                                            is not empty.
+                                          properties:
+                                            configMapKeyRef:
+                                              description: Selects a key of a ConfigMap.
+                                              properties:
+                                                key:
+                                                  description: The key to select.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    ConfigMap or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            fieldRef:
+                                              description: |-
+                                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            secretKeyRef:
+                                              description: Selects a key of a secret
+                                                in the pod's namespace
+                                              properties:
+                                                key:
+                                                  description: The key of the secret
+                                                    to select from.  Must be a valid
+                                                    secret key.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    Secret or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  envFrom:
+                                    description: |-
+                                      List of sources to populate environment variables in the container.
+                                      The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                      will be reported as an event when the container is starting. When a key exists in multiple
+                                      sources, the value associated with the last source will take precedence.
+                                      Values defined by an Env with a duplicate key will take precedence.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvFromSource represents the source
+                                        of a set of ConfigMaps
+                                      properties:
+                                        configMapRef:
+                                          description: The ConfigMap to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the ConfigMap
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        prefix:
+                                          description: An optional identifier to prepend
+                                            to each key in the ConfigMap. Must be
+                                            a C_IDENTIFIER.
+                                          type: string
+                                        secretRef:
+                                          description: The Secret to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the Secret
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                      type: object
+                                    type: array
+                                  image:
+                                    description: |-
+                                      Container image name.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images
+                                    type: string
+                                  imagePullPolicy:
+                                    description: |-
+                                      Image pull policy.
+                                      One of Always, Never, IfNotPresent.
+                                      Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                    type: string
+                                  lifecycle:
+                                    description: Lifecycle is not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      postStart:
+                                        description: |-
+                                          PostStart is called immediately after a container is created. If the handler fails,
+                                          the container is terminated and restarted according to its restart policy.
+                                          Other management of the container blocks until the hook completes.
+                                          More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                      preStop:
+                                        description: |-
+                                          PreStop is called immediately before a container is terminated due to an
+                                          API request or management event such as liveness/startup probe failure,
+                                          preemption, resource contention, etc. The handler is not called if the
+                                          container crashes or exits. The Pod's termination grace period countdown begins before the
+                                          PreStop hook is executed.
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                    type: object
+                                  livenessProbe:
+                                    description: Probes are not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  name:
+                                    description: |-
+                                      Name of the ephemeral container specified as a DNS_LABEL.
+                                      This name must be unique among all containers, init containers and ephemeral containers.
+                                    type: string
+                                  ports:
+                                    description: Ports are not allowed for ephemeral
+                                      containers.
+                                    items:
+                                      description: ContainerPort represents a network
+                                        port in a single container.
+                                      properties:
+                                        containerPort:
+                                          description: |-
+                                            Number of port to expose on the pod's IP address.
+                                            This must be a valid port number, 0 < x < 65536.
+                                          format: int32
+                                          type: integer
+                                        hostIP:
+                                          description: What host IP to bind the external
+                                            port to.
+                                          type: string
+                                        hostPort:
+                                          description: |-
+                                            Number of port to expose on the host.
+                                            If specified, this must be a valid port number, 0 < x < 65536.
+                                            If HostNetwork is specified, this must match ContainerPort.
+                                            Most containers do not need this.
+                                          format: int32
+                                          type: integer
+                                        name:
+                                          description: |-
+                                            If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                            named port in a pod must have a unique name. Name for the port that can be
+                                            referred to by services.
+                                          type: string
+                                        protocol:
+                                          default: TCP
+                                          description: |-
+                                            Protocol for port. Must be UDP, TCP, or SCTP.
+                                            Defaults to "TCP".
+                                          type: string
+                                      required:
+                                      - containerPort
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-map-keys:
+                                    - containerPort
+                                    - protocol
+                                    x-kubernetes-list-type: map
+                                  readinessProbe:
+                                    description: Probes are not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  resizePolicy:
+                                    description: Resources resize policy for the container.
+                                    items:
+                                      description: ContainerResizePolicy represents
+                                        resource resize policy for the container.
+                                      properties:
+                                        resourceName:
+                                          description: |-
+                                            Name of the resource to which this resource resize policy applies.
+                                            Supported values: cpu, memory.
+                                          type: string
+                                        restartPolicy:
+                                          description: |-
+                                            Restart policy to apply when specified resource is resized.
+                                            If not specified, it defaults to NotRequired.
+                                          type: string
+                                      required:
+                                      - resourceName
+                                      - restartPolicy
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  resources:
+                                    description: |-
+                                      Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources
+                                      already allocated to the pod.
+                                    properties:
+                                      claims:
+                                        description: |-
+                                          Claims lists the names of resources, defined in spec.resourceClaims,
+                                          that are used by this container.
+
+
+                                          This is an alpha field and requires enabling the
+                                          DynamicResourceAllocation feature gate.
+
+
+                                          This field is immutable. It can only be set for containers.
+                                        items:
+                                          description: ResourceClaim references one
+                                            entry in PodSpec.ResourceClaims.
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name must match the name of one entry in pod.spec.resourceClaims of
+                                                the Pod where this field is used. It makes that resource available
+                                                inside a container.
+                                              type: string
+                                          required:
+                                          - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                        - name
+                                        x-kubernetes-list-type: map
+                                      limits:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Limits describes the maximum amount of compute resources allowed.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                      requests:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Requests describes the minimum amount of compute resources required.
+                                          If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                          otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                    type: object
+                                  restartPolicy:
+                                    description: |-
+                                      Restart policy for the container to manage the restart behavior of each
+                                      container within a pod.
+                                      This may only be set for init containers. You cannot set this field on
+                                      ephemeral containers.
+                                    type: string
+                                  securityContext:
+                                    description: |-
+                                      Optional: SecurityContext defines the security options the ephemeral container should be run with.
+                                      If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                    properties:
+                                      allowPrivilegeEscalation:
+                                        description: |-
+                                          AllowPrivilegeEscalation controls whether a process can gain more
+                                          privileges than its parent process. This bool directly controls if
+                                          the no_new_privs flag will be set on the container process.
+                                          AllowPrivilegeEscalation is true always when the container is:
+                                          1) run as Privileged
+                                          2) has CAP_SYS_ADMIN
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      capabilities:
+                                        description: |-
+                                          The capabilities to add/drop when running containers.
+                                          Defaults to the default set of capabilities granted by the container runtime.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          add:
+                                            description: Added capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                          drop:
+                                            description: Removed capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                        type: object
+                                      privileged:
+                                        description: |-
+                                          Run container in privileged mode.
+                                          Processes in privileged containers are essentially equivalent to root on the host.
+                                          Defaults to false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      procMount:
+                                        description: |-
+                                          procMount denotes the type of proc mount to use for the containers.
+                                          The default is DefaultProcMount which uses the container runtime defaults for
+                                          readonly paths and masked paths.
+                                          This requires the ProcMountType feature flag to be enabled.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: string
+                                      readOnlyRootFilesystem:
+                                        description: |-
+                                          Whether this container has a read-only root filesystem.
+                                          Default is false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      runAsGroup:
+                                        description: |-
+                                          The GID to run the entrypoint of the container process.
+                                          Uses runtime default if unset.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      runAsNonRoot:
+                                        description: |-
+                                          Indicates that the container must run as a non-root user.
+                                          If true, the Kubelet will validate the image at runtime to ensure that it
+                                          does not run as UID 0 (root) and fail to start the container if it does.
+                                          If unset or false, no such validation will be performed.
+                                          May also be set in PodSecurityContext.
+                                        type: boolean
+                                      runAsUser:
+                                        description: |-
+                                          The UID to run the entrypoint of the container process.
+                                          Defaults to user specified in image metadata if unspecified.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      seLinuxOptions:
+                                        description: |-
+                                          The SELinux context to be applied to the container.
+                                          If unspecified, the container runtime will allocate a random SELinux context for each
+                                          container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          level:
+                                            description: Level is SELinux level label
+                                              that applies to the container.
+                                            type: string
+                                          role:
+                                            description: Role is a SELinux role label
+                                              that applies to the container.
+                                            type: string
+                                          type:
+                                            description: Type is a SELinux type label
+                                              that applies to the container.
+                                            type: string
+                                          user:
+                                            description: User is a SELinux user label
+                                              that applies to the container.
+                                            type: string
+                                        type: object
+                                      seccompProfile:
+                                        description: |-
+                                          The seccomp options to use by this container. If seccomp options are
+                                          provided at both the pod & container level, the container options
+                                          override the pod options.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          localhostProfile:
+                                            description: |-
+                                              localhostProfile indicates a profile defined in a file on the node should be used.
+                                              The profile must be preconfigured on the node to work.
+                                              Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                              Must be set if type is "Localhost". Must NOT be set for any other type.
+                                            type: string
+                                          type:
+                                            description: |-
+                                              type indicates which kind of seccomp profile will be applied.
+                                              Valid options are:
+
+
+                                              Localhost - a profile defined in a file on the node should be used.
+                                              RuntimeDefault - the container runtime default profile should be used.
+                                              Unconfined - no profile should be applied.
+                                            type: string
+                                        required:
+                                        - type
+                                        type: object
+                                      windowsOptions:
+                                        description: |-
+                                          The Windows specific settings applied to all containers.
+                                          If unspecified, the options from the PodSecurityContext will be used.
+                                          If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is linux.
+                                        properties:
+                                          gmsaCredentialSpec:
+                                            description: |-
+                                              GMSACredentialSpec is where the GMSA admission webhook
+                                              (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                              GMSA credential spec named by the GMSACredentialSpecName field.
+                                            type: string
+                                          gmsaCredentialSpecName:
+                                            description: GMSACredentialSpecName is
+                                              the name of the GMSA credential spec
+                                              to use.
+                                            type: string
+                                          hostProcess:
+                                            description: |-
+                                              HostProcess determines if a container should be run as a 'Host Process' container.
+                                              All of a Pod's containers must have the same effective HostProcess value
+                                              (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                              In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                            type: boolean
+                                          runAsUserName:
+                                            description: |-
+                                              The UserName in Windows to run the entrypoint of the container process.
+                                              Defaults to the user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext. If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: string
+                                        type: object
+                                    type: object
+                                  startupProbe:
+                                    description: Probes are not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  stdin:
+                                    description: |-
+                                      Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                      is not set, reads from stdin in the container will always result in EOF.
+                                      Default is false.
+                                    type: boolean
+                                  stdinOnce:
+                                    description: |-
+                                      Whether the container runtime should close the stdin channel after it has been opened by
+                                      a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                      sessions.
+                                    type: boolean
+                                  targetContainerName:
+                                    description: |-
+                                      If set, the name of the container from PodSpec that this ephemeral container targets.
+                                      The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.
+                                      If not set then the ephemeral container uses the namespaces configured in the Pod spec.
+
+
+                                      The container runtime must implement support for this feature.
+                                    type: string
+                                  terminationMessagePath:
+                                    description: |-
+                                      Optional: Path at which the file to which the container's termination message
+                                      will be written is mounted into the container's filesystem.
+                                      Message written is intended to be brief final status, such as an assertion failure message.
+                                      Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                      all containers will be limited to 12kb.
+                                      Defaults to /dev/termination-log.
+                                    type: string
+                                  terminationMessagePolicy:
+                                    description: |-
+                                      Indicate how the termination message should be populated. File will use the contents of
+                                      terminationMessagePath to populate the container status message on both success and failure.
+                                      FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                      message file is empty and the container exited with an error.
+                                    type: string
+                                  tty:
+                                    description: |-
+                                      Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                      Default is false.
+                                    type: boolean
+                                  volumeDevices:
+                                    description: volumeDevices is the list of block
+                                      devices to be used by the container.
+                                    items:
+                                      description: volumeDevice describes a mapping
+                                        of a raw block device within a container.
+                                      properties:
+                                        devicePath:
+                                          description: devicePath is the path inside
+                                            of the container that the device will
+                                            be mapped to.
+                                          type: string
+                                        name:
+                                          description: name must match the name of
+                                            a persistentVolumeClaim in the pod
+                                          type: string
+                                      required:
+                                      - devicePath
+                                      - name
+                                      type: object
+                                    type: array
+                                  volumeMounts:
+                                    description: |-
+                                      Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.
+                                      Cannot be updated.
+                                    items:
+                                      description: VolumeMount describes a mounting
+                                        of a Volume within a container.
+                                      properties:
+                                        mountPath:
+                                          description: |-
+                                            Path within the container at which the volume should be mounted.  Must
+                                            not contain ':'.
+                                          type: string
+                                        mountPropagation:
+                                          description: |-
+                                            mountPropagation determines how mounts are propagated from the host
+                                            to container and the other way around.
+                                            When not set, MountPropagationNone is used.
+                                            This field is beta in 1.10.
+                                          type: string
+                                        name:
+                                          description: This must match the Name of
+                                            a Volume.
+                                          type: string
+                                        readOnly:
+                                          description: |-
+                                            Mounted read-only if true, read-write otherwise (false or unspecified).
+                                            Defaults to false.
+                                          type: boolean
+                                        subPath:
+                                          description: |-
+                                            Path within the volume from which the container's volume should be mounted.
+                                            Defaults to "" (volume's root).
+                                          type: string
+                                        subPathExpr:
+                                          description: |-
+                                            Expanded path within the volume from which the container's volume should be mounted.
+                                            Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                            Defaults to "" (volume's root).
+                                            SubPathExpr and SubPath are mutually exclusive.
+                                          type: string
+                                      required:
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                  workingDir:
+                                    description: |-
+                                      Container's working directory.
+                                      If not specified, the container runtime's default will be used, which
+                                      might be configured in the container image.
+                                      Cannot be updated.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            hostAliases:
+                              description: |-
+                                HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
+                                file if specified. This is only valid for non-hostNetwork pods.
+                              items:
+                                description: |-
+                                  HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
+                                  pod's hosts file.
+                                properties:
+                                  hostnames:
+                                    description: Hostnames for the above IP address.
+                                    items:
+                                      type: string
+                                    type: array
+                                  ip:
+                                    description: IP address of the host file entry.
+                                    type: string
+                                type: object
+                              type: array
+                            hostIPC:
+                              description: |-
+                                Use the host's ipc namespace.
+                                Optional: Default to false.
+                              type: boolean
+                            hostNetwork:
+                              description: |-
+                                Host networking requested for this pod. Use the host's network namespace.
+                                If this option is set, the ports that will be used must be specified.
+                                Default to false.
+                              type: boolean
+                            hostPID:
+                              description: |-
+                                Use the host's pid namespace.
+                                Optional: Default to false.
+                              type: boolean
+                            hostUsers:
+                              description: |-
+                                Use the host's user namespace.
+                                Optional: Default to true.
+                                If set to true or not present, the pod will be run in the host user namespace, useful
+                                for when the pod needs a feature only available to the host user namespace, such as
+                                loading a kernel module with CAP_SYS_MODULE.
+                                When set to false, a new userns is created for the pod.
+                              type: boolean
+                            hostname:
+                              description: |-
+                                Specifies the hostname of the Pod
+                                If not specified, the pod's hostname will be set to a system-defined value.
+                              type: string
+                            imagePullSecrets:
+                              description: |-
+                                ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+                                If specified, these secrets will be passed to individual puller implementations for them to use.
+                                More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+                              items:
+                                description: |-
+                                  LocalObjectReference contains enough information to let you locate the
+                                  referenced object inside the same namespace.
+                                properties:
+                                  name:
+                                    description: |-
+                                      Name of the referent.
+                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                      TODO: Add other useful fields. apiVersion, kind, uid?
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              type: array
+                            initContainers:
+                              description: |-
+                                List of initialization containers belonging to the pod.
+                                Init containers are executed in order prior to containers being started. If any
+                                init container fails, the pod is considered to have failed and is handled according
+                                to its restartPolicy. The name for an init container or normal container must be
+                                unique among all containers.
+                              items:
+                                description: A single application container that you
+                                  want to run within a pod.
+                                properties:
+                                  args:
+                                    description: |-
+                                      Arguments to the entrypoint.
+                                      The container image's CMD is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  command:
+                                    description: |-
+                                      Entrypoint array. Not executed within a shell.
+                                      The container image's ENTRYPOINT is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  env:
+                                    description: |-
+                                      List of environment variables to set in the container.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvVar represents an environment
+                                        variable present in a Container.
+                                      properties:
+                                        name:
+                                          description: Name of the environment variable.
+                                            Must be a C_IDENTIFIER.
+                                          type: string
+                                        value:
+                                          description: |-
+                                            Variable references $(VAR_NAME) are expanded
+                                            using the previously defined environment variables in the container and
+                                            any service environment variables. If a variable cannot be resolved,
+                                            the reference in the input string will be unchanged. Double $$ are reduced
+                                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                          type: string
+                                        valueFrom:
+                                          description: Source for the environment
+                                            variable's value. Cannot be used if value
+                                            is not empty.
+                                          properties:
+                                            configMapKeyRef:
+                                              description: Selects a key of a ConfigMap.
+                                              properties:
+                                                key:
+                                                  description: The key to select.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    ConfigMap or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            fieldRef:
+                                              description: |-
+                                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            secretKeyRef:
+                                              description: Selects a key of a secret
+                                                in the pod's namespace
+                                              properties:
+                                                key:
+                                                  description: The key of the secret
+                                                    to select from.  Must be a valid
+                                                    secret key.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    Secret or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  envFrom:
+                                    description: |-
+                                      List of sources to populate environment variables in the container.
+                                      The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                      will be reported as an event when the container is starting. When a key exists in multiple
+                                      sources, the value associated with the last source will take precedence.
+                                      Values defined by an Env with a duplicate key will take precedence.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvFromSource represents the source
+                                        of a set of ConfigMaps
+                                      properties:
+                                        configMapRef:
+                                          description: The ConfigMap to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the ConfigMap
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        prefix:
+                                          description: An optional identifier to prepend
+                                            to each key in the ConfigMap. Must be
+                                            a C_IDENTIFIER.
+                                          type: string
+                                        secretRef:
+                                          description: The Secret to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the Secret
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                      type: object
+                                    type: array
+                                  image:
+                                    description: |-
+                                      Container image name.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images
+                                      This field is optional to allow higher level config management to default or override
+                                      container images in workload controllers like Deployments and StatefulSets.
+                                    type: string
+                                  imagePullPolicy:
+                                    description: |-
+                                      Image pull policy.
+                                      One of Always, Never, IfNotPresent.
+                                      Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                    type: string
+                                  lifecycle:
+                                    description: |-
+                                      Actions that the management system should take in response to container lifecycle events.
+                                      Cannot be updated.
+                                    properties:
+                                      postStart:
+                                        description: |-
+                                          PostStart is called immediately after a container is created. If the handler fails,
+                                          the container is terminated and restarted according to its restart policy.
+                                          Other management of the container blocks until the hook completes.
+                                          More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                      preStop:
+                                        description: |-
+                                          PreStop is called immediately before a container is terminated due to an
+                                          API request or management event such as liveness/startup probe failure,
+                                          preemption, resource contention, etc. The handler is not called if the
+                                          container crashes or exits. The Pod's termination grace period countdown begins before the
+                                          PreStop hook is executed.
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                    type: object
+                                  livenessProbe:
+                                    description: |-
+                                      Periodic probe of container liveness.
+                                      Container will be restarted if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  name:
+                                    description: |-
+                                      Name of the container specified as a DNS_LABEL.
+                                      Each container in a pod must have a unique name (DNS_LABEL).
+                                      Cannot be updated.
+                                    type: string
+                                  ports:
+                                    description: |-
+                                      List of ports to expose from the container. Not specifying a port here
+                                      DOES NOT prevent that port from being exposed. Any port which is
+                                      listening on the default "0.0.0.0" address inside a container will be
+                                      accessible from the network.
+                                      Modifying this array with strategic merge patch may corrupt the data.
+                                      For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+                                    items:
+                                      description: ContainerPort represents a network
+                                        port in a single container.
+                                      properties:
+                                        containerPort:
+                                          description: |-
+                                            Number of port to expose on the pod's IP address.
+                                            This must be a valid port number, 0 < x < 65536.
+                                          format: int32
+                                          type: integer
+                                        hostIP:
+                                          description: What host IP to bind the external
+                                            port to.
+                                          type: string
+                                        hostPort:
+                                          description: |-
+                                            Number of port to expose on the host.
+                                            If specified, this must be a valid port number, 0 < x < 65536.
+                                            If HostNetwork is specified, this must match ContainerPort.
+                                            Most containers do not need this.
+                                          format: int32
+                                          type: integer
+                                        name:
+                                          description: |-
+                                            If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                            named port in a pod must have a unique name. Name for the port that can be
+                                            referred to by services.
+                                          type: string
+                                        protocol:
+                                          default: TCP
+                                          description: |-
+                                            Protocol for port. Must be UDP, TCP, or SCTP.
+                                            Defaults to "TCP".
+                                          type: string
+                                      required:
+                                      - containerPort
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-map-keys:
+                                    - containerPort
+                                    - protocol
+                                    x-kubernetes-list-type: map
+                                  readinessProbe:
+                                    description: |-
+                                      Periodic probe of container service readiness.
+                                      Container will be removed from service endpoints if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  resizePolicy:
+                                    description: Resources resize policy for the container.
+                                    items:
+                                      description: ContainerResizePolicy represents
+                                        resource resize policy for the container.
+                                      properties:
+                                        resourceName:
+                                          description: |-
+                                            Name of the resource to which this resource resize policy applies.
+                                            Supported values: cpu, memory.
+                                          type: string
+                                        restartPolicy:
+                                          description: |-
+                                            Restart policy to apply when specified resource is resized.
+                                            If not specified, it defaults to NotRequired.
+                                          type: string
+                                      required:
+                                      - resourceName
+                                      - restartPolicy
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  resources:
+                                    description: |-
+                                      Compute Resources required by this container.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                    properties:
+                                      claims:
+                                        description: |-
+                                          Claims lists the names of resources, defined in spec.resourceClaims,
+                                          that are used by this container.
+
+
+                                          This is an alpha field and requires enabling the
+                                          DynamicResourceAllocation feature gate.
+
+
+                                          This field is immutable. It can only be set for containers.
+                                        items:
+                                          description: ResourceClaim references one
+                                            entry in PodSpec.ResourceClaims.
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name must match the name of one entry in pod.spec.resourceClaims of
+                                                the Pod where this field is used. It makes that resource available
+                                                inside a container.
+                                              type: string
+                                          required:
+                                          - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                        - name
+                                        x-kubernetes-list-type: map
+                                      limits:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Limits describes the maximum amount of compute resources allowed.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                      requests:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Requests describes the minimum amount of compute resources required.
+                                          If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                          otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                    type: object
+                                  restartPolicy:
+                                    description: |-
+                                      RestartPolicy defines the restart behavior of individual containers in a pod.
+                                      This field may only be set for init containers, and the only allowed value is "Always".
+                                      For non-init containers or when this field is not specified,
+                                      the restart behavior is defined by the Pod's restart policy and the container type.
+                                    type: string
+                                  securityContext:
+                                    description: |-
+                                      SecurityContext defines the security options the container should be run with.
+                                      If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                      More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+                                    properties:
+                                      allowPrivilegeEscalation:
+                                        description: |-
+                                          AllowPrivilegeEscalation controls whether a process can gain more
+                                          privileges than its parent process. This bool directly controls if
+                                          the no_new_privs flag will be set on the container process.
+                                          AllowPrivilegeEscalation is true always when the container is:
+                                          1) run as Privileged
+                                          2) has CAP_SYS_ADMIN
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      capabilities:
+                                        description: |-
+                                          The capabilities to add/drop when running containers.
+                                          Defaults to the default set of capabilities granted by the container runtime.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          add:
+                                            description: Added capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                          drop:
+                                            description: Removed capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                        type: object
+                                      privileged:
+                                        description: |-
+                                          Run container in privileged mode.
+                                          Processes in privileged containers are essentially equivalent to root on the host.
+                                          Defaults to false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      procMount:
+                                        description: |-
+                                          procMount denotes the type of proc mount to use for the containers.
+                                          The default is DefaultProcMount which uses the container runtime defaults for
+                                          readonly paths and masked paths.
+                                          This requires the ProcMountType feature flag to be enabled.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: string
+                                      readOnlyRootFilesystem:
+                                        description: |-
+                                          Whether this container has a read-only root filesystem.
+                                          Default is false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      runAsGroup:
+                                        description: |-
+                                          The GID to run the entrypoint of the container process.
+                                          Uses runtime default if unset.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      runAsNonRoot:
+                                        description: |-
+                                          Indicates that the container must run as a non-root user.
+                                          If true, the Kubelet will validate the image at runtime to ensure that it
+                                          does not run as UID 0 (root) and fail to start the container if it does.
+                                          If unset or false, no such validation will be performed.
+                                          May also be set in PodSecurityContext.
+                                        type: boolean
+                                      runAsUser:
+                                        description: |-
+                                          The UID to run the entrypoint of the container process.
+                                          Defaults to user specified in image metadata if unspecified.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      seLinuxOptions:
+                                        description: |-
+                                          The SELinux context to be applied to the container.
+                                          If unspecified, the container runtime will allocate a random SELinux context for each
+                                          container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          level:
+                                            description: Level is SELinux level label
+                                              that applies to the container.
+                                            type: string
+                                          role:
+                                            description: Role is a SELinux role label
+                                              that applies to the container.
+                                            type: string
+                                          type:
+                                            description: Type is a SELinux type label
+                                              that applies to the container.
+                                            type: string
+                                          user:
+                                            description: User is a SELinux user label
+                                              that applies to the container.
+                                            type: string
+                                        type: object
+                                      seccompProfile:
+                                        description: |-
+                                          The seccomp options to use by this container. If seccomp options are
+                                          provided at both the pod & container level, the container options
+                                          override the pod options.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          localhostProfile:
+                                            description: |-
+                                              localhostProfile indicates a profile defined in a file on the node should be used.
+                                              The profile must be preconfigured on the node to work.
+                                              Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                              Must be set if type is "Localhost". Must NOT be set for any other type.
+                                            type: string
+                                          type:
+                                            description: |-
+                                              type indicates which kind of seccomp profile will be applied.
+                                              Valid options are:
+
+
+                                              Localhost - a profile defined in a file on the node should be used.
+                                              RuntimeDefault - the container runtime default profile should be used.
+                                              Unconfined - no profile should be applied.
+                                            type: string
+                                        required:
+                                        - type
+                                        type: object
+                                      windowsOptions:
+                                        description: |-
+                                          The Windows specific settings applied to all containers.
+                                          If unspecified, the options from the PodSecurityContext will be used.
+                                          If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is linux.
+                                        properties:
+                                          gmsaCredentialSpec:
+                                            description: |-
+                                              GMSACredentialSpec is where the GMSA admission webhook
+                                              (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                              GMSA credential spec named by the GMSACredentialSpecName field.
+                                            type: string
+                                          gmsaCredentialSpecName:
+                                            description: GMSACredentialSpecName is
+                                              the name of the GMSA credential spec
+                                              to use.
+                                            type: string
+                                          hostProcess:
+                                            description: |-
+                                              HostProcess determines if a container should be run as a 'Host Process' container.
+                                              All of a Pod's containers must have the same effective HostProcess value
+                                              (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                              In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                            type: boolean
+                                          runAsUserName:
+                                            description: |-
+                                              The UserName in Windows to run the entrypoint of the container process.
+                                              Defaults to the user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext. If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: string
+                                        type: object
+                                    type: object
+                                  startupProbe:
+                                    description: |-
+                                      StartupProbe indicates that the Pod has successfully initialized.
+                                      If specified, no other probes are executed until this completes successfully.
+                                      If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  stdin:
+                                    description: |-
+                                      Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                      is not set, reads from stdin in the container will always result in EOF.
+                                      Default is false.
+                                    type: boolean
+                                  stdinOnce:
+                                    description: |-
+                                      Whether the container runtime should close the stdin channel after it has been opened by
+                                      a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                      sessions.
+                                    type: boolean
+                                  terminationMessagePath:
+                                    description: |-
+                                      Optional: Path at which the file to which the container's termination message
+                                      will be written is mounted into the container's filesystem.
+                                      Message written is intended to be brief final status, such as an assertion failure message.
+                                      Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                      all containers will be limited to 12kb.
+                                      Defaults to /dev/termination-log.
+                                    type: string
+                                  terminationMessagePolicy:
+                                    description: |-
+                                      Indicate how the termination message should be populated. File will use the contents of
+                                      terminationMessagePath to populate the container status message on both success and failure.
+                                      FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                      message file is empty and the container exited with an error.
+                                    type: string
+                                  tty:
+                                    description: |-
+                                      Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                      Default is false.
+                                    type: boolean
+                                  volumeDevices:
+                                    description: volumeDevices is the list of block
+                                      devices to be used by the container.
+                                    items:
+                                      description: volumeDevice describes a mapping
+                                        of a raw block device within a container.
+                                      properties:
+                                        devicePath:
+                                          description: devicePath is the path inside
+                                            of the container that the device will
+                                            be mapped to.
+                                          type: string
+                                        name:
+                                          description: name must match the name of
+                                            a persistentVolumeClaim in the pod
+                                          type: string
+                                      required:
+                                      - devicePath
+                                      - name
+                                      type: object
+                                    type: array
+                                  volumeMounts:
+                                    description: |-
+                                      Pod volumes to mount into the container's filesystem.
+                                      Cannot be updated.
+                                    items:
+                                      description: VolumeMount describes a mounting
+                                        of a Volume within a container.
+                                      properties:
+                                        mountPath:
+                                          description: |-
+                                            Path within the container at which the volume should be mounted.  Must
+                                            not contain ':'.
+                                          type: string
+                                        mountPropagation:
+                                          description: |-
+                                            mountPropagation determines how mounts are propagated from the host
+                                            to container and the other way around.
+                                            When not set, MountPropagationNone is used.
+                                            This field is beta in 1.10.
+                                          type: string
+                                        name:
+                                          description: This must match the Name of
+                                            a Volume.
+                                          type: string
+                                        readOnly:
+                                          description: |-
+                                            Mounted read-only if true, read-write otherwise (false or unspecified).
+                                            Defaults to false.
+                                          type: boolean
+                                        subPath:
+                                          description: |-
+                                            Path within the volume from which the container's volume should be mounted.
+                                            Defaults to "" (volume's root).
+                                          type: string
+                                        subPathExpr:
+                                          description: |-
+                                            Expanded path within the volume from which the container's volume should be mounted.
+                                            Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                            Defaults to "" (volume's root).
+                                            SubPathExpr and SubPath are mutually exclusive.
+                                          type: string
+                                      required:
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                  workingDir:
+                                    description: |-
+                                      Container's working directory.
+                                      If not specified, the container runtime's default will be used, which
+                                      might be configured in the container image.
+                                      Cannot be updated.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            nodeName:
+                              description: |-
+                                NodeName is a request to schedule this pod onto a specific node. If it is non-empty,
+                                the scheduler simply schedules this pod onto that node, assuming that it fits resource
+                                requirements.
+                              type: string
+                            nodeSelector:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                NodeSelector is a selector which must be true for the pod to fit on a node.
+                                Selector which must match a node's labels for the pod to be scheduled on that node.
+                                More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            os:
+                              description: |-
+                                Specifies the OS of the containers in the pod.
+                                Some pod and container fields are restricted if this is set.
+
+
+                                If the OS field is set to linux, the following fields must be unset:
+                                -securityContext.windowsOptions
+
+
+                                If the OS field is set to windows, following fields must be unset:
+                                - spec.hostPID
+                                - spec.hostIPC
+                                - spec.hostUsers
+                                - spec.securityContext.seLinuxOptions
+                                - spec.securityContext.
+                              properties:
+                                name:
+                                  description: |-
+                                    Name is the name of the operating system. The currently supported values are linux and windows.
+                                    Additional value may be defined in future and can be one of:
+                                    https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
+                                    Clients should expect to handle additional values and treat unrecognized values in this field as os: null
+                                  type: string
+                              required:
+                              - name
+                              type: object
+                            overhead:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              description: |-
+                                Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.
+                                This field will be autopopulated at admission time by the RuntimeClass admission controller. If
+                                the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.
+                                The RuntimeClass admission controller will reject Pod create requests which have the overhead already
+                                set.
+                              type: object
+                            preemptionPolicy:
+                              description: |-
+                                PreemptionPolicy is the Policy for preempting pods with lower priority.
+                                One of Never, PreemptLowerPriority.
+                                Defaults to PreemptLowerPriority if unset.
+                              type: string
+                            priority:
+                              description: |-
+                                The priority value. Various system components use this field to find the
+                                priority of the pod. When Priority Admission Controller is enabled, it
+                                prevents users from setting this field. The admission controller populates
+                                this field from PriorityClassName.
+                                The higher the value, the higher the priority.
+                              format: int32
+                              type: integer
+                            priorityClassName:
+                              description: |-
+                                If specified, indicates the pod's priority. "system-node-critical" and
+                                "system-cluster-critical" are two special keywords which indicate the
+                                highest priorities with the former being the highest priority. Any other
+                                name must be defined by creating a PriorityClass object with that name.
+                                If not specified, the pod priority will be default or zero if there is no
+                                default.
+                              type: string
+                            readinessGates:
+                              description: |-
+                                If specified, all readiness gates will be evaluated for pod readiness.
+                                A pod is ready when all its containers are ready AND
+                                all conditions specified in the readiness gates have status equal to "True"
+                                More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
+                              items:
+                                description: PodReadinessGate contains the reference
+                                  to a pod condition
+                                properties:
+                                  conditionType:
+                                    description: ConditionType refers to a condition
+                                      in the pod's condition list with matching type.
+                                    type: string
+                                required:
+                                - conditionType
+                                type: object
+                              type: array
+                            resourceClaims:
+                              description: |-
+                                ResourceClaims defines which ResourceClaims must be allocated
+                                and reserved before the Pod is allowed to start. The resources
+                                will be made available to those containers which consume them
+                                by name.
+
+
+                                This is an alpha field and requires enabling the
+                                DynamicResourceAllocation feature gate.
+
+
+                                This field is immutable.
+                              items:
+                                description: |-
+                                  PodResourceClaim references exactly one ResourceClaim through a ClaimSource.
+                                  It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
+                                  Containers that need access to the ResourceClaim reference it with this name.
+                                properties:
+                                  name:
+                                    description: |-
+                                      Name uniquely identifies this resource claim inside the pod.
+                                      This must be a DNS_LABEL.
+                                    type: string
+                                  source:
+                                    description: Source describes where to find the
+                                      ResourceClaim.
+                                    properties:
+                                      resourceClaimName:
+                                        description: |-
+                                          ResourceClaimName is the name of a ResourceClaim object in the same
+                                          namespace as this pod.
+                                        type: string
+                                      resourceClaimTemplateName:
+                                        description: |-
+                                          ResourceClaimTemplateName is the name of a ResourceClaimTemplate
+                                          object in the same namespace as this pod.
+
+
+                                          The template will be used to create a new ResourceClaim, which will
+                                          be bound to this pod. When this pod is deleted, the ResourceClaim
+                                          will also be deleted.
+                                        type: string
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
+                            restartPolicy:
+                              description: |-
+                                Restart policy for all containers within the pod.
+                                One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.
+                                Default to Always.
+                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
+                              type: string
+                            runtimeClassName:
+                              description: |-
+                                RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
+                                to run this pod.  If no RuntimeClass resource matches the named class, the pod will not be run.
+                                If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
+                                empty definition that uses the default runtime handler.
+                                More info: https://git.k8s.
+                              type: string
+                            schedulerName:
+                              description: |-
+                                If specified, the pod will be dispatched by specified scheduler.
+                                If not specified, the pod will be dispatched by default scheduler.
+                              type: string
+                            schedulingGates:
+                              description: |-
+                                SchedulingGates is an opaque list of values that if specified will block scheduling the pod.
+                                If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the
+                                scheduler will not attempt to schedule the pod.
+
+
+                                SchedulingGates can only be set at pod creation time, and be removed only afterwards.
+
+
+                                This is a beta feature enabled by the PodSchedulingReadiness feature gate.
+                              items:
+                                description: PodSchedulingGate is associated to a
+                                  Pod to guard its scheduling.
+                                properties:
+                                  name:
+                                    description: |-
+                                      Name of the scheduling gate.
+                                      Each scheduling gate must have a unique name field.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
+                            securityContext:
+                              description: |-
+                                SecurityContext holds pod-level security attributes and common container settings.
+                                Optional: Defaults to empty.  See type description for default values of each field.
+                              properties:
+                                fsGroup:
+                                  description: |-
+                                    A special supplemental group that applies to all containers in a pod.
+                                    Some volume types allow the Kubelet to change the ownership of that volume
+                                    to be owned by the pod:
+
+
+                                    1. The owning GID will be the FSGroup
+                                    2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
+                                    3.
+                                  format: int64
+                                  type: integer
+                                fsGroupChangePolicy:
+                                  description: |-
+                                    fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
+                                    before being exposed inside Pod. This field will only apply to
+                                    volume types which support fsGroup based ownership(and permissions).
+                                    It will have no effect on ephemeral volume types such as: secret, configmaps
+                                    and emptydir.
+                                    Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
+                                  type: string
+                                runAsGroup:
+                                  description: |-
+                                    The GID to run the entrypoint of the container process.
+                                    Uses runtime default if unset.
+                                    May also be set in SecurityContext.  If set in both SecurityContext and
+                                    PodSecurityContext, the value specified in SecurityContext takes precedence
+                                    for that container.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  format: int64
+                                  type: integer
+                                runAsNonRoot:
+                                  description: |-
+                                    Indicates that the container must run as a non-root user.
+                                    If true, the Kubelet will validate the image at runtime to ensure that it
+                                    does not run as UID 0 (root) and fail to start the container if it does.
+                                    If unset or false, no such validation will be performed.
+                                    May also be set in SecurityContext.
+                                  type: boolean
+                                runAsUser:
+                                  description: |-
+                                    The UID to run the entrypoint of the container process.
+                                    Defaults to user specified in image metadata if unspecified.
+                                    May also be set in SecurityContext.  If set in both SecurityContext and
+                                    PodSecurityContext, the value specified in SecurityContext takes precedence
+                                    for that container.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  format: int64
+                                  type: integer
+                                seLinuxOptions:
+                                  description: |-
+                                    The SELinux context to be applied to all containers.
+                                    If unspecified, the container runtime will allocate a random SELinux context for each
+                                    container.  May also be set in SecurityContext.  If set in
+                                    both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+                                    takes precedence for that container.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  properties:
+                                    level:
+                                      description: Level is SELinux level label that
+                                        applies to the container.
+                                      type: string
+                                    role:
+                                      description: Role is a SELinux role label that
+                                        applies to the container.
+                                      type: string
+                                    type:
+                                      description: Type is a SELinux type label that
+                                        applies to the container.
+                                      type: string
+                                    user:
+                                      description: User is a SELinux user label that
+                                        applies to the container.
+                                      type: string
+                                  type: object
+                                seccompProfile:
+                                  description: |-
+                                    The seccomp options to use by the containers in this pod.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  properties:
+                                    localhostProfile:
+                                      description: |-
+                                        localhostProfile indicates a profile defined in a file on the node should be used.
+                                        The profile must be preconfigured on the node to work.
+                                        Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                        Must be set if type is "Localhost". Must NOT be set for any other type.
+                                      type: string
+                                    type:
+                                      description: |-
+                                        type indicates which kind of seccomp profile will be applied.
+                                        Valid options are:
+
+
+                                        Localhost - a profile defined in a file on the node should be used.
+                                        RuntimeDefault - the container runtime default profile should be used.
+                                        Unconfined - no profile should be applied.
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                supplementalGroups:
+                                  description: |-
+                                    A list of groups applied to the first process run in each container, in addition
+                                    to the container's primary GID, the fsGroup (if specified), and group memberships
+                                    defined in the container image for the uid of the container process. If unspecified,
+                                    no additional groups are added to any container.
+                                  items:
+                                    format: int64
+                                    type: integer
+                                  type: array
+                                sysctls:
+                                  description: |-
+                                    Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
+                                    sysctls (by the container runtime) might fail to launch.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  items:
+                                    description: Sysctl defines a kernel parameter
+                                      to be set
+                                    properties:
+                                      name:
+                                        description: Name of a property to set
+                                        type: string
+                                      value:
+                                        description: Value of a property to set
+                                        type: string
+                                    required:
+                                    - name
+                                    - value
+                                    type: object
+                                  type: array
+                                windowsOptions:
+                                  description: |-
+                                    The Windows specific settings applied to all containers.
+                                    If unspecified, the options within a container's SecurityContext will be used.
+                                    If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                    Note that this field cannot be set when spec.os.name is linux.
+                                  properties:
+                                    gmsaCredentialSpec:
+                                      description: |-
+                                        GMSACredentialSpec is where the GMSA admission webhook
+                                        (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                        GMSA credential spec named by the GMSACredentialSpecName field.
+                                      type: string
+                                    gmsaCredentialSpecName:
+                                      description: GMSACredentialSpecName is the name
+                                        of the GMSA credential spec to use.
+                                      type: string
+                                    hostProcess:
+                                      description: |-
+                                        HostProcess determines if a container should be run as a 'Host Process' container.
+                                        All of a Pod's containers must have the same effective HostProcess value
+                                        (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                        In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                      type: boolean
+                                    runAsUserName:
+                                      description: |-
+                                        The UserName in Windows to run the entrypoint of the container process.
+                                        Defaults to the user specified in image metadata if unspecified.
+                                        May also be set in PodSecurityContext. If set in both SecurityContext and
+                                        PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                      type: string
+                                  type: object
+                              type: object
+                            serviceAccount:
+                              description: |-
+                                DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
+                                Deprecated: Use serviceAccountName instead.
+                              type: string
+                            serviceAccountName:
+                              description: |-
+                                ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+                                More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+                              type: string
+                            setHostnameAsFQDN:
+                              description: |-
+                                If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
+                                In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).
+                              type: boolean
+                            shareProcessNamespace:
+                              description: |-
+                                Share a single process namespace between all of the containers in a pod.
+                                When this is set containers will be able to view and signal processes from other containers
+                                in the same pod, and the first process in each container will not be assigned PID 1.
+                                HostPID and ShareProcessNamespace cannot both be set.
+                                Optional: Default to false.
+                              type: boolean
+                            subdomain:
+                              description: |-
+                                If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>".
+                                If not specified, the pod will not have a domainname at all.
+                              type: string
+                            terminationGracePeriodSeconds:
+                              description: |-
+                                Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.
+                                Value must be non-negative integer. The value zero indicates stop immediately via
+                                the kill signal (no opportunity to shut down).
+                                If this value is nil, the default grace period will be used instead.
+                              format: int64
+                              type: integer
+                            tolerations:
+                              description: If specified, the pod's tolerations.
+                              items:
+                                description: |-
+                                  The pod this Toleration is attached to tolerates any taint that matches
+                                  the triple <key,value,effect> using the matching operator <operator>.
+                                properties:
+                                  effect:
+                                    description: |-
+                                      Effect indicates the taint effect to match. Empty means match all taint effects.
+                                      When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+                                    type: string
+                                  key:
+                                    description: |-
+                                      Key is the taint key that the toleration applies to. Empty means match all taint keys.
+                                      If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+                                    type: string
+                                  operator:
+                                    description: |-
+                                      Operator represents a key's relationship to the value.
+                                      Valid operators are Exists and Equal. Defaults to Equal.
+                                      Exists is equivalent to wildcard for value, so that a pod can
+                                      tolerate all taints of a particular category.
+                                    type: string
+                                  tolerationSeconds:
+                                    description: |-
+                                      TolerationSeconds represents the period of time the toleration (which must be
+                                      of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+                                      it is not set, which means tolerate the taint forever (do not evict). Zero and
+                                      negative values will be treated as 0 (evict immediately) by the system.
+                                    format: int64
+                                    type: integer
+                                  value:
+                                    description: |-
+                                      Value is the taint value the toleration matches to.
+                                      If the operator is Exists, the value should be empty, otherwise just a regular string.
+                                    type: string
+                                type: object
+                              type: array
+                            topologySpreadConstraints:
+                              description: |-
+                                TopologySpreadConstraints describes how a group of pods ought to spread across topology
+                                domains. Scheduler will schedule pods in a way which abides by the constraints.
+                                All topologySpreadConstraints are ANDed.
+                              items:
+                                description: TopologySpreadConstraint specifies how
+                                  to spread matching pods among the given topology.
+                                properties:
+                                  labelSelector:
+                                    description: |-
+                                      LabelSelector is used to find matching pods.
+                                      Pods that match this label selector are counted to determine the number of pods
+                                      in their corresponding topology domain.
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of
+                                          label selector requirements. The requirements
+                                          are ANDed.
+                                        items:
+                                          description: |-
+                                            A label selector requirement is a selector that contains values, a key, and an operator that
+                                            relates the key and values.
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              type: string
+                                            operator:
+                                              description: |-
+                                                operator represents a key's relationship to a set of values.
+                                                Valid operators are In, NotIn, Exists and DoesNotExist.
+                                              type: string
+                                            values:
+                                              description: |-
+                                                values is an array of string values. If the operator is In or NotIn,
+                                                the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                the values array must be empty. This array is replaced during a strategic
+                                                merge patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                          - key
+                                          - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        description: |-
+                                          matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                          map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                          operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  matchLabelKeys:
+                                    description: |-
+                                      MatchLabelKeys is a set of pod label keys to select the pods over which
+                                      spreading will be calculated. The keys are used to lookup values from the
+                                      incoming pod labels, those key-value labels are ANDed with labelSelector
+                                      to select the group of existing pods over which spreading will be calculated
+                                      for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+                                    items:
+                                      type: string
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  maxSkew:
+                                    description: |-
+                                      MaxSkew describes the degree to which pods may be unevenly distributed.
+                                      When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
+                                      between the number of matching pods in the target topology and the global minimum.
+                                      The global minimum is the minimum number of matching pods in an eligible domain
+                                      or zero if the number of eligible domains is less than MinDomains.
+                                    format: int32
+                                    type: integer
+                                  minDomains:
+                                    description: |-
+                                      MinDomains indicates a minimum number of eligible domains.
+                                      When the number of eligible domains with matching topology keys is less than minDomains,
+                                      Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
+                                      And when the number of eligible domains with matching topology keys equals or greater than minDomains,
+                                      this value has no effect on scheduling.
+                                    format: int32
+                                    type: integer
+                                  nodeAffinityPolicy:
+                                    description: |-
+                                      NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
+                                      when calculating pod topology spread skew. Options are:
+                                      - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
+                                      - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
+
+
+                                      If this value is nil, the behavior is equivalent to the Honor policy.
+                                    type: string
+                                  nodeTaintsPolicy:
+                                    description: |-
+                                      NodeTaintsPolicy indicates how we will treat node taints when calculating
+                                      pod topology spread skew. Options are:
+                                      - Honor: nodes without taints, along with tainted nodes for which the incoming pod
+                                      has a toleration, are included.
+                                      - Ignore: node taints are ignored. All nodes are included.
+
+
+                                      If this value is nil, the behavior is equivalent to the Ignore policy.
+                                    type: string
+                                  topologyKey:
+                                    description: |-
+                                      TopologyKey is the key of node labels. Nodes that have a label with this key
+                                      and identical values are considered to be in the same topology.
+                                      We consider each <key, value> as a "bucket", and try to put balanced number
+                                      of pods into each bucket.
+                                      We define a domain as a particular instance of a topology.
+                                    type: string
+                                  whenUnsatisfiable:
+                                    description: |-
+                                      WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
+                                      the spread constraint.
+                                      - DoNotSchedule (default) tells the scheduler not to schedule it.
+                                      - ScheduleAnyway tells the scheduler to schedule the pod in any location,
+                                        but giving higher precedence to topologies that would help reduce the
+                                        skew.
+                                    type: string
+                                required:
+                                - maxSkew
+                                - topologyKey
+                                - whenUnsatisfiable
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - topologyKey
+                              - whenUnsatisfiable
+                              x-kubernetes-list-type: map
+                            volumes:
+                              description: |-
+                                List of volumes that can be mounted by containers belonging to the pod.
+                                More info: https://kubernetes.io/docs/concepts/storage/volumes
+                              items:
+                                description: Volume represents a named volume in a
+                                  pod that may be accessed by any container in the
+                                  pod.
+                                properties:
+                                  awsElasticBlockStore:
+                                    description: |-
+                                      awsElasticBlockStore represents an AWS Disk resource that is attached to a
+                                      kubelet's host machine and then exposed to the pod.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      partition:
+                                        description: |-
+                                          partition is the partition in the volume that you want to mount.
+                                          If omitted, the default is to mount by volume name.
+                                          Examples: For volume /dev/sda1, you specify the partition as "1".
+                                          Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+                                        format: int32
+                                        type: integer
+                                      readOnly:
+                                        description: |-
+                                          readOnly value true will force the readOnly setting in VolumeMounts.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                        type: boolean
+                                      volumeID:
+                                        description: |-
+                                          volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                        type: string
+                                    required:
+                                    - volumeID
+                                    type: object
+                                  azureDisk:
+                                    description: azureDisk represents an Azure Data
+                                      Disk mount on the host and bind mount to the
+                                      pod.
+                                    properties:
+                                      cachingMode:
+                                        description: 'cachingMode is the Host Caching
+                                          mode: None, Read Only, Read Write.'
+                                        type: string
+                                      diskName:
+                                        description: diskName is the Name of the data
+                                          disk in the blob storage
+                                        type: string
+                                      diskURI:
+                                        description: diskURI is the URI of data disk
+                                          in the blob storage
+                                        type: string
+                                      fsType:
+                                        description: |-
+                                          fsType is Filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      kind:
+                                        description: 'kind expected values are Shared:
+                                          multiple blob disks per storage account  Dedicated:
+                                          single blob disk per storage account  Managed:
+                                          azure managed data disk (only in managed
+                                          availability set). defaults to shared'
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                    required:
+                                    - diskName
+                                    - diskURI
+                                    type: object
+                                  azureFile:
+                                    description: azureFile represents an Azure File
+                                      Service mount on the host and bind mount to
+                                      the pod.
+                                    properties:
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretName:
+                                        description: secretName is the  name of secret
+                                          that contains Azure Storage Account Name
+                                          and Key
+                                        type: string
+                                      shareName:
+                                        description: shareName is the azure share
+                                          Name
+                                        type: string
+                                    required:
+                                    - secretName
+                                    - shareName
+                                    type: object
+                                  cephfs:
+                                    description: cephFS represents a Ceph FS mount
+                                      on the host that shares a pod's lifetime
+                                    properties:
+                                      monitors:
+                                        description: |-
+                                          monitors is Required: Monitors is a collection of Ceph monitors
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        items:
+                                          type: string
+                                        type: array
+                                      path:
+                                        description: 'path is Optional: Used as the
+                                          mounted root, rather than the full Ceph
+                                          tree, default is /'
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        type: boolean
+                                      secretFile:
+                                        description: |-
+                                          secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        type: string
+                                      secretRef:
+                                        description: |-
+                                          secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      user:
+                                        description: |-
+                                          user is optional: User is the rados user name, default is admin
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        type: string
+                                    required:
+                                    - monitors
+                                    type: object
+                                  cinder:
+                                    description: |-
+                                      cinder represents a cinder volume attached and mounted on kubelets host machine.
+                                      More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef is optional: points to a secret object containing parameters used to connect
+                                          to OpenStack.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      volumeID:
+                                        description: |-
+                                          volumeID used to identify the volume in cinder.
+                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                        type: string
+                                    required:
+                                    - volumeID
+                                    type: object
+                                  configMap:
+                                    description: configMap represents a configMap
+                                      that should populate this volume
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          defaultMode is optional: mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                          Defaults to 0644.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      items:
+                                        description: |-
+                                          items if unspecified, each key-value pair in the Data field of the referenced
+                                          ConfigMap will be projected into the volume as a file whose name is the
+                                          key and content is the value. If specified, the listed keys will be
+                                          projected into the specified paths, and unlisted keys will not be
+                                          present.
+                                        items:
+                                          description: Maps a string key to a path
+                                            within a volume.
+                                          properties:
+                                            key:
+                                              description: key is the key to project.
+                                              type: string
+                                            mode:
+                                              description: |-
+                                                mode is Optional: mode bits used to set permissions on this file.
+                                                Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                If not specified, the volume defaultMode will be used.
+                                              format: int32
+                                              type: integer
+                                            path:
+                                              description: |-
+                                                path is the relative path of the file to map the key to.
+                                                May not be an absolute path.
+                                                May not contain the path element '..'.
+                                                May not start with the string '..'.
+                                              type: string
+                                          required:
+                                          - key
+                                          - path
+                                          type: object
+                                        type: array
+                                      name:
+                                        description: |-
+                                          Name of the referent.
+                                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                          TODO: Add other useful fields. apiVersion, kind, uid?
+                                        type: string
+                                      optional:
+                                        description: optional specify whether the
+                                          ConfigMap or its keys must be defined
+                                        type: boolean
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  csi:
+                                    description: csi (Container Storage Interface)
+                                      represents ephemeral storage that is handled
+                                      by certain external CSI drivers (Beta feature).
+                                    properties:
+                                      driver:
+                                        description: |-
+                                          driver is the name of the CSI driver that handles this volume.
+                                          Consult with your admin for the correct name as registered in the cluster.
+                                        type: string
+                                      fsType:
+                                        description: |-
+                                          fsType to mount. Ex. "ext4", "xfs", "ntfs".
+                                          If not provided, the empty value is passed to the associated CSI driver
+                                          which will determine the default filesystem to apply.
+                                        type: string
+                                      nodePublishSecretRef:
+                                        description: |-
+                                          nodePublishSecretRef is a reference to the secret object containing
+                                          sensitive information to pass to the CSI driver to complete the CSI
+                                          NodePublishVolume and NodeUnpublishVolume calls.
+                                          This field is optional, and  may be empty if no secret is required. If the
+                                          secret object contains more than one secret, all secret references are passed.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      readOnly:
+                                        description: |-
+                                          readOnly specifies a read-only configuration for the volume.
+                                          Defaults to false (read/write).
+                                        type: boolean
+                                      volumeAttributes:
+                                        additionalProperties:
+                                          type: string
+                                        description: |-
+                                          volumeAttributes stores driver-specific properties that are passed to the CSI
+                                          driver. Consult your driver's documentation for supported values.
+                                        type: object
+                                    required:
+                                    - driver
+                                    type: object
+                                  downwardAPI:
+                                    description: downwardAPI represents downward API
+                                      about the pod that should populate this volume
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          Optional: mode bits to use on created files by default. Must be a
+                                          Optional: mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                          Defaults to 0644.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      items:
+                                        description: Items is a list of downward API
+                                          volume file
+                                        items:
+                                          description: DownwardAPIVolumeFile represents
+                                            information to create the file containing
+                                            the pod field
+                                          properties:
+                                            fieldRef:
+                                              description: 'Required: Selects a field
+                                                of the pod: only annotations, labels,
+                                                name and namespace are supported.'
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            mode:
+                                              description: |-
+                                                Optional: mode bits used to set permissions on this file, must be an octal value
+                                                between 0000 and 0777 or a decimal value between 0 and 511.
+                                                YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                If not specified, the volume defaultMode will be used.
+                                              format: int32
+                                              type: integer
+                                            path:
+                                              description: 'Required: Path is  the
+                                                relative path name of the file to
+                                                be created. Must not be absolute or
+                                                contain the ''..'' path. Must be utf-8
+                                                encoded. The first item of the relative
+                                                path must not start with ''..'''
+                                              type: string
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          required:
+                                          - path
+                                          type: object
+                                        type: array
+                                    type: object
+                                  emptyDir:
+                                    description: |-
+                                      emptyDir represents a temporary directory that shares a pod's lifetime.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+                                    properties:
+                                      medium:
+                                        description: |-
+                                          medium represents what type of storage medium should back this directory.
+                                          The default is "" which means to use the node's default medium.
+                                          Must be an empty string (default) or Memory.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+                                        type: string
+                                      sizeLimit:
+                                        anyOf:
+                                        - type: integer
+                                        - type: string
+                                        description: |-
+                                          sizeLimit is the total amount of local storage required for this EmptyDir volume.
+                                          The size limit is also applicable for memory medium.
+                                          The maximum usage on memory medium EmptyDir would be the minimum value between
+                                          the SizeLimit specified here and the sum of memory limits of all containers in a pod.
+                                          The default is nil which means that the limit is undefined.
+                                          More info: https://kubernetes.
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  ephemeral:
+                                    description: |-
+                                      ephemeral represents a volume that is handled by a cluster storage driver.
+                                      The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
+                                      and deleted when the pod is removed.
+                                    properties:
+                                      volumeClaimTemplate:
+                                        description: |-
+                                          Will be used to create a stand-alone PVC to provision the volume.
+                                          The pod in which this EphemeralVolumeSource is embedded will be the
+                                          owner of the PVC, i.e. the PVC will be deleted together with the
+                                          pod.  The name of the PVC will be `<pod name>-<volume name>` where
+                                          `<volume name>` is the name from the `PodSpec.Volumes` array
+                                          entry.
+                                        properties:
+                                          metadata:
+                                            description: |-
+                                              May contain labels and annotations that will be copied into the PVC
+                                              when creating it. No other fields are allowed and will be rejected during
+                                              validation.
+                                            properties:
+                                              annotations:
+                                                additionalProperties:
+                                                  type: string
+                                                type: object
+                                              finalizers:
+                                                items:
+                                                  type: string
+                                                type: array
+                                              labels:
+                                                additionalProperties:
+                                                  type: string
+                                                type: object
+                                              name:
+                                                type: string
+                                              namespace:
+                                                type: string
+                                            type: object
+                                          spec:
+                                            description: |-
+                                              The specification for the PersistentVolumeClaim. The entire content is
+                                              copied unchanged into the PVC that gets created from this
+                                              template. The same fields as in a PersistentVolumeClaim
+                                              are also valid here.
+                                            properties:
+                                              accessModes:
+                                                description: |-
+                                                  accessModes contains the desired access modes the volume should have.
+                                                  More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+                                                items:
+                                                  type: string
+                                                type: array
+                                              dataSource:
+                                                description: |-
+                                                  dataSource field can be used to specify either:
+                                                  * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+                                                  * An existing PVC (PersistentVolumeClaim)
+                                                  If the provisioner or an external controller can support the specified data source,
+                                                  it will create a new volume based on the contents of the specified data source.
+                                                properties:
+                                                  apiGroup:
+                                                    description: |-
+                                                      APIGroup is the group for the resource being referenced.
+                                                      If APIGroup is not specified, the specified Kind must be in the core API group.
+                                                      For any other third-party types, APIGroup is required.
+                                                    type: string
+                                                  kind:
+                                                    description: Kind is the type
+                                                      of resource being referenced
+                                                    type: string
+                                                  name:
+                                                    description: Name is the name
+                                                      of resource being referenced
+                                                    type: string
+                                                required:
+                                                - kind
+                                                - name
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              dataSourceRef:
+                                                description: |-
+                                                  dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+                                                  volume is desired. This may be any object from a non-empty API group (non
+                                                  core object) or a PersistentVolumeClaim object.
+                                                  When this field is specified, volume binding will only succeed if the type of
+                                                  the specified object matches some installed volume populator or dynamic
+                                                  provisioner.
+                                                properties:
+                                                  apiGroup:
+                                                    description: |-
+                                                      APIGroup is the group for the resource being referenced.
+                                                      If APIGroup is not specified, the specified Kind must be in the core API group.
+                                                      For any other third-party types, APIGroup is required.
+                                                    type: string
+                                                  kind:
+                                                    description: Kind is the type
+                                                      of resource being referenced
+                                                    type: string
+                                                  name:
+                                                    description: Name is the name
+                                                      of resource being referenced
+                                                    type: string
+                                                  namespace:
+                                                    description: |-
+                                                      Namespace is the namespace of resource being referenced
+                                                      Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+                                                      (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+                                                    type: string
+                                                required:
+                                                - kind
+                                                - name
+                                                type: object
+                                              resources:
+                                                description: |-
+                                                  resources represents the minimum resources the volume should have.
+                                                  If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+                                                  that are lower than previous value but must still be higher than capacity recorded in the
+                                                  status field of the claim.
+                                                  More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+                                                properties:
+                                                  limits:
+                                                    additionalProperties:
+                                                      anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    description: |-
+                                                      Limits describes the maximum amount of compute resources allowed.
+                                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                                    type: object
+                                                  requests:
+                                                    additionalProperties:
+                                                      anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    description: |-
+                                                      Requests describes the minimum amount of compute resources required.
+                                                      If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                                      otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                                    type: object
+                                                type: object
+                                              selector:
+                                                description: selector is a label query
+                                                  over volumes to consider for binding.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              storageClassName:
+                                                description: |-
+                                                  storageClassName is the name of the StorageClass required by the claim.
+                                                  More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+                                                type: string
+                                              volumeAttributesClassName:
+                                                description: |-
+                                                  volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+                                                  If specified, the CSI driver will create or update the volume with the attributes defined
+                                                  in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+                                                  it can be changed after the claim is created.
+                                                type: string
+                                              volumeMode:
+                                                description: |-
+                                                  volumeMode defines what type of volume is required by the claim.
+                                                  Value of Filesystem is implied when not included in claim spec.
+                                                type: string
+                                              volumeName:
+                                                description: volumeName is the binding
+                                                  reference to the PersistentVolume
+                                                  backing this claim.
+                                                type: string
+                                            type: object
+                                        required:
+                                        - spec
+                                        type: object
+                                    type: object
+                                  fc:
+                                    description: fc represents a Fibre Channel resource
+                                      that is attached to a kubelet's host machine
+                                      and then exposed to the pod.
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      lun:
+                                        description: 'lun is Optional: FC target lun
+                                          number'
+                                        format: int32
+                                        type: integer
+                                      readOnly:
+                                        description: |-
+                                          readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      targetWWNs:
+                                        description: 'targetWWNs is Optional: FC target
+                                          worldwide names (WWNs)'
+                                        items:
+                                          type: string
+                                        type: array
+                                      wwids:
+                                        description: |-
+                                          wwids Optional: FC volume world wide identifiers (wwids)
+                                          Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+                                        items:
+                                          type: string
+                                        type: array
+                                    type: object
+                                  flexVolume:
+                                    description: |-
+                                      flexVolume represents a generic volume resource that is
+                                      provisioned/attached using an exec based plugin.
+                                    properties:
+                                      driver:
+                                        description: driver is the name of the driver
+                                          to use for this volume.
+                                        type: string
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+                                        type: string
+                                      options:
+                                        additionalProperties:
+                                          type: string
+                                        description: 'options is Optional: this field
+                                          holds extra command options if any.'
+                                        type: object
+                                      readOnly:
+                                        description: |-
+                                          readOnly is Optional: defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef is Optional: secretRef is reference to the secret object containing
+                                          sensitive information to pass to the plugin scripts. This may be
+                                          empty if no secret object is specified. If the secret object
+                                          contains more than one secret, all secrets are passed to the plugin
+                                          scripts.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                    required:
+                                    - driver
+                                    type: object
+                                  flocker:
+                                    description: flocker represents a Flocker volume
+                                      attached to a kubelet's host machine. This depends
+                                      on the Flocker control service being running
+                                    properties:
+                                      datasetName:
+                                        description: |-
+                                          datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
+                                          should be considered as deprecated
+                                        type: string
+                                      datasetUUID:
+                                        description: datasetUUID is the UUID of the
+                                          dataset. This is unique identifier of a
+                                          Flocker dataset
+                                        type: string
+                                    type: object
+                                  gcePersistentDisk:
+                                    description: |-
+                                      gcePersistentDisk represents a GCE Disk resource that is attached to a
+                                      kubelet's host machine and then exposed to the pod.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      partition:
+                                        description: |-
+                                          partition is the partition in the volume that you want to mount.
+                                          If omitted, the default is to mount by volume name.
+                                          Examples: For volume /dev/sda1, you specify the partition as "1".
+                                          Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                        format: int32
+                                        type: integer
+                                      pdName:
+                                        description: |-
+                                          pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the ReadOnly setting in VolumeMounts.
+                                          Defaults to false.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                        type: boolean
+                                    required:
+                                    - pdName
+                                    type: object
+                                  gitRepo:
+                                    description: |-
+                                      gitRepo represents a git repository at a particular revision.
+                                      DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
+                                      EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
+                                      into the Pod's container.
+                                    properties:
+                                      directory:
+                                        description: |-
+                                          directory is the target directory name.
+                                          Must not contain or start with '..'.  If '.' is supplied, the volume directory will be the
+                                          git repository.  Otherwise, if specified, the volume will contain the git repository in
+                                          the subdirectory with the given name.
+                                        type: string
+                                      repository:
+                                        description: repository is the URL
+                                        type: string
+                                      revision:
+                                        description: revision is the commit hash for
+                                          the specified revision.
+                                        type: string
+                                    required:
+                                    - repository
+                                    type: object
+                                  glusterfs:
+                                    description: |-
+                                      glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
+                                      More info: https://examples.k8s.io/volumes/glusterfs/README.md
+                                    properties:
+                                      endpoints:
+                                        description: |-
+                                          endpoints is the endpoint name that details Glusterfs topology.
+                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                        type: string
+                                      path:
+                                        description: |-
+                                          path is the Glusterfs volume path.
+                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
+                                          Defaults to false.
+                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                        type: boolean
+                                    required:
+                                    - endpoints
+                                    - path
+                                    type: object
+                                  hostPath:
+                                    description: |-
+                                      hostPath represents a pre-existing file or directory on the host
+                                      machine that is directly exposed to the container. This is generally
+                                      used for system agents or other privileged things that are allowed
+                                      to see the host machine. Most containers will NOT need this.
+                                      More info: https://kubernetes.
+                                    properties:
+                                      path:
+                                        description: |-
+                                          path of the directory on the host.
+                                          If the path is a symlink, it will follow the link to the real path.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+                                        type: string
+                                      type:
+                                        description: |-
+                                          type for HostPath Volume
+                                          Defaults to ""
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+                                        type: string
+                                    required:
+                                    - path
+                                    type: object
+                                  iscsi:
+                                    description: |-
+                                      iscsi represents an ISCSI Disk resource that is attached to a
+                                      kubelet's host machine and then exposed to the pod.
+                                      More info: https://examples.k8s.io/volumes/iscsi/README.md
+                                    properties:
+                                      chapAuthDiscovery:
+                                        description: chapAuthDiscovery defines whether
+                                          support iSCSI Discovery CHAP authentication
+                                        type: boolean
+                                      chapAuthSession:
+                                        description: chapAuthSession defines whether
+                                          support iSCSI Session CHAP authentication
+                                        type: boolean
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      initiatorName:
+                                        description: |-
+                                          initiatorName is the custom iSCSI Initiator Name.
+                                          If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
+                                          <target portal>:<volume name> will be created for the connection.
+                                        type: string
+                                      iqn:
+                                        description: iqn is the target iSCSI Qualified
+                                          Name.
+                                        type: string
+                                      iscsiInterface:
+                                        description: |-
+                                          iscsiInterface is the interface Name that uses an iSCSI transport.
+                                          Defaults to 'default' (tcp).
+                                        type: string
+                                      lun:
+                                        description: lun represents iSCSI Target Lun
+                                          number.
+                                        format: int32
+                                        type: integer
+                                      portals:
+                                        description: |-
+                                          portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
+                                          is other than default (typically TCP ports 860 and 3260).
+                                        items:
+                                          type: string
+                                        type: array
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the ReadOnly setting in VolumeMounts.
+                                          Defaults to false.
+                                        type: boolean
+                                      secretRef:
+                                        description: secretRef is the CHAP Secret
+                                          for iSCSI target and initiator authentication
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      targetPortal:
+                                        description: |-
+                                          targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
+                                          is other than default (typically TCP ports 860 and 3260).
+                                        type: string
+                                    required:
+                                    - iqn
+                                    - lun
+                                    - targetPortal
+                                    type: object
+                                  name:
+                                    description: |-
+                                      name of the volume.
+                                      Must be a DNS_LABEL and unique within the pod.
+                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    type: string
+                                  nfs:
+                                    description: |-
+                                      nfs represents an NFS mount on the host that shares a pod's lifetime
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                    properties:
+                                      path:
+                                        description: |-
+                                          path that is exported by the NFS server.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the NFS export to be mounted with read-only permissions.
+                                          Defaults to false.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                        type: boolean
+                                      server:
+                                        description: |-
+                                          server is the hostname or IP address of the NFS server.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                        type: string
+                                    required:
+                                    - path
+                                    - server
+                                    type: object
+                                  persistentVolumeClaim:
+                                    description: |-
+                                      persistentVolumeClaimVolumeSource represents a reference to a
+                                      PersistentVolumeClaim in the same namespace.
+                                      More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+                                    properties:
+                                      claimName:
+                                        description: |-
+                                          claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
+                                          More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly Will force the ReadOnly setting in VolumeMounts.
+                                          Default false.
+                                        type: boolean
+                                    required:
+                                    - claimName
+                                    type: object
+                                  photonPersistentDisk:
+                                    description: photonPersistentDisk represents a
+                                      PhotonController persistent disk attached and
+                                      mounted on kubelets host machine
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      pdID:
+                                        description: pdID is the ID that identifies
+                                          Photon Controller persistent disk
+                                        type: string
+                                    required:
+                                    - pdID
+                                    type: object
+                                  portworxVolume:
+                                    description: portworxVolume represents a portworx
+                                      volume attached and mounted on kubelets host
+                                      machine
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fSType represents the filesystem type to mount
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      volumeID:
+                                        description: volumeID uniquely identifies
+                                          a Portworx volume
+                                        type: string
+                                    required:
+                                    - volumeID
+                                    type: object
+                                  projected:
+                                    description: projected items for all in one resources
+                                      secrets, configmaps, and downward API
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          defaultMode are the mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      sources:
+                                        description: sources is the list of volume
+                                          projections
+                                        items:
+                                          description: Projection that may be projected
+                                            along with other supported volume types
+                                          properties:
+                                            clusterTrustBundle:
+                                              description: |-
+                                                ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
+                                                of ClusterTrustBundle objects in an auto-updating file.
+
+
+                                                Alpha, gated by the ClusterTrustBundleProjection feature gate.
+
+
+                                                ClusterTrustBundle objects can either be selected by name, or by the
+                                                combination of signer name and a label selector.
+                                              properties:
+                                                labelSelector:
+                                                  description: |-
+                                                    Select all ClusterTrustBundles that match this label selector.  Only has
+                                                    effect if signerName is set.  Mutually-exclusive with name.  If unset,
+                                                    interpreted as "match nothing".  If set but empty, interpreted as "match
+                                                    everything".
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: |-
+                                                          A label selector requirement is a selector that contains values, a key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: |-
+                                                              operator represents a key's relationship to a set of values.
+                                                              Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: |-
+                                                              values is an array of string values. If the operator is In or NotIn,
+                                                              the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                              the values array must be empty. This array is replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: |-
+                                                        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                        map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                        operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                name:
+                                                  description: |-
+                                                    Select a single ClusterTrustBundle by object name.  Mutually-exclusive
+                                                    with signerName and labelSelector.
+                                                  type: string
+                                                optional:
+                                                  description: |-
+                                                    If true, don't block pod startup if the referenced ClusterTrustBundle(s)
+                                                    aren't available.  If using name, then the named ClusterTrustBundle is
+                                                    allowed not to exist.  If using signerName, then the combination of
+                                                    signerName and labelSelector is allowed to match zero
+                                                    ClusterTrustBundles.
+                                                  type: boolean
+                                                path:
+                                                  description: Relative path from
+                                                    the volume root to write the bundle.
+                                                  type: string
+                                                signerName:
+                                                  description: |-
+                                                    Select all ClusterTrustBundles that match this signer name.
+                                                    Mutually-exclusive with name.  The contents of all selected
+                                                    ClusterTrustBundles will be unified and deduplicated.
+                                                  type: string
+                                              required:
+                                              - path
+                                              type: object
+                                            configMap:
+                                              description: configMap information about
+                                                the configMap data to project
+                                              properties:
+                                                items:
+                                                  description: |-
+                                                    items if unspecified, each key-value pair in the Data field of the referenced
+                                                    ConfigMap will be projected into the volume as a file whose name is the
+                                                    key and content is the value. If specified, the listed keys will be
+                                                    projected into the specified paths, and unlisted keys will not be
+                                                    present.
+                                                  items:
+                                                    description: Maps a string key
+                                                      to a path within a volume.
+                                                    properties:
+                                                      key:
+                                                        description: key is the key
+                                                          to project.
+                                                        type: string
+                                                      mode:
+                                                        description: |-
+                                                          mode is Optional: mode bits used to set permissions on this file.
+                                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                          If not specified, the volume defaultMode will be used.
+                                                        format: int32
+                                                        type: integer
+                                                      path:
+                                                        description: |-
+                                                          path is the relative path of the file to map the key to.
+                                                          May not be an absolute path.
+                                                          May not contain the path element '..'.
+                                                          May not start with the string '..'.
+                                                        type: string
+                                                    required:
+                                                    - key
+                                                    - path
+                                                    type: object
+                                                  type: array
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: optional specify whether
+                                                    the ConfigMap or its keys must
+                                                    be defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            downwardAPI:
+                                              description: downwardAPI information
+                                                about the downwardAPI data to project
+                                              properties:
+                                                items:
+                                                  description: Items is a list of
+                                                    DownwardAPIVolume file
+                                                  items:
+                                                    description: DownwardAPIVolumeFile
+                                                      represents information to create
+                                                      the file containing the pod
+                                                      field
+                                                    properties:
+                                                      fieldRef:
+                                                        description: 'Required: Selects
+                                                          a field of the pod: only
+                                                          annotations, labels, name
+                                                          and namespace are supported.'
+                                                        properties:
+                                                          apiVersion:
+                                                            description: Version of
+                                                              the schema the FieldPath
+                                                              is written in terms
+                                                              of, defaults to "v1".
+                                                            type: string
+                                                          fieldPath:
+                                                            description: Path of the
+                                                              field to select in the
+                                                              specified API version.
+                                                            type: string
+                                                        required:
+                                                        - fieldPath
+                                                        type: object
+                                                        x-kubernetes-map-type: atomic
+                                                      mode:
+                                                        description: |-
+                                                          Optional: mode bits used to set permissions on this file, must be an octal value
+                                                          between 0000 and 0777 or a decimal value between 0 and 511.
+                                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                          If not specified, the volume defaultMode will be used.
+                                                        format: int32
+                                                        type: integer
+                                                      path:
+                                                        description: 'Required: Path
+                                                          is  the relative path name
+                                                          of the file to be created.
+                                                          Must not be absolute or
+                                                          contain the ''..'' path.
+                                                          Must be utf-8 encoded. The
+                                                          first item of the relative
+                                                          path must not start with
+                                                          ''..'''
+                                                        type: string
+                                                      resourceFieldRef:
+                                                        description: |-
+                                                          Selects a resource of the container: only resources limits and requests
+                                                          (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+                                                        properties:
+                                                          containerName:
+                                                            description: 'Container
+                                                              name: required for volumes,
+                                                              optional for env vars'
+                                                            type: string
+                                                          divisor:
+                                                            anyOf:
+                                                            - type: integer
+                                                            - type: string
+                                                            description: Specifies
+                                                              the output format of
+                                                              the exposed resources,
+                                                              defaults to "1"
+                                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                            x-kubernetes-int-or-string: true
+                                                          resource:
+                                                            description: 'Required:
+                                                              resource to select'
+                                                            type: string
+                                                        required:
+                                                        - resource
+                                                        type: object
+                                                        x-kubernetes-map-type: atomic
+                                                    required:
+                                                    - path
+                                                    type: object
+                                                  type: array
+                                              type: object
+                                            secret:
+                                              description: secret information about
+                                                the secret data to project
+                                              properties:
+                                                items:
+                                                  description: |-
+                                                    items if unspecified, each key-value pair in the Data field of the referenced
+                                                    Secret will be projected into the volume as a file whose name is the
+                                                    key and content is the value. If specified, the listed keys will be
+                                                    projected into the specified paths, and unlisted keys will not be
+                                                    present.
+                                                  items:
+                                                    description: Maps a string key
+                                                      to a path within a volume.
+                                                    properties:
+                                                      key:
+                                                        description: key is the key
+                                                          to project.
+                                                        type: string
+                                                      mode:
+                                                        description: |-
+                                                          mode is Optional: mode bits used to set permissions on this file.
+                                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                          If not specified, the volume defaultMode will be used.
+                                                        format: int32
+                                                        type: integer
+                                                      path:
+                                                        description: |-
+                                                          path is the relative path of the file to map the key to.
+                                                          May not be an absolute path.
+                                                          May not contain the path element '..'.
+                                                          May not start with the string '..'.
+                                                        type: string
+                                                    required:
+                                                    - key
+                                                    - path
+                                                    type: object
+                                                  type: array
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: optional field specify
+                                                    whether the Secret or its key
+                                                    must be defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            serviceAccountToken:
+                                              description: serviceAccountToken is
+                                                information about the serviceAccountToken
+                                                data to project
+                                              properties:
+                                                audience:
+                                                  description: |-
+                                                    audience is the intended audience of the token. A recipient of a token
+                                                    must identify itself with an identifier specified in the audience of the
+                                                    token, and otherwise should reject the token. The audience defaults to the
+                                                    identifier of the apiserver.
+                                                  type: string
+                                                expirationSeconds:
+                                                  description: |-
+                                                    expirationSeconds is the requested duration of validity of the service
+                                                    account token. As the token approaches expiration, the kubelet volume
+                                                    plugin will proactively rotate the service account token. The kubelet will
+                                                    start trying to rotate the token if the token is older than 80 percent of
+                                                    its time to live or if the token is older than 24 hours.Defaults to 1 hour
+                                                    and must be at least 10 minutes.
+                                                  format: int64
+                                                  type: integer
+                                                path:
+                                                  description: |-
+                                                    path is the path relative to the mount point of the file to project the
+                                                    token into.
+                                                  type: string
+                                              required:
+                                              - path
+                                              type: object
+                                          type: object
+                                        type: array
+                                    type: object
+                                  quobyte:
+                                    description: quobyte represents a Quobyte mount
+                                      on the host that shares a pod's lifetime
+                                    properties:
+                                      group:
+                                        description: |-
+                                          group to map volume access to
+                                          Default is no group
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the Quobyte volume to be mounted with read-only permissions.
+                                          Defaults to false.
+                                        type: boolean
+                                      registry:
+                                        description: |-
+                                          registry represents a single or multiple Quobyte Registry services
+                                          specified as a string as host:port pair (multiple entries are separated with commas)
+                                          which acts as the central registry for volumes
+                                        type: string
+                                      tenant:
+                                        description: |-
+                                          tenant owning the given Quobyte volume in the Backend
+                                          Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+                                        type: string
+                                      user:
+                                        description: |-
+                                          user to map volume access to
+                                          Defaults to serivceaccount user
+                                        type: string
+                                      volume:
+                                        description: volume is a string that references
+                                          an already created Quobyte volume by name.
+                                        type: string
+                                    required:
+                                    - registry
+                                    - volume
+                                    type: object
+                                  rbd:
+                                    description: |-
+                                      rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
+                                      More info: https://examples.k8s.io/volumes/rbd/README.md
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      image:
+                                        description: |-
+                                          image is the rados image name.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                      keyring:
+                                        description: |-
+                                          keyring is the path to key ring for RBDUser.
+                                          Default is /etc/ceph/keyring.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                      monitors:
+                                        description: |-
+                                          monitors is a collection of Ceph monitors.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        items:
+                                          type: string
+                                        type: array
+                                      pool:
+                                        description: |-
+                                          pool is the rados pool name.
+                                          Default is rbd.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the ReadOnly setting in VolumeMounts.
+                                          Defaults to false.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef is name of the authentication secret for RBDUser. If provided
+                                          overrides keyring.
+                                          Default is nil.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      user:
+                                        description: |-
+                                          user is the rados user name.
+                                          Default is admin.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                    required:
+                                    - image
+                                    - monitors
+                                    type: object
+                                  scaleIO:
+                                    description: scaleIO represents a ScaleIO persistent
+                                      volume attached and mounted on Kubernetes nodes.
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs".
+                                          Default is "xfs".
+                                        type: string
+                                      gateway:
+                                        description: gateway is the host address of
+                                          the ScaleIO API Gateway.
+                                        type: string
+                                      protectionDomain:
+                                        description: protectionDomain is the name
+                                          of the ScaleIO Protection Domain for the
+                                          configured storage.
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef references to the secret for ScaleIO user and other
+                                          sensitive information. If this is not provided, Login operation will fail.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      sslEnabled:
+                                        description: sslEnabled Flag enable/disable
+                                          SSL communication with Gateway, default
+                                          false
+                                        type: boolean
+                                      storageMode:
+                                        description: |-
+                                          storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
+                                          Default is ThinProvisioned.
+                                        type: string
+                                      storagePool:
+                                        description: storagePool is the ScaleIO Storage
+                                          Pool associated with the protection domain.
+                                        type: string
+                                      system:
+                                        description: system is the name of the storage
+                                          system as configured in ScaleIO.
+                                        type: string
+                                      volumeName:
+                                        description: |-
+                                          volumeName is the name of a volume already created in the ScaleIO system
+                                          that is associated with this volume source.
+                                        type: string
+                                    required:
+                                    - gateway
+                                    - secretRef
+                                    - system
+                                    type: object
+                                  secret:
+                                    description: |-
+                                      secret represents a secret that should populate this volume.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          defaultMode is Optional: mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values
+                                          for mode bits. Defaults to 0644.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      items:
+                                        description: |-
+                                          items If unspecified, each key-value pair in the Data field of the referenced
+                                          Secret will be projected into the volume as a file whose name is the
+                                          key and content is the value. If specified, the listed keys will be
+                                          projected into the specified paths, and unlisted keys will not be
+                                          present.
+                                        items:
+                                          description: Maps a string key to a path
+                                            within a volume.
+                                          properties:
+                                            key:
+                                              description: key is the key to project.
+                                              type: string
+                                            mode:
+                                              description: |-
+                                                mode is Optional: mode bits used to set permissions on this file.
+                                                Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                If not specified, the volume defaultMode will be used.
+                                              format: int32
+                                              type: integer
+                                            path:
+                                              description: |-
+                                                path is the relative path of the file to map the key to.
+                                                May not be an absolute path.
+                                                May not contain the path element '..'.
+                                                May not start with the string '..'.
+                                              type: string
+                                          required:
+                                          - key
+                                          - path
+                                          type: object
+                                        type: array
+                                      optional:
+                                        description: optional field specify whether
+                                          the Secret or its keys must be defined
+                                        type: boolean
+                                      secretName:
+                                        description: |-
+                                          secretName is the name of the secret in the pod's namespace to use.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+                                        type: string
+                                    type: object
+                                  storageos:
+                                    description: storageOS represents a StorageOS
+                                      volume attached and mounted on Kubernetes nodes.
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef specifies the secret to use for obtaining the StorageOS API
+                                          credentials.  If not specified, default values will be attempted.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      volumeName:
+                                        description: |-
+                                          volumeName is the human-readable name of the StorageOS volume.  Volume
+                                          names are only unique within a namespace.
+                                        type: string
+                                      volumeNamespace:
+                                        description: |-
+                                          volumeNamespace specifies the scope of the volume within StorageOS.  If no
+                                          namespace is specified then the Pod's namespace will be used.  This allows the
+                                          Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
+                                          Set VolumeName to any name to override the default behaviour.
+                                          Set to "default" if you are not using namespaces within StorageOS.
+                                        type: string
+                                    type: object
+                                  vsphereVolume:
+                                    description: vsphereVolume represents a vSphere
+                                      volume attached and mounted on kubelets host
+                                      machine
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      storagePolicyID:
+                                        description: storagePolicyID is the storage
+                                          Policy Based Management (SPBM) profile ID
+                                          associated with the StoragePolicyName.
+                                        type: string
+                                      storagePolicyName:
+                                        description: storagePolicyName is the storage
+                                          Policy Based Management (SPBM) profile name.
+                                        type: string
+                                      volumePath:
+                                        description: volumePath is the path that identifies
+                                          vSphere volume vmdk
+                                        type: string
+                                    required:
+                                    - volumePath
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                          required:
+                          - containers
+                          type: object
+                      type: object
+                  type: object
+                description: |-
+                  A map of PyTorchReplicaType (type) to ReplicaSpec (value). Specifies the PyTorch cluster configuration.
+                  For example,
+                    {
+                      "Master": PyTorchReplicaSpec,
+                      "Worker": PyTorchReplicaSpec,
+                    }
+                type: object
+              runPolicy:
+                description: |-
+                  RunPolicy encapsulates various runtime policies of the distributed training
+                  job, for example how to clean up resources and how long the job can stay
+                  active.
+                properties:
+                  activeDeadlineSeconds:
+                    description: |-
+                      Specifies the duration in seconds relative to the startTime that the job may be active
+                      before the system tries to terminate it; value must be positive integer.
+                    format: int64
+                    type: integer
+                  backoffLimit:
+                    description: Optional number of retries before marking this job
+                      failed.
+                    format: int32
+                    type: integer
+                  cleanPodPolicy:
+                    description: |-
+                      CleanPodPolicy defines the policy to kill pods after the job completes.
+                      Default to None.
+                    type: string
+                  schedulingPolicy:
+                    description: SchedulingPolicy defines the policy related to scheduling,
+                      e.g. gang-scheduling
+                    properties:
+                      minAvailable:
+                        format: int32
+                        type: integer
+                      minResources:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        type: object
+                      priorityClass:
+                        type: string
+                      queue:
+                        type: string
+                        x-kubernetes-validations:
+                        - message: spec.runPolicy.schedulingPolicy.queue is immutable
+                          rule: self == oldSelf
+                      scheduleTimeoutSeconds:
+                        format: int32
+                        type: integer
+                    type: object
+                  suspend:
+                    default: false
+                    description: |-
+                      suspend specifies whether the Job controller should create Pods or not.
+                      If a Job is created with suspend set to true, no Pods are created by
+                      the Job controller. If a Job is suspended after creation (i.e. the
+                      flag goes from false to true), the Job controller will delete all
+                      active Pods and PodGroups associated with this Job.
+                      Users must design their workload to gracefully handle this.
+                    type: boolean
+                  ttlSecondsAfterFinished:
+                    description: |-
+                      TTLSecondsAfterFinished is the TTL to clean up jobs.
+                      It may take extra ReconcilePeriod seconds for the cleanup, since
+                      reconcile gets called periodically.
+                      Default to infinite.
+                    format: int32
+                    type: integer
+                type: object
+            required:
+            - pytorchReplicaSpecs
+            type: object
+          status:
+            description: |-
+              Most recently observed status of the PyTorchJob.
+              Read-only (modified by the system).
+            properties:
+              completionTime:
+                description: |-
+                  Represents time when the job was completed. It is not guaranteed to
+                  be set in happens-before order across separate operations.
+                  It is represented in RFC3339 form and is in UTC.
+                format: date-time
+                type: string
+              conditions:
+                description: Conditions is an array of current observed job conditions.
+                items:
+                  description: JobCondition describes the state of the job at a certain
+                    point.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another.
+                      format: date-time
+                      type: string
+                    lastUpdateTime:
+                      description: The last time this condition was updated.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of job condition.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              lastReconcileTime:
+                description: |-
+                  Represents last time when the job was reconciled. It is not guaranteed to
+                  be set in happens-before order across separate operations.
+                  It is represented in RFC3339 form and is in UTC.
+                format: date-time
+                type: string
+              replicaStatuses:
+                additionalProperties:
+                  description: ReplicaStatus represents the current observed state
+                    of the replica.
+                  properties:
+                    active:
+                      description: The number of actively running pods.
+                      format: int32
+                      type: integer
+                    failed:
+                      description: The number of pods which reached phase Failed.
+                      format: int32
+                      type: integer
+                    labelSelector:
+                      description: 'Deprecated: Use Selector instead'
+                      properties:
+                        matchExpressions:
+                          description: matchExpressions is a list of label selector
+                            requirements. The requirements are ANDed.
+                          items:
+                            description: |-
+                              A label selector requirement is a selector that contains values, a key, and an operator that
+                              relates the key and values.
+                            properties:
+                              key:
+                                description: key is the label key that the selector
+                                  applies to.
+                                type: string
+                              operator:
+                                description: |-
+                                  operator represents a key's relationship to a set of values.
+                                  Valid operators are In, NotIn, Exists and DoesNotExist.
+                                type: string
+                              values:
+                                description: |-
+                                  values is an array of string values. If the operator is In or NotIn,
+                                  the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                  the values array must be empty. This array is replaced during a strategic
+                                  merge patch.
+                                items:
+                                  type: string
+                                type: array
+                            required:
+                            - key
+                            - operator
+                            type: object
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: |-
+                            matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                            map is equivalent to an element of matchExpressions, whose key field is "key", the
+                            operator is "In", and the values array contains only "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                      x-kubernetes-map-type: atomic
+                    selector:
+                      description: |-
+                        A Selector is a label query over a set of resources. The result of matchLabels and
+                        matchExpressions are ANDed. An empty Selector matches all objects. A null
+                        Selector matches no objects.
+                      type: string
+                    succeeded:
+                      description: The number of pods which reached phase Succeeded.
+                      format: int32
+                      type: integer
+                  type: object
+                description: |-
+                  ReplicaStatuses is map of ReplicaType and ReplicaStatus,
+                  specifies the status of each replica.
+                type: object
+              startTime:
+                description: |-
+                  Represents time when the job was acknowledged by the job controller.
+                  It is not guaranteed to be set in happens-before order across separate operations.
+                  It is represented in RFC3339 form and is in UTC.
+                format: date-time
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      scale:
+        labelSelectorPath: .status.replicaStatuses.Worker.selector
+        specReplicasPath: .spec.pytorchReplicaSpecs.Worker.replicas
+        statusReplicasPath: .status.replicaStatuses.Worker.active
+      status: {}
+{{- end }}
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_tfjobs.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_tfjobs.yaml
new file mode 100644
index 00000000..880af9a4
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_tfjobs.yaml
@@ -0,0 +1,7546 @@
+{{- if (include "kubeflowCrds.trainingOperator.enabled" . | eq "true") -}}
+{{- if .Values.crds.minimized }}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }}
+  name: {{ include "kubeflowCrds.trainingOperator.tfFullName" . }}
+spec:
+  group: {{ include "kubeflowCrds.trainingOperator.group" . }}
+  names:
+    kind: TFJob
+    listKind: TFJobList
+    plural: {{ include "kubeflowCrds.trainingOperator.tfPluralName" . }}
+    singular: {{ include "kubeflowCrds.trainingOperator.tfSingularName" . }}
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[-1:].type
+      name: State
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1
+    schema:
+      openAPIV3Schema:
+        description: TFJob represents a TFJob resource.
+        type: object
+        x-kubernetes-preserve-unknown-fields: true
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+{{- else }}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }}
+  name: {{ include "kubeflowCrds.trainingOperator.tfFullName" . }}
+spec:
+  group: {{ include "kubeflowCrds.trainingOperator.group" . }}
+  names:
+    kind: TFJob
+    listKind: TFJobList
+    plural: {{ include "kubeflowCrds.trainingOperator.tfPluralName" . }}
+    singular: {{ include "kubeflowCrds.trainingOperator.tfSingularName" . }}
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[-1:].type
+      name: State
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1
+    schema:
+      openAPIV3Schema:
+        description: TFJob represents a TFJob resource.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Specification of the desired state of the TFJob.
+            properties:
+              enableDynamicWorker:
+                description: A switch to enable dynamic worker
+                type: boolean
+              runPolicy:
+                description: |-
+                  RunPolicy encapsulates various runtime policies of the distributed training
+                  job, for example how to clean up resources and how long the job can stay
+                  active.
+                properties:
+                  activeDeadlineSeconds:
+                    description: |-
+                      Specifies the duration in seconds relative to the startTime that the job may be active
+                      before the system tries to terminate it; value must be positive integer.
+                    format: int64
+                    type: integer
+                  backoffLimit:
+                    description: Optional number of retries before marking this job
+                      failed.
+                    format: int32
+                    type: integer
+                  cleanPodPolicy:
+                    description: |-
+                      CleanPodPolicy defines the policy to kill pods after the job completes.
+                      Default to None.
+                    type: string
+                  schedulingPolicy:
+                    description: SchedulingPolicy defines the policy related to scheduling,
+                      e.g. gang-scheduling
+                    properties:
+                      minAvailable:
+                        format: int32
+                        type: integer
+                      minResources:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        type: object
+                      priorityClass:
+                        type: string
+                      queue:
+                        type: string
+                        x-kubernetes-validations:
+                        - message: spec.runPolicy.schedulingPolicy.queue is immutable
+                          rule: self == oldSelf
+                      scheduleTimeoutSeconds:
+                        format: int32
+                        type: integer
+                    type: object
+                  suspend:
+                    default: false
+                    description: |-
+                      suspend specifies whether the Job controller should create Pods or not.
+                      If a Job is created with suspend set to true, no Pods are created by
+                      the Job controller. If a Job is suspended after creation (i.e. the
+                      flag goes from false to true), the Job controller will delete all
+                      active Pods and PodGroups associated with this Job.
+                      Users must design their workload to gracefully handle this.
+                    type: boolean
+                  ttlSecondsAfterFinished:
+                    description: |-
+                      TTLSecondsAfterFinished is the TTL to clean up jobs.
+                      It may take extra ReconcilePeriod seconds for the cleanup, since
+                      reconcile gets called periodically.
+                      Default to infinite.
+                    format: int32
+                    type: integer
+                type: object
+              successPolicy:
+                description: |-
+                  SuccessPolicy defines the policy to mark the TFJob as succeeded.
+                  Default to "", using the default rules.
+                type: string
+              tfReplicaSpecs:
+                additionalProperties:
+                  description: ReplicaSpec is a description of the replica
+                  properties:
+                    replicas:
+                      description: |-
+                        Replicas is the desired number of replicas of the given template.
+                        If unspecified, defaults to 1.
+                      format: int32
+                      type: integer
+                    restartPolicy:
+                      description: |-
+                        Restart policy for all replicas within the job.
+                        One of Always, OnFailure, Never and ExitCode.
+                        Default to Never.
+                      type: string
+                    template:
+                      description: |-
+                        Template is the object that describes the pod that
+                        will be created for this replica. RestartPolicy in PodTemplateSpec
+                        will be overide by RestartPolicy in ReplicaSpec
+                      properties:
+                        metadata:
+                          description: |-
+                            Standard object's metadata.
+                            More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+                          properties:
+                            annotations:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            finalizers:
+                              items:
+                                type: string
+                              type: array
+                            labels:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                          type: object
+                        spec:
+                          description: |-
+                            Specification of the desired behavior of the pod.
+                            More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+                          properties:
+                            activeDeadlineSeconds:
+                              description: |-
+                                Optional duration in seconds the pod may be active on the node relative to
+                                StartTime before the system will actively try to mark it failed and kill associated containers.
+                                Value must be a positive integer.
+                              format: int64
+                              type: integer
+                            affinity:
+                              description: If specified, the pod's scheduling constraints
+                              properties:
+                                nodeAffinity:
+                                  description: Describes node affinity scheduling
+                                    rules for the pod.
+                                  properties:
+                                    preferredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        The scheduler will prefer to schedule pods to nodes that satisfy
+                                        the affinity expressions specified by this field, but it may choose
+                                        a node that violates one or more of the expressions. The node that is
+                                        most preferred is the one with the greatest sum of weights, i.e.
+                                        for each node that meets all of the scheduling requirements (resource
+                                        request, requiredDuringScheduling affinity expressions, etc.
+                                      items:
+                                        description: |-
+                                          An empty preferred scheduling term matches all objects with implicit weight 0
+                                          (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+                                        properties:
+                                          preference:
+                                            description: A node selector term, associated
+                                              with the corresponding weight.
+                                            properties:
+                                              matchExpressions:
+                                                description: A list of node selector
+                                                  requirements by node's labels.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchFields:
+                                                description: A list of node selector
+                                                  requirements by node's fields.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          weight:
+                                            description: Weight associated with matching
+                                              the corresponding nodeSelectorTerm,
+                                              in the range 1-100.
+                                            format: int32
+                                            type: integer
+                                        required:
+                                        - preference
+                                        - weight
+                                        type: object
+                                      type: array
+                                    requiredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        If the affinity requirements specified by this field are not met at
+                                        scheduling time, the pod will not be scheduled onto the node.
+                                        If the affinity requirements specified by this field cease to be met
+                                        at some point during pod execution (e.g. due to an update), the system
+                                        may or may not try to eventually evict the pod from its node.
+                                      properties:
+                                        nodeSelectorTerms:
+                                          description: Required. A list of node selector
+                                            terms. The terms are ORed.
+                                          items:
+                                            description: |-
+                                              A null or empty node selector term matches no objects. The requirements of
+                                              them are ANDed.
+                                              The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+                                            properties:
+                                              matchExpressions:
+                                                description: A list of node selector
+                                                  requirements by node's labels.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchFields:
+                                                description: A list of node selector
+                                                  requirements by node's fields.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          type: array
+                                      required:
+                                      - nodeSelectorTerms
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                  type: object
+                                podAffinity:
+                                  description: Describes pod affinity scheduling rules
+                                    (e.g. co-locate this pod in the same node, zone,
+                                    etc. as some other pod(s)).
+                                  properties:
+                                    preferredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        The scheduler will prefer to schedule pods to nodes that satisfy
+                                        the affinity expressions specified by this field, but it may choose
+                                        a node that violates one or more of the expressions. The node that is
+                                        most preferred is the one with the greatest sum of weights, i.e.
+                                        for each node that meets all of the scheduling requirements (resource
+                                        request, requiredDuringScheduling affinity expressions, etc.
+                                      items:
+                                        description: The weights of all of the matched
+                                          WeightedPodAffinityTerm fields are added
+                                          per-node to find the most preferred node(s)
+                                        properties:
+                                          podAffinityTerm:
+                                            description: Required. A pod affinity
+                                              term, associated with the corresponding
+                                              weight.
+                                            properties:
+                                              labelSelector:
+                                                description: |-
+                                                  A label query over a set of resources, in this case pods.
+                                                  If it's null, this PodAffinityTerm matches with no Pods.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              matchLabelKeys:
+                                                description: |-
+                                                  MatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              mismatchLabelKeys:
+                                                description: |-
+                                                  MismatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              namespaceSelector:
+                                                description: |-
+                                                  A label query over the set of namespaces that the term applies to.
+                                                  The term is applied to the union of the namespaces selected by this field
+                                                  and the ones listed in the namespaces field.
+                                                  null selector and null or empty namespaces list means "this pod's namespace".
+                                                  An empty selector ({}) matches all namespaces.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              namespaces:
+                                                description: |-
+                                                  namespaces specifies a static list of namespace names that the term applies to.
+                                                  The term is applied to the union of the namespaces listed in this field
+                                                  and the ones selected by namespaceSelector.
+                                                  null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                                items:
+                                                  type: string
+                                                type: array
+                                              topologyKey:
+                                                description: |-
+                                                  This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                                  the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                                  whose value of the label with key topologyKey matches that of any node on which any of the
+                                                  selected pods is running.
+                                                  Empty topologyKey is not allowed.
+                                                type: string
+                                            required:
+                                            - topologyKey
+                                            type: object
+                                          weight:
+                                            description: |-
+                                              weight associated with matching the corresponding podAffinityTerm,
+                                              in the range 1-100.
+                                            format: int32
+                                            type: integer
+                                        required:
+                                        - podAffinityTerm
+                                        - weight
+                                        type: object
+                                      type: array
+                                    requiredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        If the affinity requirements specified by this field are not met at
+                                        scheduling time, the pod will not be scheduled onto the node.
+                                        If the affinity requirements specified by this field cease to be met
+                                        at some point during pod execution (e.g. due to a pod label update), the
+                                        system may or may not try to eventually evict the pod from its node.
+                                      items:
+                                        description: |-
+                                          Defines a set of pods (namely those matching the labelSelector
+                                          relative to the given namespace(s)) that this pod should be
+                                          co-located (affinity) or not co-located (anti-affinity) with,
+                                          where co-located is defined as running on a node whose value of
+                                          the label with key <topologyKey> matches that of any node on which
+                                          a pod of the set of pods is running
+                                        properties:
+                                          labelSelector:
+                                            description: |-
+                                              A label query over a set of resources, in this case pods.
+                                              If it's null, this PodAffinityTerm matches with no Pods.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          matchLabelKeys:
+                                            description: |-
+                                              MatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          mismatchLabelKeys:
+                                            description: |-
+                                              MismatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          namespaceSelector:
+                                            description: |-
+                                              A label query over the set of namespaces that the term applies to.
+                                              The term is applied to the union of the namespaces selected by this field
+                                              and the ones listed in the namespaces field.
+                                              null selector and null or empty namespaces list means "this pod's namespace".
+                                              An empty selector ({}) matches all namespaces.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          namespaces:
+                                            description: |-
+                                              namespaces specifies a static list of namespace names that the term applies to.
+                                              The term is applied to the union of the namespaces listed in this field
+                                              and the ones selected by namespaceSelector.
+                                              null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                            items:
+                                              type: string
+                                            type: array
+                                          topologyKey:
+                                            description: |-
+                                              This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                              the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                              whose value of the label with key topologyKey matches that of any node on which any of the
+                                              selected pods is running.
+                                              Empty topologyKey is not allowed.
+                                            type: string
+                                        required:
+                                        - topologyKey
+                                        type: object
+                                      type: array
+                                  type: object
+                                podAntiAffinity:
+                                  description: Describes pod anti-affinity scheduling
+                                    rules (e.g. avoid putting this pod in the same
+                                    node, zone, etc. as some other pod(s)).
+                                  properties:
+                                    preferredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        The scheduler will prefer to schedule pods to nodes that satisfy
+                                        the anti-affinity expressions specified by this field, but it may choose
+                                        a node that violates one or more of the expressions. The node that is
+                                        most preferred is the one with the greatest sum of weights, i.e.
+                                      items:
+                                        description: The weights of all of the matched
+                                          WeightedPodAffinityTerm fields are added
+                                          per-node to find the most preferred node(s)
+                                        properties:
+                                          podAffinityTerm:
+                                            description: Required. A pod affinity
+                                              term, associated with the corresponding
+                                              weight.
+                                            properties:
+                                              labelSelector:
+                                                description: |-
+                                                  A label query over a set of resources, in this case pods.
+                                                  If it's null, this PodAffinityTerm matches with no Pods.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              matchLabelKeys:
+                                                description: |-
+                                                  MatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              mismatchLabelKeys:
+                                                description: |-
+                                                  MismatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              namespaceSelector:
+                                                description: |-
+                                                  A label query over the set of namespaces that the term applies to.
+                                                  The term is applied to the union of the namespaces selected by this field
+                                                  and the ones listed in the namespaces field.
+                                                  null selector and null or empty namespaces list means "this pod's namespace".
+                                                  An empty selector ({}) matches all namespaces.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              namespaces:
+                                                description: |-
+                                                  namespaces specifies a static list of namespace names that the term applies to.
+                                                  The term is applied to the union of the namespaces listed in this field
+                                                  and the ones selected by namespaceSelector.
+                                                  null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                                items:
+                                                  type: string
+                                                type: array
+                                              topologyKey:
+                                                description: |-
+                                                  This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                                  the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                                  whose value of the label with key topologyKey matches that of any node on which any of the
+                                                  selected pods is running.
+                                                  Empty topologyKey is not allowed.
+                                                type: string
+                                            required:
+                                            - topologyKey
+                                            type: object
+                                          weight:
+                                            description: |-
+                                              weight associated with matching the corresponding podAffinityTerm,
+                                              in the range 1-100.
+                                            format: int32
+                                            type: integer
+                                        required:
+                                        - podAffinityTerm
+                                        - weight
+                                        type: object
+                                      type: array
+                                    requiredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        If the anti-affinity requirements specified by this field are not met at
+                                        scheduling time, the pod will not be scheduled onto the node.
+                                        If the anti-affinity requirements specified by this field cease to be met
+                                        at some point during pod execution (e.g. due to a pod label update), the
+                                        system may or may not try to eventually evict the pod from its node.
+                                      items:
+                                        description: |-
+                                          Defines a set of pods (namely those matching the labelSelector
+                                          relative to the given namespace(s)) that this pod should be
+                                          co-located (affinity) or not co-located (anti-affinity) with,
+                                          where co-located is defined as running on a node whose value of
+                                          the label with key <topologyKey> matches that of any node on which
+                                          a pod of the set of pods is running
+                                        properties:
+                                          labelSelector:
+                                            description: |-
+                                              A label query over a set of resources, in this case pods.
+                                              If it's null, this PodAffinityTerm matches with no Pods.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          matchLabelKeys:
+                                            description: |-
+                                              MatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          mismatchLabelKeys:
+                                            description: |-
+                                              MismatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          namespaceSelector:
+                                            description: |-
+                                              A label query over the set of namespaces that the term applies to.
+                                              The term is applied to the union of the namespaces selected by this field
+                                              and the ones listed in the namespaces field.
+                                              null selector and null or empty namespaces list means "this pod's namespace".
+                                              An empty selector ({}) matches all namespaces.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          namespaces:
+                                            description: |-
+                                              namespaces specifies a static list of namespace names that the term applies to.
+                                              The term is applied to the union of the namespaces listed in this field
+                                              and the ones selected by namespaceSelector.
+                                              null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                            items:
+                                              type: string
+                                            type: array
+                                          topologyKey:
+                                            description: |-
+                                              This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                              the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                              whose value of the label with key topologyKey matches that of any node on which any of the
+                                              selected pods is running.
+                                              Empty topologyKey is not allowed.
+                                            type: string
+                                        required:
+                                        - topologyKey
+                                        type: object
+                                      type: array
+                                  type: object
+                              type: object
+                            automountServiceAccountToken:
+                              description: AutomountServiceAccountToken indicates
+                                whether a service account token should be automatically
+                                mounted.
+                              type: boolean
+                            containers:
+                              description: |-
+                                List of containers belonging to the pod.
+                                Containers cannot currently be added or removed.
+                                There must be at least one container in a Pod.
+                                Cannot be updated.
+                              items:
+                                description: A single application container that you
+                                  want to run within a pod.
+                                properties:
+                                  args:
+                                    description: |-
+                                      Arguments to the entrypoint.
+                                      The container image's CMD is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  command:
+                                    description: |-
+                                      Entrypoint array. Not executed within a shell.
+                                      The container image's ENTRYPOINT is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  env:
+                                    description: |-
+                                      List of environment variables to set in the container.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvVar represents an environment
+                                        variable present in a Container.
+                                      properties:
+                                        name:
+                                          description: Name of the environment variable.
+                                            Must be a C_IDENTIFIER.
+                                          type: string
+                                        value:
+                                          description: |-
+                                            Variable references $(VAR_NAME) are expanded
+                                            using the previously defined environment variables in the container and
+                                            any service environment variables. If a variable cannot be resolved,
+                                            the reference in the input string will be unchanged. Double $$ are reduced
+                                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                          type: string
+                                        valueFrom:
+                                          description: Source for the environment
+                                            variable's value. Cannot be used if value
+                                            is not empty.
+                                          properties:
+                                            configMapKeyRef:
+                                              description: Selects a key of a ConfigMap.
+                                              properties:
+                                                key:
+                                                  description: The key to select.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    ConfigMap or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            fieldRef:
+                                              description: |-
+                                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            secretKeyRef:
+                                              description: Selects a key of a secret
+                                                in the pod's namespace
+                                              properties:
+                                                key:
+                                                  description: The key of the secret
+                                                    to select from.  Must be a valid
+                                                    secret key.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    Secret or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  envFrom:
+                                    description: |-
+                                      List of sources to populate environment variables in the container.
+                                      The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                      will be reported as an event when the container is starting. When a key exists in multiple
+                                      sources, the value associated with the last source will take precedence.
+                                      Values defined by an Env with a duplicate key will take precedence.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvFromSource represents the source
+                                        of a set of ConfigMaps
+                                      properties:
+                                        configMapRef:
+                                          description: The ConfigMap to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the ConfigMap
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        prefix:
+                                          description: An optional identifier to prepend
+                                            to each key in the ConfigMap. Must be
+                                            a C_IDENTIFIER.
+                                          type: string
+                                        secretRef:
+                                          description: The Secret to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the Secret
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                      type: object
+                                    type: array
+                                  image:
+                                    description: |-
+                                      Container image name.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images
+                                      This field is optional to allow higher level config management to default or override
+                                      container images in workload controllers like Deployments and StatefulSets.
+                                    type: string
+                                  imagePullPolicy:
+                                    description: |-
+                                      Image pull policy.
+                                      One of Always, Never, IfNotPresent.
+                                      Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                    type: string
+                                  lifecycle:
+                                    description: |-
+                                      Actions that the management system should take in response to container lifecycle events.
+                                      Cannot be updated.
+                                    properties:
+                                      postStart:
+                                        description: |-
+                                          PostStart is called immediately after a container is created. If the handler fails,
+                                          the container is terminated and restarted according to its restart policy.
+                                          Other management of the container blocks until the hook completes.
+                                          More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                      preStop:
+                                        description: |-
+                                          PreStop is called immediately before a container is terminated due to an
+                                          API request or management event such as liveness/startup probe failure,
+                                          preemption, resource contention, etc. The handler is not called if the
+                                          container crashes or exits. The Pod's termination grace period countdown begins before the
+                                          PreStop hook is executed.
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                    type: object
+                                  livenessProbe:
+                                    description: |-
+                                      Periodic probe of container liveness.
+                                      Container will be restarted if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  name:
+                                    description: |-
+                                      Name of the container specified as a DNS_LABEL.
+                                      Each container in a pod must have a unique name (DNS_LABEL).
+                                      Cannot be updated.
+                                    type: string
+                                  ports:
+                                    description: |-
+                                      List of ports to expose from the container. Not specifying a port here
+                                      DOES NOT prevent that port from being exposed. Any port which is
+                                      listening on the default "0.0.0.0" address inside a container will be
+                                      accessible from the network.
+                                      Modifying this array with strategic merge patch may corrupt the data.
+                                      For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+                                    items:
+                                      description: ContainerPort represents a network
+                                        port in a single container.
+                                      properties:
+                                        containerPort:
+                                          description: |-
+                                            Number of port to expose on the pod's IP address.
+                                            This must be a valid port number, 0 < x < 65536.
+                                          format: int32
+                                          type: integer
+                                        hostIP:
+                                          description: What host IP to bind the external
+                                            port to.
+                                          type: string
+                                        hostPort:
+                                          description: |-
+                                            Number of port to expose on the host.
+                                            If specified, this must be a valid port number, 0 < x < 65536.
+                                            If HostNetwork is specified, this must match ContainerPort.
+                                            Most containers do not need this.
+                                          format: int32
+                                          type: integer
+                                        name:
+                                          description: |-
+                                            If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                            named port in a pod must have a unique name. Name for the port that can be
+                                            referred to by services.
+                                          type: string
+                                        protocol:
+                                          default: TCP
+                                          description: |-
+                                            Protocol for port. Must be UDP, TCP, or SCTP.
+                                            Defaults to "TCP".
+                                          type: string
+                                      required:
+                                      - containerPort
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-map-keys:
+                                    - containerPort
+                                    - protocol
+                                    x-kubernetes-list-type: map
+                                  readinessProbe:
+                                    description: |-
+                                      Periodic probe of container service readiness.
+                                      Container will be removed from service endpoints if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  resizePolicy:
+                                    description: Resources resize policy for the container.
+                                    items:
+                                      description: ContainerResizePolicy represents
+                                        resource resize policy for the container.
+                                      properties:
+                                        resourceName:
+                                          description: |-
+                                            Name of the resource to which this resource resize policy applies.
+                                            Supported values: cpu, memory.
+                                          type: string
+                                        restartPolicy:
+                                          description: |-
+                                            Restart policy to apply when specified resource is resized.
+                                            If not specified, it defaults to NotRequired.
+                                          type: string
+                                      required:
+                                      - resourceName
+                                      - restartPolicy
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  resources:
+                                    description: |-
+                                      Compute Resources required by this container.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                    properties:
+                                      claims:
+                                        description: |-
+                                          Claims lists the names of resources, defined in spec.resourceClaims,
+                                          that are used by this container.
+
+
+                                          This is an alpha field and requires enabling the
+                                          DynamicResourceAllocation feature gate.
+
+
+                                          This field is immutable. It can only be set for containers.
+                                        items:
+                                          description: ResourceClaim references one
+                                            entry in PodSpec.ResourceClaims.
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name must match the name of one entry in pod.spec.resourceClaims of
+                                                the Pod where this field is used. It makes that resource available
+                                                inside a container.
+                                              type: string
+                                          required:
+                                          - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                        - name
+                                        x-kubernetes-list-type: map
+                                      limits:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Limits describes the maximum amount of compute resources allowed.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                      requests:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Requests describes the minimum amount of compute resources required.
+                                          If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                          otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                    type: object
+                                  restartPolicy:
+                                    description: |-
+                                      RestartPolicy defines the restart behavior of individual containers in a pod.
+                                      This field may only be set for init containers, and the only allowed value is "Always".
+                                      For non-init containers or when this field is not specified,
+                                      the restart behavior is defined by the Pod's restart policy and the container type.
+                                    type: string
+                                  securityContext:
+                                    description: |-
+                                      SecurityContext defines the security options the container should be run with.
+                                      If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                      More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+                                    properties:
+                                      allowPrivilegeEscalation:
+                                        description: |-
+                                          AllowPrivilegeEscalation controls whether a process can gain more
+                                          privileges than its parent process. This bool directly controls if
+                                          the no_new_privs flag will be set on the container process.
+                                          AllowPrivilegeEscalation is true always when the container is:
+                                          1) run as Privileged
+                                          2) has CAP_SYS_ADMIN
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      capabilities:
+                                        description: |-
+                                          The capabilities to add/drop when running containers.
+                                          Defaults to the default set of capabilities granted by the container runtime.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          add:
+                                            description: Added capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                          drop:
+                                            description: Removed capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                        type: object
+                                      privileged:
+                                        description: |-
+                                          Run container in privileged mode.
+                                          Processes in privileged containers are essentially equivalent to root on the host.
+                                          Defaults to false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      procMount:
+                                        description: |-
+                                          procMount denotes the type of proc mount to use for the containers.
+                                          The default is DefaultProcMount which uses the container runtime defaults for
+                                          readonly paths and masked paths.
+                                          This requires the ProcMountType feature flag to be enabled.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: string
+                                      readOnlyRootFilesystem:
+                                        description: |-
+                                          Whether this container has a read-only root filesystem.
+                                          Default is false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      runAsGroup:
+                                        description: |-
+                                          The GID to run the entrypoint of the container process.
+                                          Uses runtime default if unset.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      runAsNonRoot:
+                                        description: |-
+                                          Indicates that the container must run as a non-root user.
+                                          If true, the Kubelet will validate the image at runtime to ensure that it
+                                          does not run as UID 0 (root) and fail to start the container if it does.
+                                          If unset or false, no such validation will be performed.
+                                          May also be set in PodSecurityContext.
+                                        type: boolean
+                                      runAsUser:
+                                        description: |-
+                                          The UID to run the entrypoint of the container process.
+                                          Defaults to user specified in image metadata if unspecified.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      seLinuxOptions:
+                                        description: |-
+                                          The SELinux context to be applied to the container.
+                                          If unspecified, the container runtime will allocate a random SELinux context for each
+                                          container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          level:
+                                            description: Level is SELinux level label
+                                              that applies to the container.
+                                            type: string
+                                          role:
+                                            description: Role is a SELinux role label
+                                              that applies to the container.
+                                            type: string
+                                          type:
+                                            description: Type is a SELinux type label
+                                              that applies to the container.
+                                            type: string
+                                          user:
+                                            description: User is a SELinux user label
+                                              that applies to the container.
+                                            type: string
+                                        type: object
+                                      seccompProfile:
+                                        description: |-
+                                          The seccomp options to use by this container. If seccomp options are
+                                          provided at both the pod & container level, the container options
+                                          override the pod options.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          localhostProfile:
+                                            description: |-
+                                              localhostProfile indicates a profile defined in a file on the node should be used.
+                                              The profile must be preconfigured on the node to work.
+                                              Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                              Must be set if type is "Localhost". Must NOT be set for any other type.
+                                            type: string
+                                          type:
+                                            description: |-
+                                              type indicates which kind of seccomp profile will be applied.
+                                              Valid options are:
+
+
+                                              Localhost - a profile defined in a file on the node should be used.
+                                              RuntimeDefault - the container runtime default profile should be used.
+                                              Unconfined - no profile should be applied.
+                                            type: string
+                                        required:
+                                        - type
+                                        type: object
+                                      windowsOptions:
+                                        description: |-
+                                          The Windows specific settings applied to all containers.
+                                          If unspecified, the options from the PodSecurityContext will be used.
+                                          If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is linux.
+                                        properties:
+                                          gmsaCredentialSpec:
+                                            description: |-
+                                              GMSACredentialSpec is where the GMSA admission webhook
+                                              (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                              GMSA credential spec named by the GMSACredentialSpecName field.
+                                            type: string
+                                          gmsaCredentialSpecName:
+                                            description: GMSACredentialSpecName is
+                                              the name of the GMSA credential spec
+                                              to use.
+                                            type: string
+                                          hostProcess:
+                                            description: |-
+                                              HostProcess determines if a container should be run as a 'Host Process' container.
+                                              All of a Pod's containers must have the same effective HostProcess value
+                                              (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                              In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                            type: boolean
+                                          runAsUserName:
+                                            description: |-
+                                              The UserName in Windows to run the entrypoint of the container process.
+                                              Defaults to the user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext. If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: string
+                                        type: object
+                                    type: object
+                                  startupProbe:
+                                    description: |-
+                                      StartupProbe indicates that the Pod has successfully initialized.
+                                      If specified, no other probes are executed until this completes successfully.
+                                      If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  stdin:
+                                    description: |-
+                                      Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                      is not set, reads from stdin in the container will always result in EOF.
+                                      Default is false.
+                                    type: boolean
+                                  stdinOnce:
+                                    description: |-
+                                      Whether the container runtime should close the stdin channel after it has been opened by
+                                      a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                      sessions.
+                                    type: boolean
+                                  terminationMessagePath:
+                                    description: |-
+                                      Optional: Path at which the file to which the container's termination message
+                                      will be written is mounted into the container's filesystem.
+                                      Message written is intended to be brief final status, such as an assertion failure message.
+                                      Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                      all containers will be limited to 12kb.
+                                      Defaults to /dev/termination-log.
+                                    type: string
+                                  terminationMessagePolicy:
+                                    description: |-
+                                      Indicate how the termination message should be populated. File will use the contents of
+                                      terminationMessagePath to populate the container status message on both success and failure.
+                                      FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                      message file is empty and the container exited with an error.
+                                    type: string
+                                  tty:
+                                    description: |-
+                                      Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                      Default is false.
+                                    type: boolean
+                                  volumeDevices:
+                                    description: volumeDevices is the list of block
+                                      devices to be used by the container.
+                                    items:
+                                      description: volumeDevice describes a mapping
+                                        of a raw block device within a container.
+                                      properties:
+                                        devicePath:
+                                          description: devicePath is the path inside
+                                            of the container that the device will
+                                            be mapped to.
+                                          type: string
+                                        name:
+                                          description: name must match the name of
+                                            a persistentVolumeClaim in the pod
+                                          type: string
+                                      required:
+                                      - devicePath
+                                      - name
+                                      type: object
+                                    type: array
+                                  volumeMounts:
+                                    description: |-
+                                      Pod volumes to mount into the container's filesystem.
+                                      Cannot be updated.
+                                    items:
+                                      description: VolumeMount describes a mounting
+                                        of a Volume within a container.
+                                      properties:
+                                        mountPath:
+                                          description: |-
+                                            Path within the container at which the volume should be mounted.  Must
+                                            not contain ':'.
+                                          type: string
+                                        mountPropagation:
+                                          description: |-
+                                            mountPropagation determines how mounts are propagated from the host
+                                            to container and the other way around.
+                                            When not set, MountPropagationNone is used.
+                                            This field is beta in 1.10.
+                                          type: string
+                                        name:
+                                          description: This must match the Name of
+                                            a Volume.
+                                          type: string
+                                        readOnly:
+                                          description: |-
+                                            Mounted read-only if true, read-write otherwise (false or unspecified).
+                                            Defaults to false.
+                                          type: boolean
+                                        subPath:
+                                          description: |-
+                                            Path within the volume from which the container's volume should be mounted.
+                                            Defaults to "" (volume's root).
+                                          type: string
+                                        subPathExpr:
+                                          description: |-
+                                            Expanded path within the volume from which the container's volume should be mounted.
+                                            Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                            Defaults to "" (volume's root).
+                                            SubPathExpr and SubPath are mutually exclusive.
+                                          type: string
+                                      required:
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                  workingDir:
+                                    description: |-
+                                      Container's working directory.
+                                      If not specified, the container runtime's default will be used, which
+                                      might be configured in the container image.
+                                      Cannot be updated.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            dnsConfig:
+                              description: |-
+                                Specifies the DNS parameters of a pod.
+                                Parameters specified here will be merged to the generated DNS
+                                configuration based on DNSPolicy.
+                              properties:
+                                nameservers:
+                                  description: |-
+                                    A list of DNS name server IP addresses.
+                                    This will be appended to the base nameservers generated from DNSPolicy.
+                                    Duplicated nameservers will be removed.
+                                  items:
+                                    type: string
+                                  type: array
+                                options:
+                                  description: |-
+                                    A list of DNS resolver options.
+                                    This will be merged with the base options generated from DNSPolicy.
+                                    Duplicated entries will be removed. Resolution options given in Options
+                                    will override those that appear in the base DNSPolicy.
+                                  items:
+                                    description: PodDNSConfigOption defines DNS resolver
+                                      options of a pod.
+                                    properties:
+                                      name:
+                                        description: Required.
+                                        type: string
+                                      value:
+                                        type: string
+                                    type: object
+                                  type: array
+                                searches:
+                                  description: |-
+                                    A list of DNS search domains for host-name lookup.
+                                    This will be appended to the base search paths generated from DNSPolicy.
+                                    Duplicated search paths will be removed.
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            dnsPolicy:
+                              description: |-
+                                Set DNS policy for the pod.
+                                Defaults to "ClusterFirst".
+                                Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
+                                DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
+                                To have DNS options set along with hostNetwork, you have to specify DNS policy
+                                explicitly to 'ClusterFirstWithHostNet'.
+                              type: string
+                            enableServiceLinks:
+                              description: |-
+                                EnableServiceLinks indicates whether information about services should be injected into pod's
+                                environment variables, matching the syntax of Docker links.
+                                Optional: Defaults to true.
+                              type: boolean
+                            ephemeralContainers:
+                              description: |-
+                                List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing
+                                pod to perform user-initiated actions such as debugging. This list cannot be specified when
+                                creating a pod, and it cannot be modified by updating the pod spec. In order to add an
+                                ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
+                              items:
+                                description: |-
+                                  An EphemeralContainer is a temporary container that you may add to an existing Pod for
+                                  user-initiated activities such as debugging. Ephemeral containers have no resource or
+                                  scheduling guarantees, and they will not be restarted when they exit or when a Pod is
+                                  removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the
+                                  Pod to exceed its resource allocation.
+                                properties:
+                                  args:
+                                    description: |-
+                                      Arguments to the entrypoint.
+                                      The image's CMD is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+                                      produce the string literal "$(VAR_NAME)".
+                                    items:
+                                      type: string
+                                    type: array
+                                  command:
+                                    description: |-
+                                      Entrypoint array. Not executed within a shell.
+                                      The image's ENTRYPOINT is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  env:
+                                    description: |-
+                                      List of environment variables to set in the container.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvVar represents an environment
+                                        variable present in a Container.
+                                      properties:
+                                        name:
+                                          description: Name of the environment variable.
+                                            Must be a C_IDENTIFIER.
+                                          type: string
+                                        value:
+                                          description: |-
+                                            Variable references $(VAR_NAME) are expanded
+                                            using the previously defined environment variables in the container and
+                                            any service environment variables. If a variable cannot be resolved,
+                                            the reference in the input string will be unchanged. Double $$ are reduced
+                                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                          type: string
+                                        valueFrom:
+                                          description: Source for the environment
+                                            variable's value. Cannot be used if value
+                                            is not empty.
+                                          properties:
+                                            configMapKeyRef:
+                                              description: Selects a key of a ConfigMap.
+                                              properties:
+                                                key:
+                                                  description: The key to select.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    ConfigMap or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            fieldRef:
+                                              description: |-
+                                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            secretKeyRef:
+                                              description: Selects a key of a secret
+                                                in the pod's namespace
+                                              properties:
+                                                key:
+                                                  description: The key of the secret
+                                                    to select from.  Must be a valid
+                                                    secret key.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    Secret or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  envFrom:
+                                    description: |-
+                                      List of sources to populate environment variables in the container.
+                                      The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                      will be reported as an event when the container is starting. When a key exists in multiple
+                                      sources, the value associated with the last source will take precedence.
+                                      Values defined by an Env with a duplicate key will take precedence.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvFromSource represents the source
+                                        of a set of ConfigMaps
+                                      properties:
+                                        configMapRef:
+                                          description: The ConfigMap to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the ConfigMap
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        prefix:
+                                          description: An optional identifier to prepend
+                                            to each key in the ConfigMap. Must be
+                                            a C_IDENTIFIER.
+                                          type: string
+                                        secretRef:
+                                          description: The Secret to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the Secret
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                      type: object
+                                    type: array
+                                  image:
+                                    description: |-
+                                      Container image name.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images
+                                    type: string
+                                  imagePullPolicy:
+                                    description: |-
+                                      Image pull policy.
+                                      One of Always, Never, IfNotPresent.
+                                      Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                    type: string
+                                  lifecycle:
+                                    description: Lifecycle is not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      postStart:
+                                        description: |-
+                                          PostStart is called immediately after a container is created. If the handler fails,
+                                          the container is terminated and restarted according to its restart policy.
+                                          Other management of the container blocks until the hook completes.
+                                          More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                      preStop:
+                                        description: |-
+                                          PreStop is called immediately before a container is terminated due to an
+                                          API request or management event such as liveness/startup probe failure,
+                                          preemption, resource contention, etc. The handler is not called if the
+                                          container crashes or exits. The Pod's termination grace period countdown begins before the
+                                          PreStop hook is executed.
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                    type: object
+                                  livenessProbe:
+                                    description: Probes are not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  name:
+                                    description: |-
+                                      Name of the ephemeral container specified as a DNS_LABEL.
+                                      This name must be unique among all containers, init containers and ephemeral containers.
+                                    type: string
+                                  ports:
+                                    description: Ports are not allowed for ephemeral
+                                      containers.
+                                    items:
+                                      description: ContainerPort represents a network
+                                        port in a single container.
+                                      properties:
+                                        containerPort:
+                                          description: |-
+                                            Number of port to expose on the pod's IP address.
+                                            This must be a valid port number, 0 < x < 65536.
+                                          format: int32
+                                          type: integer
+                                        hostIP:
+                                          description: What host IP to bind the external
+                                            port to.
+                                          type: string
+                                        hostPort:
+                                          description: |-
+                                            Number of port to expose on the host.
+                                            If specified, this must be a valid port number, 0 < x < 65536.
+                                            If HostNetwork is specified, this must match ContainerPort.
+                                            Most containers do not need this.
+                                          format: int32
+                                          type: integer
+                                        name:
+                                          description: |-
+                                            If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                            named port in a pod must have a unique name. Name for the port that can be
+                                            referred to by services.
+                                          type: string
+                                        protocol:
+                                          default: TCP
+                                          description: |-
+                                            Protocol for port. Must be UDP, TCP, or SCTP.
+                                            Defaults to "TCP".
+                                          type: string
+                                      required:
+                                      - containerPort
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-map-keys:
+                                    - containerPort
+                                    - protocol
+                                    x-kubernetes-list-type: map
+                                  readinessProbe:
+                                    description: Probes are not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  resizePolicy:
+                                    description: Resources resize policy for the container.
+                                    items:
+                                      description: ContainerResizePolicy represents
+                                        resource resize policy for the container.
+                                      properties:
+                                        resourceName:
+                                          description: |-
+                                            Name of the resource to which this resource resize policy applies.
+                                            Supported values: cpu, memory.
+                                          type: string
+                                        restartPolicy:
+                                          description: |-
+                                            Restart policy to apply when specified resource is resized.
+                                            If not specified, it defaults to NotRequired.
+                                          type: string
+                                      required:
+                                      - resourceName
+                                      - restartPolicy
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  resources:
+                                    description: |-
+                                      Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources
+                                      already allocated to the pod.
+                                    properties:
+                                      claims:
+                                        description: |-
+                                          Claims lists the names of resources, defined in spec.resourceClaims,
+                                          that are used by this container.
+
+
+                                          This is an alpha field and requires enabling the
+                                          DynamicResourceAllocation feature gate.
+
+
+                                          This field is immutable. It can only be set for containers.
+                                        items:
+                                          description: ResourceClaim references one
+                                            entry in PodSpec.ResourceClaims.
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name must match the name of one entry in pod.spec.resourceClaims of
+                                                the Pod where this field is used. It makes that resource available
+                                                inside a container.
+                                              type: string
+                                          required:
+                                          - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                        - name
+                                        x-kubernetes-list-type: map
+                                      limits:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Limits describes the maximum amount of compute resources allowed.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                      requests:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Requests describes the minimum amount of compute resources required.
+                                          If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                          otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                    type: object
+                                  restartPolicy:
+                                    description: |-
+                                      Restart policy for the container to manage the restart behavior of each
+                                      container within a pod.
+                                      This may only be set for init containers. You cannot set this field on
+                                      ephemeral containers.
+                                    type: string
+                                  securityContext:
+                                    description: |-
+                                      Optional: SecurityContext defines the security options the ephemeral container should be run with.
+                                      If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                    properties:
+                                      allowPrivilegeEscalation:
+                                        description: |-
+                                          AllowPrivilegeEscalation controls whether a process can gain more
+                                          privileges than its parent process. This bool directly controls if
+                                          the no_new_privs flag will be set on the container process.
+                                          AllowPrivilegeEscalation is true always when the container is:
+                                          1) run as Privileged
+                                          2) has CAP_SYS_ADMIN
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      capabilities:
+                                        description: |-
+                                          The capabilities to add/drop when running containers.
+                                          Defaults to the default set of capabilities granted by the container runtime.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          add:
+                                            description: Added capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                          drop:
+                                            description: Removed capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                        type: object
+                                      privileged:
+                                        description: |-
+                                          Run container in privileged mode.
+                                          Processes in privileged containers are essentially equivalent to root on the host.
+                                          Defaults to false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      procMount:
+                                        description: |-
+                                          procMount denotes the type of proc mount to use for the containers.
+                                          The default is DefaultProcMount which uses the container runtime defaults for
+                                          readonly paths and masked paths.
+                                          This requires the ProcMountType feature flag to be enabled.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: string
+                                      readOnlyRootFilesystem:
+                                        description: |-
+                                          Whether this container has a read-only root filesystem.
+                                          Default is false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      runAsGroup:
+                                        description: |-
+                                          The GID to run the entrypoint of the container process.
+                                          Uses runtime default if unset.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      runAsNonRoot:
+                                        description: |-
+                                          Indicates that the container must run as a non-root user.
+                                          If true, the Kubelet will validate the image at runtime to ensure that it
+                                          does not run as UID 0 (root) and fail to start the container if it does.
+                                          If unset or false, no such validation will be performed.
+                                          May also be set in PodSecurityContext.
+                                        type: boolean
+                                      runAsUser:
+                                        description: |-
+                                          The UID to run the entrypoint of the container process.
+                                          Defaults to user specified in image metadata if unspecified.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      seLinuxOptions:
+                                        description: |-
+                                          The SELinux context to be applied to the container.
+                                          If unspecified, the container runtime will allocate a random SELinux context for each
+                                          container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          level:
+                                            description: Level is SELinux level label
+                                              that applies to the container.
+                                            type: string
+                                          role:
+                                            description: Role is a SELinux role label
+                                              that applies to the container.
+                                            type: string
+                                          type:
+                                            description: Type is a SELinux type label
+                                              that applies to the container.
+                                            type: string
+                                          user:
+                                            description: User is a SELinux user label
+                                              that applies to the container.
+                                            type: string
+                                        type: object
+                                      seccompProfile:
+                                        description: |-
+                                          The seccomp options to use by this container. If seccomp options are
+                                          provided at both the pod & container level, the container options
+                                          override the pod options.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          localhostProfile:
+                                            description: |-
+                                              localhostProfile indicates a profile defined in a file on the node should be used.
+                                              The profile must be preconfigured on the node to work.
+                                              Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                              Must be set if type is "Localhost". Must NOT be set for any other type.
+                                            type: string
+                                          type:
+                                            description: |-
+                                              type indicates which kind of seccomp profile will be applied.
+                                              Valid options are:
+
+
+                                              Localhost - a profile defined in a file on the node should be used.
+                                              RuntimeDefault - the container runtime default profile should be used.
+                                              Unconfined - no profile should be applied.
+                                            type: string
+                                        required:
+                                        - type
+                                        type: object
+                                      windowsOptions:
+                                        description: |-
+                                          The Windows specific settings applied to all containers.
+                                          If unspecified, the options from the PodSecurityContext will be used.
+                                          If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is linux.
+                                        properties:
+                                          gmsaCredentialSpec:
+                                            description: |-
+                                              GMSACredentialSpec is where the GMSA admission webhook
+                                              (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                              GMSA credential spec named by the GMSACredentialSpecName field.
+                                            type: string
+                                          gmsaCredentialSpecName:
+                                            description: GMSACredentialSpecName is
+                                              the name of the GMSA credential spec
+                                              to use.
+                                            type: string
+                                          hostProcess:
+                                            description: |-
+                                              HostProcess determines if a container should be run as a 'Host Process' container.
+                                              All of a Pod's containers must have the same effective HostProcess value
+                                              (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                              In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                            type: boolean
+                                          runAsUserName:
+                                            description: |-
+                                              The UserName in Windows to run the entrypoint of the container process.
+                                              Defaults to the user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext. If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: string
+                                        type: object
+                                    type: object
+                                  startupProbe:
+                                    description: Probes are not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  stdin:
+                                    description: |-
+                                      Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                      is not set, reads from stdin in the container will always result in EOF.
+                                      Default is false.
+                                    type: boolean
+                                  stdinOnce:
+                                    description: |-
+                                      Whether the container runtime should close the stdin channel after it has been opened by
+                                      a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                      sessions.
+                                    type: boolean
+                                  targetContainerName:
+                                    description: |-
+                                      If set, the name of the container from PodSpec that this ephemeral container targets.
+                                      The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.
+                                      If not set then the ephemeral container uses the namespaces configured in the Pod spec.
+
+
+                                      The container runtime must implement support for this feature.
+                                    type: string
+                                  terminationMessagePath:
+                                    description: |-
+                                      Optional: Path at which the file to which the container's termination message
+                                      will be written is mounted into the container's filesystem.
+                                      Message written is intended to be brief final status, such as an assertion failure message.
+                                      Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                      all containers will be limited to 12kb.
+                                      Defaults to /dev/termination-log.
+                                    type: string
+                                  terminationMessagePolicy:
+                                    description: |-
+                                      Indicate how the termination message should be populated. File will use the contents of
+                                      terminationMessagePath to populate the container status message on both success and failure.
+                                      FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                      message file is empty and the container exited with an error.
+                                    type: string
+                                  tty:
+                                    description: |-
+                                      Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                      Default is false.
+                                    type: boolean
+                                  volumeDevices:
+                                    description: volumeDevices is the list of block
+                                      devices to be used by the container.
+                                    items:
+                                      description: volumeDevice describes a mapping
+                                        of a raw block device within a container.
+                                      properties:
+                                        devicePath:
+                                          description: devicePath is the path inside
+                                            of the container that the device will
+                                            be mapped to.
+                                          type: string
+                                        name:
+                                          description: name must match the name of
+                                            a persistentVolumeClaim in the pod
+                                          type: string
+                                      required:
+                                      - devicePath
+                                      - name
+                                      type: object
+                                    type: array
+                                  volumeMounts:
+                                    description: |-
+                                      Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.
+                                      Cannot be updated.
+                                    items:
+                                      description: VolumeMount describes a mounting
+                                        of a Volume within a container.
+                                      properties:
+                                        mountPath:
+                                          description: |-
+                                            Path within the container at which the volume should be mounted.  Must
+                                            not contain ':'.
+                                          type: string
+                                        mountPropagation:
+                                          description: |-
+                                            mountPropagation determines how mounts are propagated from the host
+                                            to container and the other way around.
+                                            When not set, MountPropagationNone is used.
+                                            This field is beta in 1.10.
+                                          type: string
+                                        name:
+                                          description: This must match the Name of
+                                            a Volume.
+                                          type: string
+                                        readOnly:
+                                          description: |-
+                                            Mounted read-only if true, read-write otherwise (false or unspecified).
+                                            Defaults to false.
+                                          type: boolean
+                                        subPath:
+                                          description: |-
+                                            Path within the volume from which the container's volume should be mounted.
+                                            Defaults to "" (volume's root).
+                                          type: string
+                                        subPathExpr:
+                                          description: |-
+                                            Expanded path within the volume from which the container's volume should be mounted.
+                                            Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                            Defaults to "" (volume's root).
+                                            SubPathExpr and SubPath are mutually exclusive.
+                                          type: string
+                                      required:
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                  workingDir:
+                                    description: |-
+                                      Container's working directory.
+                                      If not specified, the container runtime's default will be used, which
+                                      might be configured in the container image.
+                                      Cannot be updated.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            hostAliases:
+                              description: |-
+                                HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
+                                file if specified. This is only valid for non-hostNetwork pods.
+                              items:
+                                description: |-
+                                  HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
+                                  pod's hosts file.
+                                properties:
+                                  hostnames:
+                                    description: Hostnames for the above IP address.
+                                    items:
+                                      type: string
+                                    type: array
+                                  ip:
+                                    description: IP address of the host file entry.
+                                    type: string
+                                type: object
+                              type: array
+                            hostIPC:
+                              description: |-
+                                Use the host's ipc namespace.
+                                Optional: Default to false.
+                              type: boolean
+                            hostNetwork:
+                              description: |-
+                                Host networking requested for this pod. Use the host's network namespace.
+                                If this option is set, the ports that will be used must be specified.
+                                Default to false.
+                              type: boolean
+                            hostPID:
+                              description: |-
+                                Use the host's pid namespace.
+                                Optional: Default to false.
+                              type: boolean
+                            hostUsers:
+                              description: |-
+                                Use the host's user namespace.
+                                Optional: Default to true.
+                                If set to true or not present, the pod will be run in the host user namespace, useful
+                                for when the pod needs a feature only available to the host user namespace, such as
+                                loading a kernel module with CAP_SYS_MODULE.
+                                When set to false, a new userns is created for the pod.
+                              type: boolean
+                            hostname:
+                              description: |-
+                                Specifies the hostname of the Pod
+                                If not specified, the pod's hostname will be set to a system-defined value.
+                              type: string
+                            imagePullSecrets:
+                              description: |-
+                                ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+                                If specified, these secrets will be passed to individual puller implementations for them to use.
+                                More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+                              items:
+                                description: |-
+                                  LocalObjectReference contains enough information to let you locate the
+                                  referenced object inside the same namespace.
+                                properties:
+                                  name:
+                                    description: |-
+                                      Name of the referent.
+                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                      TODO: Add other useful fields. apiVersion, kind, uid?
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              type: array
+                            initContainers:
+                              description: |-
+                                List of initialization containers belonging to the pod.
+                                Init containers are executed in order prior to containers being started. If any
+                                init container fails, the pod is considered to have failed and is handled according
+                                to its restartPolicy. The name for an init container or normal container must be
+                                unique among all containers.
+                              items:
+                                description: A single application container that you
+                                  want to run within a pod.
+                                properties:
+                                  args:
+                                    description: |-
+                                      Arguments to the entrypoint.
+                                      The container image's CMD is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  command:
+                                    description: |-
+                                      Entrypoint array. Not executed within a shell.
+                                      The container image's ENTRYPOINT is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  env:
+                                    description: |-
+                                      List of environment variables to set in the container.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvVar represents an environment
+                                        variable present in a Container.
+                                      properties:
+                                        name:
+                                          description: Name of the environment variable.
+                                            Must be a C_IDENTIFIER.
+                                          type: string
+                                        value:
+                                          description: |-
+                                            Variable references $(VAR_NAME) are expanded
+                                            using the previously defined environment variables in the container and
+                                            any service environment variables. If a variable cannot be resolved,
+                                            the reference in the input string will be unchanged. Double $$ are reduced
+                                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                          type: string
+                                        valueFrom:
+                                          description: Source for the environment
+                                            variable's value. Cannot be used if value
+                                            is not empty.
+                                          properties:
+                                            configMapKeyRef:
+                                              description: Selects a key of a ConfigMap.
+                                              properties:
+                                                key:
+                                                  description: The key to select.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    ConfigMap or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            fieldRef:
+                                              description: |-
+                                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            secretKeyRef:
+                                              description: Selects a key of a secret
+                                                in the pod's namespace
+                                              properties:
+                                                key:
+                                                  description: The key of the secret
+                                                    to select from.  Must be a valid
+                                                    secret key.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    Secret or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  envFrom:
+                                    description: |-
+                                      List of sources to populate environment variables in the container.
+                                      The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                      will be reported as an event when the container is starting. When a key exists in multiple
+                                      sources, the value associated with the last source will take precedence.
+                                      Values defined by an Env with a duplicate key will take precedence.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvFromSource represents the source
+                                        of a set of ConfigMaps
+                                      properties:
+                                        configMapRef:
+                                          description: The ConfigMap to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the ConfigMap
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        prefix:
+                                          description: An optional identifier to prepend
+                                            to each key in the ConfigMap. Must be
+                                            a C_IDENTIFIER.
+                                          type: string
+                                        secretRef:
+                                          description: The Secret to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the Secret
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                      type: object
+                                    type: array
+                                  image:
+                                    description: |-
+                                      Container image name.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images
+                                      This field is optional to allow higher level config management to default or override
+                                      container images in workload controllers like Deployments and StatefulSets.
+                                    type: string
+                                  imagePullPolicy:
+                                    description: |-
+                                      Image pull policy.
+                                      One of Always, Never, IfNotPresent.
+                                      Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                    type: string
+                                  lifecycle:
+                                    description: |-
+                                      Actions that the management system should take in response to container lifecycle events.
+                                      Cannot be updated.
+                                    properties:
+                                      postStart:
+                                        description: |-
+                                          PostStart is called immediately after a container is created. If the handler fails,
+                                          the container is terminated and restarted according to its restart policy.
+                                          Other management of the container blocks until the hook completes.
+                                          More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                      preStop:
+                                        description: |-
+                                          PreStop is called immediately before a container is terminated due to an
+                                          API request or management event such as liveness/startup probe failure,
+                                          preemption, resource contention, etc. The handler is not called if the
+                                          container crashes or exits. The Pod's termination grace period countdown begins before the
+                                          PreStop hook is executed.
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                    type: object
+                                  livenessProbe:
+                                    description: |-
+                                      Periodic probe of container liveness.
+                                      Container will be restarted if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  name:
+                                    description: |-
+                                      Name of the container specified as a DNS_LABEL.
+                                      Each container in a pod must have a unique name (DNS_LABEL).
+                                      Cannot be updated.
+                                    type: string
+                                  ports:
+                                    description: |-
+                                      List of ports to expose from the container. Not specifying a port here
+                                      DOES NOT prevent that port from being exposed. Any port which is
+                                      listening on the default "0.0.0.0" address inside a container will be
+                                      accessible from the network.
+                                      Modifying this array with strategic merge patch may corrupt the data.
+                                      For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+                                    items:
+                                      description: ContainerPort represents a network
+                                        port in a single container.
+                                      properties:
+                                        containerPort:
+                                          description: |-
+                                            Number of port to expose on the pod's IP address.
+                                            This must be a valid port number, 0 < x < 65536.
+                                          format: int32
+                                          type: integer
+                                        hostIP:
+                                          description: What host IP to bind the external
+                                            port to.
+                                          type: string
+                                        hostPort:
+                                          description: |-
+                                            Number of port to expose on the host.
+                                            If specified, this must be a valid port number, 0 < x < 65536.
+                                            If HostNetwork is specified, this must match ContainerPort.
+                                            Most containers do not need this.
+                                          format: int32
+                                          type: integer
+                                        name:
+                                          description: |-
+                                            If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                            named port in a pod must have a unique name. Name for the port that can be
+                                            referred to by services.
+                                          type: string
+                                        protocol:
+                                          default: TCP
+                                          description: |-
+                                            Protocol for port. Must be UDP, TCP, or SCTP.
+                                            Defaults to "TCP".
+                                          type: string
+                                      required:
+                                      - containerPort
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-map-keys:
+                                    - containerPort
+                                    - protocol
+                                    x-kubernetes-list-type: map
+                                  readinessProbe:
+                                    description: |-
+                                      Periodic probe of container service readiness.
+                                      Container will be removed from service endpoints if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  resizePolicy:
+                                    description: Resources resize policy for the container.
+                                    items:
+                                      description: ContainerResizePolicy represents
+                                        resource resize policy for the container.
+                                      properties:
+                                        resourceName:
+                                          description: |-
+                                            Name of the resource to which this resource resize policy applies.
+                                            Supported values: cpu, memory.
+                                          type: string
+                                        restartPolicy:
+                                          description: |-
+                                            Restart policy to apply when specified resource is resized.
+                                            If not specified, it defaults to NotRequired.
+                                          type: string
+                                      required:
+                                      - resourceName
+                                      - restartPolicy
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  resources:
+                                    description: |-
+                                      Compute Resources required by this container.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                    properties:
+                                      claims:
+                                        description: |-
+                                          Claims lists the names of resources, defined in spec.resourceClaims,
+                                          that are used by this container.
+
+
+                                          This is an alpha field and requires enabling the
+                                          DynamicResourceAllocation feature gate.
+
+
+                                          This field is immutable. It can only be set for containers.
+                                        items:
+                                          description: ResourceClaim references one
+                                            entry in PodSpec.ResourceClaims.
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name must match the name of one entry in pod.spec.resourceClaims of
+                                                the Pod where this field is used. It makes that resource available
+                                                inside a container.
+                                              type: string
+                                          required:
+                                          - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                        - name
+                                        x-kubernetes-list-type: map
+                                      limits:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Limits describes the maximum amount of compute resources allowed.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                      requests:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Requests describes the minimum amount of compute resources required.
+                                          If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                          otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                    type: object
+                                  restartPolicy:
+                                    description: |-
+                                      RestartPolicy defines the restart behavior of individual containers in a pod.
+                                      This field may only be set for init containers, and the only allowed value is "Always".
+                                      For non-init containers or when this field is not specified,
+                                      the restart behavior is defined by the Pod's restart policy and the container type.
+                                    type: string
+                                  securityContext:
+                                    description: |-
+                                      SecurityContext defines the security options the container should be run with.
+                                      If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                      More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+                                    properties:
+                                      allowPrivilegeEscalation:
+                                        description: |-
+                                          AllowPrivilegeEscalation controls whether a process can gain more
+                                          privileges than its parent process. This bool directly controls if
+                                          the no_new_privs flag will be set on the container process.
+                                          AllowPrivilegeEscalation is true always when the container is:
+                                          1) run as Privileged
+                                          2) has CAP_SYS_ADMIN
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      capabilities:
+                                        description: |-
+                                          The capabilities to add/drop when running containers.
+                                          Defaults to the default set of capabilities granted by the container runtime.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          add:
+                                            description: Added capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                          drop:
+                                            description: Removed capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                        type: object
+                                      privileged:
+                                        description: |-
+                                          Run container in privileged mode.
+                                          Processes in privileged containers are essentially equivalent to root on the host.
+                                          Defaults to false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      procMount:
+                                        description: |-
+                                          procMount denotes the type of proc mount to use for the containers.
+                                          The default is DefaultProcMount which uses the container runtime defaults for
+                                          readonly paths and masked paths.
+                                          This requires the ProcMountType feature flag to be enabled.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: string
+                                      readOnlyRootFilesystem:
+                                        description: |-
+                                          Whether this container has a read-only root filesystem.
+                                          Default is false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      runAsGroup:
+                                        description: |-
+                                          The GID to run the entrypoint of the container process.
+                                          Uses runtime default if unset.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      runAsNonRoot:
+                                        description: |-
+                                          Indicates that the container must run as a non-root user.
+                                          If true, the Kubelet will validate the image at runtime to ensure that it
+                                          does not run as UID 0 (root) and fail to start the container if it does.
+                                          If unset or false, no such validation will be performed.
+                                          May also be set in PodSecurityContext.
+                                        type: boolean
+                                      runAsUser:
+                                        description: |-
+                                          The UID to run the entrypoint of the container process.
+                                          Defaults to user specified in image metadata if unspecified.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      seLinuxOptions:
+                                        description: |-
+                                          The SELinux context to be applied to the container.
+                                          If unspecified, the container runtime will allocate a random SELinux context for each
+                                          container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          level:
+                                            description: Level is SELinux level label
+                                              that applies to the container.
+                                            type: string
+                                          role:
+                                            description: Role is a SELinux role label
+                                              that applies to the container.
+                                            type: string
+                                          type:
+                                            description: Type is a SELinux type label
+                                              that applies to the container.
+                                            type: string
+                                          user:
+                                            description: User is a SELinux user label
+                                              that applies to the container.
+                                            type: string
+                                        type: object
+                                      seccompProfile:
+                                        description: |-
+                                          The seccomp options to use by this container. If seccomp options are
+                                          provided at both the pod & container level, the container options
+                                          override the pod options.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          localhostProfile:
+                                            description: |-
+                                              localhostProfile indicates a profile defined in a file on the node should be used.
+                                              The profile must be preconfigured on the node to work.
+                                              Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                              Must be set if type is "Localhost". Must NOT be set for any other type.
+                                            type: string
+                                          type:
+                                            description: |-
+                                              type indicates which kind of seccomp profile will be applied.
+                                              Valid options are:
+
+
+                                              Localhost - a profile defined in a file on the node should be used.
+                                              RuntimeDefault - the container runtime default profile should be used.
+                                              Unconfined - no profile should be applied.
+                                            type: string
+                                        required:
+                                        - type
+                                        type: object
+                                      windowsOptions:
+                                        description: |-
+                                          The Windows specific settings applied to all containers.
+                                          If unspecified, the options from the PodSecurityContext will be used.
+                                          If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is linux.
+                                        properties:
+                                          gmsaCredentialSpec:
+                                            description: |-
+                                              GMSACredentialSpec is where the GMSA admission webhook
+                                              (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                              GMSA credential spec named by the GMSACredentialSpecName field.
+                                            type: string
+                                          gmsaCredentialSpecName:
+                                            description: GMSACredentialSpecName is
+                                              the name of the GMSA credential spec
+                                              to use.
+                                            type: string
+                                          hostProcess:
+                                            description: |-
+                                              HostProcess determines if a container should be run as a 'Host Process' container.
+                                              All of a Pod's containers must have the same effective HostProcess value
+                                              (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                              In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                            type: boolean
+                                          runAsUserName:
+                                            description: |-
+                                              The UserName in Windows to run the entrypoint of the container process.
+                                              Defaults to the user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext. If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: string
+                                        type: object
+                                    type: object
+                                  startupProbe:
+                                    description: |-
+                                      StartupProbe indicates that the Pod has successfully initialized.
+                                      If specified, no other probes are executed until this completes successfully.
+                                      If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  stdin:
+                                    description: |-
+                                      Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                      is not set, reads from stdin in the container will always result in EOF.
+                                      Default is false.
+                                    type: boolean
+                                  stdinOnce:
+                                    description: |-
+                                      Whether the container runtime should close the stdin channel after it has been opened by
+                                      a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                      sessions.
+                                    type: boolean
+                                  terminationMessagePath:
+                                    description: |-
+                                      Optional: Path at which the file to which the container's termination message
+                                      will be written is mounted into the container's filesystem.
+                                      Message written is intended to be brief final status, such as an assertion failure message.
+                                      Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                      all containers will be limited to 12kb.
+                                      Defaults to /dev/termination-log.
+                                    type: string
+                                  terminationMessagePolicy:
+                                    description: |-
+                                      Indicate how the termination message should be populated. File will use the contents of
+                                      terminationMessagePath to populate the container status message on both success and failure.
+                                      FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                      message file is empty and the container exited with an error.
+                                    type: string
+                                  tty:
+                                    description: |-
+                                      Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                      Default is false.
+                                    type: boolean
+                                  volumeDevices:
+                                    description: volumeDevices is the list of block
+                                      devices to be used by the container.
+                                    items:
+                                      description: volumeDevice describes a mapping
+                                        of a raw block device within a container.
+                                      properties:
+                                        devicePath:
+                                          description: devicePath is the path inside
+                                            of the container that the device will
+                                            be mapped to.
+                                          type: string
+                                        name:
+                                          description: name must match the name of
+                                            a persistentVolumeClaim in the pod
+                                          type: string
+                                      required:
+                                      - devicePath
+                                      - name
+                                      type: object
+                                    type: array
+                                  volumeMounts:
+                                    description: |-
+                                      Pod volumes to mount into the container's filesystem.
+                                      Cannot be updated.
+                                    items:
+                                      description: VolumeMount describes a mounting
+                                        of a Volume within a container.
+                                      properties:
+                                        mountPath:
+                                          description: |-
+                                            Path within the container at which the volume should be mounted.  Must
+                                            not contain ':'.
+                                          type: string
+                                        mountPropagation:
+                                          description: |-
+                                            mountPropagation determines how mounts are propagated from the host
+                                            to container and the other way around.
+                                            When not set, MountPropagationNone is used.
+                                            This field is beta in 1.10.
+                                          type: string
+                                        name:
+                                          description: This must match the Name of
+                                            a Volume.
+                                          type: string
+                                        readOnly:
+                                          description: |-
+                                            Mounted read-only if true, read-write otherwise (false or unspecified).
+                                            Defaults to false.
+                                          type: boolean
+                                        subPath:
+                                          description: |-
+                                            Path within the volume from which the container's volume should be mounted.
+                                            Defaults to "" (volume's root).
+                                          type: string
+                                        subPathExpr:
+                                          description: |-
+                                            Expanded path within the volume from which the container's volume should be mounted.
+                                            Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                            Defaults to "" (volume's root).
+                                            SubPathExpr and SubPath are mutually exclusive.
+                                          type: string
+                                      required:
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                  workingDir:
+                                    description: |-
+                                      Container's working directory.
+                                      If not specified, the container runtime's default will be used, which
+                                      might be configured in the container image.
+                                      Cannot be updated.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            nodeName:
+                              description: |-
+                                NodeName is a request to schedule this pod onto a specific node. If it is non-empty,
+                                the scheduler simply schedules this pod onto that node, assuming that it fits resource
+                                requirements.
+                              type: string
+                            nodeSelector:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                NodeSelector is a selector which must be true for the pod to fit on a node.
+                                Selector which must match a node's labels for the pod to be scheduled on that node.
+                                More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            os:
+                              description: |-
+                                Specifies the OS of the containers in the pod.
+                                Some pod and container fields are restricted if this is set.
+
+
+                                If the OS field is set to linux, the following fields must be unset:
+                                -securityContext.windowsOptions
+
+
+                                If the OS field is set to windows, following fields must be unset:
+                                - spec.hostPID
+                                - spec.hostIPC
+                                - spec.hostUsers
+                                - spec.securityContext.seLinuxOptions
+                                - spec.securityContext.
+                              properties:
+                                name:
+                                  description: |-
+                                    Name is the name of the operating system. The currently supported values are linux and windows.
+                                    Additional value may be defined in future and can be one of:
+                                    https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
+                                    Clients should expect to handle additional values and treat unrecognized values in this field as os: null
+                                  type: string
+                              required:
+                              - name
+                              type: object
+                            overhead:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              description: |-
+                                Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.
+                                This field will be autopopulated at admission time by the RuntimeClass admission controller. If
+                                the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.
+                                The RuntimeClass admission controller will reject Pod create requests which have the overhead already
+                                set.
+                              type: object
+                            preemptionPolicy:
+                              description: |-
+                                PreemptionPolicy is the Policy for preempting pods with lower priority.
+                                One of Never, PreemptLowerPriority.
+                                Defaults to PreemptLowerPriority if unset.
+                              type: string
+                            priority:
+                              description: |-
+                                The priority value. Various system components use this field to find the
+                                priority of the pod. When Priority Admission Controller is enabled, it
+                                prevents users from setting this field. The admission controller populates
+                                this field from PriorityClassName.
+                                The higher the value, the higher the priority.
+                              format: int32
+                              type: integer
+                            priorityClassName:
+                              description: |-
+                                If specified, indicates the pod's priority. "system-node-critical" and
+                                "system-cluster-critical" are two special keywords which indicate the
+                                highest priorities with the former being the highest priority. Any other
+                                name must be defined by creating a PriorityClass object with that name.
+                                If not specified, the pod priority will be default or zero if there is no
+                                default.
+                              type: string
+                            readinessGates:
+                              description: |-
+                                If specified, all readiness gates will be evaluated for pod readiness.
+                                A pod is ready when all its containers are ready AND
+                                all conditions specified in the readiness gates have status equal to "True"
+                                More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
+                              items:
+                                description: PodReadinessGate contains the reference
+                                  to a pod condition
+                                properties:
+                                  conditionType:
+                                    description: ConditionType refers to a condition
+                                      in the pod's condition list with matching type.
+                                    type: string
+                                required:
+                                - conditionType
+                                type: object
+                              type: array
+                            resourceClaims:
+                              description: |-
+                                ResourceClaims defines which ResourceClaims must be allocated
+                                and reserved before the Pod is allowed to start. The resources
+                                will be made available to those containers which consume them
+                                by name.
+
+
+                                This is an alpha field and requires enabling the
+                                DynamicResourceAllocation feature gate.
+
+
+                                This field is immutable.
+                              items:
+                                description: |-
+                                  PodResourceClaim references exactly one ResourceClaim through a ClaimSource.
+                                  It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
+                                  Containers that need access to the ResourceClaim reference it with this name.
+                                properties:
+                                  name:
+                                    description: |-
+                                      Name uniquely identifies this resource claim inside the pod.
+                                      This must be a DNS_LABEL.
+                                    type: string
+                                  source:
+                                    description: Source describes where to find the
+                                      ResourceClaim.
+                                    properties:
+                                      resourceClaimName:
+                                        description: |-
+                                          ResourceClaimName is the name of a ResourceClaim object in the same
+                                          namespace as this pod.
+                                        type: string
+                                      resourceClaimTemplateName:
+                                        description: |-
+                                          ResourceClaimTemplateName is the name of a ResourceClaimTemplate
+                                          object in the same namespace as this pod.
+
+
+                                          The template will be used to create a new ResourceClaim, which will
+                                          be bound to this pod. When this pod is deleted, the ResourceClaim
+                                          will also be deleted.
+                                        type: string
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
+                            restartPolicy:
+                              description: |-
+                                Restart policy for all containers within the pod.
+                                One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.
+                                Default to Always.
+                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
+                              type: string
+                            runtimeClassName:
+                              description: |-
+                                RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
+                                to run this pod.  If no RuntimeClass resource matches the named class, the pod will not be run.
+                                If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
+                                empty definition that uses the default runtime handler.
+                                More info: https://git.k8s.
+                              type: string
+                            schedulerName:
+                              description: |-
+                                If specified, the pod will be dispatched by specified scheduler.
+                                If not specified, the pod will be dispatched by default scheduler.
+                              type: string
+                            schedulingGates:
+                              description: |-
+                                SchedulingGates is an opaque list of values that if specified will block scheduling the pod.
+                                If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the
+                                scheduler will not attempt to schedule the pod.
+
+
+                                SchedulingGates can only be set at pod creation time, and be removed only afterwards.
+
+
+                                This is a beta feature enabled by the PodSchedulingReadiness feature gate.
+                              items:
+                                description: PodSchedulingGate is associated to a
+                                  Pod to guard its scheduling.
+                                properties:
+                                  name:
+                                    description: |-
+                                      Name of the scheduling gate.
+                                      Each scheduling gate must have a unique name field.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
+                            securityContext:
+                              description: |-
+                                SecurityContext holds pod-level security attributes and common container settings.
+                                Optional: Defaults to empty.  See type description for default values of each field.
+                              properties:
+                                fsGroup:
+                                  description: |-
+                                    A special supplemental group that applies to all containers in a pod.
+                                    Some volume types allow the Kubelet to change the ownership of that volume
+                                    to be owned by the pod:
+
+
+                                    1. The owning GID will be the FSGroup
+                                    2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
+                                    3.
+                                  format: int64
+                                  type: integer
+                                fsGroupChangePolicy:
+                                  description: |-
+                                    fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
+                                    before being exposed inside Pod. This field will only apply to
+                                    volume types which support fsGroup based ownership(and permissions).
+                                    It will have no effect on ephemeral volume types such as: secret, configmaps
+                                    and emptydir.
+                                    Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
+                                  type: string
+                                runAsGroup:
+                                  description: |-
+                                    The GID to run the entrypoint of the container process.
+                                    Uses runtime default if unset.
+                                    May also be set in SecurityContext.  If set in both SecurityContext and
+                                    PodSecurityContext, the value specified in SecurityContext takes precedence
+                                    for that container.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  format: int64
+                                  type: integer
+                                runAsNonRoot:
+                                  description: |-
+                                    Indicates that the container must run as a non-root user.
+                                    If true, the Kubelet will validate the image at runtime to ensure that it
+                                    does not run as UID 0 (root) and fail to start the container if it does.
+                                    If unset or false, no such validation will be performed.
+                                    May also be set in SecurityContext.
+                                  type: boolean
+                                runAsUser:
+                                  description: |-
+                                    The UID to run the entrypoint of the container process.
+                                    Defaults to user specified in image metadata if unspecified.
+                                    May also be set in SecurityContext.  If set in both SecurityContext and
+                                    PodSecurityContext, the value specified in SecurityContext takes precedence
+                                    for that container.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  format: int64
+                                  type: integer
+                                seLinuxOptions:
+                                  description: |-
+                                    The SELinux context to be applied to all containers.
+                                    If unspecified, the container runtime will allocate a random SELinux context for each
+                                    container.  May also be set in SecurityContext.  If set in
+                                    both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+                                    takes precedence for that container.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  properties:
+                                    level:
+                                      description: Level is SELinux level label that
+                                        applies to the container.
+                                      type: string
+                                    role:
+                                      description: Role is a SELinux role label that
+                                        applies to the container.
+                                      type: string
+                                    type:
+                                      description: Type is a SELinux type label that
+                                        applies to the container.
+                                      type: string
+                                    user:
+                                      description: User is a SELinux user label that
+                                        applies to the container.
+                                      type: string
+                                  type: object
+                                seccompProfile:
+                                  description: |-
+                                    The seccomp options to use by the containers in this pod.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  properties:
+                                    localhostProfile:
+                                      description: |-
+                                        localhostProfile indicates a profile defined in a file on the node should be used.
+                                        The profile must be preconfigured on the node to work.
+                                        Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                        Must be set if type is "Localhost". Must NOT be set for any other type.
+                                      type: string
+                                    type:
+                                      description: |-
+                                        type indicates which kind of seccomp profile will be applied.
+                                        Valid options are:
+
+
+                                        Localhost - a profile defined in a file on the node should be used.
+                                        RuntimeDefault - the container runtime default profile should be used.
+                                        Unconfined - no profile should be applied.
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                supplementalGroups:
+                                  description: |-
+                                    A list of groups applied to the first process run in each container, in addition
+                                    to the container's primary GID, the fsGroup (if specified), and group memberships
+                                    defined in the container image for the uid of the container process. If unspecified,
+                                    no additional groups are added to any container.
+                                  items:
+                                    format: int64
+                                    type: integer
+                                  type: array
+                                sysctls:
+                                  description: |-
+                                    Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
+                                    sysctls (by the container runtime) might fail to launch.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  items:
+                                    description: Sysctl defines a kernel parameter
+                                      to be set
+                                    properties:
+                                      name:
+                                        description: Name of a property to set
+                                        type: string
+                                      value:
+                                        description: Value of a property to set
+                                        type: string
+                                    required:
+                                    - name
+                                    - value
+                                    type: object
+                                  type: array
+                                windowsOptions:
+                                  description: |-
+                                    The Windows specific settings applied to all containers.
+                                    If unspecified, the options within a container's SecurityContext will be used.
+                                    If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                    Note that this field cannot be set when spec.os.name is linux.
+                                  properties:
+                                    gmsaCredentialSpec:
+                                      description: |-
+                                        GMSACredentialSpec is where the GMSA admission webhook
+                                        (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                        GMSA credential spec named by the GMSACredentialSpecName field.
+                                      type: string
+                                    gmsaCredentialSpecName:
+                                      description: GMSACredentialSpecName is the name
+                                        of the GMSA credential spec to use.
+                                      type: string
+                                    hostProcess:
+                                      description: |-
+                                        HostProcess determines if a container should be run as a 'Host Process' container.
+                                        All of a Pod's containers must have the same effective HostProcess value
+                                        (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                        In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                      type: boolean
+                                    runAsUserName:
+                                      description: |-
+                                        The UserName in Windows to run the entrypoint of the container process.
+                                        Defaults to the user specified in image metadata if unspecified.
+                                        May also be set in PodSecurityContext. If set in both SecurityContext and
+                                        PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                      type: string
+                                  type: object
+                              type: object
+                            serviceAccount:
+                              description: |-
+                                DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
+                                Deprecated: Use serviceAccountName instead.
+                              type: string
+                            serviceAccountName:
+                              description: |-
+                                ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+                                More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+                              type: string
+                            setHostnameAsFQDN:
+                              description: |-
+                                If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
+                                In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).
+                              type: boolean
+                            shareProcessNamespace:
+                              description: |-
+                                Share a single process namespace between all of the containers in a pod.
+                                When this is set containers will be able to view and signal processes from other containers
+                                in the same pod, and the first process in each container will not be assigned PID 1.
+                                HostPID and ShareProcessNamespace cannot both be set.
+                                Optional: Default to false.
+                              type: boolean
+                            subdomain:
+                              description: |-
+                                If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>".
+                                If not specified, the pod will not have a domainname at all.
+                              type: string
+                            terminationGracePeriodSeconds:
+                              description: |-
+                                Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.
+                                Value must be non-negative integer. The value zero indicates stop immediately via
+                                the kill signal (no opportunity to shut down).
+                                If this value is nil, the default grace period will be used instead.
+                              format: int64
+                              type: integer
+                            tolerations:
+                              description: If specified, the pod's tolerations.
+                              items:
+                                description: |-
+                                  The pod this Toleration is attached to tolerates any taint that matches
+                                  the triple <key,value,effect> using the matching operator <operator>.
+                                properties:
+                                  effect:
+                                    description: |-
+                                      Effect indicates the taint effect to match. Empty means match all taint effects.
+                                      When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+                                    type: string
+                                  key:
+                                    description: |-
+                                      Key is the taint key that the toleration applies to. Empty means match all taint keys.
+                                      If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+                                    type: string
+                                  operator:
+                                    description: |-
+                                      Operator represents a key's relationship to the value.
+                                      Valid operators are Exists and Equal. Defaults to Equal.
+                                      Exists is equivalent to wildcard for value, so that a pod can
+                                      tolerate all taints of a particular category.
+                                    type: string
+                                  tolerationSeconds:
+                                    description: |-
+                                      TolerationSeconds represents the period of time the toleration (which must be
+                                      of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+                                      it is not set, which means tolerate the taint forever (do not evict). Zero and
+                                      negative values will be treated as 0 (evict immediately) by the system.
+                                    format: int64
+                                    type: integer
+                                  value:
+                                    description: |-
+                                      Value is the taint value the toleration matches to.
+                                      If the operator is Exists, the value should be empty, otherwise just a regular string.
+                                    type: string
+                                type: object
+                              type: array
+                            topologySpreadConstraints:
+                              description: |-
+                                TopologySpreadConstraints describes how a group of pods ought to spread across topology
+                                domains. Scheduler will schedule pods in a way which abides by the constraints.
+                                All topologySpreadConstraints are ANDed.
+                              items:
+                                description: TopologySpreadConstraint specifies how
+                                  to spread matching pods among the given topology.
+                                properties:
+                                  labelSelector:
+                                    description: |-
+                                      LabelSelector is used to find matching pods.
+                                      Pods that match this label selector are counted to determine the number of pods
+                                      in their corresponding topology domain.
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of
+                                          label selector requirements. The requirements
+                                          are ANDed.
+                                        items:
+                                          description: |-
+                                            A label selector requirement is a selector that contains values, a key, and an operator that
+                                            relates the key and values.
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              type: string
+                                            operator:
+                                              description: |-
+                                                operator represents a key's relationship to a set of values.
+                                                Valid operators are In, NotIn, Exists and DoesNotExist.
+                                              type: string
+                                            values:
+                                              description: |-
+                                                values is an array of string values. If the operator is In or NotIn,
+                                                the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                the values array must be empty. This array is replaced during a strategic
+                                                merge patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                          - key
+                                          - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        description: |-
+                                          matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                          map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                          operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  matchLabelKeys:
+                                    description: |-
+                                      MatchLabelKeys is a set of pod label keys to select the pods over which
+                                      spreading will be calculated. The keys are used to lookup values from the
+                                      incoming pod labels, those key-value labels are ANDed with labelSelector
+                                      to select the group of existing pods over which spreading will be calculated
+                                      for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+                                    items:
+                                      type: string
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  maxSkew:
+                                    description: |-
+                                      MaxSkew describes the degree to which pods may be unevenly distributed.
+                                      When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
+                                      between the number of matching pods in the target topology and the global minimum.
+                                      The global minimum is the minimum number of matching pods in an eligible domain
+                                      or zero if the number of eligible domains is less than MinDomains.
+                                    format: int32
+                                    type: integer
+                                  minDomains:
+                                    description: |-
+                                      MinDomains indicates a minimum number of eligible domains.
+                                      When the number of eligible domains with matching topology keys is less than minDomains,
+                                      Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
+                                      And when the number of eligible domains with matching topology keys equals or greater than minDomains,
+                                      this value has no effect on scheduling.
+                                    format: int32
+                                    type: integer
+                                  nodeAffinityPolicy:
+                                    description: |-
+                                      NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
+                                      when calculating pod topology spread skew. Options are:
+                                      - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
+                                      - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
+
+
+                                      If this value is nil, the behavior is equivalent to the Honor policy.
+                                    type: string
+                                  nodeTaintsPolicy:
+                                    description: |-
+                                      NodeTaintsPolicy indicates how we will treat node taints when calculating
+                                      pod topology spread skew. Options are:
+                                      - Honor: nodes without taints, along with tainted nodes for which the incoming pod
+                                      has a toleration, are included.
+                                      - Ignore: node taints are ignored. All nodes are included.
+
+
+                                      If this value is nil, the behavior is equivalent to the Ignore policy.
+                                    type: string
+                                  topologyKey:
+                                    description: |-
+                                      TopologyKey is the key of node labels. Nodes that have a label with this key
+                                      and identical values are considered to be in the same topology.
+                                      We consider each <key, value> as a "bucket", and try to put balanced number
+                                      of pods into each bucket.
+                                      We define a domain as a particular instance of a topology.
+                                    type: string
+                                  whenUnsatisfiable:
+                                    description: |-
+                                      WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
+                                      the spread constraint.
+                                      - DoNotSchedule (default) tells the scheduler not to schedule it.
+                                      - ScheduleAnyway tells the scheduler to schedule the pod in any location,
+                                        but giving higher precedence to topologies that would help reduce the
+                                        skew.
+                                    type: string
+                                required:
+                                - maxSkew
+                                - topologyKey
+                                - whenUnsatisfiable
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - topologyKey
+                              - whenUnsatisfiable
+                              x-kubernetes-list-type: map
+                            volumes:
+                              description: |-
+                                List of volumes that can be mounted by containers belonging to the pod.
+                                More info: https://kubernetes.io/docs/concepts/storage/volumes
+                              items:
+                                description: Volume represents a named volume in a
+                                  pod that may be accessed by any container in the
+                                  pod.
+                                properties:
+                                  awsElasticBlockStore:
+                                    description: |-
+                                      awsElasticBlockStore represents an AWS Disk resource that is attached to a
+                                      kubelet's host machine and then exposed to the pod.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      partition:
+                                        description: |-
+                                          partition is the partition in the volume that you want to mount.
+                                          If omitted, the default is to mount by volume name.
+                                          Examples: For volume /dev/sda1, you specify the partition as "1".
+                                          Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+                                        format: int32
+                                        type: integer
+                                      readOnly:
+                                        description: |-
+                                          readOnly value true will force the readOnly setting in VolumeMounts.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                        type: boolean
+                                      volumeID:
+                                        description: |-
+                                          volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                        type: string
+                                    required:
+                                    - volumeID
+                                    type: object
+                                  azureDisk:
+                                    description: azureDisk represents an Azure Data
+                                      Disk mount on the host and bind mount to the
+                                      pod.
+                                    properties:
+                                      cachingMode:
+                                        description: 'cachingMode is the Host Caching
+                                          mode: None, Read Only, Read Write.'
+                                        type: string
+                                      diskName:
+                                        description: diskName is the Name of the data
+                                          disk in the blob storage
+                                        type: string
+                                      diskURI:
+                                        description: diskURI is the URI of data disk
+                                          in the blob storage
+                                        type: string
+                                      fsType:
+                                        description: |-
+                                          fsType is Filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      kind:
+                                        description: 'kind expected values are Shared:
+                                          multiple blob disks per storage account  Dedicated:
+                                          single blob disk per storage account  Managed:
+                                          azure managed data disk (only in managed
+                                          availability set). defaults to shared'
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                    required:
+                                    - diskName
+                                    - diskURI
+                                    type: object
+                                  azureFile:
+                                    description: azureFile represents an Azure File
+                                      Service mount on the host and bind mount to
+                                      the pod.
+                                    properties:
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretName:
+                                        description: secretName is the  name of secret
+                                          that contains Azure Storage Account Name
+                                          and Key
+                                        type: string
+                                      shareName:
+                                        description: shareName is the azure share
+                                          Name
+                                        type: string
+                                    required:
+                                    - secretName
+                                    - shareName
+                                    type: object
+                                  cephfs:
+                                    description: cephFS represents a Ceph FS mount
+                                      on the host that shares a pod's lifetime
+                                    properties:
+                                      monitors:
+                                        description: |-
+                                          monitors is Required: Monitors is a collection of Ceph monitors
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        items:
+                                          type: string
+                                        type: array
+                                      path:
+                                        description: 'path is Optional: Used as the
+                                          mounted root, rather than the full Ceph
+                                          tree, default is /'
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        type: boolean
+                                      secretFile:
+                                        description: |-
+                                          secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        type: string
+                                      secretRef:
+                                        description: |-
+                                          secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      user:
+                                        description: |-
+                                          user is optional: User is the rados user name, default is admin
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        type: string
+                                    required:
+                                    - monitors
+                                    type: object
+                                  cinder:
+                                    description: |-
+                                      cinder represents a cinder volume attached and mounted on kubelets host machine.
+                                      More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef is optional: points to a secret object containing parameters used to connect
+                                          to OpenStack.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      volumeID:
+                                        description: |-
+                                          volumeID used to identify the volume in cinder.
+                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                        type: string
+                                    required:
+                                    - volumeID
+                                    type: object
+                                  configMap:
+                                    description: configMap represents a configMap
+                                      that should populate this volume
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          defaultMode is optional: mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                          Defaults to 0644.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      items:
+                                        description: |-
+                                          items if unspecified, each key-value pair in the Data field of the referenced
+                                          ConfigMap will be projected into the volume as a file whose name is the
+                                          key and content is the value. If specified, the listed keys will be
+                                          projected into the specified paths, and unlisted keys will not be
+                                          present.
+                                        items:
+                                          description: Maps a string key to a path
+                                            within a volume.
+                                          properties:
+                                            key:
+                                              description: key is the key to project.
+                                              type: string
+                                            mode:
+                                              description: |-
+                                                mode is Optional: mode bits used to set permissions on this file.
+                                                Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                If not specified, the volume defaultMode will be used.
+                                              format: int32
+                                              type: integer
+                                            path:
+                                              description: |-
+                                                path is the relative path of the file to map the key to.
+                                                May not be an absolute path.
+                                                May not contain the path element '..'.
+                                                May not start with the string '..'.
+                                              type: string
+                                          required:
+                                          - key
+                                          - path
+                                          type: object
+                                        type: array
+                                      name:
+                                        description: |-
+                                          Name of the referent.
+                                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                          TODO: Add other useful fields. apiVersion, kind, uid?
+                                        type: string
+                                      optional:
+                                        description: optional specify whether the
+                                          ConfigMap or its keys must be defined
+                                        type: boolean
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  csi:
+                                    description: csi (Container Storage Interface)
+                                      represents ephemeral storage that is handled
+                                      by certain external CSI drivers (Beta feature).
+                                    properties:
+                                      driver:
+                                        description: |-
+                                          driver is the name of the CSI driver that handles this volume.
+                                          Consult with your admin for the correct name as registered in the cluster.
+                                        type: string
+                                      fsType:
+                                        description: |-
+                                          fsType to mount. Ex. "ext4", "xfs", "ntfs".
+                                          If not provided, the empty value is passed to the associated CSI driver
+                                          which will determine the default filesystem to apply.
+                                        type: string
+                                      nodePublishSecretRef:
+                                        description: |-
+                                          nodePublishSecretRef is a reference to the secret object containing
+                                          sensitive information to pass to the CSI driver to complete the CSI
+                                          NodePublishVolume and NodeUnpublishVolume calls.
+                                          This field is optional, and  may be empty if no secret is required. If the
+                                          secret object contains more than one secret, all secret references are passed.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      readOnly:
+                                        description: |-
+                                          readOnly specifies a read-only configuration for the volume.
+                                          Defaults to false (read/write).
+                                        type: boolean
+                                      volumeAttributes:
+                                        additionalProperties:
+                                          type: string
+                                        description: |-
+                                          volumeAttributes stores driver-specific properties that are passed to the CSI
+                                          driver. Consult your driver's documentation for supported values.
+                                        type: object
+                                    required:
+                                    - driver
+                                    type: object
+                                  downwardAPI:
+                                    description: downwardAPI represents downward API
+                                      about the pod that should populate this volume
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          Optional: mode bits to use on created files by default. Must be a
+                                          Optional: mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                          Defaults to 0644.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      items:
+                                        description: Items is a list of downward API
+                                          volume file
+                                        items:
+                                          description: DownwardAPIVolumeFile represents
+                                            information to create the file containing
+                                            the pod field
+                                          properties:
+                                            fieldRef:
+                                              description: 'Required: Selects a field
+                                                of the pod: only annotations, labels,
+                                                name and namespace are supported.'
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            mode:
+                                              description: |-
+                                                Optional: mode bits used to set permissions on this file, must be an octal value
+                                                between 0000 and 0777 or a decimal value between 0 and 511.
+                                                YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                If not specified, the volume defaultMode will be used.
+                                              format: int32
+                                              type: integer
+                                            path:
+                                              description: 'Required: Path is  the
+                                                relative path name of the file to
+                                                be created. Must not be absolute or
+                                                contain the ''..'' path. Must be utf-8
+                                                encoded. The first item of the relative
+                                                path must not start with ''..'''
+                                              type: string
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          required:
+                                          - path
+                                          type: object
+                                        type: array
+                                    type: object
+                                  emptyDir:
+                                    description: |-
+                                      emptyDir represents a temporary directory that shares a pod's lifetime.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+                                    properties:
+                                      medium:
+                                        description: |-
+                                          medium represents what type of storage medium should back this directory.
+                                          The default is "" which means to use the node's default medium.
+                                          Must be an empty string (default) or Memory.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+                                        type: string
+                                      sizeLimit:
+                                        anyOf:
+                                        - type: integer
+                                        - type: string
+                                        description: |-
+                                          sizeLimit is the total amount of local storage required for this EmptyDir volume.
+                                          The size limit is also applicable for memory medium.
+                                          The maximum usage on memory medium EmptyDir would be the minimum value between
+                                          the SizeLimit specified here and the sum of memory limits of all containers in a pod.
+                                          The default is nil which means that the limit is undefined.
+                                          More info: https://kubernetes.
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  ephemeral:
+                                    description: |-
+                                      ephemeral represents a volume that is handled by a cluster storage driver.
+                                      The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
+                                      and deleted when the pod is removed.
+                                    properties:
+                                      volumeClaimTemplate:
+                                        description: |-
+                                          Will be used to create a stand-alone PVC to provision the volume.
+                                          The pod in which this EphemeralVolumeSource is embedded will be the
+                                          owner of the PVC, i.e. the PVC will be deleted together with the
+                                          pod.  The name of the PVC will be `<pod name>-<volume name>` where
+                                          `<volume name>` is the name from the `PodSpec.Volumes` array
+                                          entry.
+                                        properties:
+                                          metadata:
+                                            description: |-
+                                              May contain labels and annotations that will be copied into the PVC
+                                              when creating it. No other fields are allowed and will be rejected during
+                                              validation.
+                                            properties:
+                                              annotations:
+                                                additionalProperties:
+                                                  type: string
+                                                type: object
+                                              finalizers:
+                                                items:
+                                                  type: string
+                                                type: array
+                                              labels:
+                                                additionalProperties:
+                                                  type: string
+                                                type: object
+                                              name:
+                                                type: string
+                                              namespace:
+                                                type: string
+                                            type: object
+                                          spec:
+                                            description: |-
+                                              The specification for the PersistentVolumeClaim. The entire content is
+                                              copied unchanged into the PVC that gets created from this
+                                              template. The same fields as in a PersistentVolumeClaim
+                                              are also valid here.
+                                            properties:
+                                              accessModes:
+                                                description: |-
+                                                  accessModes contains the desired access modes the volume should have.
+                                                  More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+                                                items:
+                                                  type: string
+                                                type: array
+                                              dataSource:
+                                                description: |-
+                                                  dataSource field can be used to specify either:
+                                                  * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+                                                  * An existing PVC (PersistentVolumeClaim)
+                                                  If the provisioner or an external controller can support the specified data source,
+                                                  it will create a new volume based on the contents of the specified data source.
+                                                properties:
+                                                  apiGroup:
+                                                    description: |-
+                                                      APIGroup is the group for the resource being referenced.
+                                                      If APIGroup is not specified, the specified Kind must be in the core API group.
+                                                      For any other third-party types, APIGroup is required.
+                                                    type: string
+                                                  kind:
+                                                    description: Kind is the type
+                                                      of resource being referenced
+                                                    type: string
+                                                  name:
+                                                    description: Name is the name
+                                                      of resource being referenced
+                                                    type: string
+                                                required:
+                                                - kind
+                                                - name
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              dataSourceRef:
+                                                description: |-
+                                                  dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+                                                  volume is desired. This may be any object from a non-empty API group (non
+                                                  core object) or a PersistentVolumeClaim object.
+                                                  When this field is specified, volume binding will only succeed if the type of
+                                                  the specified object matches some installed volume populator or dynamic
+                                                  provisioner.
+                                                properties:
+                                                  apiGroup:
+                                                    description: |-
+                                                      APIGroup is the group for the resource being referenced.
+                                                      If APIGroup is not specified, the specified Kind must be in the core API group.
+                                                      For any other third-party types, APIGroup is required.
+                                                    type: string
+                                                  kind:
+                                                    description: Kind is the type
+                                                      of resource being referenced
+                                                    type: string
+                                                  name:
+                                                    description: Name is the name
+                                                      of resource being referenced
+                                                    type: string
+                                                  namespace:
+                                                    description: |-
+                                                      Namespace is the namespace of resource being referenced
+                                                      Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+                                                      (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+                                                    type: string
+                                                required:
+                                                - kind
+                                                - name
+                                                type: object
+                                              resources:
+                                                description: |-
+                                                  resources represents the minimum resources the volume should have.
+                                                  If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+                                                  that are lower than previous value but must still be higher than capacity recorded in the
+                                                  status field of the claim.
+                                                  More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+                                                properties:
+                                                  limits:
+                                                    additionalProperties:
+                                                      anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    description: |-
+                                                      Limits describes the maximum amount of compute resources allowed.
+                                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                                    type: object
+                                                  requests:
+                                                    additionalProperties:
+                                                      anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    description: |-
+                                                      Requests describes the minimum amount of compute resources required.
+                                                      If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                                      otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                                    type: object
+                                                type: object
+                                              selector:
+                                                description: selector is a label query
+                                                  over volumes to consider for binding.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              storageClassName:
+                                                description: |-
+                                                  storageClassName is the name of the StorageClass required by the claim.
+                                                  More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+                                                type: string
+                                              volumeAttributesClassName:
+                                                description: |-
+                                                  volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+                                                  If specified, the CSI driver will create or update the volume with the attributes defined
+                                                  in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+                                                  it can be changed after the claim is created.
+                                                type: string
+                                              volumeMode:
+                                                description: |-
+                                                  volumeMode defines what type of volume is required by the claim.
+                                                  Value of Filesystem is implied when not included in claim spec.
+                                                type: string
+                                              volumeName:
+                                                description: volumeName is the binding
+                                                  reference to the PersistentVolume
+                                                  backing this claim.
+                                                type: string
+                                            type: object
+                                        required:
+                                        - spec
+                                        type: object
+                                    type: object
+                                  fc:
+                                    description: fc represents a Fibre Channel resource
+                                      that is attached to a kubelet's host machine
+                                      and then exposed to the pod.
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      lun:
+                                        description: 'lun is Optional: FC target lun
+                                          number'
+                                        format: int32
+                                        type: integer
+                                      readOnly:
+                                        description: |-
+                                          readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      targetWWNs:
+                                        description: 'targetWWNs is Optional: FC target
+                                          worldwide names (WWNs)'
+                                        items:
+                                          type: string
+                                        type: array
+                                      wwids:
+                                        description: |-
+                                          wwids Optional: FC volume world wide identifiers (wwids)
+                                          Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+                                        items:
+                                          type: string
+                                        type: array
+                                    type: object
+                                  flexVolume:
+                                    description: |-
+                                      flexVolume represents a generic volume resource that is
+                                      provisioned/attached using an exec based plugin.
+                                    properties:
+                                      driver:
+                                        description: driver is the name of the driver
+                                          to use for this volume.
+                                        type: string
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+                                        type: string
+                                      options:
+                                        additionalProperties:
+                                          type: string
+                                        description: 'options is Optional: this field
+                                          holds extra command options if any.'
+                                        type: object
+                                      readOnly:
+                                        description: |-
+                                          readOnly is Optional: defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef is Optional: secretRef is reference to the secret object containing
+                                          sensitive information to pass to the plugin scripts. This may be
+                                          empty if no secret object is specified. If the secret object
+                                          contains more than one secret, all secrets are passed to the plugin
+                                          scripts.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                    required:
+                                    - driver
+                                    type: object
+                                  flocker:
+                                    description: flocker represents a Flocker volume
+                                      attached to a kubelet's host machine. This depends
+                                      on the Flocker control service being running
+                                    properties:
+                                      datasetName:
+                                        description: |-
+                                          datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
+                                          should be considered as deprecated
+                                        type: string
+                                      datasetUUID:
+                                        description: datasetUUID is the UUID of the
+                                          dataset. This is unique identifier of a
+                                          Flocker dataset
+                                        type: string
+                                    type: object
+                                  gcePersistentDisk:
+                                    description: |-
+                                      gcePersistentDisk represents a GCE Disk resource that is attached to a
+                                      kubelet's host machine and then exposed to the pod.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      partition:
+                                        description: |-
+                                          partition is the partition in the volume that you want to mount.
+                                          If omitted, the default is to mount by volume name.
+                                          Examples: For volume /dev/sda1, you specify the partition as "1".
+                                          Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                        format: int32
+                                        type: integer
+                                      pdName:
+                                        description: |-
+                                          pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the ReadOnly setting in VolumeMounts.
+                                          Defaults to false.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                        type: boolean
+                                    required:
+                                    - pdName
+                                    type: object
+                                  gitRepo:
+                                    description: |-
+                                      gitRepo represents a git repository at a particular revision.
+                                      DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
+                                      EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
+                                      into the Pod's container.
+                                    properties:
+                                      directory:
+                                        description: |-
+                                          directory is the target directory name.
+                                          Must not contain or start with '..'.  If '.' is supplied, the volume directory will be the
+                                          git repository.  Otherwise, if specified, the volume will contain the git repository in
+                                          the subdirectory with the given name.
+                                        type: string
+                                      repository:
+                                        description: repository is the URL
+                                        type: string
+                                      revision:
+                                        description: revision is the commit hash for
+                                          the specified revision.
+                                        type: string
+                                    required:
+                                    - repository
+                                    type: object
+                                  glusterfs:
+                                    description: |-
+                                      glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
+                                      More info: https://examples.k8s.io/volumes/glusterfs/README.md
+                                    properties:
+                                      endpoints:
+                                        description: |-
+                                          endpoints is the endpoint name that details Glusterfs topology.
+                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                        type: string
+                                      path:
+                                        description: |-
+                                          path is the Glusterfs volume path.
+                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
+                                          Defaults to false.
+                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                        type: boolean
+                                    required:
+                                    - endpoints
+                                    - path
+                                    type: object
+                                  hostPath:
+                                    description: |-
+                                      hostPath represents a pre-existing file or directory on the host
+                                      machine that is directly exposed to the container. This is generally
+                                      used for system agents or other privileged things that are allowed
+                                      to see the host machine. Most containers will NOT need this.
+                                      More info: https://kubernetes.
+                                    properties:
+                                      path:
+                                        description: |-
+                                          path of the directory on the host.
+                                          If the path is a symlink, it will follow the link to the real path.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+                                        type: string
+                                      type:
+                                        description: |-
+                                          type for HostPath Volume
+                                          Defaults to ""
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+                                        type: string
+                                    required:
+                                    - path
+                                    type: object
+                                  iscsi:
+                                    description: |-
+                                      iscsi represents an ISCSI Disk resource that is attached to a
+                                      kubelet's host machine and then exposed to the pod.
+                                      More info: https://examples.k8s.io/volumes/iscsi/README.md
+                                    properties:
+                                      chapAuthDiscovery:
+                                        description: chapAuthDiscovery defines whether
+                                          support iSCSI Discovery CHAP authentication
+                                        type: boolean
+                                      chapAuthSession:
+                                        description: chapAuthSession defines whether
+                                          support iSCSI Session CHAP authentication
+                                        type: boolean
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      initiatorName:
+                                        description: |-
+                                          initiatorName is the custom iSCSI Initiator Name.
+                                          If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
+                                          <target portal>:<volume name> will be created for the connection.
+                                        type: string
+                                      iqn:
+                                        description: iqn is the target iSCSI Qualified
+                                          Name.
+                                        type: string
+                                      iscsiInterface:
+                                        description: |-
+                                          iscsiInterface is the interface Name that uses an iSCSI transport.
+                                          Defaults to 'default' (tcp).
+                                        type: string
+                                      lun:
+                                        description: lun represents iSCSI Target Lun
+                                          number.
+                                        format: int32
+                                        type: integer
+                                      portals:
+                                        description: |-
+                                          portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
+                                          is other than default (typically TCP ports 860 and 3260).
+                                        items:
+                                          type: string
+                                        type: array
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the ReadOnly setting in VolumeMounts.
+                                          Defaults to false.
+                                        type: boolean
+                                      secretRef:
+                                        description: secretRef is the CHAP Secret
+                                          for iSCSI target and initiator authentication
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      targetPortal:
+                                        description: |-
+                                          targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
+                                          is other than default (typically TCP ports 860 and 3260).
+                                        type: string
+                                    required:
+                                    - iqn
+                                    - lun
+                                    - targetPortal
+                                    type: object
+                                  name:
+                                    description: |-
+                                      name of the volume.
+                                      Must be a DNS_LABEL and unique within the pod.
+                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    type: string
+                                  nfs:
+                                    description: |-
+                                      nfs represents an NFS mount on the host that shares a pod's lifetime
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                    properties:
+                                      path:
+                                        description: |-
+                                          path that is exported by the NFS server.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the NFS export to be mounted with read-only permissions.
+                                          Defaults to false.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                        type: boolean
+                                      server:
+                                        description: |-
+                                          server is the hostname or IP address of the NFS server.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                        type: string
+                                    required:
+                                    - path
+                                    - server
+                                    type: object
+                                  persistentVolumeClaim:
+                                    description: |-
+                                      persistentVolumeClaimVolumeSource represents a reference to a
+                                      PersistentVolumeClaim in the same namespace.
+                                      More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+                                    properties:
+                                      claimName:
+                                        description: |-
+                                          claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
+                                          More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly Will force the ReadOnly setting in VolumeMounts.
+                                          Default false.
+                                        type: boolean
+                                    required:
+                                    - claimName
+                                    type: object
+                                  photonPersistentDisk:
+                                    description: photonPersistentDisk represents a
+                                      PhotonController persistent disk attached and
+                                      mounted on kubelets host machine
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      pdID:
+                                        description: pdID is the ID that identifies
+                                          Photon Controller persistent disk
+                                        type: string
+                                    required:
+                                    - pdID
+                                    type: object
+                                  portworxVolume:
+                                    description: portworxVolume represents a portworx
+                                      volume attached and mounted on kubelets host
+                                      machine
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fSType represents the filesystem type to mount
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      volumeID:
+                                        description: volumeID uniquely identifies
+                                          a Portworx volume
+                                        type: string
+                                    required:
+                                    - volumeID
+                                    type: object
+                                  projected:
+                                    description: projected items for all in one resources
+                                      secrets, configmaps, and downward API
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          defaultMode are the mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      sources:
+                                        description: sources is the list of volume
+                                          projections
+                                        items:
+                                          description: Projection that may be projected
+                                            along with other supported volume types
+                                          properties:
+                                            clusterTrustBundle:
+                                              description: |-
+                                                ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
+                                                of ClusterTrustBundle objects in an auto-updating file.
+
+
+                                                Alpha, gated by the ClusterTrustBundleProjection feature gate.
+
+
+                                                ClusterTrustBundle objects can either be selected by name, or by the
+                                                combination of signer name and a label selector.
+                                              properties:
+                                                labelSelector:
+                                                  description: |-
+                                                    Select all ClusterTrustBundles that match this label selector.  Only has
+                                                    effect if signerName is set.  Mutually-exclusive with name.  If unset,
+                                                    interpreted as "match nothing".  If set but empty, interpreted as "match
+                                                    everything".
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: |-
+                                                          A label selector requirement is a selector that contains values, a key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: |-
+                                                              operator represents a key's relationship to a set of values.
+                                                              Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: |-
+                                                              values is an array of string values. If the operator is In or NotIn,
+                                                              the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                              the values array must be empty. This array is replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: |-
+                                                        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                        map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                        operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                name:
+                                                  description: |-
+                                                    Select a single ClusterTrustBundle by object name.  Mutually-exclusive
+                                                    with signerName and labelSelector.
+                                                  type: string
+                                                optional:
+                                                  description: |-
+                                                    If true, don't block pod startup if the referenced ClusterTrustBundle(s)
+                                                    aren't available.  If using name, then the named ClusterTrustBundle is
+                                                    allowed not to exist.  If using signerName, then the combination of
+                                                    signerName and labelSelector is allowed to match zero
+                                                    ClusterTrustBundles.
+                                                  type: boolean
+                                                path:
+                                                  description: Relative path from
+                                                    the volume root to write the bundle.
+                                                  type: string
+                                                signerName:
+                                                  description: |-
+                                                    Select all ClusterTrustBundles that match this signer name.
+                                                    Mutually-exclusive with name.  The contents of all selected
+                                                    ClusterTrustBundles will be unified and deduplicated.
+                                                  type: string
+                                              required:
+                                              - path
+                                              type: object
+                                            configMap:
+                                              description: configMap information about
+                                                the configMap data to project
+                                              properties:
+                                                items:
+                                                  description: |-
+                                                    items if unspecified, each key-value pair in the Data field of the referenced
+                                                    ConfigMap will be projected into the volume as a file whose name is the
+                                                    key and content is the value. If specified, the listed keys will be
+                                                    projected into the specified paths, and unlisted keys will not be
+                                                    present.
+                                                  items:
+                                                    description: Maps a string key
+                                                      to a path within a volume.
+                                                    properties:
+                                                      key:
+                                                        description: key is the key
+                                                          to project.
+                                                        type: string
+                                                      mode:
+                                                        description: |-
+                                                          mode is Optional: mode bits used to set permissions on this file.
+                                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                          If not specified, the volume defaultMode will be used.
+                                                        format: int32
+                                                        type: integer
+                                                      path:
+                                                        description: |-
+                                                          path is the relative path of the file to map the key to.
+                                                          May not be an absolute path.
+                                                          May not contain the path element '..'.
+                                                          May not start with the string '..'.
+                                                        type: string
+                                                    required:
+                                                    - key
+                                                    - path
+                                                    type: object
+                                                  type: array
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: optional specify whether
+                                                    the ConfigMap or its keys must
+                                                    be defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            downwardAPI:
+                                              description: downwardAPI information
+                                                about the downwardAPI data to project
+                                              properties:
+                                                items:
+                                                  description: Items is a list of
+                                                    DownwardAPIVolume file
+                                                  items:
+                                                    description: DownwardAPIVolumeFile
+                                                      represents information to create
+                                                      the file containing the pod
+                                                      field
+                                                    properties:
+                                                      fieldRef:
+                                                        description: 'Required: Selects
+                                                          a field of the pod: only
+                                                          annotations, labels, name
+                                                          and namespace are supported.'
+                                                        properties:
+                                                          apiVersion:
+                                                            description: Version of
+                                                              the schema the FieldPath
+                                                              is written in terms
+                                                              of, defaults to "v1".
+                                                            type: string
+                                                          fieldPath:
+                                                            description: Path of the
+                                                              field to select in the
+                                                              specified API version.
+                                                            type: string
+                                                        required:
+                                                        - fieldPath
+                                                        type: object
+                                                        x-kubernetes-map-type: atomic
+                                                      mode:
+                                                        description: |-
+                                                          Optional: mode bits used to set permissions on this file, must be an octal value
+                                                          between 0000 and 0777 or a decimal value between 0 and 511.
+                                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                          If not specified, the volume defaultMode will be used.
+                                                        format: int32
+                                                        type: integer
+                                                      path:
+                                                        description: 'Required: Path
+                                                          is  the relative path name
+                                                          of the file to be created.
+                                                          Must not be absolute or
+                                                          contain the ''..'' path.
+                                                          Must be utf-8 encoded. The
+                                                          first item of the relative
+                                                          path must not start with
+                                                          ''..'''
+                                                        type: string
+                                                      resourceFieldRef:
+                                                        description: |-
+                                                          Selects a resource of the container: only resources limits and requests
+                                                          (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+                                                        properties:
+                                                          containerName:
+                                                            description: 'Container
+                                                              name: required for volumes,
+                                                              optional for env vars'
+                                                            type: string
+                                                          divisor:
+                                                            anyOf:
+                                                            - type: integer
+                                                            - type: string
+                                                            description: Specifies
+                                                              the output format of
+                                                              the exposed resources,
+                                                              defaults to "1"
+                                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                            x-kubernetes-int-or-string: true
+                                                          resource:
+                                                            description: 'Required:
+                                                              resource to select'
+                                                            type: string
+                                                        required:
+                                                        - resource
+                                                        type: object
+                                                        x-kubernetes-map-type: atomic
+                                                    required:
+                                                    - path
+                                                    type: object
+                                                  type: array
+                                              type: object
+                                            secret:
+                                              description: secret information about
+                                                the secret data to project
+                                              properties:
+                                                items:
+                                                  description: |-
+                                                    items if unspecified, each key-value pair in the Data field of the referenced
+                                                    Secret will be projected into the volume as a file whose name is the
+                                                    key and content is the value. If specified, the listed keys will be
+                                                    projected into the specified paths, and unlisted keys will not be
+                                                    present.
+                                                  items:
+                                                    description: Maps a string key
+                                                      to a path within a volume.
+                                                    properties:
+                                                      key:
+                                                        description: key is the key
+                                                          to project.
+                                                        type: string
+                                                      mode:
+                                                        description: |-
+                                                          mode is Optional: mode bits used to set permissions on this file.
+                                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                          If not specified, the volume defaultMode will be used.
+                                                        format: int32
+                                                        type: integer
+                                                      path:
+                                                        description: |-
+                                                          path is the relative path of the file to map the key to.
+                                                          May not be an absolute path.
+                                                          May not contain the path element '..'.
+                                                          May not start with the string '..'.
+                                                        type: string
+                                                    required:
+                                                    - key
+                                                    - path
+                                                    type: object
+                                                  type: array
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: optional field specify
+                                                    whether the Secret or its key
+                                                    must be defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            serviceAccountToken:
+                                              description: serviceAccountToken is
+                                                information about the serviceAccountToken
+                                                data to project
+                                              properties:
+                                                audience:
+                                                  description: |-
+                                                    audience is the intended audience of the token. A recipient of a token
+                                                    must identify itself with an identifier specified in the audience of the
+                                                    token, and otherwise should reject the token. The audience defaults to the
+                                                    identifier of the apiserver.
+                                                  type: string
+                                                expirationSeconds:
+                                                  description: |-
+                                                    expirationSeconds is the requested duration of validity of the service
+                                                    account token. As the token approaches expiration, the kubelet volume
+                                                    plugin will proactively rotate the service account token. The kubelet will
+                                                    start trying to rotate the token if the token is older than 80 percent of
+                                                    its time to live or if the token is older than 24 hours.Defaults to 1 hour
+                                                    and must be at least 10 minutes.
+                                                  format: int64
+                                                  type: integer
+                                                path:
+                                                  description: |-
+                                                    path is the path relative to the mount point of the file to project the
+                                                    token into.
+                                                  type: string
+                                              required:
+                                              - path
+                                              type: object
+                                          type: object
+                                        type: array
+                                    type: object
+                                  quobyte:
+                                    description: quobyte represents a Quobyte mount
+                                      on the host that shares a pod's lifetime
+                                    properties:
+                                      group:
+                                        description: |-
+                                          group to map volume access to
+                                          Default is no group
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the Quobyte volume to be mounted with read-only permissions.
+                                          Defaults to false.
+                                        type: boolean
+                                      registry:
+                                        description: |-
+                                          registry represents a single or multiple Quobyte Registry services
+                                          specified as a string as host:port pair (multiple entries are separated with commas)
+                                          which acts as the central registry for volumes
+                                        type: string
+                                      tenant:
+                                        description: |-
+                                          tenant owning the given Quobyte volume in the Backend
+                                          Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+                                        type: string
+                                      user:
+                                        description: |-
+                                          user to map volume access to
+                                          Defaults to serivceaccount user
+                                        type: string
+                                      volume:
+                                        description: volume is a string that references
+                                          an already created Quobyte volume by name.
+                                        type: string
+                                    required:
+                                    - registry
+                                    - volume
+                                    type: object
+                                  rbd:
+                                    description: |-
+                                      rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
+                                      More info: https://examples.k8s.io/volumes/rbd/README.md
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      image:
+                                        description: |-
+                                          image is the rados image name.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                      keyring:
+                                        description: |-
+                                          keyring is the path to key ring for RBDUser.
+                                          Default is /etc/ceph/keyring.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                      monitors:
+                                        description: |-
+                                          monitors is a collection of Ceph monitors.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        items:
+                                          type: string
+                                        type: array
+                                      pool:
+                                        description: |-
+                                          pool is the rados pool name.
+                                          Default is rbd.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the ReadOnly setting in VolumeMounts.
+                                          Defaults to false.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef is name of the authentication secret for RBDUser. If provided
+                                          overrides keyring.
+                                          Default is nil.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      user:
+                                        description: |-
+                                          user is the rados user name.
+                                          Default is admin.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                    required:
+                                    - image
+                                    - monitors
+                                    type: object
+                                  scaleIO:
+                                    description: scaleIO represents a ScaleIO persistent
+                                      volume attached and mounted on Kubernetes nodes.
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs".
+                                          Default is "xfs".
+                                        type: string
+                                      gateway:
+                                        description: gateway is the host address of
+                                          the ScaleIO API Gateway.
+                                        type: string
+                                      protectionDomain:
+                                        description: protectionDomain is the name
+                                          of the ScaleIO Protection Domain for the
+                                          configured storage.
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef references to the secret for ScaleIO user and other
+                                          sensitive information. If this is not provided, Login operation will fail.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      sslEnabled:
+                                        description: sslEnabled Flag enable/disable
+                                          SSL communication with Gateway, default
+                                          false
+                                        type: boolean
+                                      storageMode:
+                                        description: |-
+                                          storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
+                                          Default is ThinProvisioned.
+                                        type: string
+                                      storagePool:
+                                        description: storagePool is the ScaleIO Storage
+                                          Pool associated with the protection domain.
+                                        type: string
+                                      system:
+                                        description: system is the name of the storage
+                                          system as configured in ScaleIO.
+                                        type: string
+                                      volumeName:
+                                        description: |-
+                                          volumeName is the name of a volume already created in the ScaleIO system
+                                          that is associated with this volume source.
+                                        type: string
+                                    required:
+                                    - gateway
+                                    - secretRef
+                                    - system
+                                    type: object
+                                  secret:
+                                    description: |-
+                                      secret represents a secret that should populate this volume.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          defaultMode is Optional: mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values
+                                          for mode bits. Defaults to 0644.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      items:
+                                        description: |-
+                                          items If unspecified, each key-value pair in the Data field of the referenced
+                                          Secret will be projected into the volume as a file whose name is the
+                                          key and content is the value. If specified, the listed keys will be
+                                          projected into the specified paths, and unlisted keys will not be
+                                          present.
+                                        items:
+                                          description: Maps a string key to a path
+                                            within a volume.
+                                          properties:
+                                            key:
+                                              description: key is the key to project.
+                                              type: string
+                                            mode:
+                                              description: |-
+                                                mode is Optional: mode bits used to set permissions on this file.
+                                                Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                If not specified, the volume defaultMode will be used.
+                                              format: int32
+                                              type: integer
+                                            path:
+                                              description: |-
+                                                path is the relative path of the file to map the key to.
+                                                May not be an absolute path.
+                                                May not contain the path element '..'.
+                                                May not start with the string '..'.
+                                              type: string
+                                          required:
+                                          - key
+                                          - path
+                                          type: object
+                                        type: array
+                                      optional:
+                                        description: optional field specify whether
+                                          the Secret or its keys must be defined
+                                        type: boolean
+                                      secretName:
+                                        description: |-
+                                          secretName is the name of the secret in the pod's namespace to use.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+                                        type: string
+                                    type: object
+                                  storageos:
+                                    description: storageOS represents a StorageOS
+                                      volume attached and mounted on Kubernetes nodes.
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef specifies the secret to use for obtaining the StorageOS API
+                                          credentials.  If not specified, default values will be attempted.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      volumeName:
+                                        description: |-
+                                          volumeName is the human-readable name of the StorageOS volume.  Volume
+                                          names are only unique within a namespace.
+                                        type: string
+                                      volumeNamespace:
+                                        description: |-
+                                          volumeNamespace specifies the scope of the volume within StorageOS.  If no
+                                          namespace is specified then the Pod's namespace will be used.  This allows the
+                                          Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
+                                          Set VolumeName to any name to override the default behaviour.
+                                          Set to "default" if you are not using namespaces within StorageOS.
+                                        type: string
+                                    type: object
+                                  vsphereVolume:
+                                    description: vsphereVolume represents a vSphere
+                                      volume attached and mounted on kubelets host
+                                      machine
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      storagePolicyID:
+                                        description: storagePolicyID is the storage
+                                          Policy Based Management (SPBM) profile ID
+                                          associated with the StoragePolicyName.
+                                        type: string
+                                      storagePolicyName:
+                                        description: storagePolicyName is the storage
+                                          Policy Based Management (SPBM) profile name.
+                                        type: string
+                                      volumePath:
+                                        description: volumePath is the path that identifies
+                                          vSphere volume vmdk
+                                        type: string
+                                    required:
+                                    - volumePath
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                          required:
+                          - containers
+                          type: object
+                      type: object
+                  type: object
+                description: |-
+                  A map of TFReplicaType (type) to ReplicaSpec (value). Specifies the TF cluster configuration.
+                  For example,
+                    {
+                      "PS": ReplicaSpec,
+                      "Worker": ReplicaSpec,
+                    }
+                type: object
+            required:
+            - tfReplicaSpecs
+            type: object
+          status:
+            description: |-
+              Most recently observed status of the TFJob.
+              Populated by the system.
+              Read-only.
+            properties:
+              completionTime:
+                description: |-
+                  Represents time when the job was completed. It is not guaranteed to
+                  be set in happens-before order across separate operations.
+                  It is represented in RFC3339 form and is in UTC.
+                format: date-time
+                type: string
+              conditions:
+                description: Conditions is an array of current observed job conditions.
+                items:
+                  description: JobCondition describes the state of the job at a certain
+                    point.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another.
+                      format: date-time
+                      type: string
+                    lastUpdateTime:
+                      description: The last time this condition was updated.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of job condition.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              lastReconcileTime:
+                description: |-
+                  Represents last time when the job was reconciled. It is not guaranteed to
+                  be set in happens-before order across separate operations.
+                  It is represented in RFC3339 form and is in UTC.
+                format: date-time
+                type: string
+              replicaStatuses:
+                additionalProperties:
+                  description: ReplicaStatus represents the current observed state
+                    of the replica.
+                  properties:
+                    active:
+                      description: The number of actively running pods.
+                      format: int32
+                      type: integer
+                    failed:
+                      description: The number of pods which reached phase Failed.
+                      format: int32
+                      type: integer
+                    labelSelector:
+                      description: 'Deprecated: Use Selector instead'
+                      properties:
+                        matchExpressions:
+                          description: matchExpressions is a list of label selector
+                            requirements. The requirements are ANDed.
+                          items:
+                            description: |-
+                              A label selector requirement is a selector that contains values, a key, and an operator that
+                              relates the key and values.
+                            properties:
+                              key:
+                                description: key is the label key that the selector
+                                  applies to.
+                                type: string
+                              operator:
+                                description: |-
+                                  operator represents a key's relationship to a set of values.
+                                  Valid operators are In, NotIn, Exists and DoesNotExist.
+                                type: string
+                              values:
+                                description: |-
+                                  values is an array of string values. If the operator is In or NotIn,
+                                  the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                  the values array must be empty. This array is replaced during a strategic
+                                  merge patch.
+                                items:
+                                  type: string
+                                type: array
+                            required:
+                            - key
+                            - operator
+                            type: object
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: |-
+                            matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                            map is equivalent to an element of matchExpressions, whose key field is "key", the
+                            operator is "In", and the values array contains only "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                      x-kubernetes-map-type: atomic
+                    selector:
+                      description: |-
+                        A Selector is a label query over a set of resources. The result of matchLabels and
+                        matchExpressions are ANDed. An empty Selector matches all objects. A null
+                        Selector matches no objects.
+                      type: string
+                    succeeded:
+                      description: The number of pods which reached phase Succeeded.
+                      format: int32
+                      type: integer
+                  type: object
+                description: |-
+                  ReplicaStatuses is map of ReplicaType and ReplicaStatus,
+                  specifies the status of each replica.
+                type: object
+              startTime:
+                description: |-
+                  Represents time when the job was acknowledged by the job controller.
+                  It is not guaranteed to be set in happens-before order across separate operations.
+                  It is represented in RFC3339 form and is in UTC.
+                format: date-time
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+{{- end }}
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_xgboostjobs.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_xgboostjobs.yaml
new file mode 100644
index 00000000..fb8944e1
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/templates/training-operator/kubeflow.org_xgboostjobs.yaml
@@ -0,0 +1,7528 @@
+{{- if (include "kubeflowCrds.trainingOperator.enabled" . | eq "true") -}}
+{{- if .Values.crds.minimized }}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }}
+  name: {{ include "kubeflowCrds.trainingOperator.xgboostFullName" . }}
+spec:
+  group: {{ include "kubeflowCrds.trainingOperator.group" . }}
+  names:
+    kind: XGBoostJob
+    listKind: XGBoostJobList
+    plural: {{ include "kubeflowCrds.trainingOperator.xgboostPluralName" . }}
+    singular: {{ include "kubeflowCrds.trainingOperator.xgboostSingularName" . }}
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[-1:].type
+      name: State
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1
+    schema:
+      openAPIV3Schema:
+        description: XGBoostJob is the Schema for the xgboostjobs API
+        type: object
+        x-kubernetes-preserve-unknown-fields: true
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+{{- else }}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    {{- include "kubeflowCrds.trainingOperator.labels" . | nindent 4 }}
+  name: {{ include "kubeflowCrds.trainingOperator.xgboostFullName" . }}
+spec:
+  group: {{ include "kubeflowCrds.trainingOperator.group" . }}
+  names:
+    kind: XGBoostJob
+    listKind: XGBoostJobList
+    plural: {{ include "kubeflowCrds.trainingOperator.xgboostPluralName" . }}
+    singular: {{ include "kubeflowCrds.trainingOperator.xgboostSingularName" . }}
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.conditions[-1:].type
+      name: State
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1
+    schema:
+      openAPIV3Schema:
+        description: XGBoostJob is the Schema for the xgboostjobs API
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: XGBoostJobSpec defines the desired state of XGBoostJob
+            properties:
+              runPolicy:
+                description: |-
+                  INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+                  Important: Run "make" to regenerate code after modifying this file
+                properties:
+                  activeDeadlineSeconds:
+                    description: |-
+                      Specifies the duration in seconds relative to the startTime that the job may be active
+                      before the system tries to terminate it; value must be positive integer.
+                    format: int64
+                    type: integer
+                  backoffLimit:
+                    description: Optional number of retries before marking this job
+                      failed.
+                    format: int32
+                    type: integer
+                  cleanPodPolicy:
+                    description: |-
+                      CleanPodPolicy defines the policy to kill pods after the job completes.
+                      Default to None.
+                    type: string
+                  schedulingPolicy:
+                    description: SchedulingPolicy defines the policy related to scheduling,
+                      e.g. gang-scheduling
+                    properties:
+                      minAvailable:
+                        format: int32
+                        type: integer
+                      minResources:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        type: object
+                      priorityClass:
+                        type: string
+                      queue:
+                        type: string
+                        x-kubernetes-validations:
+                        - message: spec.runPolicy.schedulingPolicy.queue is immutable
+                          rule: self == oldSelf
+                      scheduleTimeoutSeconds:
+                        format: int32
+                        type: integer
+                    type: object
+                  suspend:
+                    default: false
+                    description: |-
+                      suspend specifies whether the Job controller should create Pods or not.
+                      If a Job is created with suspend set to true, no Pods are created by
+                      the Job controller. If a Job is suspended after creation (i.e. the
+                      flag goes from false to true), the Job controller will delete all
+                      active Pods and PodGroups associated with this Job.
+                      Users must design their workload to gracefully handle this.
+                    type: boolean
+                  ttlSecondsAfterFinished:
+                    description: |-
+                      TTLSecondsAfterFinished is the TTL to clean up jobs.
+                      It may take extra ReconcilePeriod seconds for the cleanup, since
+                      reconcile gets called periodically.
+                      Default to infinite.
+                    format: int32
+                    type: integer
+                type: object
+              xgbReplicaSpecs:
+                additionalProperties:
+                  description: ReplicaSpec is a description of the replica
+                  properties:
+                    replicas:
+                      description: |-
+                        Replicas is the desired number of replicas of the given template.
+                        If unspecified, defaults to 1.
+                      format: int32
+                      type: integer
+                    restartPolicy:
+                      description: |-
+                        Restart policy for all replicas within the job.
+                        One of Always, OnFailure, Never and ExitCode.
+                        Default to Never.
+                      type: string
+                    template:
+                      description: |-
+                        Template is the object that describes the pod that
+                        will be created for this replica. RestartPolicy in PodTemplateSpec
+                        will be overide by RestartPolicy in ReplicaSpec
+                      properties:
+                        metadata:
+                          description: |-
+                            Standard object's metadata.
+                            More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+                          properties:
+                            annotations:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            finalizers:
+                              items:
+                                type: string
+                              type: array
+                            labels:
+                              additionalProperties:
+                                type: string
+                              type: object
+                            name:
+                              type: string
+                            namespace:
+                              type: string
+                          type: object
+                        spec:
+                          description: |-
+                            Specification of the desired behavior of the pod.
+                            More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+                          properties:
+                            activeDeadlineSeconds:
+                              description: |-
+                                Optional duration in seconds the pod may be active on the node relative to
+                                StartTime before the system will actively try to mark it failed and kill associated containers.
+                                Value must be a positive integer.
+                              format: int64
+                              type: integer
+                            affinity:
+                              description: If specified, the pod's scheduling constraints
+                              properties:
+                                nodeAffinity:
+                                  description: Describes node affinity scheduling
+                                    rules for the pod.
+                                  properties:
+                                    preferredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        The scheduler will prefer to schedule pods to nodes that satisfy
+                                        the affinity expressions specified by this field, but it may choose
+                                        a node that violates one or more of the expressions. The node that is
+                                        most preferred is the one with the greatest sum of weights, i.e.
+                                        for each node that meets all of the scheduling requirements (resource
+                                        request, requiredDuringScheduling affinity expressions, etc.
+                                      items:
+                                        description: |-
+                                          An empty preferred scheduling term matches all objects with implicit weight 0
+                                          (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+                                        properties:
+                                          preference:
+                                            description: A node selector term, associated
+                                              with the corresponding weight.
+                                            properties:
+                                              matchExpressions:
+                                                description: A list of node selector
+                                                  requirements by node's labels.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchFields:
+                                                description: A list of node selector
+                                                  requirements by node's fields.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          weight:
+                                            description: Weight associated with matching
+                                              the corresponding nodeSelectorTerm,
+                                              in the range 1-100.
+                                            format: int32
+                                            type: integer
+                                        required:
+                                        - preference
+                                        - weight
+                                        type: object
+                                      type: array
+                                    requiredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        If the affinity requirements specified by this field are not met at
+                                        scheduling time, the pod will not be scheduled onto the node.
+                                        If the affinity requirements specified by this field cease to be met
+                                        at some point during pod execution (e.g. due to an update), the system
+                                        may or may not try to eventually evict the pod from its node.
+                                      properties:
+                                        nodeSelectorTerms:
+                                          description: Required. A list of node selector
+                                            terms. The terms are ORed.
+                                          items:
+                                            description: |-
+                                              A null or empty node selector term matches no objects. The requirements of
+                                              them are ANDed.
+                                              The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+                                            properties:
+                                              matchExpressions:
+                                                description: A list of node selector
+                                                  requirements by node's labels.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchFields:
+                                                description: A list of node selector
+                                                  requirements by node's fields.
+                                                items:
+                                                  description: |-
+                                                    A node selector requirement is a selector that contains values, a key, and an operator
+                                                    that relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: The label key that
+                                                        the selector applies to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        Represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        An array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. If the operator is Gt or Lt, the values
+                                                        array must have a single element, which will be interpreted as an integer.
+                                                        This array is replaced during a strategic merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          type: array
+                                      required:
+                                      - nodeSelectorTerms
+                                      type: object
+                                      x-kubernetes-map-type: atomic
+                                  type: object
+                                podAffinity:
+                                  description: Describes pod affinity scheduling rules
+                                    (e.g. co-locate this pod in the same node, zone,
+                                    etc. as some other pod(s)).
+                                  properties:
+                                    preferredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        The scheduler will prefer to schedule pods to nodes that satisfy
+                                        the affinity expressions specified by this field, but it may choose
+                                        a node that violates one or more of the expressions. The node that is
+                                        most preferred is the one with the greatest sum of weights, i.e.
+                                        for each node that meets all of the scheduling requirements (resource
+                                        request, requiredDuringScheduling affinity expressions, etc.
+                                      items:
+                                        description: The weights of all of the matched
+                                          WeightedPodAffinityTerm fields are added
+                                          per-node to find the most preferred node(s)
+                                        properties:
+                                          podAffinityTerm:
+                                            description: Required. A pod affinity
+                                              term, associated with the corresponding
+                                              weight.
+                                            properties:
+                                              labelSelector:
+                                                description: |-
+                                                  A label query over a set of resources, in this case pods.
+                                                  If it's null, this PodAffinityTerm matches with no Pods.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              matchLabelKeys:
+                                                description: |-
+                                                  MatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              mismatchLabelKeys:
+                                                description: |-
+                                                  MismatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              namespaceSelector:
+                                                description: |-
+                                                  A label query over the set of namespaces that the term applies to.
+                                                  The term is applied to the union of the namespaces selected by this field
+                                                  and the ones listed in the namespaces field.
+                                                  null selector and null or empty namespaces list means "this pod's namespace".
+                                                  An empty selector ({}) matches all namespaces.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              namespaces:
+                                                description: |-
+                                                  namespaces specifies a static list of namespace names that the term applies to.
+                                                  The term is applied to the union of the namespaces listed in this field
+                                                  and the ones selected by namespaceSelector.
+                                                  null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                                items:
+                                                  type: string
+                                                type: array
+                                              topologyKey:
+                                                description: |-
+                                                  This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                                  the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                                  whose value of the label with key topologyKey matches that of any node on which any of the
+                                                  selected pods is running.
+                                                  Empty topologyKey is not allowed.
+                                                type: string
+                                            required:
+                                            - topologyKey
+                                            type: object
+                                          weight:
+                                            description: |-
+                                              weight associated with matching the corresponding podAffinityTerm,
+                                              in the range 1-100.
+                                            format: int32
+                                            type: integer
+                                        required:
+                                        - podAffinityTerm
+                                        - weight
+                                        type: object
+                                      type: array
+                                    requiredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        If the affinity requirements specified by this field are not met at
+                                        scheduling time, the pod will not be scheduled onto the node.
+                                        If the affinity requirements specified by this field cease to be met
+                                        at some point during pod execution (e.g. due to a pod label update), the
+                                        system may or may not try to eventually evict the pod from its node.
+                                      items:
+                                        description: |-
+                                          Defines a set of pods (namely those matching the labelSelector
+                                          relative to the given namespace(s)) that this pod should be
+                                          co-located (affinity) or not co-located (anti-affinity) with,
+                                          where co-located is defined as running on a node whose value of
+                                          the label with key <topologyKey> matches that of any node on which
+                                          a pod of the set of pods is running
+                                        properties:
+                                          labelSelector:
+                                            description: |-
+                                              A label query over a set of resources, in this case pods.
+                                              If it's null, this PodAffinityTerm matches with no Pods.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          matchLabelKeys:
+                                            description: |-
+                                              MatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          mismatchLabelKeys:
+                                            description: |-
+                                              MismatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          namespaceSelector:
+                                            description: |-
+                                              A label query over the set of namespaces that the term applies to.
+                                              The term is applied to the union of the namespaces selected by this field
+                                              and the ones listed in the namespaces field.
+                                              null selector and null or empty namespaces list means "this pod's namespace".
+                                              An empty selector ({}) matches all namespaces.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          namespaces:
+                                            description: |-
+                                              namespaces specifies a static list of namespace names that the term applies to.
+                                              The term is applied to the union of the namespaces listed in this field
+                                              and the ones selected by namespaceSelector.
+                                              null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                            items:
+                                              type: string
+                                            type: array
+                                          topologyKey:
+                                            description: |-
+                                              This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                              the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                              whose value of the label with key topologyKey matches that of any node on which any of the
+                                              selected pods is running.
+                                              Empty topologyKey is not allowed.
+                                            type: string
+                                        required:
+                                        - topologyKey
+                                        type: object
+                                      type: array
+                                  type: object
+                                podAntiAffinity:
+                                  description: Describes pod anti-affinity scheduling
+                                    rules (e.g. avoid putting this pod in the same
+                                    node, zone, etc. as some other pod(s)).
+                                  properties:
+                                    preferredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        The scheduler will prefer to schedule pods to nodes that satisfy
+                                        the anti-affinity expressions specified by this field, but it may choose
+                                        a node that violates one or more of the expressions. The node that is
+                                        most preferred is the one with the greatest sum of weights, i.e.
+                                      items:
+                                        description: The weights of all of the matched
+                                          WeightedPodAffinityTerm fields are added
+                                          per-node to find the most preferred node(s)
+                                        properties:
+                                          podAffinityTerm:
+                                            description: Required. A pod affinity
+                                              term, associated with the corresponding
+                                              weight.
+                                            properties:
+                                              labelSelector:
+                                                description: |-
+                                                  A label query over a set of resources, in this case pods.
+                                                  If it's null, this PodAffinityTerm matches with no Pods.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              matchLabelKeys:
+                                                description: |-
+                                                  MatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              mismatchLabelKeys:
+                                                description: |-
+                                                  MismatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              namespaceSelector:
+                                                description: |-
+                                                  A label query over the set of namespaces that the term applies to.
+                                                  The term is applied to the union of the namespaces selected by this field
+                                                  and the ones listed in the namespaces field.
+                                                  null selector and null or empty namespaces list means "this pod's namespace".
+                                                  An empty selector ({}) matches all namespaces.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              namespaces:
+                                                description: |-
+                                                  namespaces specifies a static list of namespace names that the term applies to.
+                                                  The term is applied to the union of the namespaces listed in this field
+                                                  and the ones selected by namespaceSelector.
+                                                  null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                                items:
+                                                  type: string
+                                                type: array
+                                              topologyKey:
+                                                description: |-
+                                                  This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                                  the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                                  whose value of the label with key topologyKey matches that of any node on which any of the
+                                                  selected pods is running.
+                                                  Empty topologyKey is not allowed.
+                                                type: string
+                                            required:
+                                            - topologyKey
+                                            type: object
+                                          weight:
+                                            description: |-
+                                              weight associated with matching the corresponding podAffinityTerm,
+                                              in the range 1-100.
+                                            format: int32
+                                            type: integer
+                                        required:
+                                        - podAffinityTerm
+                                        - weight
+                                        type: object
+                                      type: array
+                                    requiredDuringSchedulingIgnoredDuringExecution:
+                                      description: |-
+                                        If the anti-affinity requirements specified by this field are not met at
+                                        scheduling time, the pod will not be scheduled onto the node.
+                                        If the anti-affinity requirements specified by this field cease to be met
+                                        at some point during pod execution (e.g. due to a pod label update), the
+                                        system may or may not try to eventually evict the pod from its node.
+                                      items:
+                                        description: |-
+                                          Defines a set of pods (namely those matching the labelSelector
+                                          relative to the given namespace(s)) that this pod should be
+                                          co-located (affinity) or not co-located (anti-affinity) with,
+                                          where co-located is defined as running on a node whose value of
+                                          the label with key <topologyKey> matches that of any node on which
+                                          a pod of the set of pods is running
+                                        properties:
+                                          labelSelector:
+                                            description: |-
+                                              A label query over a set of resources, in this case pods.
+                                              If it's null, this PodAffinityTerm matches with no Pods.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          matchLabelKeys:
+                                            description: |-
+                                              MatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          mismatchLabelKeys:
+                                            description: |-
+                                              MismatchLabelKeys is a set of pod label keys to select which pods will
+                                              be taken into consideration. The keys are used to lookup values from the
+                                              incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`
+                                              to select the group of existing pods which pods will be taken into consideration
+                                              for the incoming pod's pod (anti) affinity.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          namespaceSelector:
+                                            description: |-
+                                              A label query over the set of namespaces that the term applies to.
+                                              The term is applied to the union of the namespaces selected by this field
+                                              and the ones listed in the namespaces field.
+                                              null selector and null or empty namespaces list means "this pod's namespace".
+                                              An empty selector ({}) matches all namespaces.
+                                            properties:
+                                              matchExpressions:
+                                                description: matchExpressions is a
+                                                  list of label selector requirements.
+                                                  The requirements are ANDed.
+                                                items:
+                                                  description: |-
+                                                    A label selector requirement is a selector that contains values, a key, and an operator that
+                                                    relates the key and values.
+                                                  properties:
+                                                    key:
+                                                      description: key is the label
+                                                        key that the selector applies
+                                                        to.
+                                                      type: string
+                                                    operator:
+                                                      description: |-
+                                                        operator represents a key's relationship to a set of values.
+                                                        Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                      type: string
+                                                    values:
+                                                      description: |-
+                                                        values is an array of string values. If the operator is In or NotIn,
+                                                        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                        the values array must be empty. This array is replaced during a strategic
+                                                        merge patch.
+                                                      items:
+                                                        type: string
+                                                      type: array
+                                                  required:
+                                                  - key
+                                                  - operator
+                                                  type: object
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  type: string
+                                                description: |-
+                                                  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                  map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                  operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                type: object
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          namespaces:
+                                            description: |-
+                                              namespaces specifies a static list of namespace names that the term applies to.
+                                              The term is applied to the union of the namespaces listed in this field
+                                              and the ones selected by namespaceSelector.
+                                              null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                            items:
+                                              type: string
+                                            type: array
+                                          topologyKey:
+                                            description: |-
+                                              This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                              the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                              whose value of the label with key topologyKey matches that of any node on which any of the
+                                              selected pods is running.
+                                              Empty topologyKey is not allowed.
+                                            type: string
+                                        required:
+                                        - topologyKey
+                                        type: object
+                                      type: array
+                                  type: object
+                              type: object
+                            automountServiceAccountToken:
+                              description: AutomountServiceAccountToken indicates
+                                whether a service account token should be automatically
+                                mounted.
+                              type: boolean
+                            containers:
+                              description: |-
+                                List of containers belonging to the pod.
+                                Containers cannot currently be added or removed.
+                                There must be at least one container in a Pod.
+                                Cannot be updated.
+                              items:
+                                description: A single application container that you
+                                  want to run within a pod.
+                                properties:
+                                  args:
+                                    description: |-
+                                      Arguments to the entrypoint.
+                                      The container image's CMD is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  command:
+                                    description: |-
+                                      Entrypoint array. Not executed within a shell.
+                                      The container image's ENTRYPOINT is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  env:
+                                    description: |-
+                                      List of environment variables to set in the container.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvVar represents an environment
+                                        variable present in a Container.
+                                      properties:
+                                        name:
+                                          description: Name of the environment variable.
+                                            Must be a C_IDENTIFIER.
+                                          type: string
+                                        value:
+                                          description: |-
+                                            Variable references $(VAR_NAME) are expanded
+                                            using the previously defined environment variables in the container and
+                                            any service environment variables. If a variable cannot be resolved,
+                                            the reference in the input string will be unchanged. Double $$ are reduced
+                                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                          type: string
+                                        valueFrom:
+                                          description: Source for the environment
+                                            variable's value. Cannot be used if value
+                                            is not empty.
+                                          properties:
+                                            configMapKeyRef:
+                                              description: Selects a key of a ConfigMap.
+                                              properties:
+                                                key:
+                                                  description: The key to select.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    ConfigMap or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            fieldRef:
+                                              description: |-
+                                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            secretKeyRef:
+                                              description: Selects a key of a secret
+                                                in the pod's namespace
+                                              properties:
+                                                key:
+                                                  description: The key of the secret
+                                                    to select from.  Must be a valid
+                                                    secret key.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    Secret or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  envFrom:
+                                    description: |-
+                                      List of sources to populate environment variables in the container.
+                                      The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                      will be reported as an event when the container is starting. When a key exists in multiple
+                                      sources, the value associated with the last source will take precedence.
+                                      Values defined by an Env with a duplicate key will take precedence.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvFromSource represents the source
+                                        of a set of ConfigMaps
+                                      properties:
+                                        configMapRef:
+                                          description: The ConfigMap to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the ConfigMap
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        prefix:
+                                          description: An optional identifier to prepend
+                                            to each key in the ConfigMap. Must be
+                                            a C_IDENTIFIER.
+                                          type: string
+                                        secretRef:
+                                          description: The Secret to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the Secret
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                      type: object
+                                    type: array
+                                  image:
+                                    description: |-
+                                      Container image name.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images
+                                      This field is optional to allow higher level config management to default or override
+                                      container images in workload controllers like Deployments and StatefulSets.
+                                    type: string
+                                  imagePullPolicy:
+                                    description: |-
+                                      Image pull policy.
+                                      One of Always, Never, IfNotPresent.
+                                      Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                    type: string
+                                  lifecycle:
+                                    description: |-
+                                      Actions that the management system should take in response to container lifecycle events.
+                                      Cannot be updated.
+                                    properties:
+                                      postStart:
+                                        description: |-
+                                          PostStart is called immediately after a container is created. If the handler fails,
+                                          the container is terminated and restarted according to its restart policy.
+                                          Other management of the container blocks until the hook completes.
+                                          More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                      preStop:
+                                        description: |-
+                                          PreStop is called immediately before a container is terminated due to an
+                                          API request or management event such as liveness/startup probe failure,
+                                          preemption, resource contention, etc. The handler is not called if the
+                                          container crashes or exits. The Pod's termination grace period countdown begins before the
+                                          PreStop hook is executed.
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                    type: object
+                                  livenessProbe:
+                                    description: |-
+                                      Periodic probe of container liveness.
+                                      Container will be restarted if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  name:
+                                    description: |-
+                                      Name of the container specified as a DNS_LABEL.
+                                      Each container in a pod must have a unique name (DNS_LABEL).
+                                      Cannot be updated.
+                                    type: string
+                                  ports:
+                                    description: |-
+                                      List of ports to expose from the container. Not specifying a port here
+                                      DOES NOT prevent that port from being exposed. Any port which is
+                                      listening on the default "0.0.0.0" address inside a container will be
+                                      accessible from the network.
+                                      Modifying this array with strategic merge patch may corrupt the data.
+                                      For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+                                    items:
+                                      description: ContainerPort represents a network
+                                        port in a single container.
+                                      properties:
+                                        containerPort:
+                                          description: |-
+                                            Number of port to expose on the pod's IP address.
+                                            This must be a valid port number, 0 < x < 65536.
+                                          format: int32
+                                          type: integer
+                                        hostIP:
+                                          description: What host IP to bind the external
+                                            port to.
+                                          type: string
+                                        hostPort:
+                                          description: |-
+                                            Number of port to expose on the host.
+                                            If specified, this must be a valid port number, 0 < x < 65536.
+                                            If HostNetwork is specified, this must match ContainerPort.
+                                            Most containers do not need this.
+                                          format: int32
+                                          type: integer
+                                        name:
+                                          description: |-
+                                            If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                            named port in a pod must have a unique name. Name for the port that can be
+                                            referred to by services.
+                                          type: string
+                                        protocol:
+                                          default: TCP
+                                          description: |-
+                                            Protocol for port. Must be UDP, TCP, or SCTP.
+                                            Defaults to "TCP".
+                                          type: string
+                                      required:
+                                      - containerPort
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-map-keys:
+                                    - containerPort
+                                    - protocol
+                                    x-kubernetes-list-type: map
+                                  readinessProbe:
+                                    description: |-
+                                      Periodic probe of container service readiness.
+                                      Container will be removed from service endpoints if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  resizePolicy:
+                                    description: Resources resize policy for the container.
+                                    items:
+                                      description: ContainerResizePolicy represents
+                                        resource resize policy for the container.
+                                      properties:
+                                        resourceName:
+                                          description: |-
+                                            Name of the resource to which this resource resize policy applies.
+                                            Supported values: cpu, memory.
+                                          type: string
+                                        restartPolicy:
+                                          description: |-
+                                            Restart policy to apply when specified resource is resized.
+                                            If not specified, it defaults to NotRequired.
+                                          type: string
+                                      required:
+                                      - resourceName
+                                      - restartPolicy
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  resources:
+                                    description: |-
+                                      Compute Resources required by this container.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                    properties:
+                                      claims:
+                                        description: |-
+                                          Claims lists the names of resources, defined in spec.resourceClaims,
+                                          that are used by this container.
+
+
+                                          This is an alpha field and requires enabling the
+                                          DynamicResourceAllocation feature gate.
+
+
+                                          This field is immutable. It can only be set for containers.
+                                        items:
+                                          description: ResourceClaim references one
+                                            entry in PodSpec.ResourceClaims.
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name must match the name of one entry in pod.spec.resourceClaims of
+                                                the Pod where this field is used. It makes that resource available
+                                                inside a container.
+                                              type: string
+                                          required:
+                                          - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                        - name
+                                        x-kubernetes-list-type: map
+                                      limits:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Limits describes the maximum amount of compute resources allowed.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                      requests:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Requests describes the minimum amount of compute resources required.
+                                          If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                          otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                    type: object
+                                  restartPolicy:
+                                    description: |-
+                                      RestartPolicy defines the restart behavior of individual containers in a pod.
+                                      This field may only be set for init containers, and the only allowed value is "Always".
+                                      For non-init containers or when this field is not specified,
+                                      the restart behavior is defined by the Pod's restart policy and the container type.
+                                    type: string
+                                  securityContext:
+                                    description: |-
+                                      SecurityContext defines the security options the container should be run with.
+                                      If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                      More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+                                    properties:
+                                      allowPrivilegeEscalation:
+                                        description: |-
+                                          AllowPrivilegeEscalation controls whether a process can gain more
+                                          privileges than its parent process. This bool directly controls if
+                                          the no_new_privs flag will be set on the container process.
+                                          AllowPrivilegeEscalation is true always when the container is:
+                                          1) run as Privileged
+                                          2) has CAP_SYS_ADMIN
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      capabilities:
+                                        description: |-
+                                          The capabilities to add/drop when running containers.
+                                          Defaults to the default set of capabilities granted by the container runtime.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          add:
+                                            description: Added capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                          drop:
+                                            description: Removed capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                        type: object
+                                      privileged:
+                                        description: |-
+                                          Run container in privileged mode.
+                                          Processes in privileged containers are essentially equivalent to root on the host.
+                                          Defaults to false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      procMount:
+                                        description: |-
+                                          procMount denotes the type of proc mount to use for the containers.
+                                          The default is DefaultProcMount which uses the container runtime defaults for
+                                          readonly paths and masked paths.
+                                          This requires the ProcMountType feature flag to be enabled.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: string
+                                      readOnlyRootFilesystem:
+                                        description: |-
+                                          Whether this container has a read-only root filesystem.
+                                          Default is false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      runAsGroup:
+                                        description: |-
+                                          The GID to run the entrypoint of the container process.
+                                          Uses runtime default if unset.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      runAsNonRoot:
+                                        description: |-
+                                          Indicates that the container must run as a non-root user.
+                                          If true, the Kubelet will validate the image at runtime to ensure that it
+                                          does not run as UID 0 (root) and fail to start the container if it does.
+                                          If unset or false, no such validation will be performed.
+                                          May also be set in PodSecurityContext.
+                                        type: boolean
+                                      runAsUser:
+                                        description: |-
+                                          The UID to run the entrypoint of the container process.
+                                          Defaults to user specified in image metadata if unspecified.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      seLinuxOptions:
+                                        description: |-
+                                          The SELinux context to be applied to the container.
+                                          If unspecified, the container runtime will allocate a random SELinux context for each
+                                          container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          level:
+                                            description: Level is SELinux level label
+                                              that applies to the container.
+                                            type: string
+                                          role:
+                                            description: Role is a SELinux role label
+                                              that applies to the container.
+                                            type: string
+                                          type:
+                                            description: Type is a SELinux type label
+                                              that applies to the container.
+                                            type: string
+                                          user:
+                                            description: User is a SELinux user label
+                                              that applies to the container.
+                                            type: string
+                                        type: object
+                                      seccompProfile:
+                                        description: |-
+                                          The seccomp options to use by this container. If seccomp options are
+                                          provided at both the pod & container level, the container options
+                                          override the pod options.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          localhostProfile:
+                                            description: |-
+                                              localhostProfile indicates a profile defined in a file on the node should be used.
+                                              The profile must be preconfigured on the node to work.
+                                              Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                              Must be set if type is "Localhost". Must NOT be set for any other type.
+                                            type: string
+                                          type:
+                                            description: |-
+                                              type indicates which kind of seccomp profile will be applied.
+                                              Valid options are:
+
+
+                                              Localhost - a profile defined in a file on the node should be used.
+                                              RuntimeDefault - the container runtime default profile should be used.
+                                              Unconfined - no profile should be applied.
+                                            type: string
+                                        required:
+                                        - type
+                                        type: object
+                                      windowsOptions:
+                                        description: |-
+                                          The Windows specific settings applied to all containers.
+                                          If unspecified, the options from the PodSecurityContext will be used.
+                                          If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is linux.
+                                        properties:
+                                          gmsaCredentialSpec:
+                                            description: |-
+                                              GMSACredentialSpec is where the GMSA admission webhook
+                                              (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                              GMSA credential spec named by the GMSACredentialSpecName field.
+                                            type: string
+                                          gmsaCredentialSpecName:
+                                            description: GMSACredentialSpecName is
+                                              the name of the GMSA credential spec
+                                              to use.
+                                            type: string
+                                          hostProcess:
+                                            description: |-
+                                              HostProcess determines if a container should be run as a 'Host Process' container.
+                                              All of a Pod's containers must have the same effective HostProcess value
+                                              (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                              In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                            type: boolean
+                                          runAsUserName:
+                                            description: |-
+                                              The UserName in Windows to run the entrypoint of the container process.
+                                              Defaults to the user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext. If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: string
+                                        type: object
+                                    type: object
+                                  startupProbe:
+                                    description: |-
+                                      StartupProbe indicates that the Pod has successfully initialized.
+                                      If specified, no other probes are executed until this completes successfully.
+                                      If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  stdin:
+                                    description: |-
+                                      Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                      is not set, reads from stdin in the container will always result in EOF.
+                                      Default is false.
+                                    type: boolean
+                                  stdinOnce:
+                                    description: |-
+                                      Whether the container runtime should close the stdin channel after it has been opened by
+                                      a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                      sessions.
+                                    type: boolean
+                                  terminationMessagePath:
+                                    description: |-
+                                      Optional: Path at which the file to which the container's termination message
+                                      will be written is mounted into the container's filesystem.
+                                      Message written is intended to be brief final status, such as an assertion failure message.
+                                      Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                      all containers will be limited to 12kb.
+                                      Defaults to /dev/termination-log.
+                                    type: string
+                                  terminationMessagePolicy:
+                                    description: |-
+                                      Indicate how the termination message should be populated. File will use the contents of
+                                      terminationMessagePath to populate the container status message on both success and failure.
+                                      FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                      message file is empty and the container exited with an error.
+                                    type: string
+                                  tty:
+                                    description: |-
+                                      Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                      Default is false.
+                                    type: boolean
+                                  volumeDevices:
+                                    description: volumeDevices is the list of block
+                                      devices to be used by the container.
+                                    items:
+                                      description: volumeDevice describes a mapping
+                                        of a raw block device within a container.
+                                      properties:
+                                        devicePath:
+                                          description: devicePath is the path inside
+                                            of the container that the device will
+                                            be mapped to.
+                                          type: string
+                                        name:
+                                          description: name must match the name of
+                                            a persistentVolumeClaim in the pod
+                                          type: string
+                                      required:
+                                      - devicePath
+                                      - name
+                                      type: object
+                                    type: array
+                                  volumeMounts:
+                                    description: |-
+                                      Pod volumes to mount into the container's filesystem.
+                                      Cannot be updated.
+                                    items:
+                                      description: VolumeMount describes a mounting
+                                        of a Volume within a container.
+                                      properties:
+                                        mountPath:
+                                          description: |-
+                                            Path within the container at which the volume should be mounted.  Must
+                                            not contain ':'.
+                                          type: string
+                                        mountPropagation:
+                                          description: |-
+                                            mountPropagation determines how mounts are propagated from the host
+                                            to container and the other way around.
+                                            When not set, MountPropagationNone is used.
+                                            This field is beta in 1.10.
+                                          type: string
+                                        name:
+                                          description: This must match the Name of
+                                            a Volume.
+                                          type: string
+                                        readOnly:
+                                          description: |-
+                                            Mounted read-only if true, read-write otherwise (false or unspecified).
+                                            Defaults to false.
+                                          type: boolean
+                                        subPath:
+                                          description: |-
+                                            Path within the volume from which the container's volume should be mounted.
+                                            Defaults to "" (volume's root).
+                                          type: string
+                                        subPathExpr:
+                                          description: |-
+                                            Expanded path within the volume from which the container's volume should be mounted.
+                                            Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                            Defaults to "" (volume's root).
+                                            SubPathExpr and SubPath are mutually exclusive.
+                                          type: string
+                                      required:
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                  workingDir:
+                                    description: |-
+                                      Container's working directory.
+                                      If not specified, the container runtime's default will be used, which
+                                      might be configured in the container image.
+                                      Cannot be updated.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            dnsConfig:
+                              description: |-
+                                Specifies the DNS parameters of a pod.
+                                Parameters specified here will be merged to the generated DNS
+                                configuration based on DNSPolicy.
+                              properties:
+                                nameservers:
+                                  description: |-
+                                    A list of DNS name server IP addresses.
+                                    This will be appended to the base nameservers generated from DNSPolicy.
+                                    Duplicated nameservers will be removed.
+                                  items:
+                                    type: string
+                                  type: array
+                                options:
+                                  description: |-
+                                    A list of DNS resolver options.
+                                    This will be merged with the base options generated from DNSPolicy.
+                                    Duplicated entries will be removed. Resolution options given in Options
+                                    will override those that appear in the base DNSPolicy.
+                                  items:
+                                    description: PodDNSConfigOption defines DNS resolver
+                                      options of a pod.
+                                    properties:
+                                      name:
+                                        description: Required.
+                                        type: string
+                                      value:
+                                        type: string
+                                    type: object
+                                  type: array
+                                searches:
+                                  description: |-
+                                    A list of DNS search domains for host-name lookup.
+                                    This will be appended to the base search paths generated from DNSPolicy.
+                                    Duplicated search paths will be removed.
+                                  items:
+                                    type: string
+                                  type: array
+                              type: object
+                            dnsPolicy:
+                              description: |-
+                                Set DNS policy for the pod.
+                                Defaults to "ClusterFirst".
+                                Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
+                                DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
+                                To have DNS options set along with hostNetwork, you have to specify DNS policy
+                                explicitly to 'ClusterFirstWithHostNet'.
+                              type: string
+                            enableServiceLinks:
+                              description: |-
+                                EnableServiceLinks indicates whether information about services should be injected into pod's
+                                environment variables, matching the syntax of Docker links.
+                                Optional: Defaults to true.
+                              type: boolean
+                            ephemeralContainers:
+                              description: |-
+                                List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing
+                                pod to perform user-initiated actions such as debugging. This list cannot be specified when
+                                creating a pod, and it cannot be modified by updating the pod spec. In order to add an
+                                ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
+                              items:
+                                description: |-
+                                  An EphemeralContainer is a temporary container that you may add to an existing Pod for
+                                  user-initiated activities such as debugging. Ephemeral containers have no resource or
+                                  scheduling guarantees, and they will not be restarted when they exit or when a Pod is
+                                  removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the
+                                  Pod to exceed its resource allocation.
+                                properties:
+                                  args:
+                                    description: |-
+                                      Arguments to the entrypoint.
+                                      The image's CMD is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+                                      produce the string literal "$(VAR_NAME)".
+                                    items:
+                                      type: string
+                                    type: array
+                                  command:
+                                    description: |-
+                                      Entrypoint array. Not executed within a shell.
+                                      The image's ENTRYPOINT is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  env:
+                                    description: |-
+                                      List of environment variables to set in the container.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvVar represents an environment
+                                        variable present in a Container.
+                                      properties:
+                                        name:
+                                          description: Name of the environment variable.
+                                            Must be a C_IDENTIFIER.
+                                          type: string
+                                        value:
+                                          description: |-
+                                            Variable references $(VAR_NAME) are expanded
+                                            using the previously defined environment variables in the container and
+                                            any service environment variables. If a variable cannot be resolved,
+                                            the reference in the input string will be unchanged. Double $$ are reduced
+                                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                          type: string
+                                        valueFrom:
+                                          description: Source for the environment
+                                            variable's value. Cannot be used if value
+                                            is not empty.
+                                          properties:
+                                            configMapKeyRef:
+                                              description: Selects a key of a ConfigMap.
+                                              properties:
+                                                key:
+                                                  description: The key to select.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    ConfigMap or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            fieldRef:
+                                              description: |-
+                                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            secretKeyRef:
+                                              description: Selects a key of a secret
+                                                in the pod's namespace
+                                              properties:
+                                                key:
+                                                  description: The key of the secret
+                                                    to select from.  Must be a valid
+                                                    secret key.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    Secret or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  envFrom:
+                                    description: |-
+                                      List of sources to populate environment variables in the container.
+                                      The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                      will be reported as an event when the container is starting. When a key exists in multiple
+                                      sources, the value associated with the last source will take precedence.
+                                      Values defined by an Env with a duplicate key will take precedence.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvFromSource represents the source
+                                        of a set of ConfigMaps
+                                      properties:
+                                        configMapRef:
+                                          description: The ConfigMap to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the ConfigMap
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        prefix:
+                                          description: An optional identifier to prepend
+                                            to each key in the ConfigMap. Must be
+                                            a C_IDENTIFIER.
+                                          type: string
+                                        secretRef:
+                                          description: The Secret to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the Secret
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                      type: object
+                                    type: array
+                                  image:
+                                    description: |-
+                                      Container image name.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images
+                                    type: string
+                                  imagePullPolicy:
+                                    description: |-
+                                      Image pull policy.
+                                      One of Always, Never, IfNotPresent.
+                                      Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                    type: string
+                                  lifecycle:
+                                    description: Lifecycle is not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      postStart:
+                                        description: |-
+                                          PostStart is called immediately after a container is created. If the handler fails,
+                                          the container is terminated and restarted according to its restart policy.
+                                          Other management of the container blocks until the hook completes.
+                                          More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                      preStop:
+                                        description: |-
+                                          PreStop is called immediately before a container is terminated due to an
+                                          API request or management event such as liveness/startup probe failure,
+                                          preemption, resource contention, etc. The handler is not called if the
+                                          container crashes or exits. The Pod's termination grace period countdown begins before the
+                                          PreStop hook is executed.
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                    type: object
+                                  livenessProbe:
+                                    description: Probes are not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  name:
+                                    description: |-
+                                      Name of the ephemeral container specified as a DNS_LABEL.
+                                      This name must be unique among all containers, init containers and ephemeral containers.
+                                    type: string
+                                  ports:
+                                    description: Ports are not allowed for ephemeral
+                                      containers.
+                                    items:
+                                      description: ContainerPort represents a network
+                                        port in a single container.
+                                      properties:
+                                        containerPort:
+                                          description: |-
+                                            Number of port to expose on the pod's IP address.
+                                            This must be a valid port number, 0 < x < 65536.
+                                          format: int32
+                                          type: integer
+                                        hostIP:
+                                          description: What host IP to bind the external
+                                            port to.
+                                          type: string
+                                        hostPort:
+                                          description: |-
+                                            Number of port to expose on the host.
+                                            If specified, this must be a valid port number, 0 < x < 65536.
+                                            If HostNetwork is specified, this must match ContainerPort.
+                                            Most containers do not need this.
+                                          format: int32
+                                          type: integer
+                                        name:
+                                          description: |-
+                                            If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                            named port in a pod must have a unique name. Name for the port that can be
+                                            referred to by services.
+                                          type: string
+                                        protocol:
+                                          default: TCP
+                                          description: |-
+                                            Protocol for port. Must be UDP, TCP, or SCTP.
+                                            Defaults to "TCP".
+                                          type: string
+                                      required:
+                                      - containerPort
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-map-keys:
+                                    - containerPort
+                                    - protocol
+                                    x-kubernetes-list-type: map
+                                  readinessProbe:
+                                    description: Probes are not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  resizePolicy:
+                                    description: Resources resize policy for the container.
+                                    items:
+                                      description: ContainerResizePolicy represents
+                                        resource resize policy for the container.
+                                      properties:
+                                        resourceName:
+                                          description: |-
+                                            Name of the resource to which this resource resize policy applies.
+                                            Supported values: cpu, memory.
+                                          type: string
+                                        restartPolicy:
+                                          description: |-
+                                            Restart policy to apply when specified resource is resized.
+                                            If not specified, it defaults to NotRequired.
+                                          type: string
+                                      required:
+                                      - resourceName
+                                      - restartPolicy
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  resources:
+                                    description: |-
+                                      Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources
+                                      already allocated to the pod.
+                                    properties:
+                                      claims:
+                                        description: |-
+                                          Claims lists the names of resources, defined in spec.resourceClaims,
+                                          that are used by this container.
+
+
+                                          This is an alpha field and requires enabling the
+                                          DynamicResourceAllocation feature gate.
+
+
+                                          This field is immutable. It can only be set for containers.
+                                        items:
+                                          description: ResourceClaim references one
+                                            entry in PodSpec.ResourceClaims.
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name must match the name of one entry in pod.spec.resourceClaims of
+                                                the Pod where this field is used. It makes that resource available
+                                                inside a container.
+                                              type: string
+                                          required:
+                                          - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                        - name
+                                        x-kubernetes-list-type: map
+                                      limits:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Limits describes the maximum amount of compute resources allowed.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                      requests:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Requests describes the minimum amount of compute resources required.
+                                          If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                          otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                    type: object
+                                  restartPolicy:
+                                    description: |-
+                                      Restart policy for the container to manage the restart behavior of each
+                                      container within a pod.
+                                      This may only be set for init containers. You cannot set this field on
+                                      ephemeral containers.
+                                    type: string
+                                  securityContext:
+                                    description: |-
+                                      Optional: SecurityContext defines the security options the ephemeral container should be run with.
+                                      If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                    properties:
+                                      allowPrivilegeEscalation:
+                                        description: |-
+                                          AllowPrivilegeEscalation controls whether a process can gain more
+                                          privileges than its parent process. This bool directly controls if
+                                          the no_new_privs flag will be set on the container process.
+                                          AllowPrivilegeEscalation is true always when the container is:
+                                          1) run as Privileged
+                                          2) has CAP_SYS_ADMIN
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      capabilities:
+                                        description: |-
+                                          The capabilities to add/drop when running containers.
+                                          Defaults to the default set of capabilities granted by the container runtime.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          add:
+                                            description: Added capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                          drop:
+                                            description: Removed capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                        type: object
+                                      privileged:
+                                        description: |-
+                                          Run container in privileged mode.
+                                          Processes in privileged containers are essentially equivalent to root on the host.
+                                          Defaults to false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      procMount:
+                                        description: |-
+                                          procMount denotes the type of proc mount to use for the containers.
+                                          The default is DefaultProcMount which uses the container runtime defaults for
+                                          readonly paths and masked paths.
+                                          This requires the ProcMountType feature flag to be enabled.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: string
+                                      readOnlyRootFilesystem:
+                                        description: |-
+                                          Whether this container has a read-only root filesystem.
+                                          Default is false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      runAsGroup:
+                                        description: |-
+                                          The GID to run the entrypoint of the container process.
+                                          Uses runtime default if unset.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      runAsNonRoot:
+                                        description: |-
+                                          Indicates that the container must run as a non-root user.
+                                          If true, the Kubelet will validate the image at runtime to ensure that it
+                                          does not run as UID 0 (root) and fail to start the container if it does.
+                                          If unset or false, no such validation will be performed.
+                                          May also be set in PodSecurityContext.
+                                        type: boolean
+                                      runAsUser:
+                                        description: |-
+                                          The UID to run the entrypoint of the container process.
+                                          Defaults to user specified in image metadata if unspecified.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      seLinuxOptions:
+                                        description: |-
+                                          The SELinux context to be applied to the container.
+                                          If unspecified, the container runtime will allocate a random SELinux context for each
+                                          container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          level:
+                                            description: Level is SELinux level label
+                                              that applies to the container.
+                                            type: string
+                                          role:
+                                            description: Role is a SELinux role label
+                                              that applies to the container.
+                                            type: string
+                                          type:
+                                            description: Type is a SELinux type label
+                                              that applies to the container.
+                                            type: string
+                                          user:
+                                            description: User is a SELinux user label
+                                              that applies to the container.
+                                            type: string
+                                        type: object
+                                      seccompProfile:
+                                        description: |-
+                                          The seccomp options to use by this container. If seccomp options are
+                                          provided at both the pod & container level, the container options
+                                          override the pod options.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          localhostProfile:
+                                            description: |-
+                                              localhostProfile indicates a profile defined in a file on the node should be used.
+                                              The profile must be preconfigured on the node to work.
+                                              Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                              Must be set if type is "Localhost". Must NOT be set for any other type.
+                                            type: string
+                                          type:
+                                            description: |-
+                                              type indicates which kind of seccomp profile will be applied.
+                                              Valid options are:
+
+
+                                              Localhost - a profile defined in a file on the node should be used.
+                                              RuntimeDefault - the container runtime default profile should be used.
+                                              Unconfined - no profile should be applied.
+                                            type: string
+                                        required:
+                                        - type
+                                        type: object
+                                      windowsOptions:
+                                        description: |-
+                                          The Windows specific settings applied to all containers.
+                                          If unspecified, the options from the PodSecurityContext will be used.
+                                          If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is linux.
+                                        properties:
+                                          gmsaCredentialSpec:
+                                            description: |-
+                                              GMSACredentialSpec is where the GMSA admission webhook
+                                              (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                              GMSA credential spec named by the GMSACredentialSpecName field.
+                                            type: string
+                                          gmsaCredentialSpecName:
+                                            description: GMSACredentialSpecName is
+                                              the name of the GMSA credential spec
+                                              to use.
+                                            type: string
+                                          hostProcess:
+                                            description: |-
+                                              HostProcess determines if a container should be run as a 'Host Process' container.
+                                              All of a Pod's containers must have the same effective HostProcess value
+                                              (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                              In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                            type: boolean
+                                          runAsUserName:
+                                            description: |-
+                                              The UserName in Windows to run the entrypoint of the container process.
+                                              Defaults to the user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext. If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: string
+                                        type: object
+                                    type: object
+                                  startupProbe:
+                                    description: Probes are not allowed for ephemeral
+                                      containers.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  stdin:
+                                    description: |-
+                                      Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                      is not set, reads from stdin in the container will always result in EOF.
+                                      Default is false.
+                                    type: boolean
+                                  stdinOnce:
+                                    description: |-
+                                      Whether the container runtime should close the stdin channel after it has been opened by
+                                      a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                      sessions.
+                                    type: boolean
+                                  targetContainerName:
+                                    description: |-
+                                      If set, the name of the container from PodSpec that this ephemeral container targets.
+                                      The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.
+                                      If not set then the ephemeral container uses the namespaces configured in the Pod spec.
+
+
+                                      The container runtime must implement support for this feature.
+                                    type: string
+                                  terminationMessagePath:
+                                    description: |-
+                                      Optional: Path at which the file to which the container's termination message
+                                      will be written is mounted into the container's filesystem.
+                                      Message written is intended to be brief final status, such as an assertion failure message.
+                                      Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                      all containers will be limited to 12kb.
+                                      Defaults to /dev/termination-log.
+                                    type: string
+                                  terminationMessagePolicy:
+                                    description: |-
+                                      Indicate how the termination message should be populated. File will use the contents of
+                                      terminationMessagePath to populate the container status message on both success and failure.
+                                      FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                      message file is empty and the container exited with an error.
+                                    type: string
+                                  tty:
+                                    description: |-
+                                      Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                      Default is false.
+                                    type: boolean
+                                  volumeDevices:
+                                    description: volumeDevices is the list of block
+                                      devices to be used by the container.
+                                    items:
+                                      description: volumeDevice describes a mapping
+                                        of a raw block device within a container.
+                                      properties:
+                                        devicePath:
+                                          description: devicePath is the path inside
+                                            of the container that the device will
+                                            be mapped to.
+                                          type: string
+                                        name:
+                                          description: name must match the name of
+                                            a persistentVolumeClaim in the pod
+                                          type: string
+                                      required:
+                                      - devicePath
+                                      - name
+                                      type: object
+                                    type: array
+                                  volumeMounts:
+                                    description: |-
+                                      Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.
+                                      Cannot be updated.
+                                    items:
+                                      description: VolumeMount describes a mounting
+                                        of a Volume within a container.
+                                      properties:
+                                        mountPath:
+                                          description: |-
+                                            Path within the container at which the volume should be mounted.  Must
+                                            not contain ':'.
+                                          type: string
+                                        mountPropagation:
+                                          description: |-
+                                            mountPropagation determines how mounts are propagated from the host
+                                            to container and the other way around.
+                                            When not set, MountPropagationNone is used.
+                                            This field is beta in 1.10.
+                                          type: string
+                                        name:
+                                          description: This must match the Name of
+                                            a Volume.
+                                          type: string
+                                        readOnly:
+                                          description: |-
+                                            Mounted read-only if true, read-write otherwise (false or unspecified).
+                                            Defaults to false.
+                                          type: boolean
+                                        subPath:
+                                          description: |-
+                                            Path within the volume from which the container's volume should be mounted.
+                                            Defaults to "" (volume's root).
+                                          type: string
+                                        subPathExpr:
+                                          description: |-
+                                            Expanded path within the volume from which the container's volume should be mounted.
+                                            Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                            Defaults to "" (volume's root).
+                                            SubPathExpr and SubPath are mutually exclusive.
+                                          type: string
+                                      required:
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                  workingDir:
+                                    description: |-
+                                      Container's working directory.
+                                      If not specified, the container runtime's default will be used, which
+                                      might be configured in the container image.
+                                      Cannot be updated.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            hostAliases:
+                              description: |-
+                                HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
+                                file if specified. This is only valid for non-hostNetwork pods.
+                              items:
+                                description: |-
+                                  HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
+                                  pod's hosts file.
+                                properties:
+                                  hostnames:
+                                    description: Hostnames for the above IP address.
+                                    items:
+                                      type: string
+                                    type: array
+                                  ip:
+                                    description: IP address of the host file entry.
+                                    type: string
+                                type: object
+                              type: array
+                            hostIPC:
+                              description: |-
+                                Use the host's ipc namespace.
+                                Optional: Default to false.
+                              type: boolean
+                            hostNetwork:
+                              description: |-
+                                Host networking requested for this pod. Use the host's network namespace.
+                                If this option is set, the ports that will be used must be specified.
+                                Default to false.
+                              type: boolean
+                            hostPID:
+                              description: |-
+                                Use the host's pid namespace.
+                                Optional: Default to false.
+                              type: boolean
+                            hostUsers:
+                              description: |-
+                                Use the host's user namespace.
+                                Optional: Default to true.
+                                If set to true or not present, the pod will be run in the host user namespace, useful
+                                for when the pod needs a feature only available to the host user namespace, such as
+                                loading a kernel module with CAP_SYS_MODULE.
+                                When set to false, a new userns is created for the pod.
+                              type: boolean
+                            hostname:
+                              description: |-
+                                Specifies the hostname of the Pod
+                                If not specified, the pod's hostname will be set to a system-defined value.
+                              type: string
+                            imagePullSecrets:
+                              description: |-
+                                ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+                                If specified, these secrets will be passed to individual puller implementations for them to use.
+                                More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+                              items:
+                                description: |-
+                                  LocalObjectReference contains enough information to let you locate the
+                                  referenced object inside the same namespace.
+                                properties:
+                                  name:
+                                    description: |-
+                                      Name of the referent.
+                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                      TODO: Add other useful fields. apiVersion, kind, uid?
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
+                              type: array
+                            initContainers:
+                              description: |-
+                                List of initialization containers belonging to the pod.
+                                Init containers are executed in order prior to containers being started. If any
+                                init container fails, the pod is considered to have failed and is handled according
+                                to its restartPolicy. The name for an init container or normal container must be
+                                unique among all containers.
+                              items:
+                                description: A single application container that you
+                                  want to run within a pod.
+                                properties:
+                                  args:
+                                    description: |-
+                                      Arguments to the entrypoint.
+                                      The container image's CMD is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  command:
+                                    description: |-
+                                      Entrypoint array. Not executed within a shell.
+                                      The container image's ENTRYPOINT is used if this is not provided.
+                                      Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                      cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                      to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                    items:
+                                      type: string
+                                    type: array
+                                  env:
+                                    description: |-
+                                      List of environment variables to set in the container.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvVar represents an environment
+                                        variable present in a Container.
+                                      properties:
+                                        name:
+                                          description: Name of the environment variable.
+                                            Must be a C_IDENTIFIER.
+                                          type: string
+                                        value:
+                                          description: |-
+                                            Variable references $(VAR_NAME) are expanded
+                                            using the previously defined environment variables in the container and
+                                            any service environment variables. If a variable cannot be resolved,
+                                            the reference in the input string will be unchanged. Double $$ are reduced
+                                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                          type: string
+                                        valueFrom:
+                                          description: Source for the environment
+                                            variable's value. Cannot be used if value
+                                            is not empty.
+                                          properties:
+                                            configMapKeyRef:
+                                              description: Selects a key of a ConfigMap.
+                                              properties:
+                                                key:
+                                                  description: The key to select.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    ConfigMap or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            fieldRef:
+                                              description: |-
+                                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            secretKeyRef:
+                                              description: Selects a key of a secret
+                                                in the pod's namespace
+                                              properties:
+                                                key:
+                                                  description: The key of the secret
+                                                    to select from.  Must be a valid
+                                                    secret key.
+                                                  type: string
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: Specify whether the
+                                                    Secret or its key must be defined
+                                                  type: boolean
+                                              required:
+                                              - key
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                      required:
+                                      - name
+                                      type: object
+                                    type: array
+                                  envFrom:
+                                    description: |-
+                                      List of sources to populate environment variables in the container.
+                                      The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                      will be reported as an event when the container is starting. When a key exists in multiple
+                                      sources, the value associated with the last source will take precedence.
+                                      Values defined by an Env with a duplicate key will take precedence.
+                                      Cannot be updated.
+                                    items:
+                                      description: EnvFromSource represents the source
+                                        of a set of ConfigMaps
+                                      properties:
+                                        configMapRef:
+                                          description: The ConfigMap to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the ConfigMap
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                        prefix:
+                                          description: An optional identifier to prepend
+                                            to each key in the ConfigMap. Must be
+                                            a C_IDENTIFIER.
+                                          type: string
+                                        secretRef:
+                                          description: The Secret to select from
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name of the referent.
+                                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                TODO: Add other useful fields. apiVersion, kind, uid?
+                                              type: string
+                                            optional:
+                                              description: Specify whether the Secret
+                                                must be defined
+                                              type: boolean
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                      type: object
+                                    type: array
+                                  image:
+                                    description: |-
+                                      Container image name.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images
+                                      This field is optional to allow higher level config management to default or override
+                                      container images in workload controllers like Deployments and StatefulSets.
+                                    type: string
+                                  imagePullPolicy:
+                                    description: |-
+                                      Image pull policy.
+                                      One of Always, Never, IfNotPresent.
+                                      Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                    type: string
+                                  lifecycle:
+                                    description: |-
+                                      Actions that the management system should take in response to container lifecycle events.
+                                      Cannot be updated.
+                                    properties:
+                                      postStart:
+                                        description: |-
+                                          PostStart is called immediately after a container is created. If the handler fails,
+                                          the container is terminated and restarted according to its restart policy.
+                                          Other management of the container blocks until the hook completes.
+                                          More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                      preStop:
+                                        description: |-
+                                          PreStop is called immediately before a container is terminated due to an
+                                          API request or management event such as liveness/startup probe failure,
+                                          preemption, resource contention, etc. The handler is not called if the
+                                          container crashes or exits. The Pod's termination grace period countdown begins before the
+                                          PreStop hook is executed.
+                                        properties:
+                                          exec:
+                                            description: Exec specifies the action
+                                              to take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet specifies the http
+                                              request to perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom headers to set
+                                                  in the request. HTTP allows repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader describes
+                                                    a custom header to be used in
+                                                    HTTP probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The header field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                  - name
+                                                  - value
+                                                  type: object
+                                                type: array
+                                              path:
+                                                description: Path to access on the
+                                                  HTTP server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                            - port
+                                            type: object
+                                          sleep:
+                                            description: Sleep represents the duration
+                                              that the container should sleep before
+                                              being terminated.
+                                            properties:
+                                              seconds:
+                                                description: Seconds is the number
+                                                  of seconds to sleep.
+                                                format: int64
+                                                type: integer
+                                            required:
+                                            - seconds
+                                            type: object
+                                          tcpSocket:
+                                            description: |-
+                                              Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                              for the backward compatibility. There are no validation of this field and
+                                              lifecycle hooks will fail in runtime when tcp handler is specified.
+                                            properties:
+                                              host:
+                                                description: 'Optional: Host name
+                                                  to connect to, defaults to the pod
+                                                  IP.'
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                - type: integer
+                                                - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                            - port
+                                            type: object
+                                        type: object
+                                    type: object
+                                  livenessProbe:
+                                    description: |-
+                                      Periodic probe of container liveness.
+                                      Container will be restarted if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  name:
+                                    description: |-
+                                      Name of the container specified as a DNS_LABEL.
+                                      Each container in a pod must have a unique name (DNS_LABEL).
+                                      Cannot be updated.
+                                    type: string
+                                  ports:
+                                    description: |-
+                                      List of ports to expose from the container. Not specifying a port here
+                                      DOES NOT prevent that port from being exposed. Any port which is
+                                      listening on the default "0.0.0.0" address inside a container will be
+                                      accessible from the network.
+                                      Modifying this array with strategic merge patch may corrupt the data.
+                                      For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+                                    items:
+                                      description: ContainerPort represents a network
+                                        port in a single container.
+                                      properties:
+                                        containerPort:
+                                          description: |-
+                                            Number of port to expose on the pod's IP address.
+                                            This must be a valid port number, 0 < x < 65536.
+                                          format: int32
+                                          type: integer
+                                        hostIP:
+                                          description: What host IP to bind the external
+                                            port to.
+                                          type: string
+                                        hostPort:
+                                          description: |-
+                                            Number of port to expose on the host.
+                                            If specified, this must be a valid port number, 0 < x < 65536.
+                                            If HostNetwork is specified, this must match ContainerPort.
+                                            Most containers do not need this.
+                                          format: int32
+                                          type: integer
+                                        name:
+                                          description: |-
+                                            If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                            named port in a pod must have a unique name. Name for the port that can be
+                                            referred to by services.
+                                          type: string
+                                        protocol:
+                                          default: TCP
+                                          description: |-
+                                            Protocol for port. Must be UDP, TCP, or SCTP.
+                                            Defaults to "TCP".
+                                          type: string
+                                      required:
+                                      - containerPort
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-map-keys:
+                                    - containerPort
+                                    - protocol
+                                    x-kubernetes-list-type: map
+                                  readinessProbe:
+                                    description: |-
+                                      Periodic probe of container service readiness.
+                                      Container will be removed from service endpoints if the probe fails.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  resizePolicy:
+                                    description: Resources resize policy for the container.
+                                    items:
+                                      description: ContainerResizePolicy represents
+                                        resource resize policy for the container.
+                                      properties:
+                                        resourceName:
+                                          description: |-
+                                            Name of the resource to which this resource resize policy applies.
+                                            Supported values: cpu, memory.
+                                          type: string
+                                        restartPolicy:
+                                          description: |-
+                                            Restart policy to apply when specified resource is resized.
+                                            If not specified, it defaults to NotRequired.
+                                          type: string
+                                      required:
+                                      - resourceName
+                                      - restartPolicy
+                                      type: object
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  resources:
+                                    description: |-
+                                      Compute Resources required by this container.
+                                      Cannot be updated.
+                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                    properties:
+                                      claims:
+                                        description: |-
+                                          Claims lists the names of resources, defined in spec.resourceClaims,
+                                          that are used by this container.
+
+
+                                          This is an alpha field and requires enabling the
+                                          DynamicResourceAllocation feature gate.
+
+
+                                          This field is immutable. It can only be set for containers.
+                                        items:
+                                          description: ResourceClaim references one
+                                            entry in PodSpec.ResourceClaims.
+                                          properties:
+                                            name:
+                                              description: |-
+                                                Name must match the name of one entry in pod.spec.resourceClaims of
+                                                the Pod where this field is used. It makes that resource available
+                                                inside a container.
+                                              type: string
+                                          required:
+                                          - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                        - name
+                                        x-kubernetes-list-type: map
+                                      limits:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Limits describes the maximum amount of compute resources allowed.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                      requests:
+                                        additionalProperties:
+                                          anyOf:
+                                          - type: integer
+                                          - type: string
+                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                          x-kubernetes-int-or-string: true
+                                        description: |-
+                                          Requests describes the minimum amount of compute resources required.
+                                          If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                          otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        type: object
+                                    type: object
+                                  restartPolicy:
+                                    description: |-
+                                      RestartPolicy defines the restart behavior of individual containers in a pod.
+                                      This field may only be set for init containers, and the only allowed value is "Always".
+                                      For non-init containers or when this field is not specified,
+                                      the restart behavior is defined by the Pod's restart policy and the container type.
+                                    type: string
+                                  securityContext:
+                                    description: |-
+                                      SecurityContext defines the security options the container should be run with.
+                                      If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                      More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+                                    properties:
+                                      allowPrivilegeEscalation:
+                                        description: |-
+                                          AllowPrivilegeEscalation controls whether a process can gain more
+                                          privileges than its parent process. This bool directly controls if
+                                          the no_new_privs flag will be set on the container process.
+                                          AllowPrivilegeEscalation is true always when the container is:
+                                          1) run as Privileged
+                                          2) has CAP_SYS_ADMIN
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      capabilities:
+                                        description: |-
+                                          The capabilities to add/drop when running containers.
+                                          Defaults to the default set of capabilities granted by the container runtime.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          add:
+                                            description: Added capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                          drop:
+                                            description: Removed capabilities
+                                            items:
+                                              description: Capability represent POSIX
+                                                capabilities type
+                                              type: string
+                                            type: array
+                                        type: object
+                                      privileged:
+                                        description: |-
+                                          Run container in privileged mode.
+                                          Processes in privileged containers are essentially equivalent to root on the host.
+                                          Defaults to false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      procMount:
+                                        description: |-
+                                          procMount denotes the type of proc mount to use for the containers.
+                                          The default is DefaultProcMount which uses the container runtime defaults for
+                                          readonly paths and masked paths.
+                                          This requires the ProcMountType feature flag to be enabled.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: string
+                                      readOnlyRootFilesystem:
+                                        description: |-
+                                          Whether this container has a read-only root filesystem.
+                                          Default is false.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        type: boolean
+                                      runAsGroup:
+                                        description: |-
+                                          The GID to run the entrypoint of the container process.
+                                          Uses runtime default if unset.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      runAsNonRoot:
+                                        description: |-
+                                          Indicates that the container must run as a non-root user.
+                                          If true, the Kubelet will validate the image at runtime to ensure that it
+                                          does not run as UID 0 (root) and fail to start the container if it does.
+                                          If unset or false, no such validation will be performed.
+                                          May also be set in PodSecurityContext.
+                                        type: boolean
+                                      runAsUser:
+                                        description: |-
+                                          The UID to run the entrypoint of the container process.
+                                          Defaults to user specified in image metadata if unspecified.
+                                          May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        format: int64
+                                        type: integer
+                                      seLinuxOptions:
+                                        description: |-
+                                          The SELinux context to be applied to the container.
+                                          If unspecified, the container runtime will allocate a random SELinux context for each
+                                          container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                          PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          level:
+                                            description: Level is SELinux level label
+                                              that applies to the container.
+                                            type: string
+                                          role:
+                                            description: Role is a SELinux role label
+                                              that applies to the container.
+                                            type: string
+                                          type:
+                                            description: Type is a SELinux type label
+                                              that applies to the container.
+                                            type: string
+                                          user:
+                                            description: User is a SELinux user label
+                                              that applies to the container.
+                                            type: string
+                                        type: object
+                                      seccompProfile:
+                                        description: |-
+                                          The seccomp options to use by this container. If seccomp options are
+                                          provided at both the pod & container level, the container options
+                                          override the pod options.
+                                          Note that this field cannot be set when spec.os.name is windows.
+                                        properties:
+                                          localhostProfile:
+                                            description: |-
+                                              localhostProfile indicates a profile defined in a file on the node should be used.
+                                              The profile must be preconfigured on the node to work.
+                                              Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                              Must be set if type is "Localhost". Must NOT be set for any other type.
+                                            type: string
+                                          type:
+                                            description: |-
+                                              type indicates which kind of seccomp profile will be applied.
+                                              Valid options are:
+
+
+                                              Localhost - a profile defined in a file on the node should be used.
+                                              RuntimeDefault - the container runtime default profile should be used.
+                                              Unconfined - no profile should be applied.
+                                            type: string
+                                        required:
+                                        - type
+                                        type: object
+                                      windowsOptions:
+                                        description: |-
+                                          The Windows specific settings applied to all containers.
+                                          If unspecified, the options from the PodSecurityContext will be used.
+                                          If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          Note that this field cannot be set when spec.os.name is linux.
+                                        properties:
+                                          gmsaCredentialSpec:
+                                            description: |-
+                                              GMSACredentialSpec is where the GMSA admission webhook
+                                              (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                              GMSA credential spec named by the GMSACredentialSpecName field.
+                                            type: string
+                                          gmsaCredentialSpecName:
+                                            description: GMSACredentialSpecName is
+                                              the name of the GMSA credential spec
+                                              to use.
+                                            type: string
+                                          hostProcess:
+                                            description: |-
+                                              HostProcess determines if a container should be run as a 'Host Process' container.
+                                              All of a Pod's containers must have the same effective HostProcess value
+                                              (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                              In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                            type: boolean
+                                          runAsUserName:
+                                            description: |-
+                                              The UserName in Windows to run the entrypoint of the container process.
+                                              Defaults to the user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext. If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: string
+                                        type: object
+                                    type: object
+                                  startupProbe:
+                                    description: |-
+                                      StartupProbe indicates that the Pod has successfully initialized.
+                                      If specified, no other probes are executed until this completes successfully.
+                                      If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+                                    properties:
+                                      exec:
+                                        description: Exec specifies the action to
+                                          take.
+                                        properties:
+                                          command:
+                                            description: |-
+                                              Command is the command line to execute inside the container, the working directory for the
+                                              command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                              not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                              a shell, you need to explicitly call out to that shell.
+                                              Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      failureThreshold:
+                                        description: |-
+                                          Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                          Defaults to 3. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      grpc:
+                                        description: GRPC specifies an action involving
+                                          a GRPC port.
+                                        properties:
+                                          port:
+                                            description: Port number of the gRPC service.
+                                              Number must be in the range 1 to 65535.
+                                            format: int32
+                                            type: integer
+                                          service:
+                                            description: |-
+                                              Service is the name of the service to place in the gRPC HealthCheckRequest
+                                              (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                              If this is not specified, the default behavior is defined by gRPC.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      httpGet:
+                                        description: HTTPGet specifies the http request
+                                          to perform.
+                                        properties:
+                                          host:
+                                            description: |-
+                                              Host name to connect to, defaults to the pod IP. You probably want to set
+                                              "Host" in httpHeaders instead.
+                                            type: string
+                                          httpHeaders:
+                                            description: Custom headers to set in
+                                              the request. HTTP allows repeated headers.
+                                            items:
+                                              description: HTTPHeader describes a
+                                                custom header to be used in HTTP probes
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    The header field name.
+                                                    This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                  type: string
+                                                value:
+                                                  description: The header field value
+                                                  type: string
+                                              required:
+                                              - name
+                                              - value
+                                              type: object
+                                            type: array
+                                          path:
+                                            description: Path to access on the HTTP
+                                              server.
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Name or number of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                          scheme:
+                                            description: |-
+                                              Scheme to use for connecting to the host.
+                                              Defaults to HTTP.
+                                            type: string
+                                        required:
+                                        - port
+                                        type: object
+                                      initialDelaySeconds:
+                                        description: |-
+                                          Number of seconds after the container has started before liveness probes are initiated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                      periodSeconds:
+                                        description: |-
+                                          How often (in seconds) to perform the probe.
+                                          Default to 10 seconds. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      successThreshold:
+                                        description: |-
+                                          Minimum consecutive successes for the probe to be considered successful after having failed.
+                                          Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                        format: int32
+                                        type: integer
+                                      tcpSocket:
+                                        description: TCPSocket specifies an action
+                                          involving a TCP port.
+                                        properties:
+                                          host:
+                                            description: 'Optional: Host name to connect
+                                              to, defaults to the pod IP.'
+                                            type: string
+                                          port:
+                                            anyOf:
+                                            - type: integer
+                                            - type: string
+                                            description: |-
+                                              Number or name of the port to access on the container.
+                                              Number must be in the range 1 to 65535.
+                                              Name must be an IANA_SVC_NAME.
+                                            x-kubernetes-int-or-string: true
+                                        required:
+                                        - port
+                                        type: object
+                                      terminationGracePeriodSeconds:
+                                        description: |-
+                                          Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                          The grace period is the duration in seconds after the processes running in the pod are sent
+                                          a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                          Set this value longer than the expected cleanup time for your process.
+                                        format: int64
+                                        type: integer
+                                      timeoutSeconds:
+                                        description: |-
+                                          Number of seconds after which the probe times out.
+                                          Defaults to 1 second. Minimum value is 1.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        format: int32
+                                        type: integer
+                                    type: object
+                                  stdin:
+                                    description: |-
+                                      Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                      is not set, reads from stdin in the container will always result in EOF.
+                                      Default is false.
+                                    type: boolean
+                                  stdinOnce:
+                                    description: |-
+                                      Whether the container runtime should close the stdin channel after it has been opened by
+                                      a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                      sessions.
+                                    type: boolean
+                                  terminationMessagePath:
+                                    description: |-
+                                      Optional: Path at which the file to which the container's termination message
+                                      will be written is mounted into the container's filesystem.
+                                      Message written is intended to be brief final status, such as an assertion failure message.
+                                      Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                      all containers will be limited to 12kb.
+                                      Defaults to /dev/termination-log.
+                                    type: string
+                                  terminationMessagePolicy:
+                                    description: |-
+                                      Indicate how the termination message should be populated. File will use the contents of
+                                      terminationMessagePath to populate the container status message on both success and failure.
+                                      FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                      message file is empty and the container exited with an error.
+                                    type: string
+                                  tty:
+                                    description: |-
+                                      Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                      Default is false.
+                                    type: boolean
+                                  volumeDevices:
+                                    description: volumeDevices is the list of block
+                                      devices to be used by the container.
+                                    items:
+                                      description: volumeDevice describes a mapping
+                                        of a raw block device within a container.
+                                      properties:
+                                        devicePath:
+                                          description: devicePath is the path inside
+                                            of the container that the device will
+                                            be mapped to.
+                                          type: string
+                                        name:
+                                          description: name must match the name of
+                                            a persistentVolumeClaim in the pod
+                                          type: string
+                                      required:
+                                      - devicePath
+                                      - name
+                                      type: object
+                                    type: array
+                                  volumeMounts:
+                                    description: |-
+                                      Pod volumes to mount into the container's filesystem.
+                                      Cannot be updated.
+                                    items:
+                                      description: VolumeMount describes a mounting
+                                        of a Volume within a container.
+                                      properties:
+                                        mountPath:
+                                          description: |-
+                                            Path within the container at which the volume should be mounted.  Must
+                                            not contain ':'.
+                                          type: string
+                                        mountPropagation:
+                                          description: |-
+                                            mountPropagation determines how mounts are propagated from the host
+                                            to container and the other way around.
+                                            When not set, MountPropagationNone is used.
+                                            This field is beta in 1.10.
+                                          type: string
+                                        name:
+                                          description: This must match the Name of
+                                            a Volume.
+                                          type: string
+                                        readOnly:
+                                          description: |-
+                                            Mounted read-only if true, read-write otherwise (false or unspecified).
+                                            Defaults to false.
+                                          type: boolean
+                                        subPath:
+                                          description: |-
+                                            Path within the volume from which the container's volume should be mounted.
+                                            Defaults to "" (volume's root).
+                                          type: string
+                                        subPathExpr:
+                                          description: |-
+                                            Expanded path within the volume from which the container's volume should be mounted.
+                                            Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                            Defaults to "" (volume's root).
+                                            SubPathExpr and SubPath are mutually exclusive.
+                                          type: string
+                                      required:
+                                      - mountPath
+                                      - name
+                                      type: object
+                                    type: array
+                                  workingDir:
+                                    description: |-
+                                      Container's working directory.
+                                      If not specified, the container runtime's default will be used, which
+                                      might be configured in the container image.
+                                      Cannot be updated.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                            nodeName:
+                              description: |-
+                                NodeName is a request to schedule this pod onto a specific node. If it is non-empty,
+                                the scheduler simply schedules this pod onto that node, assuming that it fits resource
+                                requirements.
+                              type: string
+                            nodeSelector:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                NodeSelector is a selector which must be true for the pod to fit on a node.
+                                Selector which must match a node's labels for the pod to be scheduled on that node.
+                                More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            os:
+                              description: |-
+                                Specifies the OS of the containers in the pod.
+                                Some pod and container fields are restricted if this is set.
+
+
+                                If the OS field is set to linux, the following fields must be unset:
+                                -securityContext.windowsOptions
+
+
+                                If the OS field is set to windows, following fields must be unset:
+                                - spec.hostPID
+                                - spec.hostIPC
+                                - spec.hostUsers
+                                - spec.securityContext.seLinuxOptions
+                                - spec.securityContext.
+                              properties:
+                                name:
+                                  description: |-
+                                    Name is the name of the operating system. The currently supported values are linux and windows.
+                                    Additional value may be defined in future and can be one of:
+                                    https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
+                                    Clients should expect to handle additional values and treat unrecognized values in this field as os: null
+                                  type: string
+                              required:
+                              - name
+                              type: object
+                            overhead:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              description: |-
+                                Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.
+                                This field will be autopopulated at admission time by the RuntimeClass admission controller. If
+                                the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.
+                                The RuntimeClass admission controller will reject Pod create requests which have the overhead already
+                                set.
+                              type: object
+                            preemptionPolicy:
+                              description: |-
+                                PreemptionPolicy is the Policy for preempting pods with lower priority.
+                                One of Never, PreemptLowerPriority.
+                                Defaults to PreemptLowerPriority if unset.
+                              type: string
+                            priority:
+                              description: |-
+                                The priority value. Various system components use this field to find the
+                                priority of the pod. When Priority Admission Controller is enabled, it
+                                prevents users from setting this field. The admission controller populates
+                                this field from PriorityClassName.
+                                The higher the value, the higher the priority.
+                              format: int32
+                              type: integer
+                            priorityClassName:
+                              description: |-
+                                If specified, indicates the pod's priority. "system-node-critical" and
+                                "system-cluster-critical" are two special keywords which indicate the
+                                highest priorities with the former being the highest priority. Any other
+                                name must be defined by creating a PriorityClass object with that name.
+                                If not specified, the pod priority will be default or zero if there is no
+                                default.
+                              type: string
+                            readinessGates:
+                              description: |-
+                                If specified, all readiness gates will be evaluated for pod readiness.
+                                A pod is ready when all its containers are ready AND
+                                all conditions specified in the readiness gates have status equal to "True"
+                                More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
+                              items:
+                                description: PodReadinessGate contains the reference
+                                  to a pod condition
+                                properties:
+                                  conditionType:
+                                    description: ConditionType refers to a condition
+                                      in the pod's condition list with matching type.
+                                    type: string
+                                required:
+                                - conditionType
+                                type: object
+                              type: array
+                            resourceClaims:
+                              description: |-
+                                ResourceClaims defines which ResourceClaims must be allocated
+                                and reserved before the Pod is allowed to start. The resources
+                                will be made available to those containers which consume them
+                                by name.
+
+
+                                This is an alpha field and requires enabling the
+                                DynamicResourceAllocation feature gate.
+
+
+                                This field is immutable.
+                              items:
+                                description: |-
+                                  PodResourceClaim references exactly one ResourceClaim through a ClaimSource.
+                                  It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
+                                  Containers that need access to the ResourceClaim reference it with this name.
+                                properties:
+                                  name:
+                                    description: |-
+                                      Name uniquely identifies this resource claim inside the pod.
+                                      This must be a DNS_LABEL.
+                                    type: string
+                                  source:
+                                    description: Source describes where to find the
+                                      ResourceClaim.
+                                    properties:
+                                      resourceClaimName:
+                                        description: |-
+                                          ResourceClaimName is the name of a ResourceClaim object in the same
+                                          namespace as this pod.
+                                        type: string
+                                      resourceClaimTemplateName:
+                                        description: |-
+                                          ResourceClaimTemplateName is the name of a ResourceClaimTemplate
+                                          object in the same namespace as this pod.
+
+
+                                          The template will be used to create a new ResourceClaim, which will
+                                          be bound to this pod. When this pod is deleted, the ResourceClaim
+                                          will also be deleted.
+                                        type: string
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
+                            restartPolicy:
+                              description: |-
+                                Restart policy for all containers within the pod.
+                                One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.
+                                Default to Always.
+                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
+                              type: string
+                            runtimeClassName:
+                              description: |-
+                                RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
+                                to run this pod.  If no RuntimeClass resource matches the named class, the pod will not be run.
+                                If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
+                                empty definition that uses the default runtime handler.
+                                More info: https://git.k8s.
+                              type: string
+                            schedulerName:
+                              description: |-
+                                If specified, the pod will be dispatched by specified scheduler.
+                                If not specified, the pod will be dispatched by default scheduler.
+                              type: string
+                            schedulingGates:
+                              description: |-
+                                SchedulingGates is an opaque list of values that if specified will block scheduling the pod.
+                                If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the
+                                scheduler will not attempt to schedule the pod.
+
+
+                                SchedulingGates can only be set at pod creation time, and be removed only afterwards.
+
+
+                                This is a beta feature enabled by the PodSchedulingReadiness feature gate.
+                              items:
+                                description: PodSchedulingGate is associated to a
+                                  Pod to guard its scheduling.
+                                properties:
+                                  name:
+                                    description: |-
+                                      Name of the scheduling gate.
+                                      Each scheduling gate must have a unique name field.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - name
+                              x-kubernetes-list-type: map
+                            securityContext:
+                              description: |-
+                                SecurityContext holds pod-level security attributes and common container settings.
+                                Optional: Defaults to empty.  See type description for default values of each field.
+                              properties:
+                                fsGroup:
+                                  description: |-
+                                    A special supplemental group that applies to all containers in a pod.
+                                    Some volume types allow the Kubelet to change the ownership of that volume
+                                    to be owned by the pod:
+
+
+                                    1. The owning GID will be the FSGroup
+                                    2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
+                                    3.
+                                  format: int64
+                                  type: integer
+                                fsGroupChangePolicy:
+                                  description: |-
+                                    fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
+                                    before being exposed inside Pod. This field will only apply to
+                                    volume types which support fsGroup based ownership(and permissions).
+                                    It will have no effect on ephemeral volume types such as: secret, configmaps
+                                    and emptydir.
+                                    Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
+                                  type: string
+                                runAsGroup:
+                                  description: |-
+                                    The GID to run the entrypoint of the container process.
+                                    Uses runtime default if unset.
+                                    May also be set in SecurityContext.  If set in both SecurityContext and
+                                    PodSecurityContext, the value specified in SecurityContext takes precedence
+                                    for that container.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  format: int64
+                                  type: integer
+                                runAsNonRoot:
+                                  description: |-
+                                    Indicates that the container must run as a non-root user.
+                                    If true, the Kubelet will validate the image at runtime to ensure that it
+                                    does not run as UID 0 (root) and fail to start the container if it does.
+                                    If unset or false, no such validation will be performed.
+                                    May also be set in SecurityContext.
+                                  type: boolean
+                                runAsUser:
+                                  description: |-
+                                    The UID to run the entrypoint of the container process.
+                                    Defaults to user specified in image metadata if unspecified.
+                                    May also be set in SecurityContext.  If set in both SecurityContext and
+                                    PodSecurityContext, the value specified in SecurityContext takes precedence
+                                    for that container.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  format: int64
+                                  type: integer
+                                seLinuxOptions:
+                                  description: |-
+                                    The SELinux context to be applied to all containers.
+                                    If unspecified, the container runtime will allocate a random SELinux context for each
+                                    container.  May also be set in SecurityContext.  If set in
+                                    both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+                                    takes precedence for that container.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  properties:
+                                    level:
+                                      description: Level is SELinux level label that
+                                        applies to the container.
+                                      type: string
+                                    role:
+                                      description: Role is a SELinux role label that
+                                        applies to the container.
+                                      type: string
+                                    type:
+                                      description: Type is a SELinux type label that
+                                        applies to the container.
+                                      type: string
+                                    user:
+                                      description: User is a SELinux user label that
+                                        applies to the container.
+                                      type: string
+                                  type: object
+                                seccompProfile:
+                                  description: |-
+                                    The seccomp options to use by the containers in this pod.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  properties:
+                                    localhostProfile:
+                                      description: |-
+                                        localhostProfile indicates a profile defined in a file on the node should be used.
+                                        The profile must be preconfigured on the node to work.
+                                        Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                        Must be set if type is "Localhost". Must NOT be set for any other type.
+                                      type: string
+                                    type:
+                                      description: |-
+                                        type indicates which kind of seccomp profile will be applied.
+                                        Valid options are:
+
+
+                                        Localhost - a profile defined in a file on the node should be used.
+                                        RuntimeDefault - the container runtime default profile should be used.
+                                        Unconfined - no profile should be applied.
+                                      type: string
+                                  required:
+                                  - type
+                                  type: object
+                                supplementalGroups:
+                                  description: |-
+                                    A list of groups applied to the first process run in each container, in addition
+                                    to the container's primary GID, the fsGroup (if specified), and group memberships
+                                    defined in the container image for the uid of the container process. If unspecified,
+                                    no additional groups are added to any container.
+                                  items:
+                                    format: int64
+                                    type: integer
+                                  type: array
+                                sysctls:
+                                  description: |-
+                                    Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
+                                    sysctls (by the container runtime) might fail to launch.
+                                    Note that this field cannot be set when spec.os.name is windows.
+                                  items:
+                                    description: Sysctl defines a kernel parameter
+                                      to be set
+                                    properties:
+                                      name:
+                                        description: Name of a property to set
+                                        type: string
+                                      value:
+                                        description: Value of a property to set
+                                        type: string
+                                    required:
+                                    - name
+                                    - value
+                                    type: object
+                                  type: array
+                                windowsOptions:
+                                  description: |-
+                                    The Windows specific settings applied to all containers.
+                                    If unspecified, the options within a container's SecurityContext will be used.
+                                    If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                    Note that this field cannot be set when spec.os.name is linux.
+                                  properties:
+                                    gmsaCredentialSpec:
+                                      description: |-
+                                        GMSACredentialSpec is where the GMSA admission webhook
+                                        (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                        GMSA credential spec named by the GMSACredentialSpecName field.
+                                      type: string
+                                    gmsaCredentialSpecName:
+                                      description: GMSACredentialSpecName is the name
+                                        of the GMSA credential spec to use.
+                                      type: string
+                                    hostProcess:
+                                      description: |-
+                                        HostProcess determines if a container should be run as a 'Host Process' container.
+                                        All of a Pod's containers must have the same effective HostProcess value
+                                        (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                        In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                      type: boolean
+                                    runAsUserName:
+                                      description: |-
+                                        The UserName in Windows to run the entrypoint of the container process.
+                                        Defaults to the user specified in image metadata if unspecified.
+                                        May also be set in PodSecurityContext. If set in both SecurityContext and
+                                        PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                      type: string
+                                  type: object
+                              type: object
+                            serviceAccount:
+                              description: |-
+                                DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.
+                                Deprecated: Use serviceAccountName instead.
+                              type: string
+                            serviceAccountName:
+                              description: |-
+                                ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+                                More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+                              type: string
+                            setHostnameAsFQDN:
+                              description: |-
+                                If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
+                                In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).
+                              type: boolean
+                            shareProcessNamespace:
+                              description: |-
+                                Share a single process namespace between all of the containers in a pod.
+                                When this is set containers will be able to view and signal processes from other containers
+                                in the same pod, and the first process in each container will not be assigned PID 1.
+                                HostPID and ShareProcessNamespace cannot both be set.
+                                Optional: Default to false.
+                              type: boolean
+                            subdomain:
+                              description: |-
+                                If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>".
+                                If not specified, the pod will not have a domainname at all.
+                              type: string
+                            terminationGracePeriodSeconds:
+                              description: |-
+                                Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.
+                                Value must be non-negative integer. The value zero indicates stop immediately via
+                                the kill signal (no opportunity to shut down).
+                                If this value is nil, the default grace period will be used instead.
+                              format: int64
+                              type: integer
+                            tolerations:
+                              description: If specified, the pod's tolerations.
+                              items:
+                                description: |-
+                                  The pod this Toleration is attached to tolerates any taint that matches
+                                  the triple <key,value,effect> using the matching operator <operator>.
+                                properties:
+                                  effect:
+                                    description: |-
+                                      Effect indicates the taint effect to match. Empty means match all taint effects.
+                                      When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+                                    type: string
+                                  key:
+                                    description: |-
+                                      Key is the taint key that the toleration applies to. Empty means match all taint keys.
+                                      If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+                                    type: string
+                                  operator:
+                                    description: |-
+                                      Operator represents a key's relationship to the value.
+                                      Valid operators are Exists and Equal. Defaults to Equal.
+                                      Exists is equivalent to wildcard for value, so that a pod can
+                                      tolerate all taints of a particular category.
+                                    type: string
+                                  tolerationSeconds:
+                                    description: |-
+                                      TolerationSeconds represents the period of time the toleration (which must be
+                                      of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+                                      it is not set, which means tolerate the taint forever (do not evict). Zero and
+                                      negative values will be treated as 0 (evict immediately) by the system.
+                                    format: int64
+                                    type: integer
+                                  value:
+                                    description: |-
+                                      Value is the taint value the toleration matches to.
+                                      If the operator is Exists, the value should be empty, otherwise just a regular string.
+                                    type: string
+                                type: object
+                              type: array
+                            topologySpreadConstraints:
+                              description: |-
+                                TopologySpreadConstraints describes how a group of pods ought to spread across topology
+                                domains. Scheduler will schedule pods in a way which abides by the constraints.
+                                All topologySpreadConstraints are ANDed.
+                              items:
+                                description: TopologySpreadConstraint specifies how
+                                  to spread matching pods among the given topology.
+                                properties:
+                                  labelSelector:
+                                    description: |-
+                                      LabelSelector is used to find matching pods.
+                                      Pods that match this label selector are counted to determine the number of pods
+                                      in their corresponding topology domain.
+                                    properties:
+                                      matchExpressions:
+                                        description: matchExpressions is a list of
+                                          label selector requirements. The requirements
+                                          are ANDed.
+                                        items:
+                                          description: |-
+                                            A label selector requirement is a selector that contains values, a key, and an operator that
+                                            relates the key and values.
+                                          properties:
+                                            key:
+                                              description: key is the label key that
+                                                the selector applies to.
+                                              type: string
+                                            operator:
+                                              description: |-
+                                                operator represents a key's relationship to a set of values.
+                                                Valid operators are In, NotIn, Exists and DoesNotExist.
+                                              type: string
+                                            values:
+                                              description: |-
+                                                values is an array of string values. If the operator is In or NotIn,
+                                                the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                the values array must be empty. This array is replaced during a strategic
+                                                merge patch.
+                                              items:
+                                                type: string
+                                              type: array
+                                          required:
+                                          - key
+                                          - operator
+                                          type: object
+                                        type: array
+                                      matchLabels:
+                                        additionalProperties:
+                                          type: string
+                                        description: |-
+                                          matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                          map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                          operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                        type: object
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  matchLabelKeys:
+                                    description: |-
+                                      MatchLabelKeys is a set of pod label keys to select the pods over which
+                                      spreading will be calculated. The keys are used to lookup values from the
+                                      incoming pod labels, those key-value labels are ANDed with labelSelector
+                                      to select the group of existing pods over which spreading will be calculated
+                                      for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+                                    items:
+                                      type: string
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                  maxSkew:
+                                    description: |-
+                                      MaxSkew describes the degree to which pods may be unevenly distributed.
+                                      When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
+                                      between the number of matching pods in the target topology and the global minimum.
+                                      The global minimum is the minimum number of matching pods in an eligible domain
+                                      or zero if the number of eligible domains is less than MinDomains.
+                                    format: int32
+                                    type: integer
+                                  minDomains:
+                                    description: |-
+                                      MinDomains indicates a minimum number of eligible domains.
+                                      When the number of eligible domains with matching topology keys is less than minDomains,
+                                      Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
+                                      And when the number of eligible domains with matching topology keys equals or greater than minDomains,
+                                      this value has no effect on scheduling.
+                                    format: int32
+                                    type: integer
+                                  nodeAffinityPolicy:
+                                    description: |-
+                                      NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
+                                      when calculating pod topology spread skew. Options are:
+                                      - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
+                                      - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
+
+
+                                      If this value is nil, the behavior is equivalent to the Honor policy.
+                                    type: string
+                                  nodeTaintsPolicy:
+                                    description: |-
+                                      NodeTaintsPolicy indicates how we will treat node taints when calculating
+                                      pod topology spread skew. Options are:
+                                      - Honor: nodes without taints, along with tainted nodes for which the incoming pod
+                                      has a toleration, are included.
+                                      - Ignore: node taints are ignored. All nodes are included.
+
+
+                                      If this value is nil, the behavior is equivalent to the Ignore policy.
+                                    type: string
+                                  topologyKey:
+                                    description: |-
+                                      TopologyKey is the key of node labels. Nodes that have a label with this key
+                                      and identical values are considered to be in the same topology.
+                                      We consider each <key, value> as a "bucket", and try to put balanced number
+                                      of pods into each bucket.
+                                      We define a domain as a particular instance of a topology.
+                                    type: string
+                                  whenUnsatisfiable:
+                                    description: |-
+                                      WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
+                                      the spread constraint.
+                                      - DoNotSchedule (default) tells the scheduler not to schedule it.
+                                      - ScheduleAnyway tells the scheduler to schedule the pod in any location,
+                                        but giving higher precedence to topologies that would help reduce the
+                                        skew.
+                                    type: string
+                                required:
+                                - maxSkew
+                                - topologyKey
+                                - whenUnsatisfiable
+                                type: object
+                              type: array
+                              x-kubernetes-list-map-keys:
+                              - topologyKey
+                              - whenUnsatisfiable
+                              x-kubernetes-list-type: map
+                            volumes:
+                              description: |-
+                                List of volumes that can be mounted by containers belonging to the pod.
+                                More info: https://kubernetes.io/docs/concepts/storage/volumes
+                              items:
+                                description: Volume represents a named volume in a
+                                  pod that may be accessed by any container in the
+                                  pod.
+                                properties:
+                                  awsElasticBlockStore:
+                                    description: |-
+                                      awsElasticBlockStore represents an AWS Disk resource that is attached to a
+                                      kubelet's host machine and then exposed to the pod.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      partition:
+                                        description: |-
+                                          partition is the partition in the volume that you want to mount.
+                                          If omitted, the default is to mount by volume name.
+                                          Examples: For volume /dev/sda1, you specify the partition as "1".
+                                          Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+                                        format: int32
+                                        type: integer
+                                      readOnly:
+                                        description: |-
+                                          readOnly value true will force the readOnly setting in VolumeMounts.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                        type: boolean
+                                      volumeID:
+                                        description: |-
+                                          volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                        type: string
+                                    required:
+                                    - volumeID
+                                    type: object
+                                  azureDisk:
+                                    description: azureDisk represents an Azure Data
+                                      Disk mount on the host and bind mount to the
+                                      pod.
+                                    properties:
+                                      cachingMode:
+                                        description: 'cachingMode is the Host Caching
+                                          mode: None, Read Only, Read Write.'
+                                        type: string
+                                      diskName:
+                                        description: diskName is the Name of the data
+                                          disk in the blob storage
+                                        type: string
+                                      diskURI:
+                                        description: diskURI is the URI of data disk
+                                          in the blob storage
+                                        type: string
+                                      fsType:
+                                        description: |-
+                                          fsType is Filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      kind:
+                                        description: 'kind expected values are Shared:
+                                          multiple blob disks per storage account  Dedicated:
+                                          single blob disk per storage account  Managed:
+                                          azure managed data disk (only in managed
+                                          availability set). defaults to shared'
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                    required:
+                                    - diskName
+                                    - diskURI
+                                    type: object
+                                  azureFile:
+                                    description: azureFile represents an Azure File
+                                      Service mount on the host and bind mount to
+                                      the pod.
+                                    properties:
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretName:
+                                        description: secretName is the  name of secret
+                                          that contains Azure Storage Account Name
+                                          and Key
+                                        type: string
+                                      shareName:
+                                        description: shareName is the azure share
+                                          Name
+                                        type: string
+                                    required:
+                                    - secretName
+                                    - shareName
+                                    type: object
+                                  cephfs:
+                                    description: cephFS represents a Ceph FS mount
+                                      on the host that shares a pod's lifetime
+                                    properties:
+                                      monitors:
+                                        description: |-
+                                          monitors is Required: Monitors is a collection of Ceph monitors
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        items:
+                                          type: string
+                                        type: array
+                                      path:
+                                        description: 'path is Optional: Used as the
+                                          mounted root, rather than the full Ceph
+                                          tree, default is /'
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        type: boolean
+                                      secretFile:
+                                        description: |-
+                                          secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        type: string
+                                      secretRef:
+                                        description: |-
+                                          secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      user:
+                                        description: |-
+                                          user is optional: User is the rados user name, default is admin
+                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                        type: string
+                                    required:
+                                    - monitors
+                                    type: object
+                                  cinder:
+                                    description: |-
+                                      cinder represents a cinder volume attached and mounted on kubelets host machine.
+                                      More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef is optional: points to a secret object containing parameters used to connect
+                                          to OpenStack.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      volumeID:
+                                        description: |-
+                                          volumeID used to identify the volume in cinder.
+                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                        type: string
+                                    required:
+                                    - volumeID
+                                    type: object
+                                  configMap:
+                                    description: configMap represents a configMap
+                                      that should populate this volume
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          defaultMode is optional: mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                          Defaults to 0644.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      items:
+                                        description: |-
+                                          items if unspecified, each key-value pair in the Data field of the referenced
+                                          ConfigMap will be projected into the volume as a file whose name is the
+                                          key and content is the value. If specified, the listed keys will be
+                                          projected into the specified paths, and unlisted keys will not be
+                                          present.
+                                        items:
+                                          description: Maps a string key to a path
+                                            within a volume.
+                                          properties:
+                                            key:
+                                              description: key is the key to project.
+                                              type: string
+                                            mode:
+                                              description: |-
+                                                mode is Optional: mode bits used to set permissions on this file.
+                                                Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                If not specified, the volume defaultMode will be used.
+                                              format: int32
+                                              type: integer
+                                            path:
+                                              description: |-
+                                                path is the relative path of the file to map the key to.
+                                                May not be an absolute path.
+                                                May not contain the path element '..'.
+                                                May not start with the string '..'.
+                                              type: string
+                                          required:
+                                          - key
+                                          - path
+                                          type: object
+                                        type: array
+                                      name:
+                                        description: |-
+                                          Name of the referent.
+                                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                          TODO: Add other useful fields. apiVersion, kind, uid?
+                                        type: string
+                                      optional:
+                                        description: optional specify whether the
+                                          ConfigMap or its keys must be defined
+                                        type: boolean
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  csi:
+                                    description: csi (Container Storage Interface)
+                                      represents ephemeral storage that is handled
+                                      by certain external CSI drivers (Beta feature).
+                                    properties:
+                                      driver:
+                                        description: |-
+                                          driver is the name of the CSI driver that handles this volume.
+                                          Consult with your admin for the correct name as registered in the cluster.
+                                        type: string
+                                      fsType:
+                                        description: |-
+                                          fsType to mount. Ex. "ext4", "xfs", "ntfs".
+                                          If not provided, the empty value is passed to the associated CSI driver
+                                          which will determine the default filesystem to apply.
+                                        type: string
+                                      nodePublishSecretRef:
+                                        description: |-
+                                          nodePublishSecretRef is a reference to the secret object containing
+                                          sensitive information to pass to the CSI driver to complete the CSI
+                                          NodePublishVolume and NodeUnpublishVolume calls.
+                                          This field is optional, and  may be empty if no secret is required. If the
+                                          secret object contains more than one secret, all secret references are passed.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      readOnly:
+                                        description: |-
+                                          readOnly specifies a read-only configuration for the volume.
+                                          Defaults to false (read/write).
+                                        type: boolean
+                                      volumeAttributes:
+                                        additionalProperties:
+                                          type: string
+                                        description: |-
+                                          volumeAttributes stores driver-specific properties that are passed to the CSI
+                                          driver. Consult your driver's documentation for supported values.
+                                        type: object
+                                    required:
+                                    - driver
+                                    type: object
+                                  downwardAPI:
+                                    description: downwardAPI represents downward API
+                                      about the pod that should populate this volume
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          Optional: mode bits to use on created files by default. Must be a
+                                          Optional: mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                          Defaults to 0644.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      items:
+                                        description: Items is a list of downward API
+                                          volume file
+                                        items:
+                                          description: DownwardAPIVolumeFile represents
+                                            information to create the file containing
+                                            the pod field
+                                          properties:
+                                            fieldRef:
+                                              description: 'Required: Selects a field
+                                                of the pod: only annotations, labels,
+                                                name and namespace are supported.'
+                                              properties:
+                                                apiVersion:
+                                                  description: Version of the schema
+                                                    the FieldPath is written in terms
+                                                    of, defaults to "v1".
+                                                  type: string
+                                                fieldPath:
+                                                  description: Path of the field to
+                                                    select in the specified API version.
+                                                  type: string
+                                              required:
+                                              - fieldPath
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            mode:
+                                              description: |-
+                                                Optional: mode bits used to set permissions on this file, must be an octal value
+                                                between 0000 and 0777 or a decimal value between 0 and 511.
+                                                YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                If not specified, the volume defaultMode will be used.
+                                              format: int32
+                                              type: integer
+                                            path:
+                                              description: 'Required: Path is  the
+                                                relative path name of the file to
+                                                be created. Must not be absolute or
+                                                contain the ''..'' path. Must be utf-8
+                                                encoded. The first item of the relative
+                                                path must not start with ''..'''
+                                              type: string
+                                            resourceFieldRef:
+                                              description: |-
+                                                Selects a resource of the container: only resources limits and requests
+                                                (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+                                              properties:
+                                                containerName:
+                                                  description: 'Container name: required
+                                                    for volumes, optional for env
+                                                    vars'
+                                                  type: string
+                                                divisor:
+                                                  anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                  description: Specifies the output
+                                                    format of the exposed resources,
+                                                    defaults to "1"
+                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                  x-kubernetes-int-or-string: true
+                                                resource:
+                                                  description: 'Required: resource
+                                                    to select'
+                                                  type: string
+                                              required:
+                                              - resource
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          required:
+                                          - path
+                                          type: object
+                                        type: array
+                                    type: object
+                                  emptyDir:
+                                    description: |-
+                                      emptyDir represents a temporary directory that shares a pod's lifetime.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+                                    properties:
+                                      medium:
+                                        description: |-
+                                          medium represents what type of storage medium should back this directory.
+                                          The default is "" which means to use the node's default medium.
+                                          Must be an empty string (default) or Memory.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+                                        type: string
+                                      sizeLimit:
+                                        anyOf:
+                                        - type: integer
+                                        - type: string
+                                        description: |-
+                                          sizeLimit is the total amount of local storage required for this EmptyDir volume.
+                                          The size limit is also applicable for memory medium.
+                                          The maximum usage on memory medium EmptyDir would be the minimum value between
+                                          the SizeLimit specified here and the sum of memory limits of all containers in a pod.
+                                          The default is nil which means that the limit is undefined.
+                                          More info: https://kubernetes.
+                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                        x-kubernetes-int-or-string: true
+                                    type: object
+                                  ephemeral:
+                                    description: |-
+                                      ephemeral represents a volume that is handled by a cluster storage driver.
+                                      The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
+                                      and deleted when the pod is removed.
+                                    properties:
+                                      volumeClaimTemplate:
+                                        description: |-
+                                          Will be used to create a stand-alone PVC to provision the volume.
+                                          The pod in which this EphemeralVolumeSource is embedded will be the
+                                          owner of the PVC, i.e. the PVC will be deleted together with the
+                                          pod.  The name of the PVC will be `<pod name>-<volume name>` where
+                                          `<volume name>` is the name from the `PodSpec.Volumes` array
+                                          entry.
+                                        properties:
+                                          metadata:
+                                            description: |-
+                                              May contain labels and annotations that will be copied into the PVC
+                                              when creating it. No other fields are allowed and will be rejected during
+                                              validation.
+                                            properties:
+                                              annotations:
+                                                additionalProperties:
+                                                  type: string
+                                                type: object
+                                              finalizers:
+                                                items:
+                                                  type: string
+                                                type: array
+                                              labels:
+                                                additionalProperties:
+                                                  type: string
+                                                type: object
+                                              name:
+                                                type: string
+                                              namespace:
+                                                type: string
+                                            type: object
+                                          spec:
+                                            description: |-
+                                              The specification for the PersistentVolumeClaim. The entire content is
+                                              copied unchanged into the PVC that gets created from this
+                                              template. The same fields as in a PersistentVolumeClaim
+                                              are also valid here.
+                                            properties:
+                                              accessModes:
+                                                description: |-
+                                                  accessModes contains the desired access modes the volume should have.
+                                                  More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+                                                items:
+                                                  type: string
+                                                type: array
+                                              dataSource:
+                                                description: |-
+                                                  dataSource field can be used to specify either:
+                                                  * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+                                                  * An existing PVC (PersistentVolumeClaim)
+                                                  If the provisioner or an external controller can support the specified data source,
+                                                  it will create a new volume based on the contents of the specified data source.
+                                                properties:
+                                                  apiGroup:
+                                                    description: |-
+                                                      APIGroup is the group for the resource being referenced.
+                                                      If APIGroup is not specified, the specified Kind must be in the core API group.
+                                                      For any other third-party types, APIGroup is required.
+                                                    type: string
+                                                  kind:
+                                                    description: Kind is the type
+                                                      of resource being referenced
+                                                    type: string
+                                                  name:
+                                                    description: Name is the name
+                                                      of resource being referenced
+                                                    type: string
+                                                required:
+                                                - kind
+                                                - name
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              dataSourceRef:
+                                                description: |-
+                                                  dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+                                                  volume is desired. This may be any object from a non-empty API group (non
+                                                  core object) or a PersistentVolumeClaim object.
+                                                  When this field is specified, volume binding will only succeed if the type of
+                                                  the specified object matches some installed volume populator or dynamic
+                                                  provisioner.
+                                                properties:
+                                                  apiGroup:
+                                                    description: |-
+                                                      APIGroup is the group for the resource being referenced.
+                                                      If APIGroup is not specified, the specified Kind must be in the core API group.
+                                                      For any other third-party types, APIGroup is required.
+                                                    type: string
+                                                  kind:
+                                                    description: Kind is the type
+                                                      of resource being referenced
+                                                    type: string
+                                                  name:
+                                                    description: Name is the name
+                                                      of resource being referenced
+                                                    type: string
+                                                  namespace:
+                                                    description: |-
+                                                      Namespace is the namespace of resource being referenced
+                                                      Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+                                                      (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+                                                    type: string
+                                                required:
+                                                - kind
+                                                - name
+                                                type: object
+                                              resources:
+                                                description: |-
+                                                  resources represents the minimum resources the volume should have.
+                                                  If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+                                                  that are lower than previous value but must still be higher than capacity recorded in the
+                                                  status field of the claim.
+                                                  More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+                                                properties:
+                                                  limits:
+                                                    additionalProperties:
+                                                      anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    description: |-
+                                                      Limits describes the maximum amount of compute resources allowed.
+                                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                                    type: object
+                                                  requests:
+                                                    additionalProperties:
+                                                      anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    description: |-
+                                                      Requests describes the minimum amount of compute resources required.
+                                                      If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                                      otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                                    type: object
+                                                type: object
+                                              selector:
+                                                description: selector is a label query
+                                                  over volumes to consider for binding.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: matchExpressions
+                                                      is a list of label selector
+                                                      requirements. The requirements
+                                                      are ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key is the
+                                                            label key that the selector
+                                                            applies to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                      required:
+                                                      - key
+                                                      - operator
+                                                      type: object
+                                                    type: array
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              storageClassName:
+                                                description: |-
+                                                  storageClassName is the name of the StorageClass required by the claim.
+                                                  More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+                                                type: string
+                                              volumeAttributesClassName:
+                                                description: |-
+                                                  volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+                                                  If specified, the CSI driver will create or update the volume with the attributes defined
+                                                  in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+                                                  it can be changed after the claim is created.
+                                                type: string
+                                              volumeMode:
+                                                description: |-
+                                                  volumeMode defines what type of volume is required by the claim.
+                                                  Value of Filesystem is implied when not included in claim spec.
+                                                type: string
+                                              volumeName:
+                                                description: volumeName is the binding
+                                                  reference to the PersistentVolume
+                                                  backing this claim.
+                                                type: string
+                                            type: object
+                                        required:
+                                        - spec
+                                        type: object
+                                    type: object
+                                  fc:
+                                    description: fc represents a Fibre Channel resource
+                                      that is attached to a kubelet's host machine
+                                      and then exposed to the pod.
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      lun:
+                                        description: 'lun is Optional: FC target lun
+                                          number'
+                                        format: int32
+                                        type: integer
+                                      readOnly:
+                                        description: |-
+                                          readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      targetWWNs:
+                                        description: 'targetWWNs is Optional: FC target
+                                          worldwide names (WWNs)'
+                                        items:
+                                          type: string
+                                        type: array
+                                      wwids:
+                                        description: |-
+                                          wwids Optional: FC volume world wide identifiers (wwids)
+                                          Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+                                        items:
+                                          type: string
+                                        type: array
+                                    type: object
+                                  flexVolume:
+                                    description: |-
+                                      flexVolume represents a generic volume resource that is
+                                      provisioned/attached using an exec based plugin.
+                                    properties:
+                                      driver:
+                                        description: driver is the name of the driver
+                                          to use for this volume.
+                                        type: string
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+                                        type: string
+                                      options:
+                                        additionalProperties:
+                                          type: string
+                                        description: 'options is Optional: this field
+                                          holds extra command options if any.'
+                                        type: object
+                                      readOnly:
+                                        description: |-
+                                          readOnly is Optional: defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef is Optional: secretRef is reference to the secret object containing
+                                          sensitive information to pass to the plugin scripts. This may be
+                                          empty if no secret object is specified. If the secret object
+                                          contains more than one secret, all secrets are passed to the plugin
+                                          scripts.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                    required:
+                                    - driver
+                                    type: object
+                                  flocker:
+                                    description: flocker represents a Flocker volume
+                                      attached to a kubelet's host machine. This depends
+                                      on the Flocker control service being running
+                                    properties:
+                                      datasetName:
+                                        description: |-
+                                          datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
+                                          should be considered as deprecated
+                                        type: string
+                                      datasetUUID:
+                                        description: datasetUUID is the UUID of the
+                                          dataset. This is unique identifier of a
+                                          Flocker dataset
+                                        type: string
+                                    type: object
+                                  gcePersistentDisk:
+                                    description: |-
+                                      gcePersistentDisk represents a GCE Disk resource that is attached to a
+                                      kubelet's host machine and then exposed to the pod.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      partition:
+                                        description: |-
+                                          partition is the partition in the volume that you want to mount.
+                                          If omitted, the default is to mount by volume name.
+                                          Examples: For volume /dev/sda1, you specify the partition as "1".
+                                          Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                        format: int32
+                                        type: integer
+                                      pdName:
+                                        description: |-
+                                          pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the ReadOnly setting in VolumeMounts.
+                                          Defaults to false.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                        type: boolean
+                                    required:
+                                    - pdName
+                                    type: object
+                                  gitRepo:
+                                    description: |-
+                                      gitRepo represents a git repository at a particular revision.
+                                      DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
+                                      EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
+                                      into the Pod's container.
+                                    properties:
+                                      directory:
+                                        description: |-
+                                          directory is the target directory name.
+                                          Must not contain or start with '..'.  If '.' is supplied, the volume directory will be the
+                                          git repository.  Otherwise, if specified, the volume will contain the git repository in
+                                          the subdirectory with the given name.
+                                        type: string
+                                      repository:
+                                        description: repository is the URL
+                                        type: string
+                                      revision:
+                                        description: revision is the commit hash for
+                                          the specified revision.
+                                        type: string
+                                    required:
+                                    - repository
+                                    type: object
+                                  glusterfs:
+                                    description: |-
+                                      glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
+                                      More info: https://examples.k8s.io/volumes/glusterfs/README.md
+                                    properties:
+                                      endpoints:
+                                        description: |-
+                                          endpoints is the endpoint name that details Glusterfs topology.
+                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                        type: string
+                                      path:
+                                        description: |-
+                                          path is the Glusterfs volume path.
+                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
+                                          Defaults to false.
+                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                        type: boolean
+                                    required:
+                                    - endpoints
+                                    - path
+                                    type: object
+                                  hostPath:
+                                    description: |-
+                                      hostPath represents a pre-existing file or directory on the host
+                                      machine that is directly exposed to the container. This is generally
+                                      used for system agents or other privileged things that are allowed
+                                      to see the host machine. Most containers will NOT need this.
+                                      More info: https://kubernetes.
+                                    properties:
+                                      path:
+                                        description: |-
+                                          path of the directory on the host.
+                                          If the path is a symlink, it will follow the link to the real path.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+                                        type: string
+                                      type:
+                                        description: |-
+                                          type for HostPath Volume
+                                          Defaults to ""
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+                                        type: string
+                                    required:
+                                    - path
+                                    type: object
+                                  iscsi:
+                                    description: |-
+                                      iscsi represents an ISCSI Disk resource that is attached to a
+                                      kubelet's host machine and then exposed to the pod.
+                                      More info: https://examples.k8s.io/volumes/iscsi/README.md
+                                    properties:
+                                      chapAuthDiscovery:
+                                        description: chapAuthDiscovery defines whether
+                                          support iSCSI Discovery CHAP authentication
+                                        type: boolean
+                                      chapAuthSession:
+                                        description: chapAuthSession defines whether
+                                          support iSCSI Session CHAP authentication
+                                        type: boolean
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      initiatorName:
+                                        description: |-
+                                          initiatorName is the custom iSCSI Initiator Name.
+                                          If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
+                                          <target portal>:<volume name> will be created for the connection.
+                                        type: string
+                                      iqn:
+                                        description: iqn is the target iSCSI Qualified
+                                          Name.
+                                        type: string
+                                      iscsiInterface:
+                                        description: |-
+                                          iscsiInterface is the interface Name that uses an iSCSI transport.
+                                          Defaults to 'default' (tcp).
+                                        type: string
+                                      lun:
+                                        description: lun represents iSCSI Target Lun
+                                          number.
+                                        format: int32
+                                        type: integer
+                                      portals:
+                                        description: |-
+                                          portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
+                                          is other than default (typically TCP ports 860 and 3260).
+                                        items:
+                                          type: string
+                                        type: array
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the ReadOnly setting in VolumeMounts.
+                                          Defaults to false.
+                                        type: boolean
+                                      secretRef:
+                                        description: secretRef is the CHAP Secret
+                                          for iSCSI target and initiator authentication
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      targetPortal:
+                                        description: |-
+                                          targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
+                                          is other than default (typically TCP ports 860 and 3260).
+                                        type: string
+                                    required:
+                                    - iqn
+                                    - lun
+                                    - targetPortal
+                                    type: object
+                                  name:
+                                    description: |-
+                                      name of the volume.
+                                      Must be a DNS_LABEL and unique within the pod.
+                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    type: string
+                                  nfs:
+                                    description: |-
+                                      nfs represents an NFS mount on the host that shares a pod's lifetime
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                    properties:
+                                      path:
+                                        description: |-
+                                          path that is exported by the NFS server.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the NFS export to be mounted with read-only permissions.
+                                          Defaults to false.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                        type: boolean
+                                      server:
+                                        description: |-
+                                          server is the hostname or IP address of the NFS server.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                        type: string
+                                    required:
+                                    - path
+                                    - server
+                                    type: object
+                                  persistentVolumeClaim:
+                                    description: |-
+                                      persistentVolumeClaimVolumeSource represents a reference to a
+                                      PersistentVolumeClaim in the same namespace.
+                                      More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+                                    properties:
+                                      claimName:
+                                        description: |-
+                                          claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
+                                          More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly Will force the ReadOnly setting in VolumeMounts.
+                                          Default false.
+                                        type: boolean
+                                    required:
+                                    - claimName
+                                    type: object
+                                  photonPersistentDisk:
+                                    description: photonPersistentDisk represents a
+                                      PhotonController persistent disk attached and
+                                      mounted on kubelets host machine
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      pdID:
+                                        description: pdID is the ID that identifies
+                                          Photon Controller persistent disk
+                                        type: string
+                                    required:
+                                    - pdID
+                                    type: object
+                                  portworxVolume:
+                                    description: portworxVolume represents a portworx
+                                      volume attached and mounted on kubelets host
+                                      machine
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fSType represents the filesystem type to mount
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      volumeID:
+                                        description: volumeID uniquely identifies
+                                          a Portworx volume
+                                        type: string
+                                    required:
+                                    - volumeID
+                                    type: object
+                                  projected:
+                                    description: projected items for all in one resources
+                                      secrets, configmaps, and downward API
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          defaultMode are the mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      sources:
+                                        description: sources is the list of volume
+                                          projections
+                                        items:
+                                          description: Projection that may be projected
+                                            along with other supported volume types
+                                          properties:
+                                            clusterTrustBundle:
+                                              description: |-
+                                                ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
+                                                of ClusterTrustBundle objects in an auto-updating file.
+
+
+                                                Alpha, gated by the ClusterTrustBundleProjection feature gate.
+
+
+                                                ClusterTrustBundle objects can either be selected by name, or by the
+                                                combination of signer name and a label selector.
+                                              properties:
+                                                labelSelector:
+                                                  description: |-
+                                                    Select all ClusterTrustBundles that match this label selector.  Only has
+                                                    effect if signerName is set.  Mutually-exclusive with name.  If unset,
+                                                    interpreted as "match nothing".  If set but empty, interpreted as "match
+                                                    everything".
+                                                  properties:
+                                                    matchExpressions:
+                                                      description: matchExpressions
+                                                        is a list of label selector
+                                                        requirements. The requirements
+                                                        are ANDed.
+                                                      items:
+                                                        description: |-
+                                                          A label selector requirement is a selector that contains values, a key, and an operator that
+                                                          relates the key and values.
+                                                        properties:
+                                                          key:
+                                                            description: key is the
+                                                              label key that the selector
+                                                              applies to.
+                                                            type: string
+                                                          operator:
+                                                            description: |-
+                                                              operator represents a key's relationship to a set of values.
+                                                              Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                            type: string
+                                                          values:
+                                                            description: |-
+                                                              values is an array of string values. If the operator is In or NotIn,
+                                                              the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                              the values array must be empty. This array is replaced during a strategic
+                                                              merge patch.
+                                                            items:
+                                                              type: string
+                                                            type: array
+                                                        required:
+                                                        - key
+                                                        - operator
+                                                        type: object
+                                                      type: array
+                                                    matchLabels:
+                                                      additionalProperties:
+                                                        type: string
+                                                      description: |-
+                                                        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                        map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                        operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                      type: object
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                name:
+                                                  description: |-
+                                                    Select a single ClusterTrustBundle by object name.  Mutually-exclusive
+                                                    with signerName and labelSelector.
+                                                  type: string
+                                                optional:
+                                                  description: |-
+                                                    If true, don't block pod startup if the referenced ClusterTrustBundle(s)
+                                                    aren't available.  If using name, then the named ClusterTrustBundle is
+                                                    allowed not to exist.  If using signerName, then the combination of
+                                                    signerName and labelSelector is allowed to match zero
+                                                    ClusterTrustBundles.
+                                                  type: boolean
+                                                path:
+                                                  description: Relative path from
+                                                    the volume root to write the bundle.
+                                                  type: string
+                                                signerName:
+                                                  description: |-
+                                                    Select all ClusterTrustBundles that match this signer name.
+                                                    Mutually-exclusive with name.  The contents of all selected
+                                                    ClusterTrustBundles will be unified and deduplicated.
+                                                  type: string
+                                              required:
+                                              - path
+                                              type: object
+                                            configMap:
+                                              description: configMap information about
+                                                the configMap data to project
+                                              properties:
+                                                items:
+                                                  description: |-
+                                                    items if unspecified, each key-value pair in the Data field of the referenced
+                                                    ConfigMap will be projected into the volume as a file whose name is the
+                                                    key and content is the value. If specified, the listed keys will be
+                                                    projected into the specified paths, and unlisted keys will not be
+                                                    present.
+                                                  items:
+                                                    description: Maps a string key
+                                                      to a path within a volume.
+                                                    properties:
+                                                      key:
+                                                        description: key is the key
+                                                          to project.
+                                                        type: string
+                                                      mode:
+                                                        description: |-
+                                                          mode is Optional: mode bits used to set permissions on this file.
+                                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                          If not specified, the volume defaultMode will be used.
+                                                        format: int32
+                                                        type: integer
+                                                      path:
+                                                        description: |-
+                                                          path is the relative path of the file to map the key to.
+                                                          May not be an absolute path.
+                                                          May not contain the path element '..'.
+                                                          May not start with the string '..'.
+                                                        type: string
+                                                    required:
+                                                    - key
+                                                    - path
+                                                    type: object
+                                                  type: array
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: optional specify whether
+                                                    the ConfigMap or its keys must
+                                                    be defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            downwardAPI:
+                                              description: downwardAPI information
+                                                about the downwardAPI data to project
+                                              properties:
+                                                items:
+                                                  description: Items is a list of
+                                                    DownwardAPIVolume file
+                                                  items:
+                                                    description: DownwardAPIVolumeFile
+                                                      represents information to create
+                                                      the file containing the pod
+                                                      field
+                                                    properties:
+                                                      fieldRef:
+                                                        description: 'Required: Selects
+                                                          a field of the pod: only
+                                                          annotations, labels, name
+                                                          and namespace are supported.'
+                                                        properties:
+                                                          apiVersion:
+                                                            description: Version of
+                                                              the schema the FieldPath
+                                                              is written in terms
+                                                              of, defaults to "v1".
+                                                            type: string
+                                                          fieldPath:
+                                                            description: Path of the
+                                                              field to select in the
+                                                              specified API version.
+                                                            type: string
+                                                        required:
+                                                        - fieldPath
+                                                        type: object
+                                                        x-kubernetes-map-type: atomic
+                                                      mode:
+                                                        description: |-
+                                                          Optional: mode bits used to set permissions on this file, must be an octal value
+                                                          between 0000 and 0777 or a decimal value between 0 and 511.
+                                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                          If not specified, the volume defaultMode will be used.
+                                                        format: int32
+                                                        type: integer
+                                                      path:
+                                                        description: 'Required: Path
+                                                          is  the relative path name
+                                                          of the file to be created.
+                                                          Must not be absolute or
+                                                          contain the ''..'' path.
+                                                          Must be utf-8 encoded. The
+                                                          first item of the relative
+                                                          path must not start with
+                                                          ''..'''
+                                                        type: string
+                                                      resourceFieldRef:
+                                                        description: |-
+                                                          Selects a resource of the container: only resources limits and requests
+                                                          (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+                                                        properties:
+                                                          containerName:
+                                                            description: 'Container
+                                                              name: required for volumes,
+                                                              optional for env vars'
+                                                            type: string
+                                                          divisor:
+                                                            anyOf:
+                                                            - type: integer
+                                                            - type: string
+                                                            description: Specifies
+                                                              the output format of
+                                                              the exposed resources,
+                                                              defaults to "1"
+                                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                            x-kubernetes-int-or-string: true
+                                                          resource:
+                                                            description: 'Required:
+                                                              resource to select'
+                                                            type: string
+                                                        required:
+                                                        - resource
+                                                        type: object
+                                                        x-kubernetes-map-type: atomic
+                                                    required:
+                                                    - path
+                                                    type: object
+                                                  type: array
+                                              type: object
+                                            secret:
+                                              description: secret information about
+                                                the secret data to project
+                                              properties:
+                                                items:
+                                                  description: |-
+                                                    items if unspecified, each key-value pair in the Data field of the referenced
+                                                    Secret will be projected into the volume as a file whose name is the
+                                                    key and content is the value. If specified, the listed keys will be
+                                                    projected into the specified paths, and unlisted keys will not be
+                                                    present.
+                                                  items:
+                                                    description: Maps a string key
+                                                      to a path within a volume.
+                                                    properties:
+                                                      key:
+                                                        description: key is the key
+                                                          to project.
+                                                        type: string
+                                                      mode:
+                                                        description: |-
+                                                          mode is Optional: mode bits used to set permissions on this file.
+                                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                          YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                          If not specified, the volume defaultMode will be used.
+                                                        format: int32
+                                                        type: integer
+                                                      path:
+                                                        description: |-
+                                                          path is the relative path of the file to map the key to.
+                                                          May not be an absolute path.
+                                                          May not contain the path element '..'.
+                                                          May not start with the string '..'.
+                                                        type: string
+                                                    required:
+                                                    - key
+                                                    - path
+                                                    type: object
+                                                  type: array
+                                                name:
+                                                  description: |-
+                                                    Name of the referent.
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  type: string
+                                                optional:
+                                                  description: optional field specify
+                                                    whether the Secret or its key
+                                                    must be defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            serviceAccountToken:
+                                              description: serviceAccountToken is
+                                                information about the serviceAccountToken
+                                                data to project
+                                              properties:
+                                                audience:
+                                                  description: |-
+                                                    audience is the intended audience of the token. A recipient of a token
+                                                    must identify itself with an identifier specified in the audience of the
+                                                    token, and otherwise should reject the token. The audience defaults to the
+                                                    identifier of the apiserver.
+                                                  type: string
+                                                expirationSeconds:
+                                                  description: |-
+                                                    expirationSeconds is the requested duration of validity of the service
+                                                    account token. As the token approaches expiration, the kubelet volume
+                                                    plugin will proactively rotate the service account token. The kubelet will
+                                                    start trying to rotate the token if the token is older than 80 percent of
+                                                    its time to live or if the token is older than 24 hours.Defaults to 1 hour
+                                                    and must be at least 10 minutes.
+                                                  format: int64
+                                                  type: integer
+                                                path:
+                                                  description: |-
+                                                    path is the path relative to the mount point of the file to project the
+                                                    token into.
+                                                  type: string
+                                              required:
+                                              - path
+                                              type: object
+                                          type: object
+                                        type: array
+                                    type: object
+                                  quobyte:
+                                    description: quobyte represents a Quobyte mount
+                                      on the host that shares a pod's lifetime
+                                    properties:
+                                      group:
+                                        description: |-
+                                          group to map volume access to
+                                          Default is no group
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the Quobyte volume to be mounted with read-only permissions.
+                                          Defaults to false.
+                                        type: boolean
+                                      registry:
+                                        description: |-
+                                          registry represents a single or multiple Quobyte Registry services
+                                          specified as a string as host:port pair (multiple entries are separated with commas)
+                                          which acts as the central registry for volumes
+                                        type: string
+                                      tenant:
+                                        description: |-
+                                          tenant owning the given Quobyte volume in the Backend
+                                          Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+                                        type: string
+                                      user:
+                                        description: |-
+                                          user to map volume access to
+                                          Defaults to serivceaccount user
+                                        type: string
+                                      volume:
+                                        description: volume is a string that references
+                                          an already created Quobyte volume by name.
+                                        type: string
+                                    required:
+                                    - registry
+                                    - volume
+                                    type: object
+                                  rbd:
+                                    description: |-
+                                      rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
+                                      More info: https://examples.k8s.io/volumes/rbd/README.md
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type of the volume that you want to mount.
+                                          Tip: Ensure that the filesystem type is supported by the host operating system.
+                                          Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+                                          TODO: how do we prevent errors in the filesystem from compromising the machine
+                                        type: string
+                                      image:
+                                        description: |-
+                                          image is the rados image name.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                      keyring:
+                                        description: |-
+                                          keyring is the path to key ring for RBDUser.
+                                          Default is /etc/ceph/keyring.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                      monitors:
+                                        description: |-
+                                          monitors is a collection of Ceph monitors.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        items:
+                                          type: string
+                                        type: array
+                                      pool:
+                                        description: |-
+                                          pool is the rados pool name.
+                                          Default is rbd.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly here will force the ReadOnly setting in VolumeMounts.
+                                          Defaults to false.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef is name of the authentication secret for RBDUser. If provided
+                                          overrides keyring.
+                                          Default is nil.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      user:
+                                        description: |-
+                                          user is the rados user name.
+                                          Default is admin.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                        type: string
+                                    required:
+                                    - image
+                                    - monitors
+                                    type: object
+                                  scaleIO:
+                                    description: scaleIO represents a ScaleIO persistent
+                                      volume attached and mounted on Kubernetes nodes.
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs".
+                                          Default is "xfs".
+                                        type: string
+                                      gateway:
+                                        description: gateway is the host address of
+                                          the ScaleIO API Gateway.
+                                        type: string
+                                      protectionDomain:
+                                        description: protectionDomain is the name
+                                          of the ScaleIO Protection Domain for the
+                                          configured storage.
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly Defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef references to the secret for ScaleIO user and other
+                                          sensitive information. If this is not provided, Login operation will fail.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      sslEnabled:
+                                        description: sslEnabled Flag enable/disable
+                                          SSL communication with Gateway, default
+                                          false
+                                        type: boolean
+                                      storageMode:
+                                        description: |-
+                                          storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
+                                          Default is ThinProvisioned.
+                                        type: string
+                                      storagePool:
+                                        description: storagePool is the ScaleIO Storage
+                                          Pool associated with the protection domain.
+                                        type: string
+                                      system:
+                                        description: system is the name of the storage
+                                          system as configured in ScaleIO.
+                                        type: string
+                                      volumeName:
+                                        description: |-
+                                          volumeName is the name of a volume already created in the ScaleIO system
+                                          that is associated with this volume source.
+                                        type: string
+                                    required:
+                                    - gateway
+                                    - secretRef
+                                    - system
+                                    type: object
+                                  secret:
+                                    description: |-
+                                      secret represents a secret that should populate this volume.
+                                      More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+                                    properties:
+                                      defaultMode:
+                                        description: |-
+                                          defaultMode is Optional: mode bits used to set permissions on created files by default.
+                                          Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                          YAML accepts both octal and decimal values, JSON requires decimal values
+                                          for mode bits. Defaults to 0644.
+                                          Directories within the path are not affected by this setting.
+                                        format: int32
+                                        type: integer
+                                      items:
+                                        description: |-
+                                          items If unspecified, each key-value pair in the Data field of the referenced
+                                          Secret will be projected into the volume as a file whose name is the
+                                          key and content is the value. If specified, the listed keys will be
+                                          projected into the specified paths, and unlisted keys will not be
+                                          present.
+                                        items:
+                                          description: Maps a string key to a path
+                                            within a volume.
+                                          properties:
+                                            key:
+                                              description: key is the key to project.
+                                              type: string
+                                            mode:
+                                              description: |-
+                                                mode is Optional: mode bits used to set permissions on this file.
+                                                Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                If not specified, the volume defaultMode will be used.
+                                              format: int32
+                                              type: integer
+                                            path:
+                                              description: |-
+                                                path is the relative path of the file to map the key to.
+                                                May not be an absolute path.
+                                                May not contain the path element '..'.
+                                                May not start with the string '..'.
+                                              type: string
+                                          required:
+                                          - key
+                                          - path
+                                          type: object
+                                        type: array
+                                      optional:
+                                        description: optional field specify whether
+                                          the Secret or its keys must be defined
+                                        type: boolean
+                                      secretName:
+                                        description: |-
+                                          secretName is the name of the secret in the pod's namespace to use.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+                                        type: string
+                                    type: object
+                                  storageos:
+                                    description: storageOS represents a StorageOS
+                                      volume attached and mounted on Kubernetes nodes.
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is the filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      readOnly:
+                                        description: |-
+                                          readOnly defaults to false (read/write). ReadOnly here will force
+                                          the ReadOnly setting in VolumeMounts.
+                                        type: boolean
+                                      secretRef:
+                                        description: |-
+                                          secretRef specifies the secret to use for obtaining the StorageOS API
+                                          credentials.  If not specified, default values will be attempted.
+                                        properties:
+                                          name:
+                                            description: |-
+                                              Name of the referent.
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                            type: string
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      volumeName:
+                                        description: |-
+                                          volumeName is the human-readable name of the StorageOS volume.  Volume
+                                          names are only unique within a namespace.
+                                        type: string
+                                      volumeNamespace:
+                                        description: |-
+                                          volumeNamespace specifies the scope of the volume within StorageOS.  If no
+                                          namespace is specified then the Pod's namespace will be used.  This allows the
+                                          Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
+                                          Set VolumeName to any name to override the default behaviour.
+                                          Set to "default" if you are not using namespaces within StorageOS.
+                                        type: string
+                                    type: object
+                                  vsphereVolume:
+                                    description: vsphereVolume represents a vSphere
+                                      volume attached and mounted on kubelets host
+                                      machine
+                                    properties:
+                                      fsType:
+                                        description: |-
+                                          fsType is filesystem type to mount.
+                                          Must be a filesystem type supported by the host operating system.
+                                          Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                        type: string
+                                      storagePolicyID:
+                                        description: storagePolicyID is the storage
+                                          Policy Based Management (SPBM) profile ID
+                                          associated with the StoragePolicyName.
+                                        type: string
+                                      storagePolicyName:
+                                        description: storagePolicyName is the storage
+                                          Policy Based Management (SPBM) profile name.
+                                        type: string
+                                      volumePath:
+                                        description: volumePath is the path that identifies
+                                          vSphere volume vmdk
+                                        type: string
+                                    required:
+                                    - volumePath
+                                    type: object
+                                required:
+                                - name
+                                type: object
+                              type: array
+                          required:
+                          - containers
+                          type: object
+                      type: object
+                  type: object
+                type: object
+            required:
+            - xgbReplicaSpecs
+            type: object
+          status:
+            description: JobStatus represents the current observed state of the training
+              Job.
+            properties:
+              completionTime:
+                description: |-
+                  Represents time when the job was completed. It is not guaranteed to
+                  be set in happens-before order across separate operations.
+                  It is represented in RFC3339 form and is in UTC.
+                format: date-time
+                type: string
+              conditions:
+                description: Conditions is an array of current observed job conditions.
+                items:
+                  description: JobCondition describes the state of the job at a certain
+                    point.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another.
+                      format: date-time
+                      type: string
+                    lastUpdateTime:
+                      description: The last time this condition was updated.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of job condition.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              lastReconcileTime:
+                description: |-
+                  Represents last time when the job was reconciled. It is not guaranteed to
+                  be set in happens-before order across separate operations.
+                  It is represented in RFC3339 form and is in UTC.
+                format: date-time
+                type: string
+              replicaStatuses:
+                additionalProperties:
+                  description: ReplicaStatus represents the current observed state
+                    of the replica.
+                  properties:
+                    active:
+                      description: The number of actively running pods.
+                      format: int32
+                      type: integer
+                    failed:
+                      description: The number of pods which reached phase Failed.
+                      format: int32
+                      type: integer
+                    labelSelector:
+                      description: 'Deprecated: Use Selector instead'
+                      properties:
+                        matchExpressions:
+                          description: matchExpressions is a list of label selector
+                            requirements. The requirements are ANDed.
+                          items:
+                            description: |-
+                              A label selector requirement is a selector that contains values, a key, and an operator that
+                              relates the key and values.
+                            properties:
+                              key:
+                                description: key is the label key that the selector
+                                  applies to.
+                                type: string
+                              operator:
+                                description: |-
+                                  operator represents a key's relationship to a set of values.
+                                  Valid operators are In, NotIn, Exists and DoesNotExist.
+                                type: string
+                              values:
+                                description: |-
+                                  values is an array of string values. If the operator is In or NotIn,
+                                  the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                  the values array must be empty. This array is replaced during a strategic
+                                  merge patch.
+                                items:
+                                  type: string
+                                type: array
+                            required:
+                            - key
+                            - operator
+                            type: object
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: |-
+                            matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                            map is equivalent to an element of matchExpressions, whose key field is "key", the
+                            operator is "In", and the values array contains only "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                      x-kubernetes-map-type: atomic
+                    selector:
+                      description: |-
+                        A Selector is a label query over a set of resources. The result of matchLabels and
+                        matchExpressions are ANDed. An empty Selector matches all objects. A null
+                        Selector matches no objects.
+                      type: string
+                    succeeded:
+                      description: The number of pods which reached phase Succeeded.
+                      format: int32
+                      type: integer
+                  type: object
+                description: |-
+                  ReplicaStatuses is map of ReplicaType and ReplicaStatus,
+                  specifies the status of each replica.
+                type: object
+              startTime:
+                description: |-
+                  Represents time when the job was acknowledged by the job controller.
+                  It is not guaranteed to be set in happens-before order across separate operations.
+                  It is represented in RFC3339 form and is in UTC.
+                format: date-time
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+{{- end }}
+{{- end }}
diff --git a/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/values.yaml b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/values.yaml
new file mode 100644
index 00000000..b6b4b832
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/charts/kubeflow-crds/values.yaml
@@ -0,0 +1,47 @@
+# This namespace allows you to define where the services will be installed into
+# if not set then they will use the namespace of the release
+# This is helpful when installing Kubeflow as a chart dependency (sub chart).
+namespace: ""
+
+nameOverride: ""
+fullnameOverride: ""
+
+crds:
+  minimized: true
+
+admissionWebhook:
+  enabled: true
+
+notebooks:
+  enabled: true
+  controller:
+    certManager:
+      enabled: false
+    webhook:
+      enabled: false
+    enabled: true
+  pvcviewerController:
+    enabled: true
+
+profilesController:
+  enabled: true
+
+katib:
+  enabled: true
+  controller:
+    enabled: true
+
+pipelines:
+  enabled: true
+  scheduledWorkflow:
+    enabled: true
+  viewerCrd:
+    enabled: true
+
+tensorboard:
+  enabled: true
+  controller:
+    enabled: true
+
+trainingOperator:
+  enabled: true
diff --git a/packs/kubeflow-crds-1.9.1/logo.png b/packs/kubeflow-crds-1.9.1/logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..f29aa94be98bf28c23b6fd4d91416b6723daaf1b
GIT binary patch
literal 54864
zcmd?R_dnJD|3CgfW+5w)?N|v}3E>EF>=Cld-t!<UqhVzoD|;OzD|>~KQ1-D!!#-xo
zD8lD{cs^gR*Zcb~eCyILob$Nf@3-6acD>!Mx7+<uq_(CqIT<4v1VQ8o6-8YLB3Qxw
zBOwAm(I^;QfFQi54hjm|2n7W;cTYE42WJ}y;!OxjkXCuGP5bPmUNz`0(>mK+e4doi
zOUh22Qtc;Xc?R}l?-q)L>@o4^#+zgngv6}T`o#2hX3VC9@;~tAR_D+w99-EMw8ote
zzj?|X2OQ@F3=;m`718UDy`1ZqlAzl8RNY6Pq%EI*_6PejkI1xxOkVEqMi%>{2ygmD
zqc1_h2018EhHo?xc4@BnI<It&WTXuE<=pIxLfsD3yk$E?7|Gfs*z&il>D%iZyJs;-
z$LyQx*J!8jxmp>B-JRo`i^z9O+8S&ubN@0|mQq^gr*+(+t!ZMkBvt+Z_Bw(q;v!o?
z6!oXq7YofeKPW~G%(EP`cMGA^xD834Go614f4cDd-O0Co=l;J7Pcmqu2(pCgkA(5h
z`G(%<uWyfYY4N~6mmSJqzF0XLnx=(u5)kk_x8p`YKOvy;g+S0Z<Q<Qh2uzu5XnXnB
z+e3yRy-SxH3H`@sn#2b^4j{CH!N)7#zFoX5puN}J-O@6>yyvFn^+@i8qG$cxJjGJr
z7a~hFWku)&_cyn-I1&7W)Lq5M3xWhWasTih7Rvd69}*)G8cM{==SlG?gbp*L8^Mnl
zkV^NE3T`egHm*oW!PDje(#D$2*8yqIri{?gHVmbphaffxp(ua%;q>~fU*O%{spFq(
zvWal~MypvzIuuD*`T5-I=iI5w+OO{Uv83LzJWnEctFFR@u+F%^K%my!!AZb{4&Rc_
zNg{bXN)ZLud8}qa%k^!1+}M;#g-vw%_z185DjtDkV&Ask$;d?MGwUTOyMaunfy^xd
zJg~w4AO7iq#L2T?=q(>6oP(fYVGdvdX-l70)_F|6z%tc7k+7MxpsNOq0D=gaAqa_T
zNj;D)FLzAZ!BQT5Ek|vVS~WkgoH2-}h9Fub1jXMGWo&)@(kM=au`Y&{l&fE2M0~!t
zJfRbUCWY~+ASh&S<x5#cgWiDL&C1L36+BL>M+s@<vPq*5WG`2dO8|vviM4#`ZW0UN
zImTKh7R9hWpo|B*!aaNlPdxgs3Ze0}l174d+epM$2Ez*C{yqd91d&OB1rj`u8@CEI
z{B?D6A|5T~m>oQdn-Fh!^+^|Y;cWYXVbjJ!56j_kjYwz4M@Lsvi&&FJvm&2xA+G%M
zh-c~k?MfIW2U!|FqY9G_w5_`Oz4Ijm5HH{*h*hNYUAuKfi`3dy)6O%5L<8+wcp~v<
zqIz(wFbW9T{*vi0cPlAHWp$V^_*etc@DwpCBK%;hTKpg5q&{lv++R<@Bns|s%!O~a
zAw<uUdB0~+*dVXJ@XsT<-uSUNebJ&sNXb5C8TU`z{PChlE8_FlDb=$b_V|hK9tR;T
zdWXUr5SUhZ^@-SM6B?8A5L})Zf+QUbTI0mAo7Wz`{I73bFaEQ<sN?EiFA;%+QPF4?
zA6|zxwK2Qc*EY^dXU4Iv%Mto1b6(H?wk{$?mN0ck+rIgcWs`tSH2&%F+1Bp15C<{t
z<f4TZdi0E)F||KA*YWBFA+{@oiV)OuSIzv_+_b)I*X$p-BsqoaP>kf=0WOC|wf54I
z{by6VkEjpHA-2yyx(K13n{~adsZq$37D0DIeVa5HrK`iQO7>3@kioGz=WnfHG-S*t
zW?o%Ys~W>Q_58HMvFg{ln?r`TMrqUb#2lRSM>pBi?EB3Z!u@j#Q9k{N#cyT`vBX^7
zz8nt_d%#x!tsyQiO|StCsutoSN+_SN+eEvqiX~>MQp4#cTLCaLt)9E-;dU}Yz20gs
zMxRHLIz4cMAnhSMXfl6~>#KzNs->tITS<5L@kqg5`Z24abb<Z`%TCDzfk;;Tpk(9!
z0$}e9U-1o>%74g~;G12;nj(}~4+kr08=pPDRwE9hE1&Xy^f*J1Co<TC6Wjejw?SQf
zvZWIb$_0qu?&?UE)h;SQb*WyppI0`9B^xG9i(sP0Go?<phIaVB9Dc4fz-*KYYsg8v
zy3r7yBBf{6vTd5u@MWc%l!C6aw3{joP2r8`&U|sN$bCv(f73rTyfXvFc9^X4A_u$V
z&vFq2rwCcl6n5MGzS-QT&huz4AQrn6MSaLvqO=xE^tJHqZX;R&Q80T$HGMg>Lei_T
zoCAOw7&5-j(a_KDvg50?uG(KYV(SMLSBWU=4KUG~bpb=g^6kmft;|1kaDY>vh~sad
z|7R_0Lf?j`8jMz<ZG02L(m%8;oRW!HEgVlcKG=_q{;3l&Q=(?Rq?*p!SivHJ$^Lh(
zgjchVsWha9)eY4cYagGy;S!5sGPBe|S=ZW%|EBNXbwc1dD0XqlSYsNx<6d`1o}J73
zN!J}A)0UR5Pu@-HN50!;D`ipCEs0_U;>GU{n|2yod^lrjjjomWcaWICX-`8bSFO)v
zbJpK?0*k6Z-JK4#*nJ<R+Y+x>;H~_4i`q*-+yQbxYU)ThOgDPU*xPC{oqmgLgXPh9
zfX`ZC&8&9`nn3FJTFRRyoyb?A^^w*E^P4y9sy4kQ_|U`HY;SB4OQn;mesbYI_E4;N
z@N^4f{PI^l?XOmj-^rCciHv{$9QUQg8f&x~sx_y>nnyiPDQOl^(mw}7-rG3;Mfw7=
zElm(r8=%<kQ$WmUG&PaU_T9d}Vn5OJAm$#epxzr8cKmt?0}aji?Xzv(4;Q$%ad=NP
z^#v9mA;S?g;*pieTa%OMS?joZbP*B9-%P1{G0Tu^c2u`4M}x)r%0GJy%%4vEdtVDn
zjaXK_s`_4fAdX*ky%fe=?pODvv<a@pMGlL3UVjG@XJU-}wJ^UfGj|p<CVt4m)E5p>
zXatH3vt#?KSp16jwdf9|-dPu)$D7GWMhEMdI+UwhjKjf{M?l8SQ$`B8RJJ!rnAgUR
zy@03^J1z<KSAEQXIQ11FV_dU(q?%a48Ch04fR;AV7#X-~_YRN@0OK~MK!YW9%~LdM
zl5~rp{6X%g;h^&D1)QVf&YQIx`pcQhAGnB>a5JoaPP{Ya1cD6Y4mit8v&F>+FH3A0
zM<RoLJe5k0l6DHjYsM)lEFF`SMD{4s^7Jt>q1XeD#XWqFGuUT*2&`?XNEEA0JV9zG
zm1KRq6fvHn^!*ryy^iTY<e~qBuC01-Ztwvcfc(SOtKUM*nU2g)YvXcor@!^2P@uv}
zi?=4mIcCM#h<1|&p^r{D%rL<yc$!H(K+DK8okpZ}+W#WAW#z$}2NmxkMGmi+z>I4c
z|9X1O!m0i2s#+>!z0fkMv}fOG^y_Uk+1ivc!|0<_TYlu#`oA1b4!_52!euPJD{G8l
z?aX)gGaJ=NzfoaInVtqX14nEO3*YTp?HbIbKAWYgO68Wa#$^nYUaR^%B{H0Dv_?!!
z2r{P|CIoF~+WcqHb5`Hw67|^^&0d}%7qQu_j%j1qe!X-zY5HNkX6=%|&pC2F@fS#1
zhi_KLs~BHO)zwYK4%9zJ=Xn+ME+9N~Kw{)6YOg1$dl578VOIRsqg?Tt<b3hcFToEm
zSXk)BLj<OLtF<!6^dbIvQT$WJF*t8<D4T-ey0jA5<ZnCq-b$xYtfb_ZnoYVUwS6(b
z?Omo3t<t%`dqk(+MYEV~5F5R$L`W&?dJxHWqD>3<KRHvG@B<*d!Keqv--R<y%AcT+
z0cz2%*@2m@%4fz$qF+?*P>X6Li18(!PgkQiNSUUbvK&rtnWR*G=C6zSf)1s41OJM`
zDwhi%eOqsA)nGeyz<P*M>ED`?e*Ws5ybG+wi$yJ0)ts431dM;BJoNBV-9-^45OGuk
z==Ses0fcy;A>@9*hrmKs2BPK}vtrv1RZ}~C2bSb=4#A(_jz^D|5#=~kh$8SEUJs+w
ztzWunG1^p8otd9ix8+msdu_dbG45!VJ(DW*v*)XBLREwX`g&Uyi910kc)AM;S&4Sj
zy8J-s%w=p}qyN}9Rd_qxOOe^J<_&s;EE%h&;}l#b&yHV<v(&kX%+|&n2^;RFDo=Zz
zd8_Bj*yg(k?ySo%Dm)!jZpac#nCTi>HoO)u5N~-WH(zn5ikGQ*rBDEycYUaiCj4{a
zKVRFmd=#ZV@d9aoDW~JBnU1Z6W%L~<+j9C3man{e2Pj?Qy)K!&bc<oNIUjjiNW_aS
z3GBPJwyYsjE5u5!mF7HOo7$D3v(sr@85=!hp1!3?*;AG;sBuNEgN2O@mm%Tf{=bd3
zrpi+Xd?qAdK~ifu@oO7H;?_It_37nT%8hm(<slkS=R_t&xo59en6`_F@=%<9&%plP
z_m<jAj;NL*)oCH+Y=ci|;Yi&>0+XA@UYGoCUAW6%a>aq|{NJ&{t-Xh4UZt<DDV^dX
z<azBkzpuSy$j~&wq*`S`8HrTE@@sWlRms4D-fb54#zixK*ogml%{5LJvcB1Gd*u0@
zv_3)cG&3`N|IU4KH+1cmsM$4#2ByHMcGaYnyKUo)<!N>1w6yjK=mG?R(K;PMg1&oa
z<W-~iS#;*A-D;kutk$+jM8=}$n1a%SUCk<g{|x`^U;nVycI<FaLn;~;&w0#+-AlPN
zd+X25fVi8d>t$KKi~b@(f=obvL^Ut}&<pA|Q@GmeOlJaEbnU2A@F)Tn?`7)tai;(u
zJ1!LS+Lz=UuAYm(6m9UwPOn0ZD~p{kWnN1H>7Z^?a+EE=TAuzvRy~h}Cc1;Yq16qe
z?iFM=qY{vHwpzl=py4=eb;HKB(LhP_X6*JS>O%?>Ib%_$ps%^`Uf6~fV-L+0jaQ_o
z=FMKx!z*W0>QnKea(nyw=v~p6kHyOy7`LmcND+`8obD9RUlMo9LwjQ2EYmQoIpS;f
z^$v5`nfqFzn_4Oo?k4zZeW}Y=l3IEqV$z#^u{_=Xq~wMWFUdj;fbgZ&)t?3HerEyZ
zJgYYA@*uJ6Tv4ehBdS>VjTL4%QrF2cE}}70;<t6vqubPPm7@;+{vQBq*9Bb9M-;y(
zF~)?vku|yzRF&V!Vp$n6-bcjB*vO*iTKSt2*@;hhF#hEG9#1}w>qBmdxi$H&&6*Xf
z9TcGz9?}dYN9wj@%WxX|3hf3No7Aae@X&aH`5(CdMR8^Z9-QSxJEny`ja#Kz7ZVEO
zKpeQ_E1ta1cOOn4UU{k{V9Yk5f`NQi%61&QW^V!*FEpOR$qLDrK27_&2?L%JcM*pP
zJ?*XWBFtW<k*&(K!|D3V4H?)I75vGMiFzXzw<q@f-&8c|>!)x~;b^hP^L+MxYZ;vW
z1u|4U0M(=XhPC-wtYFP@1jn4G`PRI~D|S*gRO0AZo|ubOm8~X=b2$tjx1`b1|3FxR
zdMc_H>8KQW6vdk_UOW&-ra_L1LJ&lZ@}pb@W3k2h9!}g8r|Y@Lm2D4pnp#XO`Hj$`
zU6^+?#v-X(p270#Y;+p$Aac0L*<5e{zL)2Eu&r&P#&inA2me;h4%L_Kb`gtzLzRMd
zzmD0mJ1E+n;$w{pQJ_MwLhGj5Tn=yERpVS|p2N{_h@ipeh43aZCCohpA#6L+Ts<w;
z_LN5cP})f4z(O?lfyB~7%-$4!Z~`y|OtP|Wd7RJsJ+zG*tA@g-cKC`YGkt&cle46b
zqWM7kwGk#1)I17Q7YXWMGnHmf;%prx{V#oUmS^dXMKqE=8y6)E_4E54A%OjxCgVtM
z3#5!b77Ka)8pyE+FW0zZtCKtNa8`8SUD|w=au>lUtvBfHqLgN)adG&S-^@OSTZXTM
z(g9-NNkX<iZTA1m8<2eym!NYwvoN!lZa6$g7=A*EMXv8q9ml!tjgjix@^wULx|Gwu
zG00Uml}Z7N39bI>NA~~rbUHiMB;FZ!+ZQ<^loNUeyc}#Ujtoc2?g=_5mKJ?+OF&W~
zAS0Vl{2-?e_d^;T96P@C5xe34eR@{h07Hj5NKgqc7j?LoKYFYR&NcSULS(`WhG$*=
zUkC&1{f_^`-x`qM5QgUGVpicuaBtGA<gM{jq$-!(ee{r5fGWBJugRV0Z*7w+lVODg
zC_G4T(eg&WWhS6R#jeRI3Vnot=}Lg=K_ZgfSk7WDz();>NIgIi#p@lfWA+11;afI=
zvmaYrp9Qw%67fM)csj>OHjMfw-t2Bqx^7UY()WCEx9slp{SgIJEDt%GUAd>jfjnY1
zP30cy)Q}5h&B<-Pr91kfW-td|YD9FZKp}hNqdjgNMJI#S;6Zd{;<<QwyDpse^H7&7
zk1`Pr#hIjsp-$*e+XG$t3@pCKS63<VmeM!Xec2pQJ-vVKC2n$)vbFyo-A9cFP#9nL
zFMe^V4~F{kOC_<3TXn-cKf*vGD_FCL3*`^a*YG6?X%dQDOT9BGeTok@r)#EI0-N-!
z4rOS3YAo#tzpBesVa2s&wZOrSr0n>+w;3TA;NQNxx)Pe|lX5^15HiD;F8vyN)Ob6{
z48wr3gkc<5f@&1IYj{m-fozf`_t(bIs}Q{HE|b7g#5o*1X*>e74UlF1U)kq*3yZA0
zr~254R?xp@H7FgSr-J|1#~FomyEsxeKR2#;8kEiI8&`!W6*R<0E@M`x`%!m*%S3Po
zYCVZVANmEK8`Au5gW)1E&dZwLH|t*`tga17EJ{67Y~FbrWSc+gsKQ}fL;oj_#l8e>
zh9G!LLH3`P(CNm|N~i40la6&nJXS$FHSHXI(mf<XC_1^eZY3aP*!B1vpp{(0JnXB;
z#rh;(++h^+tA@`{Y*tixnhEL!Q-35mzah??1ANb$ulKJ)hciMPwUcOvdF4q0MI4&$
z7ypmiYfOJ3Z!X|Y&SGTi6v1IEPX4IX)G+>Bh?tQj#<weZO<vUNH1K~!{vWZY0xPI}
z;h>oR<dBh5XxaPNLgXlYUjfScHYga>-o2J?qW|HcI*w&r&gzcUHv%65g{VK?a!tQ$
zWGRZ^F!o}6W3l3Y`x+T>uGc@H{V1S@V?h|APUzv*^`Squ%_^8p7%Fekw7IT&RFFH;
zes=g<3vDAyDv}qNBERNG>S8mOx?@-8le&wz@QM!yGAig=p;{j@6wLxd4PR<+(xKBQ
zaG}vrES{EG8Oi;s%Ba8yHK(h&y+C@YRXw`t_u7Sx3KwFOqiqYs0jjAgQii%zk=Ab}
zj0@j&r%t!yjN<*MT-`9?T*!rAMd;5RXxFqCuYDs4a8V*3S8-M}BXsd1t)He0iFqO;
zWpI25ctdQWl8X?H$EJXTZrJTv_b%;#$2V~RVS0VPE?AIcmmFcI5|yBGiTQ<@9nYtA
z3RJ{+CehY1W`1)zMhvnJ-Q}MBF07Grv7w!Y7#CkpSzNXoO;a<listi1e%i-6`J;kt
zXJ+X%RnuSuzOL@$M*Q2W?8L(XK6LtwvAa49jhsJbTuHvK(`et+(r;9DIO9#`0QFe@
zFMe^$r2V7zlEkW~*FK_&g4^1U9`ojd8rx9q6*nm)$&n=XwQyBbc~WE!=dtE{|3cRU
zMU<#A?j)|Kl;6n+Ojon^_o0LgZ2SQfA7F}6$ip7suzP9)&GE^Vr%t{T_nHJ#OXMOK
z`WVKWk_-1lfereU%rBkuzm3@h#_JZi;V}K1Y7f%E!O7vqKh;JHvJhbdL+KHJ&w;6K
z@WZHnIu(rvh|`1M3I*T#8g=k*s{$~^lm8EPm#?{aFbCXDbAd&zG`94+4z;2*Imscv
zRijkb)t}8v2Kq)(r+cLMPt`1#SSu8{fIidZ!k=$A{v*ptp`rh6Q~*p&;{6A{+86-B
z8sqoy<bp$E8Nj%jk6G!P9|>K0N)SSs^RxZhgunw`QEu+Cr*Ir9HXb&9l+*tvHK?Ad
zGM%jGdHnV;I8rx5p88Ca3X6ZLrFVedj+^?wM`xHs?Y{r`*o7bxXBO7&6-T+A+d&!_
zNl=f#g!(FY>qt8<mJ39893e0d(0EXeeGHm4{HzH}jl<G*%fEV0N0&Wvp`U91XNq<K
z=%5&zTzcA~tV;)0qA=pe?v1}F%3*G3IK{i4&G6L|XUAVr>vj<V*1!6%EHP&C*0fV8
z)!It@w%Ke>fI;_*%SEvR1|zjKpEg)=01TZGT;f0KxjwYGDV027X6~50))*yXqDYJD
za}J}9*<^p<hwwTli478%c`dn{0Np{z+{0H_`sUUJ@iBEP70x)y+KOK^Ha=GX7j9b0
z@iM&90pc7AQK?gH=DBVrS21JGMgd~jIzX6JV4_ZtoHOQ)L~;IT7mdRI%5n%k{RFi{
zTv6H`Q(GK?3tyvxX_?EzXc~eMeL-?|s>U6phc9^?t9?J33P`Er^NE@~q|i!PgV=vt
zY~WjI=6zZTSjI#OE-L4r2G>g13l2W3fyAFK)qb}K3&VrVEUVC~q@2!pILNYD{mZt3
zW)8Xxk>3<hOHzV5wsAP4jrkR(9kZ2$h(Wnd(angFe+id&1)lowe}!JU;?T3`tEwBs
zXHJ#jbHEwk`Oh*niQWImHA3bUT5|rt)bZOIXB9HZ^g_A`kfGcW_WfnM`MGd%oEnF$
z(Tjo_a=axiG^A>$Sio4m`_-08w}LNf#_K>y{mv)$<zSi6_>aWB2J$Ds6y&largo@v
zkoB8X*eoNrxRqsx@u>k5{)1S0wdoke*Jc$BR(#~3@Dxk>CDq=kE&)a<*2(|rt@RO4
z0N+j`;wttYUmKl(WpS3gP#mJ*Ytk&^tqG3=baCa)jM;fEIuzJsp*ZT%3?@H=ht+P2
z3WwNfoBvUFi6qngySq^$^JH#2i+@EoL5HGPg#fDlVvJ~L=n^}^H7IaEve$D-WL?70
zo)RsI&yWx>;sr}UF~&ksAMP#}v4hx<w8=vF)~6R`>ARks0?Ao$N$7wo3QOjj^~niO
z8ar6NMkjadZlZOHS!tLC2PxEJ1f(6}*})!KXOGbXIC{ZJ*y5kQngZjbLq&s`RC9Ho
z0o5IxWPQp#t4a;U(;IWm(!8i(HFOoaNDQ3JLg(dc##s_3HYA^?W_49<V;@&QM&Du~
zdX+p1G5}lq7Za|2N>jtQD-K#zxNlH+`kG9lg}Kf6MuuTw5$ff<b=b~}9+H*6j&6^L
z098Z;Eo@;k(BTWst{o}?VK;%{JmLS<br7}u6XJdgR+D_azCHw}l-!H0S>Mk}-qftX
z5XUb6X|Ca-!~Tos)_6;cX6lXxB0QcXe*t5GS`&W`YEHwEZ*qxi&L{|~)&Hlpwv8tV
zws-0O2)i(`hu!D`n!<5KTB_7v{&HFv7Z4u5&kZ&rfAualmrh@UQ2>Itp!aW4{HoE7
z4omY1sjC#(&l45V`^S>CNINc4={p2%>>H-G1!(K~@=&LoeoOF1aN(9Q(+WR}V-%2d
zB$!X$N=j+7Di?8Vc}PU)m;}-V1o?ERp<IKuf{qqCXq-7c08JpP|5FlQbC95xKWJ%s
zq^Fag*t9HQd^WN>&y}1=1m!+9Pe$tfQxxOAh@Rps{VOUwF~M~PT*OA8QZ%xU)TTb=
zIxacN&2IY>L2Ot5Pjd|zlFFpE;}A`TtU`Nn(It>b4Ifr%cR!cv%;t##o$Fs-Gdp^~
zlIQ|-OYL==g9D?*J<2%%-3a(U(6!>CizksXvM)MOO`3cR5CW!zV(v2BCDP!0QfxLD
zenA-?hcrYl3bT#ibQT|G%g_moH~R2bNv?w+sJ~DML8fxf44v-D(t0+tJm6Ynf?hu!
zS3QVE^qTn(sQ0Ev?~E?Is}HpYaKY&Goy|BhG-<!C!zT{R%pxmzp4s=??{th`>Zjqa
zCxGg=yb-;%h0l9yojcrRx-HAWF|+RW&FXJds1~FYtN~>nQ+eY&2<Z<3&0}Vq2z==E
z2kz8#XD<c|Zil93ES9u;(uDQoo#;n0zbC3sG?)LkVvcA3LTRR;oI2$N4m-6gJ5V?U
zaO1ZI*3|G9OiKA!Th=XCn-9jBiUit2!%F|oNybpI98}g9Q?a#R;*kRimYSZpySX1M
zZ*f2ij}1}{(rZmIUfcrwyrVRB7wRM;i0oP0=3;A|oOe3vTAa!Zuw-cm2_zyFSuGXi
z*9tS0U3&A~+Y2%Y;F|u18I@5&=L;7@u}ybN8F@g;wg)L&Waw}5m)0J!2j$2@Gy&pV
zT8}#AX!43Ns9~Pp5ps4JZ$-&!FhcQTm+gqOhZ6c7Qv-zPu-AMw5^Cil*&esP3{m=y
z$+Lg#igKVuKyZTxnG8c88i|<`(%Lb;0u(!Rl;Q!V4d7D9*<ApoA{oRv2G=Z81<=w3
zI=!^$AE6%dyngIvO=|d>pKL7=?@EuSH-FHU0k-t4f)2a(ZS&ykCy|yo(6#WYVx@Wl
z=ElSh5d4n){!LNHEUvQAs`#HF2~30jGS7Su2e+Apykwkd|9o5O4Xk037qlYsT$BJj
zS|ZxuVb0x9L4%iGHdleQ^(B2}s*CQ9!Klh{6J_tj&BW1gz+4+B!PcIeq9I|ix9Z&s
zDU%!=RT+ER9$(w_yjoJF-<AC2Wh?cFuZC*;IY=?q!xql+odp@_DQvM3&OZtQjGgZe
zN008BI%5iNT|4z@eZjDqu0{<Fv4efU<-2{N{1PdBCv0q`5`qYg1{S4S^ZS-SPF)&3
z{GL~<IO9tJruXIO<b&Mj87U5}*(||t%6S;s+JB1MI2ZaPr-tVhsWMuPdM-d-8fw}D
zocq7H+KP+s(NaLNc=LTgTvb`koOU46D%>Zuqa;0h!o&-kQJ2s3wqEn+!ZyH|sOigg
z1}{cM?O^K~`9K0Iw}8non0#1nTs3nkl81#c{i-emMHTan^<oEZW-V%HdsKS5+FuGR
zp%}S__Ivez1e`pDqmQ8<ZVC((#OybombKJ3;ZP63>5-KW{;ec%Q#w_Sp6`!8Pb!wo
zDo}$;>et}MT18zg3>0q#u$J5VlWzak&mT2kYD|Q(Hb7^S8P3t;@fBd&4W}lP9w|u@
z$1hGZ+1;oz6-rB^p#)&Y6#Zwk(PwsuBH4Zmro9zx&+Nf4=Oa;nGERk8_Z*_k?@D*2
zX>jm^oQGCB8_6AWk0^O=Xma$>fH`khtU6ABjup#Gs2t!Upq~3+`|-Pt#4;06f7IIC
zUSMpvvp8*OINQa#P2VdgPmO>m2c1k-#Qv{rpq6TzYf&DykSCSlke7z8UO$pbp6%-k
zB+KG0f6>&3!G&Vco)o#!*9R^Djx?IpeMW=7?cUxlsbg6~0%YY{P@J_cWlt@?1Ef+@
z-j!B}^7pjtI7Wy8q0*y@8_cJ~NM*v}?HGN6l=VRCWo%Qv+T8c!<!%x-Pm>r?ezMxK
ztFHZu1OU02!<hU6o7FqiJ)D)78Z}vNO&SA63%ax>m8Qu?3Ni1z>u>>QgUI~9d|%t>
z;StEgjwTe=Kf_6-<rA)nMHt?FV%$b~SALV|WnPR|K0Gv3PMu6V2eLf*7a?T-CD10C
zywR102hQ?&e$${uwLAXYb|>Xk)pbo!r7)AXsjVE;fe{u26Fz;;q@*|hm_?|6;<@d&
zC<%#GUCRiAx&ZB=+!iioRYth^!OBfh2fsL(-BjEh)*iIQW0`5UcYPMZClV1^U8Gh!
z6y{~6Trr^CxqS9S6$yGmW=XdK;)AWh{f6L+Al7ixWp6G7BpD9;06?93-N0Qrc5ANU
z7yrRD4TyBG`N6^|K_G6e>nP(yO<2;iGp?Hs;vQICKF+=-@bJq%8Cl)4jYuY0-J{0*
z&NkJH!_5Wnd?TAu(#1l=Ldu3W!J|Xg-_z}wt_TuF=?x^b%$f!pkL0VVa2Rj8dR=lV
z(i;d>?*jako6Gt6oNne;CA;#GsCpHzsZ^iqPy;OMHZ}atq+_Phr`>gQLjAMTvtFAI
zoy*VTB-Xn39<E=Ywy~v1g{zI`&6=ZNA%gF~(;z|_LvhgUGoHAQf>(H8OL5W+2#X~S
zA+He`lqDJuO$UM#qTLCs@iAoPDj`O&b@#ozR+mEs)Wn#7<r2I-r50q~Vd0U0%>(|k
z&%Tl4zke+0Ie@t|q11U%z_($Fyjc$e$3Rlnr5?8P40fQL$W@pQJdrFu*Te4iP_;OF
zXz&K$wI#6?GDLC0xgpmL7CRqqBRqhWc$gPCC*eYb0j0kFR2(R`gq9zft~5V`g}7K|
zGT>YqTN3n<axaO3jdTHD!tAbJ#8`r2t?l^1y9X~VdH{zFDR-v{NMM`LPJE~PLn2LI
zet#0eBwSqG>55C`rMu?+g#K`hIXd)KEl3@8TWgi{*>45Ja6Ns@+Yk62J&{Mhv2&a0
z>eN)r&3-zK(lF*bj6EJ8LPQPc8x!`VhQam2l@)bbq;-n~{sjFzu}BoJBk<cR^i>pG
z@XyfAnnghwyCNH0fGms#FjH9<Kcj2wEy8c*^swNoHqfmYrn9M!IBhEwa2<ut6I9O_
z%=dBQ;w65*F)X{#xY@z}qUUzZ`XYuaIq6qVzu7u5m%>q)XY93Vu;+XO8NKA!-e*Mw
z4yN2uO>?HV;o~V@BWB55dz>H(zu_`}!(M2SHku(8p9hE$=YHbz6#F@xCTZDI+I{)%
z*w^fZ(i&1xuz0+GelG_o+_=z61>b0;{9dW1Y)R*hv!IaZ^Oi#7p2uwvg#7W<U_>}#
zItCVRgUUl1D+LEcg7g}Y0Omn=Q1E7p_qc-tU&RSexa-2}Jw^%()XGxM1^@v!vpF&Q
z47j+*<qVG#$?CGKwarhuEl=6<!6-f&mA9E%E8&n!P|s+0BO8PYNJzu7OTgIrlEFSf
zT3HGg9d2HtUG-@qN;o$i2|f_dsVUuWwY6j98$rL~?kjDIi9YYPE}m!&oMep~A(M@z
z!s59W|85L<ZzB#tpLEoA><`z{4zKgb8pufgyaHALT-KFBciZcn)YNp+@L4Z65;Zvw
znHUE@v6k7**^(Ml%g<egIK$Sf-IH^!O&q~Ouf>ZvsDn;9{4`%JZW{BJ#EWgS0MN08
zGfCJS9hclD*ZoA?Bc_dELmY7t=KRny*<1bM)o}RAg@(^oq9WIh!S}<TyM#tnm8z-w
zAP@U4bI1)z1gj`Z4$1)whA?>;*ZBt2_?e|y-r#j7Co9CWmEu_ZVv^^xB;q)nKE6}{
z6W}r<lafk^q?<{gd!(<EzXf!^?YO^AAF^F7ha)C4MGUKd^3B`>m>X`u-@ZO86LstI
zO4a>%H*;y*A(JZ;`!#PZJwM8=%rl#&i(Y!>K_*4WoMnHkx+REJLBXFLdae1#*b%O*
z5E3@`7qY_=q;W`TnxAwOdcEX*)F%cHCHmwNf1}-Pi^jP7{6pz4cjr*9mTJIdh$sSb
z4?|xRoG75%jE6P2u^iO=;K~mniaSBk0B7(8b%tQO{jjCU2Q24_5VCJ&F29UfBj$U}
zQ9|?S;gy-zOo7Cs#w^L`YtGwzsG@{(B6n9XFF<1$*G?MXhzk#O<nrc>DSNGnIq%pF
z_zi9=y&)FYs#pCp_j(E=FD0={+tp11SZ_~>YAAiuwcnb<j`gN{b7cNL4~`{8Qqn43
z^5$hKn-8o7whtj$7jIeNNZhmY2cMG<_R`Kx>opJC)e`N4!Mgsw)-J5Ph+t%xro8gB
zg)=T$y;s3!Fd8VdVEt@30(!bQF{v=(hMRnvxdPrJ+xh+b`<_rfUdVdQhKDUn;A?l2
z)IhD)_gU}eP@9(L^@b8`<0=e{-hS%u>G8!cw@(>Zkey!Hs4sm4n;3=-V{vwt<RG8#
z6FKU99;sy%8!%L(=#rR&#i*m;MRW{_v6@N7pt%bMJA;YHD~MC-W(%(sA5hnoLsZ?0
zV!zO#5g_=YemP*BYATX{#i*m{go)ud5!*<kBI)9-ZO^vJaK6!g7*$q%SDH9IwglHw
z!$NSMsjizf?@)UiNglRo0wm?1g;B>n*|+7D{dI;CjGihV7=XzrM<lMT5=2+cYf5}-
zwW8;CUvAd)Rj#lU=Yq4{0V9;nY)l?3^uqRMD>Wp6up(~CYh1I0kO~o-wn<de*pp}Y
zI&iZFs31t>OFO;m;g6d&G2=WJtTUo-rgndRKif!|6&73D)^qy<7a@4g&)c8GLQ4~d
z`CZ53Oc~{=PZPpI1lT;{k)mq0IIvXO$7d`i8-#KCCMYr96%}Q9-w%?v*cHIQQ&YBL
z^xi|5r8v3lJF{ifIb4*cF09_Hx!^|GTI+E10F}*t9?(Bq{2Wt#JgIU(+5nT8;~=h4
zb>p{olkLKHJv$s?BjlI;zgGm5NyCD>(roG{mpq(kkz`W&1}1BSppQn1l+^Ra%}Cku
zz4vv$7T4+TBUZEDYk2`gARPXnsp`{ZAgEgF^L*d<e&V&gclsWQjn}_Coe>c1s?!}x
zAj%o0^4#ShK~{Yo+Z}5FB^pkZ*D3u1_Z`Bs$BhxeKqf)fa$s$7ZaDA<#pavFp+zwA
z?5eqJxD#c9EN!`C`%@3p22<y7F`tt1^G0_XbK%=4iJT;qPKxC3NxmzxN0U1&!JK4Z
z-%9ezhW-}U$WkxWtOaGZw4t~t_c`bLU;=J2*piz0y}j<>AL=&*AnRLQX^Y`(D&&bs
zR)qGDyu7ljyO)M)(v&9{2laEvVUnw&J6yyE{uQUrl2DJ}bJ1Qe+fzoN^4}qpgM)c@
zXhq3#GiU*}!y@cmz;!5JR8-6FJX~7wB$@9UA`;xu8KNp=E23h$Gt8wP99W|`L9JNp
z=+ydc%wV>3z=9SRTiK)AxQm*l0IR?pK5r9v^aJ9EUm3kj4vST36njoPM0hy+iEZe_
zfWg8ccDnRwGonJr;V;c8r(yuQ@h}I2s^c*pw)Wv2-d85b6KW%Pc~>I3+&SPpCiE&i
zJO`64xWZiOq}r5T@i#xNhLH^OuvN+E|24$7LW@L>z9010LWC!tllpa0aKZ@O)Zz!E
zv}7rF`$71nr~i-}K#Wuz!+xIK><!MazS`W6G@-Teu%SrTm%Mdu)C#qZEc>ms2rbps
zkyzHRj+tryv<6_L(9|+;0_}zPLpUPblOk4gXP{?OCcx0pM1^)Llz)Zc({F!iDX(BJ
zoc#O>VsUKT|6OSY^6QOHk~m~5*Scjgq;?H+?b%PhuE;?zM}~#PQjnl;hI=4Usd|VQ
zFo<6{)u31R1^8b^<8tWkWxHq2G(_**aT$R5+or*1wAJrz8q7egEO$`VoOau7<~oKL
z^OZI4<t~<V5x>`UC=$pz6`%_dUc3+>I&fjiyKUJ6A;&{PCgr2+l1S83%Y$I+pE0$I
zxmwqLQE8_>$+Ma;<k}D@f8hq%KdZEvz(UR%QNOrDYPakvuyi&)LI`kwnsB}^K2<&Z
zdE?)s)-|^o8}bK0k$U}3I*;93F)6hC-~+)27-e=hX3=4TA_EuV>3A=5V|^9n<+}$S
z5c;A=_){=gFk6Fq=v-n%&&yr5TcR#~$+>mqVCnGGdFwBy>EAS{6~aQr98!>~`8ll!
zS}4T%{Y}yPJRYpz^wNK(NySXd6vD)WvHX#`CU>Zz5Ot7X*mM;%OZQy&^*?jx=jK{<
zGt%a`vJ03VJW?td16rOfG4Nq#8iHVfkr#Uz1Yg2c<B{pWBy=HeYq5E`oXnSqDzPG#
z-~xRi&`#3o)tjalh%x;CWL@d|AnR827s!V2wi<tv3bO7%DdIsZ7XWHS;*Cr(8s|XN
zNqZ;8qV6hEM`%Z<X)+i&_O+ga(7<3J>)$pP(V#a#5s^0cCY&8ZP=$RHMePKz1g8b5
z#JVo%j>R~}_nmK)0SzG`^9G;ZOmHko+FDAKZUzFJkNE>QpYq|I_~)R|(Hk1pd>;W(
z8NIPhETSfWz9oVP?I{S`yp)Qh2jTyd^wOJ^Ag&E%>WH^a<(QB91ZiHR&~Hj`==i{!
z4AwU&J}}G;C(90~*C6njN2$~A#0pmNMB+o+hJg8yFVLH4f`z*4BoZ4<_ouVBsFZ9$
zQhr8qkBx%r`oy0CHNIsiUTB)p&KAR#x(9+Oq~1~4el|8?M;T{#Y4AB_!DUPwwT%xk
z0)o39+y_d?k^ui#sNj{+@tdMjk|7(0$T&UV?aA0b{6U5Y0<ewO*8O*avMxhx63%X!
zX&;Rm$=_;vNo*<%-k*7#jd!VHXWr(30CAtEHCx^B$MPY#ER7FUtKs(BxX`LX3{SuM
zt@(98oD558J<Q0O1(a`4>a(8+QXk#Yv{$@f$A4losviYY28IwbHrjm0DchB(y<xSC
zaaL|DLv?O$0lDp*6Zd3OP`9^v{wSjgJ|xoZ)15Z_4$nH|-$WwonjN5CiWEcK4{vhS
zN}3uZ#fO?Tap{7U+sHTSX2^4y7-Y0sa|{gV>KCnst2He4hN!o(*Rfjt7%tE$%z6xh
z+4BMons;UL&dA)_#-z^41wE;aCy(kAcp)}_fTnn23R#~|&$Q%jw03`u0L(xM${`<Z
zr^_!LktIi2yio2uKn$A&p}gY@^q~sw1EL_Lt$l|HPX#0NHdeC!z@oLR(5^i$PE_q<
z0N;$~6L7z|r<6u58fW$2@p2VEj<}fB!7a@x+!*fy^g75TR`m1BV-aAMx8d%2@jx9s
zv3U6)lQlOhrM_{1i|7nL@NgzS-MamUxzjf;0-R=4!I`G#bFwidAfnlFaHR%^VWaDO
zGdt=M75F`h*0J&V<=1Ao-&Qh#+)pTQMUJLRmtgTb8(0a>=#m|-DPNpx_0h?Erdmfi
z{#<=HXsIt$<ETO7!--L2j3&6FBRygLZdLu(iL&9t9VJ!=yc~lEEw<qP{W(i0{yYF;
zk-&VP3Nh5&C(YTiziwvc!meXYRFUhO{9?|O`t6N07B^BOS_=5yX?9MQVZ2ec#)I_(
zU|p_*M|t^&xjcM-JIntz188~lIOEdL`f?Q;ZePp$(QjuR4IOw9x#Z=ZM{fCj$9HHU
zkq-bp%vq@5C<<^5>x;(1d#+h|YTBJQyOX`EJPvLs_!Z@zX#P*n>qsFaPD;VQWCd4i
zn-V>EkRtfnJy{F&i;u2e<a7>55Hj$()x#D|0R7P)Hd#Cz{o2^en7`t0D!;`TsQNUH
zg|4tTy2VKZ0jY%JSV=@|_dc%Dk>S_Au8!FP_{h$&>7!dNJ^wpCm`>${PHreY5+ANy
zCq8g(Mr5FG;o1xlG})Y&(G3#g&YQa@QCq{)uO7id1yD-|Uv+Hu7<HgYs$%_s28oP`
zWIo%+xWabjB8a=orac?hb)|vNTUgjgojr8GZS0WCkh50Cd>{H4g^$656mxAVH)VWV
zDyMHyDNO*5;PKj&>kjsL)<kCm`m!gurUsmz@4qxV*r0nyKHS>hHi$Ay?IQdb*E3*C
z?CiLHYU^a&9czAa_Q+ey{?aL<A9<1|i8>%p3lmWAu(BC_jsM(<2c>mf6U1_d0oTR&
z?hjFgmJ%Zt>XOi+cXk_6Bk+4<Hkj?YsIP;BFn>z8gZ$j&JWm7Vwy~Hfk$@L$A?v3~
zBzDSf$3`HCKCswcTt|E8*KM{BlKQ=Co{xONoJRfPY2gB~xoH|cwl<|E%nHlqk$&TJ
znQy`6Ux^F1b#ls_!U?p7xA;wsS1F*LpKX>N2;YQrgfh!A;F75BORYpj^ORo=3KJiB
zHU{(E;YB#dK`z;io@%c2R>|p_IIYS)VT$UJ&O`8k%Se=pc*vOg?lkOm#4G~5K@ykU
zLiD{zhF<;iFPZ!mMgR%e5@Q!(+8ZRpBGU>J04kLGK5VF&nG+ialGva_o>*oj|3a1p
zm+Fp;C6vGabhW|9#YONh6R0|%i01r&OrVek9Vq42WHb)0Ar>f8k5Q(TKW)3jrE?#H
zII8z3pwNGdYejL$#d*)m?g(}kKGg(>HT+Z;0^9DA=4Q^~t>eyzrnlzj`))ggAe2?7
zqrppGE45LLg6m(b;<{f6ATDLa@vme(*2>#f<{e3;;Y#wlA5bqmP?ke@=@6J8hm8Ol
zqI;8iqg+lMBWexyJsf1}al0o`!{xx%229sT?~8(%f#QQKGrG%l0ADqM8!|&znKh{W
zv<C{m-rX4!L&4h|12U%$LQ!-&02Dp>zl<9i(VqbsW_wYWieKm2kf)aXI$-FW#QmC=
zY5Sc+vEO<YD&|xRg=Bt^2x%c{_+4n^lBnf_<$)!PjCb88XZDVe(W31U2Sk|2%2z^+
z1ux3Abli3SW;GJ<HwGp}Z#Xp4_h*N1InGQZOI}i0@YJ2Z;TO@*5Y2Ib@SC2|&3L^~
zGc-(@RDgv#SC@O(^8GO<E9|$Z$Omt3#833i0WspQ=?CsoaFslPd5*jBt0HBD*%EQQ
z39ZB0NY&*Bo7|iHvs=tn02#4+Ia_5;#U}-_B22;cEl7H`C-GHlH^EqaD5!@e+2iLj
zX_nFZ0ASt8(*cU16+gav*rF)iDT!3qPLB#HzI31M@>YNeaFBt8?}s)r&6X8Kg6^Ya
zKD@aORH6IPpc915`eS^G4ANhQ{=VRDqN1zth&Z?unghF72LxPe;ciBE+EKvwddd?a
z2wYYe3~KtOB0os3RP+uNrNU86p-p*hwRBAdpLur+9GaDF1dcc*5=dm|$EqXct5N|N
z*g*aKNYTu;r7okP3sdIMqnw)q&!fTol&xlC`1J!bIm93+ePl|TXqRWC?aIK-=I=D8
z4Xp+1%1A<-PLWwl6HB7?oPS|m5g93BqDdQ%BP(co!+CNZwaG?8=0E<*Wm`9Ok1I0s
z$A)6s5$f{xNYzPBYXD`<tFjZ><3ANL#P_!tXvHXvO0GNFq>)91eS)%W;pdfp#iw%>
z!hLpzD&JS+3|uJ6T1OXU-h#ml_7tyrT_23<c>c2&Q(aq4Ek^e&G_AF5kd;8{aR}3R
zwvp4;{#tYPnt#Q?hxMZ=r}CiSz2>a|8;hwDYmHSn3vPo^^*L$<h|sWXBva?px5&Y$
zpk4AX-oT8Y%qio~5*Ipg(Fqrhi`<u9-JbAmZEu_7>d4LIp&pbIiWvNn#x{g4PFqwd
zc>MzxnISHvD_mr;@jLt=fAP=}%1jv$Vis0|*4q^moHP6~r|`&V&puf0yt1UM3*sko
z^l#?Yf@EtPjJkL6K+!w-D4Q4cxEsV6wBY@ukGw~=<F&YD%-}&J_t7&Lb*bx&`ys1k
zM5TtzfI8+Fr3;c1xFEo+&^z*&-r9v(XMx^#h|?BBg^nK@9Pr*!d%r7=ia6gunpzj!
z(=WGD@z`2Q1rzSM%|3e~P6`&;Nx&2Gu8>s3Z~~UnV)Sv>Dr&zvn&wPK&q^a0R47tg
z&BG-;0RWzxQ`qrC1vD@T6)$G}+2linCn(O9c}(z)9eyUukBBogpK8hiFNQ&u9nZZ%
zI<satD5F3nu}3O;B+AOReaePKJ@lLNUrQPVH8TVWUlwbLV<#l@uf9C;nP$ag?EQw1
zWrV<HJ~&V3dsiC4waL`Wyep)u%gz^5ugC0#O;*W#S*FFkL(9f}YsE5Mnovfk@o_d&
za80JHv6+jRBGtSQ-jt&*cy`3c$vz`cyJ$rOWbesvwPwJm^As%g8lMD`yA$IcAZsP+
zs-ioTm<Qv!p`k*OD99u+lg$=+F3>;|_Y!DC0s)Wd!S;R2+}!T$j2D{;PX-aqMgEQb
z+>z)^Lv;__NA!X(l&`y=exmC57HN7IJ(58fR+3kP0Pl~%-!P)RtWaSrphNPFfQwm?
zx@s>lvWCxe?x0Bryhj9CipzS<cfkl{zKr{<xFZT-R3^-}Qj05BK{punw7U#^q|+tP
zwxG+l^$B3Fszu8qzcM-25v8&B&ZG#~Hh+jX?tR*yjAnMVuDhWNaQQfoaIo9GZT29y
zzt=OAs1ZkhCqLlM>Z*IoH71PZGyZp1PiA@Qs-172>YATiM)l5|zLHzD2Ja$QCG)=}
zE?c_)N$d&Ca`~yI!?wd#gSTSBx9H%v%piq?T*e8TdA<+t7?hb=Rz~N;KL<x}VCi{r
zZw<pQY{=}P_F5xC!&s!9FVf2`rOQ6D2zU-7`}Wr|N*a9NR<w1zRhkf?Osq?M7)xcG
zg51lB>MMwRI9an~OC!$Vp5OYV0R8rfoecXX)UqNvyA*`V$LJ&SLIky0&U}{53qbYo
zCtO)o1Qqd=zNK00sm6D*b*5kO;HEfqQHxmX(*YaKAH}zRl<Jrw)3LSl6t9D+l^&4l
z@tyATR&s@Liz7@}duX19Wo^*vU7^F+`*l1N?=3DfcBfOfNME#L23*FSa_y&XDg{^M
zu?<G6i?ZR0O8)hyg=RCS;8?qtc_oE*r}1IAZn%nNztV}nb<A2#r*@;%d)?D@0%Hbj
zvosO%ad;#4w^s~Lwlg)$ORDP>bs9x%n9tBtnZ;^vQ70#?Sp0;f{>q5tftKCnm0HsG
z8?1^tljHU(0c=v>eK@&!Qp8F8PBq%ldawGaEU#EH@n+hPvqa(-0Y0U>Z<qY8-qgjg
zg2eizUA=%LuRVX_IqBi_5lrW|arL<P=C=MCEE(MFxk9CT6#(J%{{^^D`~;Pv+HAO~
zmG1B-*w8i`7m_oWla-+ob7SF!y8RcaZ@%`$iTtsbkiM(Smw>-^zB#ZKeFXs)aoY@-
z-v5Z$f<-<OZt!n3Q@)^NBMt)cbyne<VRbJrr}tm$P4${AO-@3036H0CPqtD~V&5^T
z!~xoS4}7x(N6vkcvR~=D7K@^KSMT(wYtU!p7HZ{J!R~OZcK2)0jeFh_IQI1er6m+n
zzF*x}N$$xdA&@Qk<4@pm-cJkjx{QU9nGFtvLL|!v<Kg$--=*u9m9M{{%jk3&q`JI9
zqPyaCQXjAJJ?hsJ8tEo**`(q{Z=11sn@>(rbCh#iZxc*>+~#=pp5f0r)WA*vEU4m8
z98&5I!{a;9QG7AiCUZN+c2hoQHEC^U_3ELt4(&Ww4uIAqM=H{*QSfhI@a(&mWk(YM
zY>SoP;Z~+6|Hoz|)x0z9gwaX?*R0Y-+8x>bw<G3N14uT+&I38Gpo->Co1BsPt=}qB
zenwx0?k8qbbo>bWAj;1g@!@9GgJMINnQ73}YLo4wQuNX92yLc$@$o$6r+k~AUlynr
zbk5&6z`OxFVHc(qt`UC%Ue8zL{H=7c;tE}==NCOMg@Z_OW-MjePLM1QZDfL8^*~V@
z)i;WRdY`9EBcBh~oeYhoUYq7{MCQv;8`R`*LAl|AqCr(v6>|X|j}j<@yT?_UAO2k|
z%|>E*P((k5^FqiUmU#8EqgdFZnBOz+xKKXFUJ0_YL8NL*Zkx@>Jgp)Eu6`%wdtz^8
zwiJNydl$2tCK>uU0d?Hf9ez87Ou?U;u+`0GmOz5}4z=HeO@&^Z<lAgcvdg#-Z?0>>
zqL-dUNu%~U=q1pp&(=DqQ0c!f0}8)U0J!CFe0UH`0ImTmehJEJ{$w11hgz^LMc_eE
z=EbJ04i&vKS)&p|o*Ii$hK5C2*K1gRdgNaxcEM?r{axYioxQ)|WhPzZ5;yL?%jj!*
zOaWcEDCp|gGn2UE`?GU*eCl3mwrx=y!jgfN%=vPq47cfcl@RF098wd?R4S?W8Wf8s
zvkkT6)POTa1qNQPDQTPQe!7#wxF#ae66T0F`9^R@K6xiMx=m4jt9OeyhWlw?R=>aG
zSjor4J@oSj^9qlpS0L?9#&Frh<DA=pR{gt=SvHbb*LBacijvvRER`vMjV62u{yDoa
z9S+;(;K8cjc>2CbXa`)w<<%VwU+ahyym!CpcF^Pf3BxxFi&!h0^pD*!_zX=R3W;G~
zl;xYc;%~PNSec1beA?tDagHMFdj*AXj8YN#sP>8{^OGIL)LWOAmI!*KWeg;bzEh5S
zBJJK$C{$B&gRoWWx*4aO>lH(ruiQk=1}p1x6p&Jv^@vG@x)5K{{)}mAS}7Zo8z!0w
zPsOwSpR~5jD&4rOV6yCJ2EQ;lS3-XdkY7kXqvs#*m|g6Z=%1|;W=4Os<7=pvj!Bg9
zQJ=5-%`g(m46^vYBUY7q0^>N^3z{-ZjFXG7Go9ZM)MW=e5!G!)U|=ICxCCvsUOgJD
z9!skdIpGT@pqA|OwZhSE`?R$9ZCwV0A~$kmYQA)RP%*SY?w&5rL=-~d*-}Bnb@la=
zkMAMN%UxcTHol#e<#J#SCqi{v|C=cN5-t4$Mg_0P&0L})sDEY>Yjg?H{(V~_YYKDy
zN2TJ=qNQg$yA|%4=->n*YBB#_``J~3kD&N#S9l)AQuuW2JyKlwzEkp(LfmP?Se>!G
z{oV}OE7c_^bBjN@VfUY)l|e%+VGfKgcK#-NNg$Nt6=}b=`oHq38xR)dA$KmXFa`G_
zAhH)}C)FkFL39Xb^O5Ao$2x6SgPu3Ja*)Fc6c{9K@~!+C{!Oosm`;ZIO!9|L(o%eO
zz3(r8`{D$ckor}0#_hY=;Z9q{{ws2K4I_;>C#;O?d4wa>2PZx9)a?u@8|)(SKVPj0
zB#~Q%;16P}4g6LT=?9s%uNpbG;*KeQIW}>}4FiAv-}Edqo}--b-LQ+i=Ih0C_1$5F
zDT%cyFevx+9b(t-Jn41@*Lb2_8Xnp%5<C#R%#Ibtz@4LQLF&FvDC6I?^PG8o=|E}M
zT|EAr&&81$yxiBOBc_JJIhX4#di5V4v!oQqC5T0fT^!{2fJ^3`={di$V9app&$9zL
z=4(=^8sEV+L1^c4o!sx$Pdlj}*~3uTb+JVUeSgZ-l+|%!l4`$KTNyR%6CkjdZmI`f
z-zDUDD+RoN;bc`z17xZK^*b+{*n?Vc=dg_za+*_QC+*62g4(Adx8^u7;HgNKU*DrW
z;(R#mb6hl%NIkxu=^1Qxpp+kBKGGNUwcH~0_@)CJx2j>enK%kmmpUo<KJH&B1cQQR
zt{(=&LVIHQd_f9_ofsca;dq)Y@~=_5;E{dmQasU|$6O6XRv1gdlC4mJSQxB+N~oKB
zB)K!hzH;LZKnu*GyU-;4%GF1T)Ir*qn(<-N97(sM<{d$5`Ct*NJ0gTKSGUH)VKyX|
z8GnWCoXNs(nZE2Z0!;OBEQL=?i|bk2*i3xemqi-bQMlMp+#S0b&1H11ve$L0cQ^cG
zkQ%Z+FIrV;BhsaPhw#|)%ynKlZJQZY%pd7u*7!I1NyDg6*=*!HiT@N9+C!YY=cK}D
z>tzMgWM%U{9mny;=MX&Cn1k3tZ>MI>B0p#bb4ML}4JJP}C+Qurg7tHf@ATdjq`Te^
z&PYmuE|<ZYer1yA+XR<Ie%}5->kFyOK=0b7OmmLO<#*aQmkWyrlh;HLlGO67sf7M?
zghAaihjzgYXy1g+&!Qt{`;-$B2z<ZR3NKJ`Q%htr9xTfnUQ{T%<ML%RJ`G!BjHrw!
zK5%F1#ylW9h~@kKXW3*;iwvnbehmh$xBfq>&cl)F_x=AQJ2O$r$d*}F_8!Nc*_4@`
ztdNlslF>0v2q!aTWUq{jWFJS4O_}GI;Rwh2-KY2G{rP@=e}LEVx?lHwjmP!8uKVrc
zYKltI&1g?5egY+jlR<`@%KOiJizQ!XuHOj~7?UtYZbOK|#FMADKlIzrr?K;)rw23U
zS|#rFN;HPB9gE<b5fzt_u3CAk(b={$gzPtEoFp47TOV^9b(xP|kv)|b^ifo)%1t4`
zIdGXXU(5%=Yb)p5mzB=m<w;4Os+RErpxotr8(dC-xEuEF&zTHhG~=!Uw^h`H1wyO{
zp~;|9_m6D;Q@8-kz)Q7OQa`K!1@2E{^Vld<L5tqnUp?STTZ6{tf_0b_4b~5`3^epw
z!#k`=tAvpgNo~%Go*(-Mc;eK;IzvoUU5W;Hv>ono?FK))|MCuT*l}t>KtlmNbi&i5
z$+cTF>^YEk?8}G@2DrBt1eKpB@uB4_FnAO7c3dvP3AU@8%Nyt9{!vGSLSD+4zMAum
z2xqZV%WJU1r=QygN!kzPQjTK=MqlgM=iR$kzO5tE)Dr<5nI%H#K9vkX*La)X1NXkD
z(lX9hOYUx0PdqK=6tt_Nfyn3TZ{yWWRs7<}KQlx~d8IY#Xa2Tx9EHUWzTI5?j>RO%
z9{*VXlIq`7D7Qon9%TaSH}Gk6N6g3N5om`TG+|9FVToT}uXZHos4LG)Zh3D372O<j
zf=%uRR&TjPPKVKzqnqBiUY9eEt-K1RBD}GWy_q8HRbJ7M#6_`YvKemI<O#KaC2G+K
z;RA(wz5d+&@QjzqUDmB(*T0!fK8=b+b=Tv(8P{M?67Q;PnmoAAPh07t1|p@CkeO`Y
zt+r{^9=Mkqob#mhvG9OqU!pg!S7&;XFA#@KQ!^LU`}8ebIbQn&S|s+fI%b94Dh5yI
zmmV`<skC);8o>G7VHQ8F{Ngzq43&PsP##)w^<-dbCe!FnTZ%aCv)R9q1V}0BiHTe4
z+pP3mKl9sQ`$*8!(8S4w2>^DlFLi)o9l^q4fLQJqK3S|p9^X?MyV~`2y?_i8@LqgR
z5bE>bf9@nyRo-?>Xx1;8o4*H?Lq)?o)!cd!(~Gyk!ol-BsK7%U?%3QpI!f5Tq8loF
zYZgrT2?V)8FVS=up)cw^SR3O#wlJoYmnmH@MeM_#K25{7lr=p}kI+H}Snr$h6+%j<
zbA~rnz{Yv<cGALr$IpRJA1si4=q)*$BE@8qx@wo#JVX>Y6vRz8h&QUh$Bd?a8dTCp
zR}K;E2o<m8tqon@h*7-X_@N9$wH28!6|&AKZZp)c2;4fiu&WD9%{YgOe`cY6_XyMf
zJnmW4*&pXv%;t6RDM}om7We8Vb-09*YlbCnq%vUV8se!5PNnoi-kY3_>?^*_`!3W+
z9adH;yhn#BbPUD0K6I8tWk$7{@u89Pg2hSq%&nO~rFeNBE0prF9<y`_WQ1V1MAtr>
z=Ep}(Y79?I4x0Rl|2%+rUXAs-x+K#QAJyvI7W}QBo5gDBw!fAq1&n5N6_??S+o(I+
zRzblJRu(ML1PDcSPYp*^obTiIB5~V{Rsqu|4F$yzB5Mhd#e={ktiP{7m5YjRt-=n|
z;oG@Mo(QyXZ&yis13Ck<-|70!AF?ll&5vyf)&sFoETJ{h*#5}hE!exJAXJOUN3o#V
z$g$c^1ymsh*|>^E)Wg%CHUpZlq7{o;4PR58sSh`4NND6kUuXFMUI;z<>sfjkMl0eK
z*Jp{XA?om8bTx)K!zGZ$F>)~Rv6xjoPU$fm?!*5g&zAIoakYGfjx<G{gmY_gQ=fml
z&GA;dt5`BusO<nhc(Wio{X*juwzI^tn-rd9#FT>Lrm)6=nc-xM%$I{YI}H*PIL4S$
zB%L}Am21$b?`i^y+xfO)vjH8{tguq$?QAl8ECE7F#V<Qx_zF=jCxvIyx0kP`2Z4t7
zhUx_N!%#xP0v|f7F;Z@^lWWuNg-;8ocy@??S|z7Pm&?F@uM6&k+P(o~S9JITnQP<a
zZ13gy{Un|1v#R4pldd)VQ9(f{geXf11UEh_Iv=#gbDJ@F<ejfsEI9*z-8hFguV`1X
zC`e9nc`qvAhb|ltMs2y5vY8st#ugNeo0s3fdE&Z2g!C-u4{Ipo*bamP5$kW;$cpQm
zu`N5Do{TXOUCSqo^U~ZxrluyN2~l&+xp<efE2s2?=LRA;(aH07^!G27!m}rr;&`jz
znsii;HGyq76;in}%Yr2}FCXK+fg9;_k=F{qFhV*xPF(rXEzB}mgJ2|18M#w&y;IPc
zh!Hy*^ZKoD#!QWBVHTgnO$$Ju=D+*o>}aRVnXCC6bwla(q&H9N5>*wg1P+X{3odh>
zxlVGG$A~)dJ|OtcBo!9os~W-&Vb8T%yVH-V(DC7-ip5j31S)jST+S_M{q(PA3Qw_f
ze>h^oYKjJTk{WjJ2t1QT%ZuFmCcH(E%scN@-ao)if{p%$>q~nOjJt>`R7HMGsTz6$
zi<;9JIdOL^$1EPy_S^-7e!|k(?jt?bKl9%JTl*a#Ny$l{);j@0gh7dL#yY5`%(XkP
zMvP#kaLe2OGLz666bC=Li0z*FWWtTDk*42_^On!Hpr#qcipt8{(l0LIaTCX%3RB^`
z0m|uxK4`YVfDCJ*dLV()VD6S_|9g;H{({3R;ZozB0y2Ro88c|1tbO*hQ8`HG-l40-
z^SM2TW&D{oEasQnocn}4=c2$CcT-^se>FXNQNV-bQ*gm&QWf>n)j0TW(5jfQ-Npv8
z1klQsE1~OIkH=Pyh98l(kk;e*813YTi8h3VeXyc3JGE7Li47fyP+e_9jF>^{rgVwH
zKRUYY?8~TbF-uV7PXCiGu&gQ0xW{ZKB~_l)u;fEr)YeUWu*F<2F=l3?b1BvgV&5h_
ztIL+sm16y>XNabzVk#H-*xd^vXkooitS&T<Vl~$nf?L}%R`?XNI$FB>A|5fFCd8+a
zf_IwmHAwR>5@9FlG6VUuOGd&QtQ=_H5YZvl^(%(!+({6gsV~ZX&E_rj=!xb!^m+>i
zY*eL@<X~)mAix+gFZWp$oS^o^V0kdxQQrLexJj3li7l>I|A-7`rImk`xyb|(-vXcC
ztJ&tq$P?rKuv#wS1Y-i1n5aEOMm#g-#_J=}qgs`R{`xdoY}&$V?GJMWJqE3)<8=YM
z-Cb;Dsg6igd<w<EH-6$UfkI>AP}-AzKbhL1KGfrfnjSbC&@#WIpm;AKdq#?HeJu|^
z0O8J_K<2stBlIHFsk6x+vZ}Sl{zj!m$*nD4I3mnEif<u`m0<<9HzbO1TLdccM;4kk
zL$1dVXzLVP#I(tb^89^U7rbMuTWwael3U6ckkYyU88gkzaHaT`f#q;xa8VbbiZbdl
z>>_TVm5TKnb>-RckQ3$xVZ&iKg?N42P#S~D%)IEm=DMKVR>0qXf2p7xw)ousSnU~?
zM=2Zj(LWig8-s(gUr{5IhjIj(n2m2VhGN5OkVSDIyyMr6G97O$h2QKX41BSDE8uL|
zvuX`>eTX8xM*hvNV=qMi#P3Ey>+EX+d$~}J_gDNYjch6zv5C|yJSC;~=aMla)Z?bq
z%ipsq%Y;Yt!dm!etnD<El;_DnqI7?~t*@xoCIh$tKCbxk+FHGUD@+a3#av~aZ=!BL
z)<*TmzQ0@Cz=W(2`%AEPA56)GjTM+29|ydh;3^-#p8`0P^%3!cqMNtYyc#W^=^zzm
z-S*dA$T>$sl<3dGA&D4TRXRrO1*?cT{&CEh*`FZlMc|?~dotEND(~85EVPb1`TLMx
zmAm6&a*wY>+k>=$&6M_aGM3Mc%l_7-j1@ai;@R0jUE)erc%y<8zzmDDi6~c>;Iu4n
zSn8`DWgX@1u%8|hHwoGq%Pz?W;PN~&Y-1J>{>$)))Cz4d?=qp_4c0fu2oYZfuRk$6
z)|o0KnCtsXuwr~_gfq7@L=h?w+3sbDN|LaAxdD7^l?6*#A4q@sEP|VYAw_+BYH9^H
zz&l={v(5G9MdBU^(o`z-e7B7k>bHa3Fp-bLUa3m$3Pcs6&>9fZZ)+EqsY66o0J4u9
zwB;-mk&<xQx*12Nmyv6{Stast!;grJ^DOf^a-8(RU43L5g!4^c)+5WFRtBuY+WlVp
zh}NnCo#Gou!q%Nf*UPT?1vKgucmIA{2tV*f14<jIXUjSmF=>%|#t2c9Gqh{5&+aX+
z8}OhhS?N7U);bZ&u{=_GOR1q1@>-mJVmzumFBdFfRu}gX(e|D3lAas)hke&HJf`Fn
zQH4I=_HL;wZ(oTK12$6fmqGfvocSHzS7c)~*&8nQR_9?)KU=!Txx>sZ>z>rwNT9cY
z0lx~V*5dSal&1)({4&xV@%#Oq&D<a3K1Cw;%q=O4y=oL>`wys9W<NG~QXHhy<V4NM
zQsWJThWR%$R@_pzSj-n~Mx*pS=i`i{8xYi@;%v9m!H2p{;|tnKkYOuLldzSis6yWI
zyd>d27he^@i~Ib$G?*qYvJ^KJhP(|+x-4mxo3%~UtQ+*?ixl;eG`eMocneOXH2f*g
z`Y>)K<4S)Vhl)wM>wxF`g0ESJK03N{v_I+wM^j@+=<l6KNEK9=qc3+gVGHi!F%(S^
zoT*dF!WejED|5iw{3LKU^;Ve&p_t^iZN^*hgSFLC@EKXl-O4|`HMleqK6-Jp@j7=)
zM1QB4;`G!g%|qmFP>SV=#9-;+EXcT$QZ!DE-5xr}0Hde6Tcp!qM{S$JyV+~o`9Uu?
zUj!l}e-=YP+`?<pP7+6eD3ca6u-Cst_sQ!xs=q#PbV5~d!zwRMr-$C=1TcZ{8XZ3^
z&Mm63_z;#5BL*zD&KJ{iI`Ys-X^5--#PC^%C3Bfub=VhObDsQUV?^izi1oC1S|;2A
z?*U(_#i?=`mMBpYe*N6MIg|9DN?86Tx4Z|-;C{xQ1&noXC&${TLRI8d)Y%#>OKHIs
zmT~UIj~m|lBcM-J=q#rlD+b{v5AJ2a<}eAOzycRX|8hGRFSO@+MaI(RM6>s!Y+72u
zqD?q#G9a_+%WKia3OoVnPfEkGA!FH65}330p$=i^>P845SOaFWKH*c9k6(z!y5C+H
zJfIsNSyn=9Xof(L&_HkZ1<!VtXy2>CQmr7Er@aRgmD_w-?wi?zGU2_fFES$m=km3O
z;LXBCx2`Q2*hteDsWF1G5l$+@p)68g=2t8Hv+K3pD)XrY@;z9h8RhNZ#y~KIfTNW}
zyIy?E{Nybc2kWJ6JDfbkk%Kva)s4GQ$KPR{51P;xT7CnoVv)nj>Bj2TrSmbCt^OVZ
z@vQt!;@SPGW*)YP<jNsQ2eB0#6IXUtJ4|1BJK*cW41r<I)SYFwoHhE|I4{>m{|8;?
zYdMS`)FsMtxqcq5huekVY#N144p<Fi)g!9&X8Fp0QikmLwbmE3(Em18mCBZH?K>Ob
zzgC9v10r2!dfaY*@xTE??!wD>3E<or3e8j3GM}2Khu!4}K$@_LAFS`~pL!Kt2f&zN
zMUN^Y!~0_zmLeF8uWGqZihbaqFw@^dQ?LFmex&J1d7E|42fbf&4!Prv@vX`h^rCl(
z4gFyX|L~QQNVdYMx@;jPVbdJfj{(4_xf>7e&XUWY{SU;*pZ|x>z1m4&>SQ>WVDeAd
zDrGJ5@nzLm|6-}YzS^XUEQf@%eYzm|YMTAZOAtt?cRS5L1nKNcE{@dw_9ZDDW|U@x
zZ;j<R{a6jF{^8Czp6yWgPbVdBtQL$6t4n-mF-qNTCYy6CmAd)}L*rqynvvnhtRZk2
ztqIlOIt^>^BRx$JjG_m-k1yx(7A`_FjixCIe8v-nGtg8yhTX{xE6&(5@ml9Sytq)o
zeVk~fxBpz<x=mP~>&;mc8RM!9HcA*h*e}m%{;nP!!JVxCv7~DJE)j?{6YT{ti_yRB
zv~@sw<Np$0LNgRRyG1!X=#uc5wlLHAvh7(~IBtEJ=T!WIZD2OFt#Mxr-Eklqzw~#q
z_)vuhOcWtsufdI8ZBH#47FB<WnXY~p3i`q)!IVa`=-u#!=VwLFvaf+H=zzFcZNj`R
zU{0_8Lf@jPK4Wled#9qmXlkplRL39|fSWvoUkt=bpE+#nC&W^u$@h^mlYi1)g>ZSr
z>+3G1{P7d6t4FMNgpy4~Ws5?zl;?lud>Wezb0<<F6tkT$g@r@eImDOWKTD_BN){LA
zsd)GrEV`ae;8iyLlUngh;gW(rY}}J7NVG}eCsa8zL|LTtWw?`^eR{Z&yj*3{>8r9m
zm!rsX!?xraP2~iDV-`XRenC;mM3EO-hfd)o!eUuBI9Pwz(cs<`s5<<qnsf7R8|`vt
zTfGcy_O=}?{MI`1xasbdd9dC>Xv+g7<cF(ud&T2TL(U*?bJkT%Hht8l7TV5&opUt5
zJ;<W;z;14a?V6PWnv#pIa>`lECeTjT-nOxE78vHGcZK*h7S7_rv@MO0#%1xLqa6nP
zWDJo%-?o&Fo0RwBqiQ$5uuNUzMzLES2r23pQPgnu(`l0ulfO~}HFOush^JZR%-&0K
zEKtPj2gG3WTMT2w;67%)z__uK>y*uHX%_8?dhQU?Nqp=g6h1nwD)tYf9jXTA?}lQB
z&AjkW6>a711n_8tf8z<ZNPrX!jp6V|nlxL&a|NW2kvE(hAI0$qvGm3;MI6}OKFp|X
zl*o4q=XF~e`zHj)>!xBn_eGB-RxLoBvD}<RzrWnP*;8flyp=8|ni>vozyLwrt79z=
z6~`={Qh_hFNZHGO`VOi@53}8;h89&{w~<y%?e7;g4e*!h4DU(Yxxz3eexQ;gOj}H|
zYu<LfNI<&fFM-n|wqkc1j%wutA&et_FW(*5_AJ+lfU$G1{wxY=)h==b7KZfgks$D`
zt6ZQ0H6T9O3$^1;dV1+4kgEB|pD#2+m>E-Gdp++k?@F(=eN->?j0^|OIUQ{q9_+b+
zNpc{|rEo!%D5k^8WPMIA-=a;6>(>vOT!ltFnJ}Gh@vltu2qR^4KaoHcM|e@tq{J<k
zzR9Iz)>AgXW$jKpjjf0&@9m)$3)hREz&4(_L6{i2)q5MB&&kphg9CoCg7kfalTjew
z^&Sm3<7vW`ulvN<#Kby!A)`SP&cjD3hDd>P(|<`0htt$Qgf%K>iSVf$Dz{meE!WU_
zW9w?=wd$v-HtJ$52s}oiX9o3iuJ8{IyL(LbW?!@G__DDey=pbw?YkhryM2dpd%O$f
zcbL5BV-$$?NC?PC`YbFzRSg#>)40-~MMZ(t+YeO^8kg#!s+PT*n-?%5I6vDQ<Rm1L
zqeCBr2<@f=8UUq^3df?C-*B&TQ`8DLMXDcd3PQGp5K?#BZTzC9oX6cf{m65JHijSj
zfK@lW&z9aLn8Ej=yPCS?Cj}0q;*Vj}m{pOv<}J2zpT|7v9%})1%x_l&f@Q0=?kj@o
z9CH+2o55u{n(T_S=YAPGR%a_b&QE;K0vsgf{lQunZ_u);L3?kwGp^k5*Dq)ePXfz5
z@pS}cIh;l`!SH;}_B7>!WORQ_)#EVxqWo7C_*mh#>nqvF7wG~m2>x?4;AWf&WO|+~
zKDUalb1I;sesq3xJ0@TYKf$MBwpKaUg)pqhiJN$MTY7cw;Z1$t?O}WKf1&oOVU5ec
zA3rCYzb~UPMTp3Q&o5~SxDZqAo2mE|j^h=Xp4FMR-z*QmnbY>uw;75BQ+50|F75;c
z1^(_=&D9(KE^ab*{Z0PAS^#<juL%VryEPj>t=nHlR0PqdwF+Nn1I`+5Sq~juE_2&E
zp_Mu<h~>PW(vZXZ_XF=PIFDYxj!e3&_Co(@(aht<T%B7e%-pq<dDb7o9*EQ<e(KmK
z)*$-=Y_osh^b%x%WQMv#RPa>*I@$tp>>Q(*QhvkUneuKxUcgRSYgRO_(DcXfg;nYh
z15lJ?4_=XwD2UL$L`UObvZ<JS^qnK=t4&}@?e@9HSl#A;5nV(A)fF(WQ45yCncyWq
zl@OI9esDVZiE9%@WBx7Fp1DZSRj;PVZndyc9}jXll7MPqFRvR&SRl*>+Wjd10!4Lt
zx~z%7XUz%_TA#aL85D}9P(*PYgxoE{ql|nv_%U|KiI6RYmr*&Q?+-e0exrVk!r8u=
zmA`a;`~!7wl2e3i@4W+~zi$7F)+&QEQr*+Tzt6O3()wIWrIx}x7^}%qVI=3n?57FD
zC}b)4o;LY=X8*&AiRG1TWb%^Emu~rGi~nk=gYI!#jjkR}LW@#faG~Hn;%E24mQf=c
z3_!`7UvgshNKLd?=n}N}uwaL)<Gv;)MCJ~Y;9Dp3?V7&6jvO3L?xKn<!-OiEe>LzE
zskvM)vJG$kOV`_0P2*7N)hDV@Fa}yG)gWWr^Q`Ju-ttZR`veP$vHoF&ptxuajWt9O
z31FJckP0s<)d5q6)tp+f*)?7E?Xq{Y?H*PceF*ZG!P+rCG-L!w)wnP%VL=#^&W2lA
z!*29tZhlW6(ms6u7B$<iP?6F@^1c|DF9(IFAGRPxC5eiCf@oSQ0kaMb=&i$U<UGv&
z>X=!xary$(PXaQW*T)N`px+p2Hb$b)s40u!G14p}G25;?K!azdpZw4{t3?fYVW<Dl
zx|9VtWA-bLfe|Rx84-I{as1XvZvC!yZ5eOlapA?v!H<G9F=ox4cZ|S49k$%}SuX6t
zI<g+!P7Z68dmEMWS_)}C%5vr|jX$1OhS%LwK0+4C9@{ctr7XyS<?0$+6aC#A?@Aq<
z#>XM<>y`%b<G%L56GoA8`Yr&|i-6Xa1K;56Eu&MaGw-xX36x(HAs3#^GhijQWC}wf
ztiLwWm0hbo6@)OQbh#vMCj-!8Zq93ek6<CVOw#s;vH90Iaih#CIY-tRemBtv8_8QB
zhf&-Y0A51X&vpgX?)AE$4f^dH6^at%Aj%Bbm93JInB~(xo@_-Rom(me^H+!Wp3nHp
zLp*<}Nd!Kghv(%*flc^w(`Fv1BL=u*W82QB{G_xUr~>>+-OB<<l7PXQ*JRwOZ@Aea
zZo`zA`a_LbKGC5*$}Yx^mUwo)@Hv<B?ul!wnfy%nH-5UZ;nN>64b}WJ)2xd#$`PHm
zmf+5bDSZN8W+4S}e<j?VsMv`v=iHzpw~KU*r-EAYc@Qr)o>zw+jYW^uEpimVw0566
zlOHNAMc%`EjzVvrk4|6TBo50My=i5#68f>)w7#!a#O=%A?VLRLL4#m(fy5FJ@|~qo
zJm;sZs!QbKFg^b9X62jy;gQLM_aaWVAu8H9km$MKt~#<qc3-2)6o7Qh=SUD8A>f;B
z1oVFIE{%j}HoLs)DfFC;TLYx@v(b&nyJ+#~;@MC$T&^13dwe9&K@8O<=d6&F6FG%t
zetscwMvkz6HCnnja>?6oSQbzm`g#x>A@usjNq^kLq~?Fx;1(ty$-F(zn}ylqs!Rhx
zE8v!qcYkDwh@;Hs3~1?O{2?Wl<4+->^cuMdw|S-_k(y@5KSId?X;?!V1omk*{4o9z
zQ)d0un*nwhHFu~PQCtwTTykiC*SkUfYazQ8)6fo0(_TZW7u_qp1xXocK<RPQUVsRV
z)2nt7jmm4ca$@*^EDGA%*2`w3H{A;k%fFhC_@}l&CQ;|ZUU)nB7QuWut9NzdMKzlt
zpPg(Iq>9nq`pvsEz|*f|{Q(L<oBsnGfhViU#(0mC<;`1#6lTo#HesD6J`39-rPp%y
ztv&z2<_y@ocG|nY*W)0Af4&GW|46zgxvu<Cr(TO$gL(SNJF)JTAXX6XAR^ALhj{M-
z{;0^Hfhj0fc(@`(tJbz|2RpNv7V%%;OzWbH(A&=l26}pk2;+1pP1Fn>knO!{f-B}e
z&K@dyG-BPDw8oXKML!)KHCGLn1#|Y!ZNitn9tlxB&*cV4q;Au*F<G<x+s7ggC@~S+
zSV0{g<1nw2%HLS>e9@?AY}4cRpj_3!U%3rmYo&hmJ9mRjueb`7-TrcMe{zWDYAoVv
z4VG2vDtLNC&EC0}`&EBlh#KGeGss@oM$=uHb`|-Lab+p79B2O{MRB8R@uCQsDL~5T
z8Yx6|ihFg4hQ2eAvl?|hBIFrl%<AwukLzPNNQmjx6(UCTEZf8f1xxPfL1QNzz3kJz
zq_aDOE}3Vp>x01Imh@u7TkHSTso2teS$@vz-176=_g-Q2$eH`@sc+{7kN)OE+b8kc
zrAk2%2bR%9s!O1_u=@yr7PL;pUcj$wl#CYmv$6N1(gk-*xhvwk*X~Pr(WWHJcppz2
zIRdX3xB_Gz6&E5t{U_&0GIxvn2v@9eC~NJ)+$aOlx2gUf7Zq;;i^2pyTK+9SP)fO&
zNA)InBCgB;5E1XZBjX$ozxq}3Yp>qw*VD^`xFHO}34CJft}^jgGDs5R;WNueqcfMS
z5wo*P%vZiD?mL*nir)PRx9%yqQTCU--}Vw>K5>|Bevf}XTY{9Q6;P;=Lt_yWt0Zp=
zLB5nK3jK5Xi6-;JcT6ro@IjaTe|0fBQj8ln-SXf)>WkGO6}qZ{zjHCamDm)v2#$G+
zAK|MV0L$NjsQrol&Vse`z38DusB|VGd6u&BQoMgYkM${a$i5~Ns5QHo9T<hz>|luv
zf0w>|_~~OHz!<vlG(NxDl7<39#r<dSts6EmV%r^e7`Ay^fA*oR-0*>vTloZour>ph
z)#5odoJQ{6S;$It7j5MfDt=~T@#32&z$<!K`-~QFzc!+W1Nst1%ed5p{YPm*EYBL~
zDf1i?GiDaZS?p0G+&Cie`27|`R)@Nc7O4Jaw*!`#Y#^X&kll*5vesdslc@|yh0OEB
zMlt6;{m}u95ibb<B&Q9pHvyQZ1@3Jaa*OYS+g5MO^Hw6_*@75zfArqFB76zzp~y%X
zbWVr)4cj*0MZtFgz*y4LFBh|BCOHG1%im^QRuFLkvi!p6(R?2m=ig&CE%{7v0WU+z
z=N`QE?&TH(_6&8RIj?R!7I-#%J~mlsGRYtuB5;5j=howj`+^Vk#vc#^%5c=!`c@c3
z(le^`bj;H>4uyfu1ubOx_o*a~d@Nx(m;PdGfVe1~ZJRuLU<xLPAgn5xe?gs3m|t;5
z5xxpuH2f!J273ki{W<`AO(ZYCQ{RZ~*-MTWR`A5dl4fCUQbCir<D%*x*y74ShW-+-
zTA~PxDv01cUMM?FY&zMu<wu`N-<==AZ2qUfA_Iu(jd_D-E4L;?nY(5q`S-G2yS=Xx
zE`cnBD0V8huMd^YnQ>YD1y60*M0Zt(!vgXeW4gkJ%jsKs%sb=a)eAv?rA<3r=2#^A
zRWrU^2nXd@;MULZ*~4FfM8yyOe!zi%Vw>j>&bGib5~xbOXc{1Xk$jqrpX9K;@l~q!
zobhDYh^DsaOwOD&<JSsKB|m+$Cu9=&7AlrMDo4=tk7_oH^EN*3?68c<X^3idii5dN
z=Vl*i#jHE%x5YM2uhGwPjUJQb)0E4y==w$MF~7?P|NO?ZE^E%bT(tuj(e<!z_jRG?
z`z5)t!Y7*!&$e9f{xAe3lesRo%KgMP<ZG#_fsJxR*k|gox>?8xY}Mag?@E$(+*D04
z?jxiasy5H}AiqH>m6#jsK3Z}=+u0w6m62R|OD>zX)m*EjPgDIXbnFAGi{!d=+b=%!
z*0SH;b>u$feIOFHlv)ZiLL4t=`DcZ*U@j45ONK`rlNMX!bC1OV&`p5u{G|^LBGuyu
zpw)m-?GEE0l~zQ?RgQb3Ati@|Z1O##Rn?w)IOQ?9BUYqVdvs;%LMs&Lg%sbwVe)@#
z6+m~ncrl2ja_qdmXjpe*d}~!a{@+SNSCMmA=!OYm+++I#m<~5_^M64rZ(X8T^*J}0
zXI>$jXS!A1l=B$gJK9L2qd&{ZYaqWAd|5HQ%Gf1?<(gBTpZd9)$mXK>3;PPCz9)Z~
z#EQ?27l~es*MAk&`n7Z3D5fBpi@>vZ$nY1)pO7MWY81X^%ZPS`YLgLVRmS&jJ+KYA
zQ{z;YU!vfbn4uuR&vc&ikOA9TcWBUBQ6OKpaE|RIT*iqPn{~|y)oMs-%Os29IKwGI
zk_0~MSgBHjd3RCn;8Kc;r^)Ob{tIHuC`=F-(JJ~|5?|rX>H&`UVQK%<VZB<YUEG1i
zWDi&v3-|S{obzcLUbZ7)$KR}#|I{Vks41EmOU6xKz1~eYkx2K>+uL1BtW$W6&>0b4
zHlPW;Sa)WMtuB*4jpPxEkaFv?2SKHGVUvb7F6_1a%0Jx{QFFz-yVHzVeK2#pysFKQ
zS^Yo738-3I4gmnU2?1z=Ix~+DC7cPcewof}ewYhU?SXf@I?A~-8~g=9aQ#2hsh+@w
z8~)tknW0D&ob5=G_-qegZ3X?@hhc%~+g|UzFK2b^?-9oUI79lG$d3Gr6OgMdPSLqZ
z+v9GEH7BxvCJL0G*)r2xcLiS9s%qO}%v2FA4p8o;1ER-L6e0FUgJO34(<f7|QnPa5
z4X2T#JXZGa)-mO&;oNR~ZrB6x?7yml39I)5Lsm1QKSe;yw+N%TP06V3z;Zj#G%ll+
z>4$K$zDYWaPID#$l!sjUJo6mtg=aN+<!8GXu#eqRCH+Xp3kx@ix>IY>*WU*;c&Dxt
zy`X!p1Ns4^zS)WrSRV(ZdjVk;M;w{6{AXynHP@!<)z}T2G`-qCLoRqg4@~!e$s%h$
zEa2x09eY+?<?ZWPS>>Pc6(-%O6n+n*EJ<@PBs!bRVHDA*I&y6N&X2Vnb+~_<h{P5G
z5?*#TpJRInFPP#b`coRItqsGoH7AfJfvAY8e_9h#Cn^jpM)XkwP%%h3YpVR;8dC^}
z|6Grsq+CUGeM-L5-Lg6!)SmR1U=C%k_bYg^G#V@lh;(e4-mxcZhFZZH$7;f%eDsFM
z=JCQ@=BxnBGhUE!a8Tf$9;9YbhxQZ9V!PLFdHkvY8OQv>Ho2}M_>kRH#4W`LAXdDu
zBjXgP4N@%ayx6LDB4u~RZ6F#~zgIsNn{5ZR9<&{7s|o@=o6fE1nx$`{mZu{Q8+XML
zLR!Y@8@x+cUFH{^faYc8SZN)}BD|@>T-nKt&4ER>1I6}zN=Nm7A*;U)*qRpLxOOPz
zhRydES%sRXxTkOH0}BrHhkCctWOb3}`}5258VQ3T<izs1yhUE(Ewf`yGG!(2E{v?(
z<g@9>q;feNQFXImbA0cb%n*78J_+<Pv2~G@R+D=uIFeK_sAxp`J%7Z-R>yQS<gQWI
ze2e*|a2GG{LB5RnNrU_@kaFm6)ZXIvKqPG#8RP3qcu)CHc|wQYm&FIrou01%Eo3!F
zHYnbyd5U0ya5&VK<pzvOUwjsh)fbyBo^oEjtbQW@WURbGYRp+5QxSkExv1zZr1kyN
zj3L4gI`r;y?#_+TSiRi!#hEcBdSBrJ;MYN6^#0|u&5|D_|71qum78QKF7y{2;4@BA
zB(?qJqwjUJ<2e81o8w8>U%t4x=<DDh^(sD0*(ZD`2o|L1I9j07V>UT^W8<GXMR_jd
z*3E>wOn@6z#GAJ}q6o0a<=xRNP?Dj^i!}swiNVuV=tKeK&b7<Ecw(+6gDIKS!Ux`?
zZIaP3z1SFqlWHJ(4x4o!z@5)~fqpG!>Yaz#QvIY$Hh8Nh?r`Sp<Vim+kc0qA5G4b9
zcf5q}Du+KBYFu4@1pUKxsS9znKUzoJck+SSn-@^KqvGAF+WdhNSQwV~;IDWGOi#Pi
z(Og_#A5e}WzA-h@e-V&yIxe~hyvAy(o!OsYy@C|E2@;HLs9M+auG#+bH~tI|_HTdg
z)E|TA_QY|VF*?VzqAXxXTJ~i+|70I0PuE+=|7y{josF^-dPLH@h=st|S$PpVP;^9W
zVhEQ#f~$0XxLXZBI=U34bm5X{eHOm{1LD3b6EWN^>GO(d0|DqtVe}p>G^5cav7$=R
zPxP;p;UNS}cqf)GnE^Xkse)AcKN3H1IO@aNb){%8(n|<~Q_=bsj}iR;C5J<cx$ohc
zn>7d1P5840>g?)LN6k)Fe3DNgnS>x;esvWUL1+EFlo|eAglOw*r`z1@<QX3a_E({7
zMl>b&A9-aC7O#J>ID}zm{Qu-;yI5YlD!Oa-C&gXySN*}&PnABZ1!;wlx^X3L-lF1q
z>CJE8OUlBx5-42Z<NcxGITwfCSgBY*ic@Fr1@byr^w(|E=@4OX9A+oKiqM2f+H#KS
zLRfbc?VH>;KX#p3s49!xxi(5O(_Qh3{7RtcVAyjTNMaN<L&Z1SoWZ9FAPktsUFlU+
zq2(hW(#;$ME)K88_?HKc3?=LS+yhE)b*FDPa)n2EwK%@cOG;DVu8&U#;A53nJ2Nml
zbZRb;`z~v7_C21H{OV-SOU8iO?<kt`E<9LkxaX3{qvWXCz3C!jyxXR>?-O_)%HZFH
za9ufiBfN9t=tX~;F+z%u?ME+*Km4$iYDT{i-?WL}<SE;?kG!B0s~4kt{9mU%jB}r+
z=6-!K6$^A|Zo#0Hs)g<}1!M{armKZ;rf0)Ld-5HIlwC!S;#O}GpC%YJ-Qq_pjo4oF
z3c+gyqyC%P)KETvN9y33b<ZMs>T*=C?$n3d;^F|@+WzpL9D$|sHeS9PohjmGfaH6z
z%@jB`3+MJ=fxca!U@(wvdtY+%)Z}sO6ZW^^r!mlm>R1QS|AE^7C4DujQqFQ$xZFYS
zV@rD)6@tc=S(Tpnj$8nUuU$O86Yxce*;>^Var)hcsCh0_88n|fjZ!j7D0DIrl3yDC
z=rx@ozEDwFzTo=atwv{fvz;I_D)Gr%g>gk8%mpal2cIhdZ7NOhQS&_&DK;+YrHP1P
zTjDSq4QXf$gRvVHBuX7E;(0ZQ19WU%Eb-F4Z=2T@Jj97vPQAYgvT-xne~G@Q3G|~H
zOg5<ZMA1Ux<CX_Dw|`6L#UgymwnayWxzjF_yqXXdi_p4kZNLraQE7$Ewe(_xiE?n+
z-@g$*T8atSBl(~4^|Zu5B7_dnQ6{CxXl_MLBp(SuKx}-Hnl>Q^38f=}ziwP1t?g$P
zcUCaC9ov{*8Xz&|EbKRGIaPNXo<{N&^e5uFfj(JWbP$HsNAk(t1kGZv!EW`IKR5GJ
zZF&aEZHHx(ZFVa?Z!Z3J3HF;TM71ieBQNJQ3j2Bdl+-}l*N4+)zr!o>E|>u2bU&~*
z4CwY(vgnqWZF&#Hvktk&T=I?~KQ6zHSVI77ws0KE1X=!3{7-dj%Sh?fPlUX+M5xB2
zIk_dgme09vuY<i$?DWl3QL_k)AoxY0M+Et$2lhP$^8W~Ap5SW#AF<JyEgjy-!PkN>
zv#_7ttqg9)|ChCe3yc>gy@T%G0k1bu(-_{6Rn8k1B~qa43-p@AEPQfIbwA8ba;|cS
zI|qLgY%tl??jV@E_f3})lu4-iWNi7jxWfRE77Nowrsw>*eZPB3f)vcH;T3Kj3lako
zP>!z*2dwWv7b<a}{`xc?=Wx-vePpZ&n&mn={(fP?9T-M7pJtu^V&Z?~Y$q%6K5t{)
zK#ut$D<m7XA`{R&kx;Ak(vksdH=hIO5e53fD$S;GPU|~%4#}Mokw)=o_Q*|R$Nx}a
zHGqx+FubzMoHp*0*!B_nN~0UZ^1u4}_gNr4$!c#H@DcD6B?IuF&Nkx*qRz@F6rK7D
zAe+fLPP<6Bk$j7C^MRhtAG*BQwtqEkSyr&EEk`iJ^^=?5siSwM2E97qPR~Jx3n%c;
z>=?!49|N#GcXa-U64z_px_Rk-jM>|17JNENwT{G(?9T6rsGWY%FY~7m&MD$Du=9K{
zfCa)}dDA(i!4BURz|bCdas*VD$K)I;F~a<{P$V&QTluPzf9GdFc@0jrFQ;GPNj&uU
zI6NRmyr>(plTh&vF7Rh`h96BX?v+RrfT51l^u98GHy!M%UD_bTvlq>^CGQu&(EgpD
z-Un44X>ixG3*^_sepm%#96yGwwSc%V0rZzqKbBP4jcM*dYA9>gR1MlW6y@qn#fZP6
z1)JQTkP>)dt@2{zGKMntrbBK2P~cH9*@f?)PIZ6fXa4x}04!2yh4y*%Q?nwg-RoRQ
zr%5pI;VgH)l&5<LLKuW7LTH9~e3gt(rLZ$g%~gUXaX-4|*_`gAw-JWrcc|EZ$D8)Q
zgsbAMdlehYj&#z#pwr@_b|M~xOU>%iclQ@u8PD-(hN{)C>6qtwK0A-%id6Frexz;E
z36}-(p;|B5tfz4WVdO;UJ;JGqmi#?WA=aH+5AJL3co-P>9my$v*Beh!t4wkSQrU50
zK~TtHf3|rN!M{q^A98=C-f-wyc=Kny8p6UPcTmcFK}ZoocQ|7Z7Te7D3Nx5Y;*_DW
zzjE+C8hCl=@*LhjrCjA;9T0LmeQCoBy@;sb4vV1N|KL8Q&vVHTK{=6nl(Qx{R`xjj
zN(@);z0Llu)9Wwr-N#yqZPDu;VoZXcZy2e4aG6vKI=-V!Q27v(<`V8|*j%doIGz4^
zlwIuHNO=ahPl?>~b6tD}!}S8W0yt4G;+J=E4QPvv0(_<e*)r%UxhTzkuPGO1H~oh)
z`%sG;%!s#B0?D=50G1f4Wbi<m82Hq3P;2MvR0l;A-q@QeCala4xxcDFRLO~A3sVHI
z9)8e&IGf9-q%1=47bjy#pzYTBR<8LCR83I<;B_5_!)JhsQk|MEf~lrBLU8;m7h%^F
zVLDP3lwa=VfpMn2{}Dwq$ObxI2E7|Nk}ID`fiOC@UbEkv3U}kST4~X~m@s}649BHP
zM0oyGosK1p8k9Ypt62-0{NoG2{U8*$bfG2`O5356pFQX7@=BD+cy4iQUsoOH09Gi9
zfS%j=zqFF-t|21DseA4t?1?EwogpF{ByXVEe<ww3bW#ZXpsbM^x}Z2v?0^{BM@FRe
z^Xia)QyTiFp8IT!xRSC#q?_Lf=bf-PuFu>h48&oarK+S0t5x5c23opk-&YQDr&F%#
zga9cuxeE>+9bzM4z@l>%^ny>Q`<=G%45oKYF?bq%pSyV77ob&N=Fm*gou?2+1%!R~
zuZu5%E5A}M8q&VZjE-*_FC=2XPBa2_v-G1=ZTeyDuIbzw5Pmk`uN-K2bXr;JIV%l1
zLDW9f?dN+pfvGi7$QI$2x_wDKtBwh3&=+pe#y>L%eVIa1=YFE2JP#OjEU~roN(vJQ
zOf?wkGJga{LdGv&G=wk8VDbT*`rhPkh;Upe48yiT-L)=EKSF`b!jVdbHs*Fw%&HX1
z{DkfA+6V|@qoKFRi1;3|RT(CEIIKSb-?4>FFKdxE%U>FDKTG2)NaDNS$)c6c>;1w$
zmArQ#gs5eHwDjKegluzD!uc*qj01KDzM*2{lbmfIq)jFNjk^5;pm=2MAOX7uXITv^
zK99l2aDSX3DdZRUZgKPYknz;bbu@uVjW`6iREWCpk8B5%yPoDZ!JqYYPIj}P>-P*o
z-WQB2PC;vhk+Fy_)D92mSc-IDnMUjGAxZJO9`YOvbnpKMU^?_M*F~s-3^|xi47?^n
zQKs<s>(KJ@LmI%nfXpvz-4$y5f{<bV$@YC6;-vL1l<x~LzKykP#@Zex{)X!_(G%*B
z;cXG{B~Lq?#DM;ojVq2UA<R26+7=`t(V_%eQ{5M42l4;%t`p8vu~*OjCiw<C2$BTR
zK(&1OXkm87BDXaWXf{#{?T?><41*9J18j9|zc&i6UnC`Fq05l$IWU1YIwg{kd;?^7
zV3La(?O28(#2C=2cDYZ3l%G6`;4|h|ZnpC#hSYR#DO3x*Ba44;g5861*=1&3=7}8*
zAZ!V{vPdn1i1`ly3BMZuBd(uX@+gS>Li_aHF2Vf<yy_E7<C^ZDy$3_{WXx$^jU^*)
zA>E72BfusYy0{8?U;WL5_fY*Y7Wad+9M*0{mQ{YjvneocZ`$o2r7+|Ioda-3RPs(t
zL2w`aI*@J_GQClKQN?Nj883tWxp|3T`hMpga<xhr3<mWQ4J&8!DL0jM7X4QXQ1Rv>
z2MdQEX$veF>>vBX{gLJ8Yq2*MlqVL;0`NACV7k+mt@;m^D6{5dwg61!n?4*6te_vh
zt*#&p7Rb(6&V}lGeOqS7UX>-dz(GaAi??}$9xTyw>dMa^aXi8-It&c{p5OkGI56Z|
zAKzWZ7sUC}+ndm2=Glqm<pw=(5Dh}`6^VaDt2X_FY7fl!etM79>2ZUJn{!CUnJ9@S
z2=bVmDA>WI!d2`&Rfi~OJ4>#JPw@Y>@Dghb>J6#O*Tk&(cAS_9-rN#93Q*pxS_fg!
zHD53YaSj`dt195<diL~|h%>O2+S-2LrX9uQlj8)?%Fac{T@RNJ%0HxIQ)(^0Q&obR
zn=D;~Z74G{VDqHBa@YjMfja$&F}<2P?D;#GG2$6I<_QfAzd=OY4g85AhUIF|672RT
z)<BWm0P-_f8X^GJbUm75T$2PR4d;LcoY#joz1$fb?y?90Ej`QR+5o_3fPPdmF8enj
zHcej0Fy7rt5yAj|a<98FXG<Gn4t)tF!Kpw%1^mAGW*2aQGPc5sEto##b9PWJ145ao
z9~U5nF9_i@X;~N&R3VVW#y9_mWIa=m-7p5NY^eF=bq;cN`u{&ECx%wDGANzDzV2*N
z*76A=(I3Q11;lp$qACRJv8^Y4J>E>qZn@%<ZhVEZY*wd@*X<I70PUJT*p&XEX#Y_j
z9M0q|ox8cH*97H4j2q8@W*(xEkPxq}^Xj10XJ)AfXFZDZ(&Re&Dgx-uR&zprh+$1&
zV_6_mvOBFQ?S-j@GM$5a&BbL<rP>dXj7_o4O9Z!W#&OVE1$Fo3m07PNo6NpO3njlh
zIy;Lz)G=mChdf>xINl#VU7Qn;&dm_pdpaaGEH?cl!uy9tS=LXa6xju(#3xA^XQgjE
z^lyUcMrUbzpH7LMVPwE}2#Eyg6Q^VT-TT{K6jgS<$FGUNh_n|P6(SM`!56{RVOYsY
zw&!m=R@M+>8}VQS7R`Lgek<yux-b|}jLvuogsBW<V(50e@Zg!SzTIow5kSeEU{jy#
z+}TY(?oQAslUh^qXQ(5Mx#f%noRp-Nbgw2;{5)UQ<_{#7a5C@VM4_EetxWWKIig|>
z(@1&Rw2_)*L`sRrHO`%5%(W}{1?@punjao;nL#gx`0ENu#;w25oOvc+@6ev#-Nybh
zmh|31`FS+na<TKwd3Z;lK1i6vMu7n=u6Dn2{miK#@Sf;39WoZt=hPb+#T_ia;xb-4
zgJa2wiWpf|yh%oId$ecftP9x4kkY5?6cKGU<B(hIR7>qrFijAcw$Hgs)-RgdBDO*A
zG{SuA9B%ofY(kDvNq5r<)(SKc4A^&4M|ZYU0)(L8z8rSV-?5=RvJ~K!COsZmKXpBv
z9XN?^k`5|OKZ7e-I|yj~aw|O>ta@f5u7Z(ne)oLgI-n#;zGQgQnWQD`#y1aC<m^e^
zNw|6dE@_E&=l-qJzCtMVO>%<Zg%(DVh>`EL8_nv<!}6{+zvk1sipal9Fkt^M-C33J
zX!mZ2u=d-j2Qh9wDjQSP3%=km_O_eCI+7nPy*zMq#_y*Geu-I(A|#X*`0)DAmF#KE
zeyh6E8lV;zvPriRPN+=qefoB~=f{@(-;7~yo9D?S#4VcHXS@-)y7Aom98^m)-B8UL
zSy3qpncv@3q!R1{z2^aIQpq20>%1W3^p1f2oYV?edgWoQM!9UNC_qaNyUugGW^i@r
zVIf%~DD+SHvig$F4H#q=U76RtL?=^K(r(pB44qTGN<eRnoOj)w7I)v|>VU(8njJ<x
zgDU-QKE5V~-lS~00DclTpU5rnX;g6RRmktuIiHuhx!mLg<fA<{Fw%UKT|s5-7h`DD
zocvJJ%y25k6bhm{eWt2p+nHzQYbzn*WY#>8l^1mHjXV<lChN&BC^`6ul>1Dfp6xR?
zdMhHqPnP)DVRHTB2JJvA{d59H_azy`8?V5F#dL%1a|%l}w15X`Cg~nf#1LpTh-97E
zC0IzMf+1(N3)AMf<_^Pam6Mcw=p6wx2q9#`c?IQa-9mbwbJ4vYp-HpQ9@m*m5+zWA
zV(G-%RP#}+2Eevy>1D4+Pa4)j=k%Ck^^}8LNs2dBRtDfi6={B$dc9F?cL)d4bg*L+
z24U7^BtR%vHoAio>23j3;Yqp`3Ym+@V#tNt4koK5BDZS_zcTyZcTK{|+RY{_#DLV&
zeOCH$0@&kEPT#!kAF3-Og5lj>>+sN*j&lR#xbziTS#G(NIiBk-8Oo#ut00y9(;AFY
z`MVuf2lhRp2qNpTS4^HHX_TMh_v=BQCG3dqvF&%a$h&LP+R8pAR~f;*JpMvOk7k6#
zki)d<FIt<<!Whvq5V<;Xg63`ocVsqmWqNTUA3Age+kcYH`tW_h+&hxke9!c#xo=*w
zNe!Hnoj3QkOFwJ{2|(1)Xw6XTcoA@v9uTy%@=KcVTx~4UFdKrpQ{b$#WX36pOv(xl
z9#OE@+1r_9G6aTT3QylEYeH?S9jtn9IK&<@XHCgiuf%|R(>Btw*OA+{=EaWN5wgJP
z&6_@818o)&(kHQE2DhKjxr}F8qh>kcP=%qzlbYP_oG4xY@o};X1b<FnxeI-jmvI@S
z1?H!%yn5xBD@A`1!TE=HmLHuh8lPAY3@JgqYPz*JljP4A9MPCD$W2BNJMfHgDjOKB
zyWp>a9(}uV<|{S0`1yHMPQ>e|L?`lD&xJm}`7;2S5iqt5A4b9SCkfmHYNcH>jFsS{
zoMrmhE^dpun%rF)fq_oNXZ?Ub^*%UTFLJ|#{I!nv5Fxb%G;|~c{v)$GfpxRZ;c=~>
zab8_-enu$-lry<l*C-)FrI)_vs`T;rX45|)VS)JeM{33giv;~3$_qth3t$Ae!0mbp
zF4x^!D7Qzx??3P5cu(9C<TIFxwWOBXT|+X8KA+2xCT5BI?bN_|Be&Ng9jL$_Z$6X)
z_azV@yr}O)2d%#i=%H8dpuk--KU9;-{`y{HE-W~>tA$94)mL-QBe4GVCt>sf2Z&&Q
zoRVhxM{{vrB0%5cX2dxFiPr~sZa^cA7?W%zhax3Eaf=DNCw<J9pb!&1oPq;b7gW*U
z^KPgGB{_k-<7yLjY~35^pK_S6V!{W6!b0@m&m!7dfWbQjBfGvYj>Jy_YY;EO85b*(
z-{N0VkOV$E7OSM6Uuy7cR>ozP{pDfshmXCK12u*lU9X<DCW6mi+5S6IVyU7z)aw>b
z__mtokId~R4}hwahElQ57}vZLEDp>lLUMw4__IaE-@IG?z9%9=+~TP2N+q*964BxL
z=;@;1v_1nJb0d&l+|#2aNcIzI$<455du?OF8O(7&(%T#rj(VEQj<J3>^ZmFVl#peY
zzIvdNBdT0vg2!IxMSz;ThTNgP$=f$S;zbGAc{gof3Xf;0WN_u-Kzsz-6KEOG+q+x*
zCRTuHTY39!%#ozAQh4^LOlWt_f;CWX$CL|;dz7VNy*mgZ-$_kHwbr{WHPM(L9MQ57
zzt6U;1X+*ORX&rnn6Sz%B%a9R`&ir-I<*E+6|pxIHLs1chZ00iTy@_K4H(E2F+w;x
zd6pGhQ3NE|u&vzCh%!XT+6+ADVmU$%?mya|lfA_afF2??V9_>^2dvTtwjRMO{&;p0
z0_p-x#HZQQ;;KlPbkLj6%5ucOfq8?A{0OH#SFR+O5!rFalO@>MyRWqIg5yz^+UpTT
zw_ZL5L#^!J8J=Lmf`bJS-oahtsz|Pa*c8jX)109@9<^Z2smg0w@&Vx>IJwQvs_E^7
zO5v{~3_f3&eeZ}`*<7!2v_-V}Ho}_X?7QA*fl3R;VTDi(9eWH5`PP>Sy`-!rn_8Xz
zBbO`eg&>%Zx&<p_Tmz>1T%96>`e=ylON6$Spf&|GeiHtt^AQa{I<~s#vpKF9lzQpb
z!-bE0FM_+$Tq7+f8vH<J(b8jP7K||d@Tp5=L94EH_hg>WF(?|O-Yk_%$Tq7b-qMd%
z_mH5>QE{G^5f0+s<odvJ9k#|lRxH&rK0M_PmI(V3_(yJ*LFu>`l&vX7Yz`A8a0w?W
znS~GP6b4PTO-sc165{zjk;^X$e7;9;G+209NbrliJ*u#$9G>gj$i_QLbN33NTaP5G
zpU-8+x;xJk52<d=40(Rs3X%mJc!MQONXu5lEduO_F1~t1`o})UHu8`Sg-A%u_6ZvS
z#cTPiQ#CK5L3IFJlk%}B6DtP<srRc3A12y>D<}x)3&(^)Uw#xUfCp8dvW*)I_+MUS
zXLqh1fY<YHjSX;a#irC^6fmP8wBQ`i*>W)fRubB+H$RSi@M-r~byqpu+|1JAv+89h
z9B(lPeZ=isaCrS>(b)i;Q`nB;3p}s9@2+dUxWi_T9!>~sqN=wi?m|M%eD(?kg1IBP
zM-tNyizpzMypuPg05g?r4s4%OrvL8yet<`?0@Il^V1z?Xo!=f+fwYhl5ztF8+g&Fq
zGugvj?hd3oEsd+YS5)C=%+U)*E45q>uTf2`wl95`?#&fLmQbc=`QDxz(*hPXu4?3p
z=?Cv8b_wSWE&a0_kiZ08F=?qcrhtTl>jHRn6i1sMGT&B{OP-W@)Z}CjhMsGsmiG62
zY8Btk(TYEn#10>f&~VKTNWW5})&&NSlj(Z*P0dNi2ixg!X2GAEJ@utsW-En3fq;PB
zO;thBdVe{1lF-o}A+{)JJ(0HqWnDE@-(?0n%8}H8ghkrT`X_V!NB1@u2%qdNWf3a2
z!gehb1mxGZFjiwQ`{cIHV>!`1kGk8JCdH|HJ9&K1)5yjNmKKy2uJ?N&4^q@#d{eOS
z<hK?KRs^4&i)z0{*t2&#?0eMHBX*c>rNl~RpCu(lNZuz}VwOh9<c5dp0XxeV>D)fJ
zSX+yvoZPP>h*X<Ivzk7%w6qg(yR?hx9LV%EZ^k$b*>aI2H3YFXfEi$o{t9!_a06V-
z5^d$1^$0%96A%)pk;~VljNQeu9Vvbp79;&)FrVUfWmS}ZWH>{4`^7c?rPr%h3ck5~
z^dvP>vm6?~;k@eyCXhqB2g3`#A=SPViEmScj2WTU$`@@zqD-y@M^xs)gGyJ26d1mf
zmr;bx^zFUM;dw<C7I1p3Tc>19_<%quPvgnB2L>_EwLD64bohS7bn2zj$K;xX%gn)H
zjSKQ<mWFE}l3;3u&D%@2EQx@SOVymo%Hv5{0TCJ4GRxbn-r0f~z(#uCE1caf8U^Nc
zK05UpHgPc4c4lO;-1>IeA%{cklh3<DQIk*wb#T`xpGfe>`!&o-Pb7>EzC1m9<i|6a
zwvyS|m~i3+iXhY~izU~v1*8;KNPEtgu?ZGpBhFt6i3#W>Kl)Xt)H;24gdG1=ZjET)
zoCeT7V&#S=ko(rVZY(6SR`Y+yH8`(U4{#Xgv+{`n;VL0P??O?oyPKOTy<+Gb6E?Wm
zQs<)~uNF?KSZ238X&0mv@r`@2vLWanDF${5`AgthuJ<B}6Z3M-7RL7A>#NP0`5=(U
z%!2R}cJlvM-CO@f88&aAt8`09gD6XhfYKd;z>+H64bsxm0wMxZOE*YKcP%L*olAp&
zL8rnB0xq0;dEfW@Ip<F}{L1Iq-DmE(C$70>=FZWF-zV*vv8fH&0?fW%XhMJ)OA);q
zrT1IQd}XTTHE8LMNw#$7{gMmGC~+asA^C&RWY{7VZvu`9d_%3SZS)Jh@R}ZvIc|p)
zGf>rKmoKmTqsjpY@@cSRH;8R+5{kJ`gSWMz&RQ+K)Sj>mp@piKk&R9R41M&du~fm?
zs}B-Vw-4|&N30(Jq91+Z32kbS0<evo`E7A}=!srF8Y1{fh*5@DigEK1lWY!%m|F6}
zNAe2V1S3LX47}vJXfRpDoqr!&tCWBI#fHE~)^!{>%~U7|+HZ_Wj2b?k6NPDd{7s+%
zt=jJ_N+z_xJ`JM8?AD!jlmmuqDRFK%Z^*s9e|_^6B9gO}hzWSM;GTn2{$r1YW8{MZ
zA~?qNTrKAZd4^dJw$9yMq+KyN7g&V-#Yy$t$DM=~7yzWY4%x*?3aqRy{vn0&1e^UV
zRhw$Ds|O*=0rG}KYcm%<Q94+D(iXhiWO=~!jG^(w$R*?YJu@XUD<_V=SA+TUCU8N2
zI9daFC`NM2F2{z+FLTz38;8ln-b(Ji(8gGLQw%34bnQx8RMBBHfxZXf7)4KZ#sK1N
ziTTM20X0O7)(tluePub<DUl9<T2)aX?ElqyTu5WW5Rh7LbUuB~2ebgY(POH5`f1ZU
zFevrPX2pIMPAI5>6v!fdXXA*^wdEXjXK$R|({ob!v5ZTGZh(NC!q&u0cnXOl7z_&n
zk!PpV;v{_N+j1aQo(QMhUtpQghe;@7xg`qC0(1UH+Cey2p>X71U$T%r^QTxp$Wc|#
zF<anUD0r0lx9Q!?o@W!Qi(e@BNksxvp|?c1Y$qgsKJrlzkFRl3EwaY^*xD1QPhcW2
zkk5quzuiVy%nyTEyQ@6lYB9FH@*=hT0*;YT9P!rqWP%&yT;m6I2`R^3@}u*4w;^z0
zYp(^aGVb7bka782*YB#qPUEqEc(fMe`Sgf;Djd(${hBV`W+R4v5IoPP5U5Vp&%lDf
zEH^ewI|b#z$Qdc&;3y#)Y;j#=ePM`x5*WnX&j0~o!&-C^QATm{G=)N8euho+c&gw#
z5H>tZy|S@bRVu>|4egxc&3Z9D1k7+PSK)|4V;5eF)<kVJ$0Sp=liJlgkY~B?YqIIw
z!Uk9A=SthlcK)ArnD^qS=UCc@2Psnwpm{$L`$b5OfPD%y<3&B@dx6Il;n%0$X<lb`
z{h)2C;_mq;1`Kqe4y$g6hMIu2i8i)7s)YNz4jUD6{VNUxJumnEn`J5f`-8>arTaVz
zoZF+X%bGfY3s~SQ<EA&BmZ%!4Qw%JGj<FtOAK;GUSyd}hteQ%9tU3d$$a?3{D#Z|b
z9VuYPXqpH)aN6;KzEaeNX6;6j{rf^1Wvo_%`>%RC<e5Qe-r=DRz!^4Be`8_ou#YX2
zhk;<h#y2hKuN@dKbI4DlURQE+8yi+x7{d6ET5DqI(W9_fsV3fK3AC5xyZMhoSDQze
zV1Z(tfXq+>pyh;qsckLD3}f+3XuM;Z+*P%LK6v0a{CVYVFP(oilx|`&U%&D~@qzDk
zW`6O0=WUlV$dX+il^}z5tInVy#+JZUjC^iNxaqC6RhOujb8!MTF20GqxPW*Vv6PAc
zS7F(rTJo`KuNsKsP`4w>69Lvw+!TAG{zF{Q({`e^O`hOFN6QNl0y<cmgl(3LsuECg
z*ABGnpGX;BTP(Od%Pt$DOB*=!RupkAEF!$``oQ6ht&bH9%`-I<|5ci71p>*lT<Ug6
z501oWzwR3&vvYz+Pbd6GvItJBx5S@0(MM!)0t(Z~Je0KUJ51}<b9O5ybIKy}-Oin=
zLrS12yE!{@!;ywwR2}a^S3a`^)>Xzwn?=O~{9ylKSZwpegZil3Gib0mFKInsRL(Z2
z6_ZFQk4eqgI1wtzjWgAA|6za;Dc_V@0_19@A2ndk%PWDB>Z}x7tW3_Bz?%67EvCpN
zjPn!RaKCuFqq>k89hxIQ(q2<tJn+SwOzIUg2)g~b$kOHdcgdjE9=f_TW{MOE#SWil
z_wKOCq=7pi_gS-fwJhIL8Vm^a7#neGs_X`rKq`t3<=vwl6&gE7r~KC>P?#n#4th`6
za{1ImIu>)cGkPi+#@KNQ{l*Y4qonR`Lt##$Z<x=RH9JQxZhh8R$yg`%@jS_ON~2#A
z9d5#;Lseo!YE##G!bMikff>gmwK-bWuzqk(2g~EwOSPfyP`9uEG5(8cp_eii|IMO0
z+s{pkzd68gFh+iIPwrJaJ((|N=zQ(NlIKF~GjMD~M+hoEuX*sT0in356>?$NQAIaF
z;SH&Y$qSrty1~^aw2*j4mmtK>+htW?A!uW;N9zN<$_nxDv6j!Dcne24PJKnhgvK`I
z_mXgzO$iL%{jobLLCBYa;sQw&_6+0P6GOu>#d0dt-&X4^=M?(}=t^z03*}o7Is2ae
zywIAs+sb^f?5_mOA1z23H>^d_cR&FA;VW}7QIIk*D6nNn4Kj<&y{ffmM3hJW;ziAY
z!gBJo8U@TYbF}?KtwVRYH9)M$lG2@cF%KS;j{7+d>)X8DV*$Zk#b}1p@QBV6imjAT
z5MTK8Jn#$cA}xM76tx5I!a%uIOXDC$XrCpAzzY|6By~l|f>VHi&YmH;y>bePVPMhi
zJJ5OJTwMK;*Fc$=yzHoZq&fv<0WQSa%WX9to~{URAI?6HeC`x~f(&~TQYAGr4+S(Q
z829HDds82}KeFFf{^+=awFi*+kMsgce{6!GpfPX-BM$G<$H?Krkg6Vf)Ky(LKE(-B
z{N>C&88@BeM!4b|#R|Ihqg;&b+o|$Xns5Hq28MT!8+qK{Cl^qMQ^9c&Ytf)K)|)1$
znL^DaxjnlBr+EiL<<_e(TjAW=n-Hi2@t=y4$HL(Sd7E7Zi4_{iYS>MaPgsP0B?_QN
zPkhnEPFUx(EgO1I@Fcb~g^(IXFAL6_mWTPx&xW;lJ78*a@as9YQ~7!B5h$!a<=o1?
z`JMc9t);G%T?+8^m>Hea&F*jC!klzW&dAtPlQU;17!6M<z~?YY)%pre_Ms#1`GiF9
z0{DqN&r)Wc95r$kDaaXGHy)(k2N5rYr=}NLLsd0c6X;fNx?7pEN|E;6Del6MfzAQR
zA1i0P@^a(B3|ghyU$O<988DCuLNjeIAQXi2F`1rvTTfQmftRv05u9Y!9Vm8tM=G$D
zeIX{W<;$D2FgQH6e<2E<L7n@g`72%r0KKoq*89tUckct+r`fQO=p0#itb8+p%JVlf
zDwZUBu44U^z*WXfj0bFa|NkJbKq$O1Q^=zdu;Ysqb|F)BAEpYsd9k9DF6YWe?7Jrx
zJlwh?Jyr5C1C$Dh3oot|i^t*M<hD|Ff>L&dUDyb~ZlBV!x|)wVKiSaPf;Dj@*`X_!
zJ+^y4a!NSPtt@g=U^+T|M|qqv#{M5vE2OYrLzkbK=zYu&;03m2a`3&DbK+wiWxr&>
znmI81>JjN|-e!Swh~w9?GPEhk1(@nx;$iK@q!9S}!9+AzCxyf0YJNiHuN-opP0ZdL
zz!*z3sMjW6j}Ou^E?s@q&x1e^xD}!D0QCjKVTVxs^d<XJ{F2JE-3FHXLS#T&o?>1V
zAP1K{8-U8`u!;C+Z}|K6b$0aqWEe`qP6SbY5Bf2&g;LO&;KIz4TwH0%Bu~py%tzn+
z4BWvEc@3^qaO_4l)_GyDGATIpgZ^u%Re6GGW?!O=8!Z4{tTwZ(?7;~2mNhIc0r#W=
z^g&Ckynbvuas2tX6d*~(L*Br7DORG}VO<!XM=D@a`W7h$l&qf_;ThUNm7y4|{<DUI
z#$-0nr@h7(pweB`;nD{wblZR{{<vTAZ;*!x2k2LV#HWS)KwGTxl#pZNF!^u8VJAMR
z?3iaSp4*x1bwpZ}#M7bXJ<d+`H2BVl0M0tlf1xkj_7r)Ev7NP_)UA@v)`S6YX?16$
zv|)GsoCId>(@1Jgjc#<e!>N#qYj(^mQ{`oU`_A?6ww~SazlY#ftPztf_x#k+I}rt;
zDtQPxcOnid1jqJP3aL-@&or&99LejSI}c4k%|&8>13+og2CBXGa_+RjbN)UY>?OXZ
zqeD&I1jKX2Leif6aG2OHlj+M6fY2Mbv_)MO&iW{CJrnmEeVAyb43Y;%_AWyb8_5{J
z@|m^`8WpxJ0-%BZ?_$6%X%>5q=XBd&wD*9@`)o~T2F(nbzyr@dT~g2Ag8^C%gu+Ul
zwn2jp7eto>MafNL#*#;oB05iH0fen%lV4~Hf2SiOQ(cO%ek7)F_T*PLp<#6b>Mk&Y
zz4Kck_q9c`N(i{Nwp8lbml_Wcuc5yb>nut9IKHO+u=-za#PF}fu>=O%vmmnWZ^L-+
zjAPWzGx3UQ+X*I;h;2#(a_VoGY5DiRlINuTAGDf^jt4$d&g#zbowClXDzMJhXYhT!
zlSOpjFiI2I9UPbrZW6#`rEoJoclT8w@>Zik@<;AS%D+tr80V1qc(*vu%9NC=6kw>g
zYz4Y(8Ai45+Tu+{;!&YAeC`YDj{NbM-G8sMS)})0%)mC9ts@2#IQmRCS`c06Je!!b
zvQ=+r+_1D$^h5}2O-S@w^u_6m1tQMB0<0)k`QDGrb4*YGc2k0D5mS}-cz7r+4J;#5
zQa!hBGekathRo4s_Ikbh3?@6Y9c<UP{xt$<T7qNe<`D)>izG)lhVG~uT&l<^@y=hN
z&pXx1m2bkW?;eUBOi!G#iHSJlOL;xM23A4Q`%kW*fe>(Z?k&5FLP^UC6aZ6vS5{Cl
zW74nsLx(V)0Z6jl{`Wh7Qo?omuCn4oN{mFvI;Yl%*ltsRgtpI8C@Du1%(Yuf6H9LT
zRQSkpN)$v{Igv_VJr2{hl(-$EQvVwU%w{C~Gr7J4D@KAaeh$Ltg1h~Y|LzDN6nCGf
zP-!zm+CvjwRmi!<(V@QH-`o(X`lx{!I@1~1RsZWTESDW4l~hTcZp?|VAr_LolM5H1
z2`@(Se73+er}4XS`b|Y}vvXEqclB`95=```IBW6~0}=p3twg-{V%CQZoergl657iC
zf!~zySc5Tgl-cjg(Kg!bZuGmx`B8Qo4CMA{Id};39lZnXQx$AFAHjs=OhNdo$>Kbp
z2cYIO9yx{V(aJ1Nl~krOF*jI9sp&*vr)INqsj`5*K0eb7(@%x7!Gz#<>Ct^l$IM&h
z@H8nk<GVH_z+r-jf74__u(B|P7J-uVnMu{~nd5}<CE!8UiXy&d8r%n$&UiHaMX=D^
z6<Buy>IAU@VJn}{9ChX;(5&z+b`l#A-?DEnVPv;(A#0TWGXQM+{Z4N%G&Ghr6QBd}
zyFSo_!d(%Z4tY6HY8}sx@@txL`d4<}kuAoh0Z77B`xgO>2;9`8$6G_O03+zakU@OS
z`@I9TkY>vFxMGq*SAPHKV?B^6{L=ICYvmMjoZ<=D0P(`!pQ4}MfZ|So4Y8DL@VE%y
ziI_<QX3*DiuGsA-R7#yb667i`wXASEBH&lEK&URP5jhQxCVnpppdD(=kXx!EWfoh$
zAfr*rX?@Wy<(iMdPQV)G%-%*yYHTXhLDdFwhPzyqmo1WUQh#x)H1spHHd-3e8@X+<
zy3%uf?Bxbpd%TIAPbhr(yk@_wWYT(vlfMOzHdeLx_}zcBmIkU(aq$gl;NDRS`wAQ7
zuYWcJ1$ptK)<V5SV^|kQ<iA<**Zp6YUOnxmM;#phCnf5OyVv>xR6>3Nwi2XOCctfu
zN{IPL1Q=@88{UGu#EJS08RL3?bP4@3Q)-gy=B2<$>-M9s%~xTZ?hAlQY}^0NYa0?@
zuy5R@Ex&LNV{`9rWZUvAJhftzlBYi_)x)3)%|&UUD?A1NON=Zn?d`*iUbR?{j6q~I
zKyq2~Sv6Sw7Fgsn!ltz+mI|a3CU~UD&G4necHwOCe&nbQVwMN%@|h>^qu$CwGXH6<
zj@bA;KVUtxe!V+<k^b?%6&(c#$plM~2T3R<_<#%!&Pd)>@CLjoK|a;DhbkutV-GD~
z4Cbku%6Jm*B5&mNJD+qfPyrfQVWx?FY8na;KEQ`bX~hw*Mmih?hn+^Ec7hn*-J3Ow
z2a;Xxx*r*G7lP`Z7**HO)*IV>C?^+DsOMQ+=#PIdx9W%r6${2Tw-wKAGjNv_U8&si
z{g59}+IEL``w(3IWnYO#kH!Y4yRg?F{6SW@E}n$S_N(}%2p$#2;Q}+txiv|~VOyQ0
zE1Ao9R8=VR<9ib;bXl1eGQkukY(z~hg;EWLfJLOnqLVo!H-%${Gk1DH4emEDigTRr
zv<(-<d(I47EA3-7{d11|sSnQ5<lxz1vXor9+ul!5*uGrCz$PAOu)Yiej2p-|J#$XA
zcmAp+|F$wUb@Vqw#3t|Q96??WV1jB9V*hkNdF*EZup6)UwkDMPGzf4po(h3E?)F}1
z1l;4?ei@t;mi7kOc4%-TLCH`-MBC$3OULX4@(iq0Z*E|lrn5z)LM=^{FW`^c+VX&Z
z$vEEGE8c<2Br5cL)jp|-Sd!+oCjj|0^mNKWC}|Fk4Wb~P;}U%j7AC%JnL=_SU=YD9
zfV{)w7d_Qx&$4r1w+I?NOwMav&WoTNw;=OIL8|(wU*m%}s66))qS+U;@&Ud;jeN((
z?B=@4gJnB$>ii%-!vA#fkpX{{L0uQDs>nv?An3#VD{{z5A0=}`EGUM87)p;f-MV?u
zOBmK$qX{Osl}Nr1?K~Au_kChD0}&?ttU<Egm_sPdwVex2vduXYkG=r$osR+s{9H!>
zz^M6*azv&D=7V{+A!7A`{{8Af|H+PU#P#_-vzw_I*_&;^ldgd>UdI4l0y}ttgaVts
z{2_szCMZ-G-gcZ=A_{YUQ?oguUH<`LeHZr4Ygy8|pyUp{#nHB<i8!SFH+mW^Vrba;
z8VXDZ6hJAqd=s=VzIa77LUC}MBVj^Y{#G_uN>ehdxb3AQEl&DoL9v;+(Agra?p*`&
z;yY)L9)T}a9!)pbMC?KVoRV+>W@3q3(ws{DxGpl;^7pX|&r7Ke)3g*xvu(S9t2HON
z4FCiuLOc-C6c=hX-DdwyWG;!RFQ9Q^=}=O&QZE@i9K8rMN6g7o&--Wns!cH?zi1(O
z&b(F_!A>^X>MXjhA!4EKjNn(^0^^-e7Yw)^kf(60lc7IhBCjStn=Lf*f~obAR8u0_
zW<$&xz~}GYrrxG%oe$@428VG$#8_>xWTID9p>dT%Tcf!+Th!L4`lAhx#Z3(%`^P3V
z5va`;wLt%ZFrRifOtLPqEe+V>5@Lg}%h|9<p{0ze5<s|{dg@*2|CbA<c?<V7_VQD`
zw?@J_^1$E}7-2-BA`YX-GzAcZ=@ysm@0G88+V^$bHr0N5dA@5YBs2Qi;YX6%5c&`T
z?bgZ}&H1RKR9ngqzBQ=+zH_UZ3|O<K{ZwbS1E9p(v|xU${);LCkUI?@EN#)xk*$0)
z60YNAlI?W#ChPn7`<Ac)@H$d<CkpB!r72MN@nNI1C&4kdf4#e4c*1(I5S8&GQ~9Qe
z!_2cviMgUB>{{?Bv-|PX%tKEhU_4@(nU^!|E_Sqm8&q_$C*j(vwwYXfeD~Gz<eME`
zZ5ka)Y=pY}wh;4q37Zs*7II`O`oQF4(RykE5Yqrb>ihapoc!2?h7dvbEmfu(5Jkh`
z6olu&smDrKtB;=Xa}ax$_Z?kGy`bZr0<8@3crIkogaB#*91JbqEKAK--NkNVGhKvf
zAgt9Za)xt$xLQql_$z9C>Z0p0)mA#+`Y)Qm<32txn_0FU&*(h0`QzjCyAt?VAa2PL
zqui%X50ay3y}L$!>OI0%EAPAXs>k!Z%%1Ims@%APQ7Uilz$v9Hv5^0L#sV9gtGk5Y
zd+TjArv+hj@PTk@MNs{T`QeSI!Q@iCud|++1tsI1Hx!ltN>{*J192^{&j)M-;F+Zn
z$-QzdsFX6TQ~+l$JxW7Ag15^<_E2zlE#7};=yJ!xyT!U3JarIP8_={fe5p(U92Ye&
zon2<w(|(v=x}aYT*!z;_gUDp>$dgGO!tJ*!d++5wpdJ&^4h}RR0XRMPfHz)B`r3b`
z+<|4Tb^lG}uU$;}rPxjCv}l9;G#34p68+9Unv2nA_&rJ>i(tUMx`S_-1LnYf3nC_*
z@oHA<yS{KZ$TMpJdcXW&dk#7Yx+nHu!R;nSyP7{BRx7h`-o?B<;$GhKfJ>>;LfjRi
zBNl26-SK6-0smDr)f25!`~*6Qg()+Q`9d4>%-Y-y2Oo?<ddHAR38@)zV`TQ58!UKz
z<R#^9^ZU>ngyKI&N1_b{pHy{`EBe@J${o^1u+`>O^SyutXBWiH8@dk&FjF(xAP)(^
z^wF5Ro~86dm$Dei@QsMh2p2ssi{HMD+>*w4NlMrvJxV>l$8C5_#FQ`Mm80ZKe|<CI
z8JiNA<ub?X18+N8>c9wEV6IGCUwn|Nc$x?eFPv02b6|Em)E{3rO8ny%HiSu|ehjd>
zPN$9?KeRRxe|><;%8b+b8L||46DUkJ24H9%V~ccgcmdFi5MOs@H<4oxy;&-g@n=da
z_Ke<bC592ho-`JaEzAGm3z!EhZ)k3%!c*W1B1wW=>V*5%?t^J^KK8y>O3}fCH<VT|
zFPg(6jx3a+z<tfzmW#+OI_F<`4gBPhkxp{>lS+EN?Zd*!^(Qd^h#U!nQlU5kl`sga
zL9FP};+WSqnAar!nwL&MIkg-EFo1ihkcL5DaKtr`<%N?);2fdmB!2a6|EV;IEh@i1
zNBT1V-DHzeqJ`XZ*z^gvn6$?RCql9QA@Za~H4!Ri55kA-*vz@M^tL5Bb)oGG(J|#L
z#L?2%fEEyAV0BCTt<(d68)&y0fUp!(%U~bM&p91IF7@44GR)<&4U<WU4n1?9`ZkhG
zpOvma{ivqlpFLT$v=x6R9^^zfx-CY_YM~1wTIlSJxLrH`nM4IW6cMPR^d&SqP8@D`
zl>S{}{Qiz)D2wMbaXqLNcV=uRK^^A}{3kuxSLWH&90Z7Ii9#Ur^=_e^m2Z(<@xZDm
zH<aBcs^?NqLebhQ!~#&JkKxUk{)EVz9Pxa&l;51DNw~8?8auyK21@-7!i`Xqi&*#^
zxI3zwttelx>k{|%vPChsj+r+BCN@&Wpb~{o``@Ymyw|z(bYe->=5v5iSWdFzzp{)@
z&6l36s9MKWjwvtr^Xy9zrLw0!4o~-=K8})y@wLs!lcX+nyt(m>r%&}XBCr{tyqsII
z{`DpE^1SNQnSD?C4Z>DT(^S@Hh!L4V4Ryt@=#+#X-*MimoSnW0!)yQKv%?BMnCKqS
z?}-ZOs|&uEg^#BNNLxT&g}Gne(Zn&+*+>L<H|S?d6ifE*fC(ty<Hyn3^t=0L@BUWK
zXlAI(hKR7bYVP>6m~)1Do0P)OD?hHv^f!nEA8N7A6yx*sSDruh&^MC~2gbuxshnF<
zPJ|Rq1EK-a_7HF${cw8NJ^CjdX-{0IxH$&^JM>O1rmiLFOi}cyk&^A|+~v|Nb7Xv$
zg=c1>{FJqw_9I{Rri)qpw#=IwvT)-|6CS3fC=emwttbF3Ubv|qk0L|P`&8cDomjH|
zJS&+d*ZjYv@B2H&7s}49#vZ3Xu8z4KxZ0J%sxN5o_Q}d`n@Qd#PHo6|_}W@vL8pu_
z_X#inSZ&{t1SijRK}9@V@I-w+I&{U>(F69C2+<Z^BCO8m8(%<YFLqd6L9M#emU<N)
zHxwoz^x_k3&-)ODh|A$-)CCxm02;L{D+$7wt|N*XCAJRaY`Q&sUeINgo=IS<y49mN
zgDu<*eKG14G}Qn%jI~ZGyBUs9K}MYXmeGD-U<<O8`v)bhE;A7spWoIEnd~Bs2(Xot
zNSHr9_WIn6iO0H`GlT}IRRMf*vK>82k2<-n7q!b<slFh+eaC~CRrtj~^}4ut8Kv5W
zo#U@hsyadFB?1wQD*Bq6#iMRoKqBM+boZB6?YV(|52kt5@zWVGTSO%E1P)SB*j|cy
z8p<hp;SB&9)yxXl13o>1UwtI%^iV2qU1w%$e~Ev$U)E$hSBjICcU!s#aulGvc7ipN
zeC+oekYNK8=<F6knKD?WWMEc&o%1(vIucu?kh7K+q6f3~+je4}<n-;oWLr({4kEV9
zM4wu`D#5k6k1s*W7C4}_@?kt9=`JygO!_vxP|_F___z@Kk$)M^f?7|AhjrpSY$tx2
zOe}Y{2KaR?i8_({xjLKqw#XJ&1rc{B9EDe?#zorL81<YZDUH2j3m=3)e1+%@84QQ#
zFtIbs<9hZ*!}OMxgWpn-0L1w6F|W<@&rk;HP}G5(`(zbHKkHnQb+$n7`HKP&hJFx!
zFXPKTsCouBy+_8v=j4fVeV`M!Z8hs0N4)OB_CCFw0<+Y$wqu6rQH@_ZrnJN?$r-ZF
znyeH3zL_zXZltsc6`q)rJ|-4ST3!RGE}N7rt!#zOvXI=Lq6e77dh0%xbl#noX$6Wl
z17$$@_&V|P7ty(D2#xl%4qexYlKs<tjy35HysOZ#q!|<X_HX*6io_4-j?!pu2RueT
z?t%R98=ez$;It~R0D`L0_DX70q34d&v)&^GwcK~C17}DE#NOJvP~hK28I?P28%%9c
zy4B2=sw!(upnd#N0$tt0u4+FZU^7$T-{OweF&irPlas?ke9lr?y7ktHzS+n)kRV?k
zJ-V&*RsCeRc*he9@BZV6F&=G4xynMH%`uCUdZDdv41c~aHoLucUj~VCeheJN?+dA=
zy{I^*R)>!eU<^s7G5?oYW$_s3N*Mtl)P0tc_+@<g%x?SYgjYPZfU1@UJ)Vk6XZ$y;
zSekk;8!|_-!SY4c%D$k4kTem+VgV7`XFJ7UWlgt$_RETZL{<-$@r1(lxia7nSuy9-
z$F;~<5OV10(8WzE+E0WgLa%H|ufnmC2@jCnBYI-`k7__dMGoo{#4H@)%!}AUq-Z>h
zK|;l&SE~<I&IMrYcM1I@inFrhTvHa(Fa^VxZvdH~QJ(E0koXcA#NP$R(OnBHH6_-@
zL_FUAE1JXMf%CPBGGioPOy~vX3?=sME?01FF&z(lqVt>*(bZ7BN-m(x4-rXGF4GA}
zdDT#<+9h|VqwEge!%ea|;9{?V1=*?qzG^-B1y4+fHE@F_rg>AHp2wcS-V<ShDLK#}
zSmuPO8y2`rZjWycC=9AM1$Gw7J^J@E?wMS5o7Y5-9AiJNzTx6GYG&SrReY?iXJo!D
zUi_IoA)%ye@dnA>T@0Ch9i+AsOM1-{?zU639$k*IhaV2zwC@SO{H_Vr>HSMd{QTBR
zm0UWX+rytvkr7fmrKU>C-clA2sUK{bw;2mS%FPDC)DT7iJGhB`u`29?2?3zFJ=kik
zkG?q0QDMq0tz%+L#%IbpYab~;`j&`FZI=t9$>M2sGxzukm&<Gq+M)${+A^<aIOR2B
z2cm-bf+hf(K+)k)@7rLGL_d*<3rL3lmwB^N<lk*P)Z3basjLrjs0>yrVhPNZp$JpT
z*4lwpyd9eY#%M#9`TNdVuaPRC8l;&%8I6U6LK;r=b8mr<wmp!N2|FmhBdnA9Ya@g+
z@K>GmkV8Tt`ndXZ8+(7tBZAZrWkKpmJWW>abNU%nTpqsW^(xp=Eg{DOpGIsfxRTQh
z5FTgE09sJwC}oV0Lf|eJ;iykV*||gS%}PiaA%96;z9}NCJ9T)uPa`(}XyWPRyAr=(
z;{%afxD#wvnGu2hs%+N>(K}GV<(&#@3B8W9;>x}bj%3Wy5f`Wx>Ewc2wQ}iG*5X1p
zavQpgV?aX0y2(S=Fvu`;A3z)mE{S&aw+*GUilD$lxe1gYc~k98d#pIK0F7IW!F!0>
z+P^H%mGH4lRjmW0ZA5W9Z}Br*7pGkAE8t4xh^l7tz5e}8IbK{zt+M)p@MIx8I2v@2
ze51zzYE->5vCiUJRYsJ|SXgH!gdKStgow6_q;&xm{Y3hryN&4EFG31e2p$A+I1D#Q
z2-cj)XW@f*t75GFyrnP#A8S4$v$S31&w4Zrgj+0q7)UJNF{`lmAk9QuK`yv*ma56~
zg5FbLMsOzS!96sm4$jaHJ?xI!OMDyt<?>HNo!w`*utbuj_P#g8sTw|}?KU;|@OfyA
z4P;^=k}okNqoP_k#o5?4hURYDcJ6gbd>(ZfR~)Q(M9v^;ol(d~`384jpB)%%g`ecr
zeu3MyZL>x7t+#6~n1Ao{Bx>92Z9;&e@d2h=_QAO~;DvEZw07C*BnznydG~j%U!wvx
z{3&c_oWs5w<@{H7<=SoM5U3F$;7!7Snk{Q4HH1sPZf+RFx`t6g+8=Bu?mthw1WTt(
zZt;h$*uQSCWVlS&4_QhxDpxgSIm9PH9I&LD@ebk_2*|)Po0qHP=7QoMSmx!o&uV?*
zU_&Q9d@a&h)4EMHlPsf51rGIW=XN&Nc8<dG@^b)^MS7wul9$r20R*o%Z>OnMKUu<D
zS>KD8-%ovh>R`UViO-6gLTs{Gi4!sC40<T4ePH!wj`j<WL8AuKfK`2`{SwhlChqO@
z-sxv6;VX~GO3UZ+&06c&(RlD!{TIPWf^S$>keB?+BM4Mli|>G<ri@_E+7!@@yyelw
zl<+5H=qMHtUr~JPi9B(-1+|+Jr33-^dTk@o)skbAP>Ck%I*6VFG!K5_TQ=X`^D{fw
z!MNfd18(VV3pJhp7)4}Y6{>j9?f+qO-$Bk1Per5IAOQ`OA-|IXGC2g$S+%0)w|&O;
zQiKj*_cwEs+A~;A-l{*Xb(#D2<PJ+TuxOp#Jb$=gag?|ePW7t);W=T<#>0AU=M>f8
zp^G5Ue<QIrDI}ns-^%_#qL~kCmy@J4u;jXc(PzrQK3+B3jiW^Vgi+=Hh1@9r;90aO
z`PjL4;{yZ)_8)oj#~x~#x^CPCXuO=B<d1`@+^UaUospibo?BlZhYu<H(OB%&qiver
z10Udq{zhVo`lSbuay+<aa8B_#611*?Tx0$p*KC&a3@z+xaBdv5h5FFnbczxEhA7VP
zBxzN2I$q*S+MU8CPtV>(;@MRJK0YyU20k%*bFNMVYdtU4Q);%po5f=RxqA+Bo$$5Z
zPpZ!B14MhSSbVd3&~@{RiIUCgbe)rAL@j<{8+-D$8AQh53xGi!RyApX-T6P{=V+dC
zrTi2I!WD3d=0<Xyn%lT!?pz5111owjQ*M<4*R(dk?@CWuXvn>@MtkEJ|AQ*ihYDTC
zryI&2-pRx6H1+xaq35;7v0x!{c59wQ1pUIr2uc<Y@XNyCyu;1oUqEV%_4^~?xrnYh
zw*_k^CrO8&49<5;w=wSsENGWOm_rH06JleTS7ELTpc{E@m1*Ihwop<P2O%a4s2a`J
zNNo_$l}-e;r+&#$d_sid#?a0WZkT|IPKY;^DchXVz=tIiTu?8}Vbej`nGa}Id91^7
zEAKKpz~KiXE@}hbrljz(5MVwo|4gew%!ZzIJ3Qb_jkidwZvW_4U_kFOI`&2&ax>n#
z7nkI+RgD$@gOZw#t~!1DJEr5GdHE=MGV~NY2h0$fKdRYE$i0P;{0j0(;vQGJM$&W!
zjhPE57Vph1me8Rv4L!nIHWJGGkHZ|hI2SYtJ}3n~&oQa|G{+=I^=Lvrs0)whvyCB)
z_FX=Q)C&tOQSiI=Iu{b1ii~B3;=nk1*Kx`DrO*{i!v1A`Rx~k}qQMwVplp>RTM>Ri
ze}@rs1@ha-+`D_YfT*>VDH4?Kwf!#L`8wh^gJNX1X8_A}+EhhIl1UTdbcA&TjAmT;
z=xLv}CI7pJ`ZRn#P#?`k!ty?A(&(TIETmEcs+9^1SBz}@v5)yS0|t)8D5-fh)ya$q
zbeZNj?h`$VRLZ}47QiWW#n!^xPbxGg*+7TfyDUK+gUadnMIUg2)2U|bA<{hCTs^W?
z{M!LDsU{i}n3Tcs8i<^rP5kkXlNxlD@p+d@nTB<C=CPr@;L-EnaO{+Y!&%%HOOj?B
znA(5+R3OLlvI+k4P{O!Q=S>Ks(<b+49)@5*@C2V_=fOUon7^w4b6XyH6S@*>)WQ+h
z(#7c4WVvwG6ut(cusNo?%|!V3s8<Re{;S936%FUK%=;Zr6EOUi4?vD$8(iZ6J1Z+N
zjJyeK>0}aWu&Jl0r4uX{SkY*?$n0&E6t&SAU1DZ!#1FLoeKipFzHsFYIYWodi4sX!
zcDei}HHA{F|9;@MH0-%RNM3|c8=lqls{tZ~8{q!DP(6o^#y7CM4fd-pW9R#Ze~@(a
zvY8Mu9NbY?yyZs`Jpqt|`%We-fE-V*s@3S*b^Cl?=#V9f_627b(gy6Ijr$+03FOb>
zXS>qxS*Eu8^Q6S}RfYj*40ZZsMD3ZHa(JcxyIPssavWWvh)lpH-`vf+)T_iP_nPpE
zAXfwjv9ejZ#{pf2(QaK1hx1M&kA{^ouWPdL57tz~Qa%Y6?%h7r5CddddlK*V8NZ|d
zVL8aCiElXlDkmnP14M^9xBfi|bKszSLi|8%jgBljmVf*7O^A!9(O=_Xvd9~l4?O7M
zI(dU94tumH$eRh8Db)v4nmZPV{}1JX-G7Ybh&QzF4yxw91#yMLU?&Y_3_wtKhl>$=
zf-nhuY?Glse6EwU%OdUJ4}tfc;Mq`XFj71Bbvj7akPCLs5+82bB?&TiYZk}=D0#wj
zjFTH~(0?w|GXO+r)3ts+@Z;)k)OF%-@mFjxhmF`X!B#Wes-a>}=K5G%gdE{z>SZxc
z<TOEFkZ-nuXIn!lJDTG|Bx*#!#w)!Lv}9EWD&ka@3%&gQ^2583K8t4mGOrdjA9CD#
zT|2|$PnT=_VHg1}kB|I^s^)&F2}%?a+wG+2gO$waPWcDq48|AouzpGfimC{|+z0JC
zVbt0bAOi!E8>eQnN8Ta8nl!<60>quOd<O7QQk!tMCNX@SyW8u=mlD3c=q?I-nXt>;
zhYXBeyOTZ&Hs3-E*1UP;pelC;Hyoet8#68RmNR)Q{}*Yyhp1j5r!MN$Bn8)E%Z)~}
zR%z5L)ZKRqusu0ubtmfG)s2M;wpOhv^5aY{q|<rg6=15x0Bynn(a)2>ZAr3!$M76h
z;=OgLKL$Wp$#gwrQsAQoNC4Y{Uu1pHzdr1B=*plj%zY|Ocb1BeH5Q*qy!mNmsUsVc
zEN$e8!R>~s*}O&hNMMJCTs@Az!w>Ef@8$2id<SssfWWojv-s^k1nnbxjQ=gY0x#(F
z=$Ik1xM-Xs>SN-vYg3^nIkvT5ZsC$(i}yW?-fqBzl6r9d{w+FX76PGMg(=8s59-Um
zm!dPvDlJ<7SAzv^m@(t~j1nWSDC6Ma4mW<leqem|LcQ8l;y*p6Aw(J}f?$)n#+}xx
ziM){~&z+-0-Hics`uQBG<x{D;$u#?_y!H#51Lp-6#=^1KjRFj}bz3yubg)u-h}h2`
zaEo)7^@YCa049^%T=F2`|9vB=db~Q#GUK>4bCH0ta$_FbKy)0$?I9AMKipgix(R;Q
zSCJAV^CSBYg%9;E*%Qy*tuMPSHs}Q8pV9mM2_g*r@*{$!y_K)L@s}w{=Yf?1c?8_l
zyF7xPS7gOLW-Q0U1AyMZX9kR9SbM>PvblrF1h%%sbwUh@FucIJZWrVC()Y*?rn?t^
z60qXZ4`1#ZsY+WNoxKS$F*K$xDO%U0!~q`3(&hvTHZuQU<O0M5r8!#3zo~#EcxxW(
z3;&FRd9h-d<-deo-N27x6@0m1rp6wl=6pI}-zG!By}Ko2YdT#v*ji(sRU0jV=*b)5
zY(=NB)QF_ArRP?D!sD|6o&xjo&3pr>J3Y!fsk*7<ou16sa%{5Aa>#tnrGxrg>;^as
zy>F+3v=8*$uezn(m?~3x{5^m5+<iliMN$;}Tl=9g(xFG$SfY!YI9h`hANZ@@l_!+@
z7Ct&EJA-<Dpe-o-boN9?w~@ai`{AvSxckJ1$UGb?;O|@*&-qr7hr#NItcQSGmU^eU
z53Bk5#gBTjRN9_Z*-QQ9sKI5L<Z4o7BVol?@YRK-fFY`C71tP}urCPJb#D$j@*MOP
zzr^Ue%!N#T?y&Z%{FNl2r1y2>tR}U?Stf8Wy=1RmW)D?wZoe1B0E#zuk;mz(tIq)v
zcx_01OUj0NLMt><P+-1Ft>DKKO8yHHxx8q{b9|xZuLXA-@hE{APQJu^;{`tJcxTi#
zoXd4BELRiJFQ&R5t)Lx%nNtz4m*Jy4q`dQlb_*BpetDZ<%ZVs3K_KvxaW3X2U^QE8
zJs`Vq`A?Xz*0rFu2R2r9+JmLO{)Yp_Hyf#^Rs6^-@)(i_8bP%4sCGww^g9x%@*f6D
z?Mb_xkYT!}3o9lrfEE;LHZVZd5Bq}Q>OX48<Qr+mQc-lFvSjnEynz#+R8at$Ay*o^
z!>bp#?U@>vgre~6eO`{|9SSr~oeD@yISJFL1{Lz2l9?+9J)X);{!TA96k0o<+}g5W
zol!mA>fXf#{$e_Hb<g5u8ld#DngR@VCiyZQqhs-+fO=+2Bq)cJLHt}@`Xw0GYDLD>
z@G}1ECONkI`g`sBEk<E9jH)0?0*y}pC8w}5t9d8y4BI7OW3r6h|6#60<yVzXL_iAW
z-(uKQ!lT)eZ{fNtM}DQQ=apjTmlyUA+-?CGnf%Q`d&eGgyv!be>OoR<7sUnCpVPR~
zZ)(W(yX5k)FG-v6GIJ>Mf<jvm)-KY@tpyxDnR60ov@92Xl}9*3vZ{i4^Vfw2iB7eu
zn?CDZ&-4Kez=b~Ttkzq4;l^5>)wHV5ZeDm8&`^3+1}UAFEroaltR)SIfQp?V=Iban
zFB^+_4#1|R<(C%*-tPSeqN2yX=|Qkt?;=A8d)kC*yak{2cEj(+`9AxEL7v`!{e~pd
zHd|4^1W>XZ7{cD(1a|u6!tE<GRb0!@O5)PMuE$*(pcUa3E7}@iv5D{$!DLi-GXw3n
z^}*UINdc3B^E#qyuk{M+zXUa|BQJB%)R1}p%_cBu<{s>V68FcvkabWKE?>Jwk>0O{
zr(in`(7e&u1c1w-u+9DhhXQZ)is%{-z1L;$2VOpND?5kBUQ~`{CHr%~y;81(=fnpx
zpz#lQoL>@=rS7@DnXD8>+`Kkw5bwGFwEY$Qa|K&mek<b6Xe0wpqHGSQPJD-67{A%Q
zDA6R8MVw#R968)XlXm&uZWTcpADZJCu+R|yZ)eiyA%!;2(5Ik3wtDwlIA8(clAjfK
zt&sqb(+PO9?*9Xfe56uyE8o_EVlnv1^YZC#DPH#Ng)dA4AImA($va$d6Vt$URA~p~
zxmsslm~R+@hd%)rl2A$2FI*DQYdMpOPN4;Q`nm&<W`y5Z2xj)x;xaM)7l*h<wB~a-
zMX)%z=}l6xZX6eOZgExJArXfxuNsG3{#zM@IvL_T`>L0gjtz(8J3arj&Z*7wasYY{
zdy<v0Jjcq>->I>wVMZ%;$`GgWDUCwNh}z@V@z~nfIG@-!zsXS;m+4kA<i*FQrTYe>
zv7Bmc2E~03FM_0lZ4cUqJp@iW#{CaZS8g}X%BZ=wJ!~q-Fxq`Z%~nJRKvQ#ufHjo6
zN2!=q=G6d`+~y}-yH1HgRUEmvv_yEd-HWv^A6~pp_Bi|)C_t)SnM!EY*3vdR8+o>u
z_2(MZCmjn?Z>>oQcwxj`peVO_1FN7~?MPT|!s<kYM{h+YRinQx;MWSmeJpYV*=*3(
zG+bW4^ZF1|H8Yo3yx8`2RH<5i`?e}Ck(g&egpCI3_Wgn1B-&#;%!+3H+j>(Z)1l9)
z>iF+Rsh!Dp(ChmKLjK8^noLuDeJmFx<zOiEs@3a43^3F(g%C;({swTFTewoDMyAPL
z44qk@qI21zaa%0Mj>OaD6D!F3r~`lT4M$<EaA0y)rnQ3TAwHEO4w$f$uZ-S=ziC^5
z<lqB2Svb5Ewz@OI=%4VA{@ak4qoe=ld>AiHpKWVL)1iM%GzRb7Gq=mt?KDsw`-)sG
zk6a@DQ}=07MzivB=<C&by~P=0KdlP!y&Qz)$#1feBJLcr!-GYU{bU2Lc`1z8(ryA9
zC7r#-YNS8GBzL&rF72%VKgGYvjBL2rL@MzKrmkRv=jIR(Bg^4e!TW|oT&)4KK2HED
z@i1K2dBg}F;8yQr4_1*2I(p_7#<FeG;7Wc-tPlG9htBX^?U`WrP-{VBwU+|?kmzUd
z%vyG<<%tTWBB)k-JoeycAle{)tv~aO8w}MI`}_4$&026!>&=bK_3r7x89Lg)d`|jr
zM_4YElvAWIp4{7t@U^;%G_<BA_~r93=~wP&zC2=FgRUZ0ZUS2!w&<KY%7f2BU-KNj
zNiw$K?YLW&;ib16IO@jsr(=7)6$Ni>?663P?vWEg8(_u!**M<)V0cujWUzPOp~3C1
zQm#ZCo0GNnSgyNik12V4ZN*P9NU~jymgLt_CQXu|bk54f<MWk_*?a@H?)^(j+0&QU
zO!Rwub4f%F?gs@AHmFWbAJtfU!-HwCoeB&!2bo)?>lJhFz6a-ipv)7f#C{gX>^HY>
zxH~umX6MRA(5<G4lx!fB^sW2;O)hej@{0H@{6spKQJ4*MpSV9|uNM!qQi}dSz!rFA
zw1e7?fSv{LwJ&F!pBjjr5^^(xI>YBIA6q)tIbx2p!OuL$d;ZByysJ9g3!;~i(~^4B
zH75Jn)8px?uJ3H*eP)+uJNH6bQ7+!Tr0K`J+>D4sI?pW%*MHhl?a(=B`tRW2*}2?6
zj7(dT5Yyl0SK0nNkn1MZKHjbvPv1Z?{Ae*U)lrd7agiwhXzjc#8uUV1=1@eJ-;+aW
zB40J&Z-cv)%F5AGnWcuw<gabB6I-hAa}DqTe2OKuamLyCMVi!#SQS|wZk7A2iU0DV
zS7tiA+>aF28Nqwp9W&6D&WLDH*1r-gY4NcG6V6AbjgxwXaLpYUbHrQ4!wMoWf<Sj?
z?xH~CYP^hdSUj6CRlk$xYE%mhB}tvV)rvlRH~31+MD9?0{CthKG*LBCQjYdvQ4V}9
zgE+R`l!~OrX=@B|S=BdQGzSkJ7!p&hd<t&gTd~6t{*}3*m+;)naXfz`@O<0eNdgp)
z=%#lR9ZZZbtYFi2cFWVvv&Atk{Y7=!g<fNd9!G0+$l<rLJ;ceKN@dKaoX=?u2R9m~
z=UQvQlPqyN%86sp_RlqFu=hOetoh9zrmo!LwlmXS`f~;gn$OciXD_arrqzCjao++0
z_$2M=(3%f*RfjLSV|O@?7`wl4K-0*{_KWg+xqH2(277{V^@UC|8-=9#*vwvZmz(Gr
z{dr^T_pQ1TFb6_-U!K^nXH5ruCH6~wb-<>n*46<fbK{mWFY!}x*j*%!>C^ykAFxur
zgJ?5d{O+;cSlli=yt!f<4h)EAf|ro1Lu0)zg}TUM>Sg3O)HmZn9_y&`X#Yr&NblhW
zQcF`E>2})0SJWxNZ5wCsY{EYZA3|^bat{qd6UoW4o>Wz7avysv{ThEW38`*b&qI#Y
zLC3e=(`d`+`LzAi_t*qSG!gk$F;<f&b>3FK;2(59D^22U7kDet69)g(*@nqN=8i<O
zK{BA{$8}Cy8r(R3iD2fq_(J!VtixH7J88`Ebi+{*@%wgN@FqKXX0v~MI;}azi>k{9
zxsyD$oW1`-#AhldrTEjU+0(g*Uo;%oT`ao}soTXyf4C9bb~gQds1@d&-D6kTI2&#t
z<}*$BdSwG&Tvn-!Z9m|#SVYxJ#aXG#oxR}6M1@HR_ht~Hm@#=xN$XEiQPS!CO<=Jm
zO5djZvvJrUx`|L2e3qWpB!0motw2jsV|k+9=z8=EDx&eJKCrW6H=~PO{N+_Y4kX*g
zd@U{MXaPF)=7x!#6<ox6^w$~iVrR|juFE2B8tSH9VL9LN8ij(CQ^qfnYi{5$<xTAc
z|DF<<Y!)A+48LJAYV4Qz?{}qL(sX^I)42av*N>HwGQ*nz^4*vpWKSyHEVFwjSRKw9
zenaZJDqXIy%&Nq1nh!4?!>(q@*}P!SbK9kutJtfDqQs(ch$PeKJYQ?nUb@+FZ%$}k
za!#@9+L;eZ0wW!T<?=C*^7#2tvUA|a=SM;7j87+Sh|hEnaKXg1ZcSLJ<m4bbdF8F5
z!2ze<K~0IbE=?A#SuOqI)N7tw{^M<NlMG!8=^krb{UK)G=%QSg`7o~}J2mhm$f`=p
z_AxjzFOO}Riv2<PI&gM`w=kbRdV@w<`X{<PQBsLk7S3mT@A!Dx0;h@~7QK;BG-C+2
z&K=eFvr_jB(jDo9z3l$%7A4WG;i1b-iKe-~*&Wu-f^K~jR)F{J!wp@gzw3rO?NGD8
zh9{0Zu207>g47}z5$6`_C%pL=&7Qi+-uej3>NtE7qBnwuIUk;c!jB>&j0y{bSh($S
z`5t_m6#c?vZb!@L@B5rDnolJ}scfgQozHPs0{$K5CfE()fKBLj@I;rXS+MYB&sV{5
zsYA?{91op+8CN;i<ycUq?Y3><NB`v5G^*}2qEhGFZf4Yh*FrT_jtUlYvNk`w?A~x+
z!!^Gz<?K0E=vwMd>J*Y{(|+YhXV~7wNpJooYu7;nST;SQ{lp{>b5+q$(uc{o{bQOt
z_Mwob9>jE3PUB})g&Pyu=L(RAHtYXJVQ5D=h>^XY%7$I_cN34z3O?wZZUV%UMrq<k
zanHn$&(Dp_)c8$kyS?YbjFRcl9Ge@IK|I8mL}0Y>>WSu1Z$l<rQV0AWmEB;-v9`pq
z%ue|F;M+Ynhy-$SPHniifqb2D{>F)VTc8zgzXlbKtPdE5R>L|fdXTF%^jHoe;lQ0}
zJ#Q>7>+=$vO)S44f<-7A=Z0Fs?S-N%DvxathC;}iR^gu-7R}U;^erG-Td}D1H(!PS
zIX{C4#sOvAcm7t_UsxR&=}x+bePP3IHaIcx`vU~1ho3PIR~Opa;jQ(JJ!l+^C)L_~
zPioNM<PU_tm+JtsH1%y@De=ff4#M;!%4vw}?DChZ0tU`Q#im>FskE8i_8EYP4=<`U
zX%6^MukaFr*Uq~br4LjDZgp^_2O>TpRciBWcC1T{3X(nijQO?mpY~*d=fWoG)@BwE
zCI>|o>J~F`Sv!yKw_ZEX_#BGCNXfA$zN@GN8sXZRW^4xbnXp5|-Q`KTXBilM1D}sk
zVoyADM7m_hOK2FfUVq)0ZOquHHMk7r4`1UVI7&;bM?=>?K(>fA-0<cR?wxk*9^kzN
z=dBX!9>}x0s+NTbLzuezXw9RuXNJCw+=iL56XkJFzqjt|n_HiKvKxM*<`}3&O%ZOy
zN>LV;Ns+aj@V>kJiP1Tu1!Qkz^bsV})f|<~)jEAbx%J$q$lAi?&Se%Sq&SCl3zF&h
zVz85|RaOiSF`rXv;B{pz4$&IbVDH{Y3;cAj&@ikA-{T|B6Pf<95ZFAoUaa?(gXneX
zcYN{gjlcW6SH)Ra9YqgD&Phb9%~1<=m=hBJJTZ`4w5BZwk$Rz_(wUQ=Kofn_yx#+;
z0xKP(#Jy4wRqzt$MW`1~`>dVd9Nxz1julYHhQt+ixT;+0l0sl7M*L|QY2icu|M!=%
b*>$7DOZ<Z3D`^7e*TbG@C{#T*5B+}tCg7y8

literal 0
HcmV?d00001

diff --git a/packs/kubeflow-crds-1.9.1/pack.json b/packs/kubeflow-crds-1.9.1/pack.json
new file mode 100644
index 00000000..37a96e71
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/pack.json
@@ -0,0 +1,17 @@
+{
+  "addonType":"ai",
+  "annotations": {
+    "docsURL": "",
+    "source": "spectrocloud"
+  },
+  "cloudTypes": [
+      "all"
+  ],
+  "displayName": "Kubeflow CRDs",
+  "charts": [
+    "charts/kubeflow-crds-0.4.1.tgz"
+  ],
+  "layer": "addon",
+  "name": "kubeflow-crds",
+  "version": "1.9.1"
+}
diff --git a/packs/kubeflow-crds-1.9.1/values.yaml b/packs/kubeflow-crds-1.9.1/values.yaml
new file mode 100644
index 00000000..ef423a1e
--- /dev/null
+++ b/packs/kubeflow-crds-1.9.1/values.yaml
@@ -0,0 +1,52 @@
+pack:
+  content:
+    images: []
+charts:
+  kubeflow-crds:
+    # This namespace allows you to define where the services will be installed into
+    # if not set then they will use the namespace of the release
+    # This is helpful when installing Kubeflow as a chart dependency (sub chart).
+    namespace: ""
+
+    nameOverride: ""
+    fullnameOverride: ""
+
+    crds:
+      minimized: true
+
+    admissionWebhook:
+      enabled: true
+
+    notebooks:
+      enabled: true
+      controller:
+        certManager:
+          enabled: false
+        webhook:
+          enabled: false
+        enabled: true
+      pvcviewerController:
+        enabled: true
+
+    profilesController:
+      enabled: true
+
+    katib:
+      enabled: true
+      controller:
+        enabled: true
+
+    pipelines:
+      enabled: true
+      scheduledWorkflow:
+        enabled: true
+      viewerCrd:
+        enabled: true
+
+    tensorboard:
+      enabled: true
+      controller:
+        enabled: true
+
+    trainingOperator:
+      enabled: true
\ No newline at end of file
diff --git a/packs/oauth2-proxy-8.2.0/README.md b/packs/oauth2-proxy-8.2.0/README.md
new file mode 100644
index 00000000..fe13f75e
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/README.md
@@ -0,0 +1,380 @@
+# oauth2-proxy
+
+[oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy) is a reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by e-mail, domain, or group.
+
+## TL;DR;
+
+```console
+$ helm repo add oauth2-proxy https://oauth2-proxy.github.io/manifests
+$ helm install my-release oauth2-proxy/oauth2-proxy
+```
+
+## Introduction
+
+This chart bootstraps an oauth2-proxy deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+$ helm install my-release oauth2-proxy/oauth2-proxy
+```
+
+The command deploys oauth2-proxy on the Kubernetes cluster in the default configuration.
+The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+$ helm uninstall my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like v1.2.3 -> v2.0.0) indicates an incompatible breaking change needing manual actions.
+
+### To 1.0.0
+
+This version upgrades oauth2-proxy to v4.0.0. To upgrade, please see the [changelog](https://github.com/oauth2-proxy/oauth2-proxy/blob/v4.0.0/CHANGELOG.md#v400).
+
+### To 2.0.0
+
+Version 2.0.0 of this chart introduces support for Kubernetes v1.16.x by addressing the Deployment object apiVersion `apps/v1beta2` deprecation.
+See [the v1.16 API deprecations page](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for more information.
+
+Due to [this issue](https://github.com/helm/helm/issues/6583), errors may occur when performing a `helm upgrade` of this chart from versions earlier than 2.0.0.
+
+### To 3.0.0
+
+Version 3.0.0 introduces support for [EKS IAM roles for service accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) by adding a managed service account to the chart.
+This is a breaking change since the service account is enabled by default.
+To disable this behaviour set `serviceAccount.enabled` to `false`
+
+### To 4.0.0
+
+Version 4.0.0 adds support for the new Ingress apiVersion **networking.k8s.io/v1**.
+Therefore, the `ingress.extraPaths` parameter must be updated to the new format.
+See the [v1.22 API deprecations guide](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#ingress-v122) for more information.
+
+For the same reason `service.port` was renamed to `service.portNumber`.
+
+### To 5.0.0
+
+Version 5.0.0 introduces support for custom labels and refactor [Kubernetes recommended labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/). 
+This is a breaking change because many labels of all resources need to be updated to stay consistent.
+
+In order to upgrade, delete the Deployment before upgrading:
+
+```bash
+kubectl delete deployment my-release-oauth2-proxy
+```
+
+This will introduce a slight downtime.
+
+For users who don't want downtime, you can perform these actions:
+
+- Perform a non-cascading removal of the deployment that keeps the pods running
+- Add new labels to pods
+- Perform `helm upgrade`
+
+### To 6.0.0
+
+Version 6.0.0 bumps the version of the Redis subchart from ~10.6.0 to ~16.4.0. 
+You probably need to adjust your Redis configuration. 
+See [here](https://github.com/bitnami/charts/tree/master/bitnami/redis#upgrading) for detailed upgrade instructions.
+
+### To 7.0.0
+
+Version 7.0.0 introduces a new implementation to support multiple hostAliases. 
+You probably need to adjust your hostAliases config. 
+See [here](https://github.com/oauth2-proxy/manifests/pull/164/) for detailed information.
+
+### To 8.0.0 - Bitnami 💀
+
+Version 8.0.0 removes the dependency on the Bitnami Redis subchart and replaces it with the `dandydeveloper/redis-ha` chart. Therefore this version introduces a breaking change to the redis subchart deployment configuration. Please refer to the official [redis-ha repository](https://github.com/DandyDeveloper/charts/tree/master/charts/redis-ha) for details. Furthermore, you can reference the redis CI test value files we use [here](https://github.com/oauth2-proxy/manifests/tree/main/helm/oauth2-proxy/ci).
+
+Furthermore, you can read up on why this change was necessary in [Breaking changes in Bitnami Catalog #323](https://github.com/oauth2-proxy/manifests/issues/323)
+
+
+## Configuration
+
+The following table lists the configurable parameters of the oauth2-proxy chart and their default values.
+
+| Parameter                                             | Description                                                                                                                                                                                                                                                      | Default                                                                                              |
+| ----------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
+| `affinity`                                            | node/pod affinities                                                                                                                                                                                                                                              | None                                                                                                 |
+| `authenticatedEmailsFile.enabled`                     | Enables authorize individual e-mail addresses                                                                                                                                                                                                                    | `false`                                                                                              |
+| `authenticatedEmailsFile.persistence`                 | Defines how the e-mail addresses file will be projected, via a configmap or secret                                                                                                                                                                               | `configmap`                                                                                          |
+| `authenticatedEmailsFile.template`                    | Name of the configmap or secret that is handled outside of that chart                                                                                                                                                                                            | `""`                                                                                                 |
+| `authenticatedEmailsFile.restrictedUserAccessKey`     | The key of the configmap or secret that holds the e-mail addresses list                                                                                                                                                                                          | `""`                                                                                                 |
+| `authenticatedEmailsFile.restricted_access`           | [e-mail addresses](https://oauth2-proxy.github.io/oauth2-proxy/configuration/providers/#email-authentication) list config                                                                                                                                        | `""`                                                                                                 |
+| `authenticatedEmailsFile.annotations`                 | configmap or secret annotations                                                                                                                                                                                                                                  | `nil`                                                                                                |
+| `config.clientID`                                     | oauth client ID                                                                                                                                                                                                                                                  | `""`                                                                                                 |
+| `config.clientSecret`                                 | oauth client secret                                                                                                                                                                                                                                              | `""`                                                                                                 |
+| `config.cookieSecret`                                 | server specific cookie for the secret; create a new one with `openssl rand -base64 32 \| head -c 32 \| base64`                                                                                                                                                   | `""`                                                                                                 |
+| `config.existingSecret`                               | existing Kubernetes secret to use for OAuth2 credentials. See [oauth2-proxy.secrets helper](https://github.com/oauth2-proxy/manifests/blob/main/helm/oauth2-proxy/templates/_helpers.tpl#L157C13-L157C33) for the required values                                | `nil`                                                                                                |
+| `config.configFile`                                   | custom [oauth2_proxy.cfg](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/contrib/oauth2-proxy.cfg.example) contents for settings not overridable via environment nor command line                                                                      | `""`                                                                                                 |
+| `config.existingConfig`                               | existing Kubernetes configmap to use for the configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/configmap.yaml) for the required values                                                 | `nil`                                                                                                |
+| `config.cookieName`                                   | The name of the cookie that oauth2-proxy will create.                                                                                                                                                                                                            | `""`                                                                                                 |
+| `autoscaling.enabled`                                 | Deploy a Horizontal Pod Autoscaler.                                                                                                                                                                                                                              | `false`                                                                                              |
+| `autoscaling.minReplicas`                             | Minimum replicas for the Horizontal Pod Autoscaler.                                                                                                                                                                                                              | `1`                                                                                                  |
+| `autoscaling.maxReplicas`                             | Maximum replicas for the Horizontal Pod Autoscaler.                                                                                                                                                                                                              | `10`                                                                                                 |
+| `autoscaling.targetCPUUtilizationPercentage`          | Horizontal Pod Autoscaler setting.                                                                                                                                                                                                                               | `80`                                                                                                 |
+| `autoscaling.targetMemoryUtilizationPercentage`       | Horizontal Pod Autoscaler setting.                                                                                                                                                                                                                               | ``                                                                                                   |
+| `autoscaling.annotations`                             | Horizontal Pod Autoscaler annotations.                                                                                                                                                                                                                           | `{}`                                                                                                 |
+| `autoscaling.behavior`                                | Configure HPA behavior policies for scaling. See [docs](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#configuring-scaling-behavior)                                                                                                | `{}`                                                                                                 |
+| `alphaConfig.enabled`                                 | Flag to toggle any alpha config-related logic                                                                                                                                                                                                                    | `false`                                                                                              |
+| `alphaConfig.annotations`                             | Configmap annotations                                                                                                                                                                                                                                            | `{}`                                                                                                 |
+| `alphaConfig.serverConfigData`                        | Arbitrary configuration data to append to the server section                                                                                                                                                                                                     | `{}`                                                                                                 |
+| `alphaConfig.metricsConfigData`                       | Arbitrary configuration data to append to the metrics section                                                                                                                                                                                                    | `{}`                                                                                                 |
+| `alphaConfig.configData`                              | Arbitrary configuration data to append                                                                                                                                                                                                                           | `{}`                                                                                                 |
+| `alphaConfig.configFile`                              | Arbitrary configuration to append, treated as a Go template and rendered with the root context                                                                                                                                                                   | `""`                                                                                                 |
+| `alphaConfig.existingConfig`                          | existing Kubernetes configmap to use for the alpha configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/secret-alpha.yaml) for the required values                                        | `nil`                                                                                                |
+| `alphaConfig.existingSecret`                          | existing Kubernetes secret to use for the alpha configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/secret-alpha.yaml) for the required values                                           | `nil`                                                                                                |
+| `customLabels`                                        | Custom labels to add into metadata                                                                                                                                                                                                                               | `{}`                                                                                                 |
+| `config.google.adminEmail`                            | user impersonated by the Google service account                                                                                                                                                                                                                  | `""`                                                                                                 |
+| `config.google.useApplicationDefaultCredentials`      | use the application-default credentials (i.e. Workload Identity on GKE) instead of providing a service account JSON                                                                                                                                              | `false`                                                                                              |
+| `config.google.targetPrincipal`                       | service account to use/impersonate                                                                                                                                                                                                                               | `""`                                                                                                 |
+| `config.google.serviceAccountJson`                    | Google service account JSON contents                                                                                                                                                                                                                             | `""`                                                                                                 |
+| `config.google.existingConfig`                        | existing Kubernetes configmap to use for the service account file. See [Google secret template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/google-secret.yaml) for the required values                                    | `nil`                                                                                                |
+| `config.google.groups`                                | restrict logins to members of these Google groups                                                                                                                                                                                                                | `[]`                                                                                                 |
+| `containerPort`                                       | used to customize port on the deployment                                                                                                                                                                                                                         | `""`                                                                                                 |
+| `enableServiceLinks`                                  | configure deployment enableServiceLinks                                                                                                                                                                                                                          | `true`                                                                                               |
+| `extraArgs`                                           | Extra arguments to give the binary. Either as a map with key:value pairs or as a list type, which allows the same flag to be configured multiple times. (e.g. `["--allowed-role=CLIENT_ID:CLIENT_ROLE_NAME_A", "--allowed-role=CLIENT_ID:CLIENT_ROLE_NAME_B"]`). | `{}` or `[]`                                                                                         |
+| `extraContainers`                                     | List of extra containers to be added to the pod                                                                                                                                                                                                                  | `[]`                                                                                                 |
+| `extraInitContainers`                                 | List of extra initContainers to be added to the pod                                                                                                                                                                                                              | `[]`                                                                                                 |
+| `extraEnv`                                            | key:value list of extra environment variables to give the binary                                                                                                                                                                                                 | `[]`                                                                                                 |
+| `extraVolumes`                                        | list of extra volumes                                                                                                                                                                                                                                            | `[]`                                                                                                 |
+| `extraVolumeMounts`                                   | list of extra volumeMounts                                                                                                                                                                                                                                       | `[]`                                                                                                 |
+| `hostAliases`                                         | hostAliases is a list of aliases to be added to /etc/hosts for network name resolution.                                                                                                                                                                          |                                                                                                      |
+| `htpasswdFile.enabled`                                | enable htpasswd-file option                                                                                                                                                                                                                                      | `false`                                                                                              |
+| `htpasswdFile.entries`                                | list of [encrypted user:passwords](https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#command-line-options)                                                                                                                                      | `{}`                                                                                                 |
+| `htpasswdFile.existingSecret`                         | existing Kubernetes secret to use for OAuth2 htpasswd file                                                                                                                                                                                                       | `""`                                                                                                 |
+| `httpScheme`                                          | `http` or `https`. `name` used for the port on the deployment. `httpGet` port `name` and `scheme` used for `liveness`- and `readinessProbes`. `name` and `targetPort` used for the service.                                                                      | `http`                                                                                               |
+| `image.pullPolicy`                                    | Image pull policy                                                                                                                                                                                                                                                | `IfNotPresent`                                                                                       |
+| `image.command`                                       | Define command to be executed by container at startup                                                                                                                                                                                                            | `[]`                                                                                                 |
+| `image.repository`                                    | Image repository                                                                                                                                                                                                                                                 | `quay.io/oauth2-proxy/oauth2-proxy`                                                                  |
+| `image.tag`                                           | Image tag                                                                                                                                                                                                                                                        | `""` (defaults to appVersion)                                                                        |
+| `imagePullSecrets`                                    | Specify image pull secrets                                                                                                                                                                                                                                       | `nil` (does not add image pull secrets to deployed pods)                                             |
+| `ingress.enabled`                                     | Enable Ingress                                                                                                                                                                                                                                                   | `false`                                                                                              |
+| `ingress.className`                                   | name referencing IngressClass                                                                                                                                                                                                                                    | `nil`                                                                                                |
+| `ingress.path`                                        | Ingress accepted path                                                                                                                                                                                                                                            | `/`                                                                                                  |
+| `ingress.pathType`                                    | Ingress [path type](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types)                                                                                                                                                                 | `ImplementationSpecific`                                                                             |
+| `ingress.extraPaths`                                  | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/guide/ingress/annotations/).                            | `[]`                                                                                                 |
+| `ingress.labels`                                      | Ingress extra labels                                                                                                                                                                                                                                             | `{}`                                                                                                 |
+| `ingress.annotations`                                 | Ingress annotations                                                                                                                                                                                                                                              | `nil`                                                                                                |
+| `ingress.hosts`                                       | Ingress accepted hostnames                                                                                                                                                                                                                                       | `nil`                                                                                                |
+| `ingress.tls`                                         | Ingress TLS configuration                                                                                                                                                                                                                                        | `nil`                                                                                                |
+| `initContainers.waitForRedis.enabled`                 | If `redis.enabled` is true, use an init container to wait for the Redis master pod to be ready. If `serviceAccount.enabled` is true, create additionally a role/binding to get, list, and watch the Redis master pod                                             | `true`                                                                                               |
+| `initContainers.waitForRedis.image.pullPolicy`        | kubectl image pull policy                                                                                                                                                                                                                                        | `IfNotPresent`                                                                                       |
+| `initContainers.waitForRedis.image.repository`        | kubectl image repository                                                                                                                                                                                                                                         | `docker.io/bitnami/kubectl`                                                                          |
+| `initContainers.waitForRedis.kubectlVersion`          | kubectl version to use for the init container                                                                                                                                                                                                                    | `printf "%s.%s" .Capabilities.KubeVersion.Major (.Capabilities.KubeVersion.Minor \| replace "+" "")` |
+| `initContainers.waitForRedis.securityContext.enabled` | enable Kubernetes security context on container                                                                                                                                                                                                                  | `true`                                                                                               |
+| `initContainers.waitForRedis.timeout`                 | number of seconds                                                                                                                                                                                                                                                | 180                                                                                                  |
+| `initContainers.waitForRedis.resources`               | pod resource requests & limits                                                                                                                                                                                                                                   | `{}`                                                                                                 |
+| `livenessProbe.enabled`                               | enable Kubernetes livenessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks)                                                                                                             | `true`                                                                                               |
+| `livenessProbe.initialDelaySeconds`                   | number of seconds                                                                                                                                                                                                                                                | 0                                                                                                    |
+| `livenessProbe.timeoutSeconds`                        | number of seconds                                                                                                                                                                                                                                                | 1                                                                                                    |
+| `namespaceOverride`                                   | Override the deployment namespace                                                                                                                                                                                                                                | `""`                                                                                                 |
+| `nodeSelector`                                        | node labels for pod assignment                                                                                                                                                                                                                                   | `{}`                                                                                                 |
+| `deploymentAnnotations`                               | annotations to add to the deployment                                                                                                                                                                                                                             | `{}`                                                                                                 |
+| `podAnnotations`                                      | annotations to add to each pod                                                                                                                                                                                                                                   | `{}`                                                                                                 |
+| `podLabels`                                           | additional labels to add to each pod                                                                                                                                                                                                                             | `{}`                                                                                                 |
+| `podDisruptionBudget.enabled`                         | Enabled creation of PodDisruptionBudget (only if replicaCount > 1)                                                                                                                                                                                               | true                                                                                                 |
+| `podDisruptionBudget.maxUnavailable`                  | maxUnavailable parameter for PodDisruptionBudget, one of maxUnavailable and minAvailable must be null                                                                                                                                                            | null                                                                                                 |
+| `podDisruptionBudget.minAvailable`                    | minAvailable parameter for PodDisruptionBudget, one of maxUnavailable and minAvailable must be null                                                                                                                                                              | 1                                                                                                    |
+| `podDisruptionBudget.unhealthyPodEvictionPolicy`      | Policy for when unhealthy pods should be considered for eviction. Valid values are "IfHealthyBudget" and "AlwaysAllow". See [Kubernetes docs](https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy)                   | `""`                                                                                                 |
+| `podSecurityContext`                                  | Kubernetes security context to apply to pod                                                                                                                                                                                                                      | `{}`                                                                                                 |
+| `priorityClassName`                                   | priorityClassName                                                                                                                                                                                                                                                | `nil`                                                                                                |
+| `readinessProbe.enabled`                              | enable Kubernetes readinessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks)                                                                                                            | `true`                                                                                               |
+| `readinessProbe.initialDelaySeconds`                  | number of seconds                                                                                                                                                                                                                                                | 0                                                                                                    |
+| `readinessProbe.timeoutSeconds`                       | number of seconds                                                                                                                                                                                                                                                | 5                                                                                                    |
+| `readinessProbe.periodSeconds`                        | number of seconds                                                                                                                                                                                                                                                | 10                                                                                                   |
+| `readinessProbe.successThreshold`                     | number of successes                                                                                                                                                                                                                                              | 1                                                                                                    |
+| `replicaCount`                                        | desired number of pods                                                                                                                                                                                                                                           | `1`                                                                                                  |
+| `resources`                                           | pod resource requests & limits                                                                                                                                                                                                                                   | `{}`                                                                                                 |
+| `resizePolicy`                                        | Container resize policy for runtime resource updates. See [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/resize-container-resources/)                                                                                               | `[]`                                                                                                 |
+| `revisionHistoryLimit`                                | maximum number of revisions maintained                                                                                                                                                                                                                           | 10                                                                                                   |
+| `service.portNumber`                                  | port number for the service                                                                                                                                                                                                                                      | `80`                                                                                                 |
+| `service.appProtocol`                                 | application protocol on the port of the service                                                                                                                                                                                                                  | `http`                                                                                               |
+| `service.externalTrafficPolicy`                       | denotes if the service desires to route external traffic to node-local or cluster-wide endpoints                                                                                                                                                                 | `Cluster`                                                                                            |
+| `service.internalTrafficPolicy`                       | denotes if the service desires to route internal traffic to node-local or cluster-wide endpoints                                                                                                                                                                 | `Cluster`                                                                                            |
+| `service.type`                                        | type of service                                                                                                                                                                                                                                                  | `ClusterIP`                                                                                          |
+| `service.clusterIP`                                   | cluster ip address                                                                                                                                                                                                                                               | `nil`                                                                                                |
+| `service.loadBalancerIP`                              | ip of load balancer                                                                                                                                                                                                                                              | `nil`                                                                                                |
+| `service.loadBalancerSourceRanges`                    | allowed source ranges in load balancer                                                                                                                                                                                                                           | `nil`                                                                                                |
+| `service.nodePort`                                    | external port number for the service when service.type is `NodePort`                                                                                                                                                                                             | `nil`                                                                                                |
+| `service.targetPort`                                  | (optional) a numeric port number (e.g., 80) or a port name defined in the pod's container(s) (e.g., http)                                                                                                                                                        | `""`                                                                                                 |
+| `service.ipDualStack.enabled`                         | enable IPv4/IPv6 dual-stack for the service                                                                                                                                                                                                                      | `false`                                                                                              |
+| `service.ipDualStack.ipFamilies`                      | ip families for the service if IPv4/IPv6 dual-stack is enabled                                                                                                                                                                                                   | `["IPv6", "IPv4"]`                                                                                   |
+| `service.ipDualStack.ipFamilyPolicy`                  | ip family policy for the service if IPv4/IPv6 dual-stack is enabled                                                                                                                                                                                              | `"PreferDualStack"`                                                                                  |
+| `service.trafficDistribution`                         | traffic distribution policy for the service. See [Kubernetes docs](https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution)                                                                                                        | `""`                                                                                                 |
+| `serviceAccount.enabled`                              | create a service account                                                                                                                                                                                                                                         | `true`                                                                                               |
+| `serviceAccount.name`                                 | the service account name                                                                                                                                                                                                                                         | ``                                                                                                   |
+| `serviceAccount.annotations`                          | (optional) annotations for the service account                                                                                                                                                                                                                   | `{}`                                                                                                 |
+| `strategy`                                            | configure deployment strategy                                                                                                                                                                                                                                    | `{}`                                                                                                 |
+| `tolerations`                                         | list of node taints to tolerate                                                                                                                                                                                                                                  | `[]`                                                                                                 |
+| `securityContext.enabled`                             | enable Kubernetes security context on container                                                                                                                                                                                                                  | `true`                                                                                               |
+| `proxyVarsAsSecrets`                                  | Choose between environment values or secrets for setting up OAUTH2_PROXY variables. When set to false, remember to add the variables OAUTH2_PROXY_CLIENT_ID, OAUTH2_PROXY_CLIENT_SECRET, OAUTH2_PROXY_COOKIE_SECRET in extraEnv                                  | `true`                                                                                               |
+| `sessionStorage.type`                                 | Session storage type which can be one of the following: `cookie` or `redis`                                                                                                                                                                                      | `cookie`                                                                                             |
+| `sessionStorage.redis.existingSecret`                 | Name of the Kubernetes secret containing the Redis & Redis sentinel password values (see also `sessionStorage.redis.passwordKey`)                                                                                                                                | `""`                                                                                                 |
+| `sessionStorage.redis.password`                       | Redis password. Applicable for all Redis configurations. Taken from Redis subchart secret if not set. `sessionStorage.redis.existingSecret` takes precedence                                                                                                     | `nil`                                                                                                |
+| `sessionStorage.redis.passwordKey`                    | Key of the Kubernetes secret data containing the Redis password value                                                                                                                                                                                            | `redis-password`                                                                                     |
+| `sessionStorage.redis.clientType`                     | Allows the user to select which type of client will be used for the Redis instance. Possible options are: `sentinel`, `cluster` or `standalone`                                                                                                                  | `standalone`                                                                                         |
+| `sessionStorage.redis.standalone.connectionUrl`       | URL of Redis standalone server for Redis session storage (e.g., `redis://HOST[:PORT]`). Automatically generated if not set.                                                                                                                                      | `""`                                                                                                 |
+| `sessionStorage.redis.cluster.connectionUrls`         | List of Redis cluster connection URLs (e.g., `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`)                                                                                                                                                             | `[]`                                                                                                 |
+| `sessionStorage.redis.sentinel.existingSecret`        | Name of the Kubernetes secret containing the Redis sentinel password value (see also `sessionStorage.redis.sentinel.passwordKey`). Default: `sessionStorage.redis.existingSecret`                                                                                | `""`                                                                                                 |
+| `sessionStorage.redis.sentinel.password`              | Redis sentinel password. Used only for sentinel connection; any Redis node passwords need to use `sessionStorage.redis.password`                                                                                                                                 | `nil`                                                                                                |
+| `sessionStorage.redis.sentinel.passwordKey`           | Key of the Kubernetes secret data containing the Redis sentinel password value                                                                                                                                                                                   | `redis-sentinel-password`                                                                            |
+| `sessionStorage.redis.sentinel.masterName`            | Redis sentinel master name                                                                                                                                                                                                                                       | `nil`                                                                                                |
+| `sessionStorage.redis.sentinel.connectionUrls`        | List of Redis sentinel connection URLs (e.g. `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`)                                                                                                                                                             | `[]`                                                                                                 |
+| `topologySpreadConstraints`                           | List of pod topology spread constraints                                                                                                                                                                                                                          | `[]`                                                                                                 |
+| `redis.enabled`                                       | Enable the Redis subchart deployment                                                                                                                                                                                                                             | `false`                                                                                              |
+| `checkDeprecation`                                    | Enable deprecation checks                                                                                                                                                                                                                                        | `true`                                                                                               |
+| `metrics.enabled`                                     | Enable Prometheus metrics endpoint                                                                                                                                                                                                                               | `true`                                                                                               |
+| `metrics.port`                                        | Serve Prometheus metrics on this port                                                                                                                                                                                                                            | `44180`                                                                                              |
+| `metrics.nodePort`                                    | External port for the metrics when service.type is `NodePort`                                                                                                                                                                                                    | `nil`                                                                                                |
+| `metrics.service.appProtocol`                         | application protocol of the metrics port in the service                                                                                                                                                                                                          | `http`                                                                                               |
+| `metrics.serviceMonitor.enabled`                      | Enable Prometheus Operator ServiceMonitor                                                                                                                                                                                                                        | `false`                                                                                              |
+| `metrics.serviceMonitor.namespace`                    | Define the namespace where to deploy the ServiceMonitor resource                                                                                                                                                                                                 | `""`                                                                                                 |
+| `metrics.serviceMonitor.prometheusInstance`           | Prometheus Instance definition                                                                                                                                                                                                                                   | `default`                                                                                            |
+| `metrics.serviceMonitor.interval`                     | Prometheus scrape interval                                                                                                                                                                                                                                       | `60s`                                                                                                |
+| `metrics.serviceMonitor.scrapeTimeout`                | Prometheus scrape timeout                                                                                                                                                                                                                                        | `30s`                                                                                                |
+| `metrics.serviceMonitor.labels`                       | Add custom labels to the ServiceMonitor resource                                                                                                                                                                                                                 | `{}`                                                                                                 |
+| `metrics.serviceMonitor.scheme`                       | HTTP scheme for scraping. It can be used with `tlsConfig` for example, if using Istio mTLS.                                                                                                                                                                      | `""`                                                                                                 |
+| `metrics.serviceMonitor.tlsConfig`                    | TLS configuration when scraping the endpoint. For example, if using Istio mTLS.                                                                                                                                                                                  | `{}`                                                                                                 |
+| `metrics.serviceMonitor.bearerTokenFile`              | Path to bearer token file.                                                                                                                                                                                                                                       | `""`                                                                                                 |
+| `metrics.serviceMonitor.annotations`                  | Used to pass annotations that are used by the Prometheus installed in your cluster                                                                                                                                                                               | `{}`                                                                                                 |
+| `metrics.serviceMonitor.metricRelabelings`            | Metric relabel configs to apply to samples before ingestion.                                                                                                                                                                                                     | `[]`                                                                                                 |
+| `metrics.serviceMonitor.relabelings`                  | Relabel configs to apply to samples before ingestion.                                                                                                                                                                                                            | `[]`                                                                                                 |
+| `extraObjects`                                        | Extra K8s manifests to deploy                                                                                                                                                                                                                                    | `[]`                                                                                                 |
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```console
+$ helm install my-release oauth2-proxy/oauth2-proxy \
+  --set=image.tag=v0.0.2,resources.limits.cpu=200m
+```
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+
+```console
+$ helm install my-release oauth2-proxy/oauth2-proxy -f values.yaml
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml)
+
+## TLS Configuration
+
+See: [TLS Configuration](https://oauth2-proxy.github.io/oauth2-proxy/configuration/tls/).
+Use ```values.yaml``` like:
+
+```yaml
+...
+extraArgs:
+  tls-cert-file: /path/to/cert.pem
+  tls-key-file: /path/to/cert.key
+
+extraVolumes:
+  - name: ssl-cert
+    secret:
+      secretName: my-ssl-secret
+
+extraVolumeMounts:
+  - mountPath: /path/to/
+    name: ssl-cert
+...
+```
+
+With a secret called `my-ssl-secret`:
+
+```yaml
+...
+data:
+  cert.pem: AB..==
+  cert.key: CD..==
+```
+
+## Extra environment variable templating
+The extraEnv value supports the tpl function, which evaluates strings as templates inside the deployment template.
+This is useful for passing a template string as a value to the chart's extra environment variables and rendering external configuration environment values.
+
+```yaml
+...
+tplValue: "This is a test value for the tpl function"
+extraEnv:
+  - name: TEST_ENV_VAR_1
+    value: test_value_1
+  - name: TEST_ENV_VAR_2
+    value: '{{ .Values.tplValue }}'
+```
+
+## Custom templates configuration
+You can replace the default template files using a Kubernetes `configMap` volume. The default templates are the two files [sign_in.html](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/pkg/app/pagewriter/sign_in.html) and [error.html](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/pkg/app/pagewriter/error.html).
+
+```yaml
+config:
+  configFile: |
+    ...
+    custom_templates_dir = "/data/custom-templates"
+
+extraVolumes:
+  - name: custom-templates
+    configMap:
+      name: oauth2-proxy-custom-templates
+
+extraVolumeMounts:
+  - name: custom-templates
+    mountPath: "/data/custom-templates"
+    readOnly: true
+
+extraObjects:
+  - apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: oauth2-proxy-custom-templates
+    data:
+      sign_in.html: |
+        <!DOCTYPE html>
+        <html>
+        <body>sign_in</body>
+        </html>
+      error.html: |
+        <!DOCTYPE html>
+        <html>
+        <body>
+        <h1>error</h1>
+        <p>{{`{{ .StatusCode }}`}}</p>
+        </body>
+        </html>
+```
+
+## Multi whitelist-domain configuration
+You must use the config.configFile section for a multi-whitelist-domain configuration for one Oauth2-proxy instance.
+
+It will be overwriting the `/etc/oauth2_proxy/oauth2_proxy.cfg` [configuration file](https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#config-file).
+In this example, Google provider is used, but you can find all other provider configurations here [oauth_provider](https://oauth2-proxy.github.io/oauth2-proxy/configuration/providers/).
+
+```
+config:
+  ...
+  clientID="$YOUR_GOOGLE_CLIENT_ID"
+  clientSecret="$YOUR_GOOGLE_CLIENT_SECRET"
+  cookieSecret="$YOUR_COOKIE_SECRET"
+  configFile: |
+    ...
+    email_domains = [ "*" ]
+    upstreams = [ "file:///dev/null" ]
+    cookie_secure = "false"
+    cookie_domains = [ ".domain.com", ".example.io" ]
+    whitelist_domains = [ ".domain.com", ".example.io"]
+    provider = "google"
+```
+
+## Route requests to sidecar container
+You can route requests to a sidecar container first by setting the `service.targetPort` variable. The possible values for the targetPort field of a Kubernetes Service can be either a port number or the name of a port defined in the pod. By default, the service's `targetPort` value equals to `httpSchema`'s.
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy-8.2.0.tgz b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy-8.2.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..e424bc0f9c61d0bb8052d90b83cffe89001f8e76
GIT binary patch
literal 60874
zcmV)#K##v4iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMZ{b{jX7IQad|r>Gy5`Nhh(o1`Sm{y5|Bj3OzCCcbDbIp1VG
zSrhCANkq*?2S8J1OwZY8*caGW+(+1hTQ~YfQa8%6g>w>%Xj}?aK%r15R8f?Q$&QyW
z`eEKVoFFFrIhsa)yUo<?cDws~d+OhAw_E<V_q4bBx89TPlb!wEPIq_rZ{6PRlPA5u
zLHAanXh<m+i2bd5<G#v+`->zL$5bFeXw3U90K^0tp+HR1p-*Thn4ox!c^?)n000jz
zNF4S7g&_`A4nT-`z(^un=)*x60#B2KG65sXAjX#v&{!Z6V+IU!@+XFbMkJWS2qTd)
zY?_Hke4!xF$%7b8aUXsp5)?RnlYIe5S=5J#5DD*hI%8G959qX0n95TWlM&{Ecak)U
zI=g%OEtHU7Fyji)*-i^3N%r%p-`nxKtq><T4sje1%=;}5P(%>#1H&QVEs!G#i5{rR
z@^OrYk-~(AR^@sV)B<2Qp_~ZH<~gh(io<z`XE>q>X1)PkqnQcW!^{G-=kM<N&ss&~
z0>iQZ1~o(w6C~uHGZJDBa_~47Bv8bJOCl!lBc<aAKekw;45*l3)&g6N@z#V&$SsI2
z4jljssBK-~`6XqcLeWJ!#4N@F^OgsynEiK0BCr5d%Y(6kNdBSPZg~c|vYCt;-~Quy
z&+qN~U9bCXYl?`OKdL`GMI`D&LNJR`GA4e6V;YeE7|VP)4KiY6MRbY0?(Zo6j|j0#
zGA@)CX&MvZ6r(uud4h5H9}_A}^L~1fRrpVeqci!vrGL9fYH^yfK+mF8Q?*cUb@6Ow
zx3byt%$KwGTI;`t|3@^qxK$prg8z4SpL8qye|PtR|8F9dS>9bSGBU<o^np*%&XfKA
z-~Wz=xcm2AJPiK+bolq(Zh*p_-95ZJ4Dgfv{o(M*6Wr_Jusht@-Pyyvzds58{`A={
zLZc^P4+Xe2#xZ6{;II$vo$k&PulvmF?Vfj^^}EmdyHEZ7y(fD+``zyTzjk-}-ERAO
zi{mRuh4nu}QHuGk3xLbl|K8q{y}i=<-|OylAJ+dS(m0|+6!qcbr`8snQ<&f=fq+gE
zB*>6NM9j4)p#%re>l-d7B$z<TG3e?(nW8a1O{3@x2Mi1Dx3<iuerpQ=%HMUa<u*z7
zq1TYV(`s#P!Rr}jjD#4(1Vf0Eh|Z@t7OFH)BwN_pYGprc={~gEt=1O&Kv|%x3dF`(
zz|WcJV%ZfuB0>&}!%sMx!oWX72~t=fm=A!AAf^I17Ta=w=M%z#aKJpl0YOnTmvu*J
zq(tArL^dJtG>MSF13(-Cr!_zf1Bx!uoCBUFV&2+<FvTFK0#VA~TEHU$LW+6(t$;sL
z%;tb%K!He61VNN?fmuO#k|TXB*E9qXk;n;XJR;+iX|Yg&IwApY>3k`1Zz-`|{|4tg
zAddsi=|D~qS@`vV)B4Ggl#A8hCr5o~|CdhfYDumLnU&Ub&1;w{hYTZu0jZONuA=9k
zLJEx{dP(B3oS;(_hpGxqaLjoG48<XML&Wj^9_;SG0wx%R;05}J{-A2S<yc}7e;{1Q
z)=WQ=Y6|2X2pA5f+=?O&k2uDrh~kW@9K(O4gy9fI1V<s?R_z{tK+`0`8mG2(JJ5Xm
zlwJ^A8GjKE=M$`^HPDe7x~`;Wgv+wwl0=aN7YVE?o{S*EBcbQiV>x?Ni4c!a8VNhS
z7>+RFx{C~?S8CC<B>-AX*T*qMcG)xvrzAes!tsX>A3m7ul;eXWiHwYYq&qsy5!eU8
zQfvzArFY6m9FPPR8{(MFNPrK5fTpqdPcFp==kq}%FpH5OGaStyEACT6L`5wPzPAR^
zN@S}eT%j>jX3S`s@IJizt-cNLbdlbFVEw_IG~91HrEgnca93Qik0s597^r4vA&&J)
zbVSBKkO=o-;i-nzspWl0<#~z2b9e{s@7kc@OA{^_MpKhNlJz>BPKalnIE^A*Yzq!k
zF6gwxF;rnQ=icjcVK5r2@)al~^G*=w?}vz!;Jso)&tZfjj@_>)2r%dG1--yAJh#)M
zx-Jb%nxaILRsWu%<T~r{Q1d&}NUMdSWP%PeCTNcGeFxeram52RB!VF}FQG3)0!a#@
zM9SHA{mH40nVhrgTnr{dgL8xgx@NmmEEoy6)3C|8cFWmhTdS^HE#Dx8Vo#ym0ulU3
zvrQ2s$7b^QAt{)#c}A&P0|I{#rMcd2uQgHhTJ;o(m(G>)<oKT@`-4;5vWEX@wUlJj
zFP)Rxf23$$(VMtG^f+=Altfd?aR|e?<<%_!fyQRcQWQE>db2*XPe!k(IAxgQShN*}
z)NZKQk=*{3zDUU<db`&$17m0|x05<q&HM?|lncphrYKHT1A!qOi4|!w;YwCwc$6Or
zb3Kq8cSr-?31}SPM5sTE2B)Js=bbGB7>UQ8%97*LXyzV`J>(@cY*nR3&>VLw6A`EL
zH+W3AVDq2xTo;quSWAsb0D>UnX&Qu6%7hf;>}1FUx$-u-*L&8L1%>>m4n~qjM*dSX
zS0Y3X|16l`DOTBns+`6)_x5(L+a_;q6-UumAhufggJ9@@jWsV)zmDUXo(wpi{lMr{
z{n&yR6or7}8DTV5g7XY9BH12?5u;N;px41mlsw|w5}poaW^O#<+pR4vf1rqA6wdW(
z;PA-K5efek#b~Uj@tmgH>r4}Y_=TDyijQDPc`qAiHDB)lovr)>iX!g<&pm}uFF}NH
zkH|TcmG%(NoAewEco_y-TdgfPJ?q1vR(YEl&vA|u4jDEKX(i=`7*Hzc6bTZ@C8JI-
z03jAQuvnSXR4=V;T`??=ogx#)W+)bLN<$84B=kW`Lg6d0z%v}~B}(4lQQvf7mVh~Z
zn9=IudMT|cYh{|&7I>cB{UbEQ5m%f%l<QtlxrZRRE41`tdZ9|F*{08olCM!l{=`7y
zkjzLZ4<||<k!>){xx_D=tK$rZL=K#eAe*=_Oa*WftK*qm5EzHt!m4)<HC->U`Xpfs
zDInlDK}_x=cDr-b%{Ww&Dp&hP{r-N0M<m7^CiGI#p#-s#d^DYhO6C5$BIsk75hNLl
zom_HOWIIG6**O<D4sbs&qPoj=J-H)R#CzM=r9_gMtK0!A<(NT4BzsN;Ob~}5#&Nd&
zn*EceLZeU})O~#-5Z}sumlG)yF}Or?i9oAX2O39nps@?XqpY)SATby67^Nnp+zg36
zC}9*#iYE~xzUxlE$AB*75m$~tb2>F%vyb2pQkHl3ZDIruO?xf!${LE=ZMj?+k?4Of
zVKWkBTcTb|KB`l5sS#S%8be<1EywIY)%qFFwFDp`wM5B8i*uJ69doF-z;j5Ym|`>^
zatMkRau(}Zqneha<$^LCy7D|<Is~Is7?CK#p-1A!iogMii$cFzkn;EoqX>U6su?AA
z)Q&J4&+FLEphVF$#zrc3L}Ujv4V5F#OB(e4Lmw-gtQ|M&WTZG8b=5P5v`VO}w4WVI
zv*`=Snc=dMnkaT6>s2Ap1?CXQS*4eaa|ls$h+%!};ur9ejY(moPIjN*XzKGx$JX}}
zBWYb=oU~eIVoO|!d4l_JsP!%<r>gel1jpIrmj&c3$cljP>lG2$oIdpazT<cO9e=0W
z+<@Gxzef>@1I)5EA}3Qf^vr+K^LyQ{zt^plI8%dpV{UMFy1RbY@AY>5Zf9q&x#L$f
z#7aoAoyI1k56@&D31#9{IvrwWGPdB9Q9%P5DRG6y*$IaPl0+y;Yym9?G*DqgsgwzZ
zi1nc@&xCD<zH*9arh%e!hDIY2XmMCc<u&=)0?6x=xW0aEeocKdB&$A@h)^=R(r73I
znJS023U^T<S8&QPoSe?~Iwz;IeUSU4#{~*5G^XFID^Qyjxff$`N!bO7$DO>fjvP~R
zl%nWN{?s~&%Kj(I{D7t;B64=TYfFgQk3s&s*Z$2dFwZb@%J2xYtmV>ZL1+X*C<Ssd
zOtt<%^60{ZxZyxeUT4d6=egZUg6QlcC)cQeGxZ{6iV|l9g;T4je^RV*3(mB{6mz*+
zlnxw~>H(k7GzulVHj=O_Zdm0;Ri#&IMb8djmpvI3P6fJMeUwh|V?bsz<&fQjLCWRs
ztkk4w6shlabF(+ra^Xo)RrXix{hVIlI0Lr4I$I<jOPQ!ajtU~gxmF%Z5#fVm5=cz?
z&@nrZR*Z*ot2;P7DXPIA<&^a=o~bD?>usB@jtJA%x#GJga?6sEpn}a%Ca_0#B`Fw8
zp%_jy%)oF!S*RD-gmQg~lm|$)vv^hq7tsJkMtdX}QoX8;J7L&rSnv$9xoV`S_V6=J
zhtdBl#%e~Tx4;~wN)a8}<-j#y|3oY%@%Vo^;)hkK5Dxl|R-O=OEO%N4LCTnvh%cUT
zg;INeu?A|*_AeMZl|!`HFckYP)6=bibbuiWE^r+7%})SluQUe_d-C9s$8bm(4utbj
zGEuj%EuM1h<v44BIhJIbMagVQRxk1qGi7}>IrE8GEhr-Hp+ITA^G!!YrrB#KMl?Qo
zri<toXPPG>ZUAwnqqcdfo02Unm8g<t_z{_sylRl7edu+&Q}cU@r%DaA+wHz2M#B3e
z#eCfwEydL9jkYKQmd1iiaVBm-nuJKGBi<^;zWl7OyK+wI+0Z*J{mt$~nHI>FFo;f4
zGaz%mw&h<@@x~~8YAfpT*Vlcce`Xjl8kb*alumJ-PAWj&Fpa|qdjV#4vg`TaE|h$J
z{JYUt%Ig0pH2+dE=VBj<d!Opnibc@jJnG1Pc*haXD?qfAI-6+4V6I29CoN^rXO+ka
z4SfwnHf9$DNB8D&65;?cJ1VUV)r+k!cOG8u`6MP{?e1ma<se)lBD@i09to2Y5YxHL
z^kfMOiYZ{#rS`W6e3Jj|1^M4@^FE)nS_vbR5ivi^w>*8hESK^@L=eYnA3)jh5Sh%<
zKo#lK`Zsoxic{-tT~5tNOEXThMu+DCN&3+4b^Q+?KG^@-Ez3?6AF@gx58Cp8?mPEP
z?W~F3&QrfDPXtYM>zI-KR$@_G@a~)@G@|4AS;8<14{6K=LnIdbw@2#;dUEvg?7}+<
z)&KK^Y0=}VNy!#$o1N{_2D}FAQKBo31MGbCP(re<9d0ALpY=LhJec4xjYvFhZGmVS
zq1C$|j7B6TLNm#PhJZLHW2I+Y13p(<o{y}f+fa;B9>h9Z$n@f&IP_2~h-Y(JTVVgp
zm2(l+4e?urN-jyEAP`v(omT#Lh7)<3v?|4G0g!Ucym3lG+>zt=IF7WkuhWvh&(u%K
z?12AigmiP(GFJ+j7K@Hb`tK;k8ZeH9y6Z_3czy8p{HLAwr*B^W*RQ#Xyrr~UzaYjB
zxV?|i0&~kf135+|5t-pwilF+M3x!1eN*Em~&F&3%%RJw9<Yk?Bx|2?83yuhv@WYUb
zi55(?<xD1;o^U}Z^!zSN&tIJR89+qlOIRj2N;)I-M~CAemE5nhb@7aQ6O1A;@q!5s
zE_lnra4I|Q*PMXlyd)?(!V#LE;ef^=??YFf*T@vpRAhNQDe{<c+`P3XS}99tn0Fw{
z@l<Jr&L<4>35`P4Zv!Fixb3B+nlKq5ZcIqqyl0y4v~13y&Zt9xIv|}gG9wWl<6|D6
z2<fA)J(#&?0j&cF8BMH-y$1&`UMM{o3grpy4W;4-5@9~)0#CDUSQ;PjS2UKNi<xgZ
zW_{S{cDpv`M@G{m%i=f)=rlQHbVRISgjS!u(ek6wj<#C4CD%de;F-{{Cd;{hU|1QR
z9I695^jZwhh&%}WM7W@A{z8h$ir|u03q010QRC8_fM2MG2X-ZI!6^-o2xqCfMEyPu
z$5>eAz~%R~Z#_#}T9`E|m!($B(h*G2hqp1BArh%os_xK8e2`_>gNL~ZjMFIcB@)Uo
z*3FS(+kI78W;^Xmq$w3%F5W91k;Zy?&n3s^u8M=kQs`6H=#&ATkwEXjvXx&@L_*6|
z5yQ|v8U3W&(NMP40NV%3?(INM;r4o}FTH|T8ha?WHF8%}IP7d?K&u62K{MLi7UY9E
zrQxyp>S+5UReqw3{3%yvBqstKq=L$&r6hoLuQJO}PO>%?T*$PEJ1vwqU#nZ0lK73D
z;an4Hiat0Q-Aw&>c>4COAQAaf^>~U|AP?+P3^poSUF@Yg<}52&r<l!o;!mdsFvJry
zBWf#;NI>lNsYju1GcXR#G3$C%ZNyi0=S$+TXL|H3JT1sTE7`57%187v&aAV53&k2W
z68=fzkX~ln!>(dqMh#-dnAh|S6Em30@<C5~b*gqU%UjQr90Vn~*y;CDU8Q8uzD?GH
zbt8~w4bhNSTiLtLXwiqOZMF#w?_irv6s(1v)`*dpMKMzL36vQ-jNCrM+-I~%<)FHy
z%{;JvNdY_^dio}daJ$SOtK+2_9uekzs0=Gq^&uWnhC!(wtYTNc5K<~vrG1j;Oh%<_
zN8(TwqA<qdu{wOp=0z}h>_9O^Twsk%1EIZ|Kt>6jL)QWY-Vc<$k#$R#2$@A^X8r_F
zGJ!%-LSm&(Q#-%1WYXtwo43@a3AAOYzCpRDT58*ib7KN+tV?B%MY9$wa0oPh?3iw=
zqO!q2MA?h8w(hb<?y4X5I`WrNHB@A<vK;2hVj71_<uO&HPA1DfXt`|v$&=kZH`@qj
zZhoDF)+nW^4_dbFL+_d990k>+!*h!&O3MRWrK8O&t15NAtFBzXc0tn=&E3a`7|<BW
zLm(iShy-zd87lh@AC6<e<Su3fEvwj7XQOsj*!#Y%mg+EI^F#oS)xSpfP%uqa4`8Et
zopG|Z9w=CMWJZZ39#J+m>I~a$qxDMJ5>ZWHtcQ}RN2Q3#=w)uNArI5l>wjC#s@CKh
zl_mS%?99LEKKW++>wY-?uRnfI|NLQc8BRF)0YByV<=_AK`#Fj5-mkmI{^9q@!T<T6
zqtOK>FVNvm@5gzOzv~M?u2!y;%+VODY4#X~SX^pD7G>bBkIEt8EmQnVm)5`?8movn
zyF@dOjn#!pv3cF#!oJ<rlUir0V^7A^w&0a>D_7i!B+(4HEECqO^nY8%E+<%wBW2ip
zNm(ZSDmzpZaSDUtNPPWt*p~kp&j;ENy_Td}iVBt0l-q$1#^zq05hQ(46q$krO%3<q
z99`g88~A0Lk!F%+fH`mU8-Oi>HZYbL3Bv&naU5v=V*zv^{~6Dl@v6*yYLQzWs<AJT
zJ8@x4)x7>OOwom$2`qbLFmW51%5BhWBy#5HtH{_q;WiJLibT=W8{&vwZu^D7Y1110
zJksXb(H3VX7bp%<L}R=#o7BQi7FAw9gVA?v?Yywrh_c@~3w-<Lg>2W1J}Y2t$+d;E
zo|DCu@Cf^39|n5LcRD}4K0ANcKYjh?{I|ijuZ}pG@uG8|T-q^}9d@i$Z*N(Y5!s9_
z2lItde4ELrKRcD>IJgf7+8mhyC-FFvf{v8x^|p#bzpl^xy@kFBY1<KHs_g!=ZnxWB
zS)^xodrgiU_G>VL1_rQl{o8s)M&MhUvHp51(F!Q_tRrV06)1guW3G(<wEEK&$T9wJ
zfa19sWlTey)#aHLrd*NB*_(y1!W?eE9vV<y>d9THwnk~m*5Jp8$mU&?OghJT8}(P3
z=B+I_j<toivLh*M$eG!)`<9YA#};pbvdyBE?U=^SQn45mE7dxR16)^ApLy!7MhxPO
zJ%O^p1G_D0ZQEl=^eZ)v&HiuCekCs@2?{RMvjW*j_BdU4&N~*MEzR5HBw%QY1!n3V
z-T)KO=@iEy*4KjO(mW*mG@G~|%v&`1!PUuZ<wn0k-`d)n#p<YCb4i7`Y}dBtI}JOV
zw!Bw|Ks)I(3CNT#Y;?Ai>QMH^<whUF(#2|+){xGy+V%?IUZTuM$*e=woLx7PLEI9Z
zDr+_)mph#^XD)K~GHl$QnA-^T&rzPA-_$6jBZo0Vfil(MlT?KCGHz{wz-&rlRsKi$
z`Lw9b*niTJr<xHC=7AKQmDYvfGa(OiTZRwgAhWo4p5;KBPuh>6?FI7xJi<7E{can6
zYqiY#ER8okI5=f=ip2z{JbTcE<1nEl7Img&%95<M7Bxn+##AxUuSWKI&z2aTF0ud2
zYc8?)%nbf45T<j-GN|4r)D(D0V<M~$uMQ=z6Dgsnrx<R9CM!p4=U+6_kz;4dBvbP~
z*CNj}n4NA_Gg(bXymf#&v0O03>IPODEh#@crid-kciwlE8sPy$iLq0iAuT4_AAQ*G
z^2RFWWUj>;m33~<>bqGr^`5c($Ya&G9lI;t%ocE?`}*np{M7ugj6th{8A?bz_N_py
z1a5Vl9*D@iL>%ZtsXm5ESyS^rb?2z>A<bBHSM7Gzd)7oB&R?8W-ycda^u#uB=m!U8
z{rK?1I{j{K!RwJZGuHUy2`IyqcXHx-)J)3GFrvebmKi!nG)ObcxeiK*KMl7;#LY_`
zrBca9<6wA*5yMOwW$Jg2r$|h+ico$4{c=|6FI1IEc?VzCGEy>mSG{lEaxt8}JCt~G
zrk2^C^kGR`9U3V|P@~VaGY8DnQ8P*zvPg1U2nx3*w}i#Kl9V7cPbpiin(kjJJ_HP_
zsca?;H&0a~^%#b$>A<bhmBeGr?X8w-<DF^bjc$a*<J_zz2PIQP=UE-C@+_H86n|}L
zPWj$I_})OMwF3HE-mm-U+yfNo-Az4Iuv#&O$M{1ZzP(6?`2C|0;VF$d7K>cUTO>4G
zWE^cFIsAePB;<~$yj%S1x4GtC@dA72`tJRES?~S(-!lBZxe;RT2BSq(ZX0D~Jq{}a
zoMM6A=PKv-2@T&%6seK_=3Hs0*JqUV;or)*|Gysj-)(=B<?7ov)kR<Jr`h>J*GVE2
zC>z^8eACPFEpg3vCH*Md<e#5$$h?5%dzdzwdp-Oe2PK<9*YllyWvkvP`2i>X2QRY@
zwidF=%bz|?o*GYa%H%CG7u62}b92V32Q;tHk+p(Mq=1xN7n!E}fG&BSo5_2wVK6nr
zQl1ENYhllPFz2)C6YD(bf>z<8fz!`bS-I%%Q_Pi#Whr0xs7<BYT7mPPgyq_9cL&;o
zpegLt7cMucfxAMp%@y*dmFDv*O{)r(ruA=Ul3A0$;(SoPBIOA@8+f5hmuU4Riq*6C
zl~sZk8mTE~8*+!!3`;{P*IIYwB!}z{<#mGoNbzUwd#vE0z&;q^oma2VkI#JZLEJ_k
ztNj1%?CqEQe?8fG^5Fk(Bk7#N3^OvC*Z3BiAg(W<arhWm8u#U%Z>~<k^D+VA`Nxm>
z>*fLv_Omi=_y#_G0{w6<<lsfnMoF@wY8!m`^y$HS-`%B#_5a?zx%NeJBY%La{6FtK
zDf|C>+S`5du>LoZK7Q<c*Ls6R%FKl{N)kpBM%1Nwu4FS-I2F@Ky?gqt?>e78wLX6I
zv;qV}yD))jYWjKOZSYKGWs)*go{*-AG9diN^Pa!c^SW(#1pY7DKc(aE4i=ezm4dTA
z|L44nZ_93H{UnUU0@~U#ururB5a5X8#$rP(kXtqmD}T2fgs#G;d84)_4(*G!_3-xZ
zJ-@eiM`*(z1dh3~WUb;v;;$Z@zuyr!b<Z5@pjxBaa@yYaTD^<Z#Q!HaN-(=I>sM(x
z|L^to_sagC_j`ML5Bz@<NwO=Lk!fG4@<$}X^62t>D$x>5a32g)>U`Ha{*YJ~RR!NQ
z+SN>jdDRGWUS7m3c2!qhyIZy(OJ<H<7a&*~2e7}Z{v^}0bTlF#pzT#xss=K1AZq&<
zrBO78KT;Ht5y7G4#|nJE^-ru@SLKE5Lk@+*5C=#-9-`C2#k3l<_8q76rpm(2zFQ<5
z9vL0#(W^6AR@r?eIN0`EC!>PL&D;V^U)<@({37!;q!hBsS)K&mK)W2j_RW7`ORy-l
zA2YPtGK~e+!n?~;zfoi8KVP4;4xAY}bSwTFjVoO_gSC)*WdIe^A3^(Hxc4u-U20AD
zdzHzyeET<((4nqeIM#F(@q)@-mr}aPRa90*+l^y#QLg{a_gAAtg!aF-q5Zynjg|GI
zF%1Ic+|yhPtpHdTYQv{bE$d`QjiC=8KLUw^C=DCND9?Q@lq7!9&fEBx^M-TPL`Ft?
z5m8$ypwooLO1)YPNMT|wRBI%N36G9cA1jZidK%XbhMVV!FAN^?;v-9<gWLyXE%2Eq
zeL37pl?D8fQh~vtSatooZrk){5cF3xjh2)sv}OL(^T0m2TyF-HF;F{3tvzm>5)P`X
zbxC%w>dptX2<o8!5esu$t*ngJ;jOvyua>*&JBE^FR?Ql1uUVskZMET1J$7=|?{BZq
zo65U*`6Yn9NnME<*NIFchKj{()Ere303_Y)uCdM#8(NKBidz(xns1vw+G{n^h(cvU
zQt_j$?F!1yn$<yXnnr@;`ZCAfN?FkabUGw44vl;LHAE?+Qqw~$VY}i0-@$~pvQ!QF
zN_(#!f>V0QDcChP=9y!n6$8{pNlPV~LinY;fSo+nl*no1QAh#-?L)o0m|uFv>f-Hf
zXq#c?;sLaEhwWm|+jWZ-Mu<evMnY~F!aT>xt);4Hcno-kV-ORXjwjZZD|@~YQ(?_n
ze8-z?gprasr-T>oJlm_MtvrmU!nL7JS>)LH0{)OhBp@Q1uVRTB|7V#I@>>=)to%CD
z*Q}afFnqLlyk6y!{$cq{v24}aP5uk-|BK%pHS*Z<lyumT{$vd4D68e;W@=>SjH2ES
zuW@XYnW<2;f7f$mMo=*v*&0*9RrnbJV+F-$MU_)FeDwg#7ijG0a2{Fo&K$8c7h1N<
z@Ks^5mkbuRe^PdV7)@jS>iGEQvpRzkbjdsTf@_Cxv_m*gG4J$xJI|_vGd+~YRhYfS
zXMMi=9?mbmAgf?y{hG^neP3g+NhkIa{Z1J?T2g?-l$FK*_DVUSVG<~Z>c)An#+c`M
zE&TwY-vaoa#NmPVpWBCTyUG-~+u!Rw>wa6tt>b>*FFU`tI4KFKORFp(CUJ;k0Xxfu
zVPlq<v4l^btPSSbs&T9wNX6Oy8Y8LJSw58dQMoM!SLr^e>$iK=&VC?KCO3&>Sx>6u
zH!J#DJrm8nyPkxFTYG(Gb6^N;_j%YA1;B8B566Lff+`phG`8b}uUXy>375BVa@0_N
zlRD=n{ja@kxO@F?cXzkDQ_=rEd5HhDkyO}v2ZE(|V4toZoSwkI%!AC~*+6SRm8a|M
z?Inss7$}qLfesXQN$Spyc21d!{G`-&VH18-cZKxqwyuyWmq-fw<rhZEJ>=S#f3?`O
zZZ&Tci>Ic|FARI-yHk5vIxs#*2UZoYy`#$WmU)QasO%lzsD2CkW4{jrSIrdA>6FIV
z)v9SaJ0BYDfH@|bujZHec1q=W(tb0)jE9Lfd?RJuLF=FTvB3m`YF9lqH%jkPV6*Hk
zwg&^J_W^u7Q!mFpftS5fEIu&T>Kg-xQ(c0TRbOb&-Le(+#zSj>n0liDvHDh02>G%p
zGoAr_JR*URwI7`#hGVe}hmMyH6<g10OYsavskX|`1MiqZuFF~-C_@pbajIu@$*vom
zoAmy3c;rxY)s?w#{fcb6>qSb@fd42oTzk*GT~lt!1+?zOp`=z*IvJ3E*RO1x?}|p{
zHRU{{iJKbC9qVT5Au&(z35T|Rf!MC}0Z`MP`_VmJD|FcwNi0guZ988_5k+EuuTsKx
zX<W%K>$EBue(AUJn@bJypA$OAjj7_PP!ilzPfykk6T8a(YqxCwwX?hT<mrR_w~16f
z+SNzUaZk&phLlzwt*Tau!m$mH@E<FCbE4>|%~Vgt_BQA%ASaA}uchBAWI>u*?%M?O
zc+EaJyzzBjlwIR3z#L!qYz_6mZPmcs_g9L;75tc+!{Vdtybjyygjnv%Fhqx6Hw?;A
zSi+}Io+d#=lq+QCLF3xyyDf`Y_fDlLu+92&qZpg#(<i+fTy<(KxeGOa-uGJj9Mekv
zpZUPnI_B%d247|WzrSDR|GnMr1OMMha=3Z@mB~6PZD)7*47u}_`DAg*-;`G>Uj%0L
z@JSyQ>Y_mTcJqJ4@{}1cqFihj3bvaW|83HL)%w5If-j|2@?W=Ce*d$-xA$QGzma6t
ze@sP_d5T`Vb!J6%Hvns||BB3Hn!9BY>2qZ=H{~kjfZWa39)(+%2MOsR6;cEL&n=X0
zVFOss|Mzyg`%laKfB)(J1OMMda``n%65h#}_E9zk?n!E^>=3nq0<O796jY0wV&2yM
zLCvP?xPo`ZX>gp4Ifr65?m^9H>cb!u>Q@UiAl*hz(4Vt73f8nTLveniUx#072CVBT
zPh~HhiDXc+rVVvQ$$i~;7R1+jOvxrIl>EYEK91KBWo%jPQ!Jetp?J-mmQT>mlYO2}
z-KGjSsfEO~m?+GH5-hGM&Jxq<qQ#DX1GrWz1{?5YbjAfBwS^db<DVPS`QIasm6xOT
z+PdfV_LT;df#ukDG|f0;T+-Nl*4CKPaa1rpS!;-eYAXkm^=3WeU9B^>R%2f!a=Q+w
zm(ti4>_hccL8%e#XS=3fhfpOjiUDBi-!7EOWX$1N%^i{kJ}PjYt88P1#j);o_AIYi
z9p1868Tsd?wwz(vy`|boIc8nnL|r&LXP2m}*{(-vW!tF6R>%uCxY^gO)NCltgU-AL
zI!_Rmk+SZ=f<xH4z(5W@s-N?!%LD5cteOii4wltxoHuT?!K{oME6~AcWl=hH9TYcX
z*tsFU6)j<II$aawG4Hk-Q==9YOWP>Us3kRWMC>o!MQ&SLs#~o@v$T3gg9#nbvc0B#
zv9`$0V{yQzPyH)Z6=<9-^sN6=Cs@aoTFaw+6!wqIH)^{xByq>}kJ@Qai2jz<#_=ql
z5Egsqug?!&ynl0i{^r;B=O-_ZvjSPDnsqT~ylEDYU?`9OfJfQQS9|$Wh1|pYcEQ8D
ziw6t58*}jeo8zOCv-gLuU%fg$JU@B;>iyd{FRG(y6klo|XH>Q?Yszu$5gBig>kjAb
z+41|s7jMtbkKfc##)e*AjTPNQ2|H)C==q(J7}}3l4oZ!q_~fF(L~e{O>(BTq_&Pg&
zb$;^dxQ6)aBh0pOix|s%*RMcX4d+~E`IW?jD!)_~V5L&fe-3HPvA9kb&~~5B*fBJU
zDTQsN0!Y4>^twv~mzwA~P`_a<8%WkhL$?64QXuK#gfV9W#c&-c+#u728!r<NmQi}C
zSM9vk3g_Dn=U%hH3S2=&nD88fH|OoVgS@(}w|;xAXT{m;B7glIb;+(-UPP*>*-Gnn
z*V4RVC?4b0wIyOCK<;%xv7s7OK`9HdakI>}LdT(^aC@%i;<*Z!?Ou5le)#igRAttc
z7AHa^9@5Wxp1Y5eYRd6y!M(lRrUBKwDJnK;3e+^}cE28Kn^afyg5dJ})xDedF><m$
zcV^nsn#~<wkT^Wy(4L~CT@<Ph*qB!*i=K7gT;Ta*_(lgu=|5kmqS25(vK^9mh9VNS
zO)J~gfqwj``hicMo?9KT>2U#qY7^*ft%@y8=-LUBH@AHLUy*WlJUk)+UJHeVlXXM6
z#?y0gJGdgOl&!cHUQ2^&r{OwlIT(%aMlHE!%}jGp<w#B1NOwr)CT$G^wz`g*=i(JR
zzlK5JRcA-t<-OKx)?i(om{B+-vBCg6k`t?_3i(e?V<<bt@KcTt^4PE@I?^G-a%vM4
z@ft2*l&h*YjVZ<ToZf3@#j1W9yGc2Aqt|-oaNq@b-RDk>#$`0lw89E4o^i$D{myCp
z+^CE@rH{V+xXyafF33+Ai35_LsIhZh&P!}Tg}Nn`ueN868BLSQLBZ@0>Z95ls>KR0
zs?QQIQ{`IVEaxk$^xsxe(4{I1(J(gqy_0g~OYcMNIxBUZg_v>sbK=faReE`iOi$b^
zKdZG36;vk`O)>p2{{=CA!1eOuE6=KjFHVkMoxeXhDjz3*V079qY)|?E;%7X6gGa?L
z_WE_H;x_le<Cix+sJa?o4f5IX;hW?0&j;+x=lC+vU%&qO<oGiJz2q)kr{>jFP@d?@
zjj9Hr)h60E%gT9pc6@er^7_^Lv-8()j^CgEdRnLc({1G+sxr<RG5402%|mH5>xdr}
zvnA5Ex7Sk&ogSQ>{qyyk8?LsGYdC2s4Z1@A{N#L-RzB8vY*~)iW<b^xd9=bq3qDQ2
zH21NlcbJBOmQM{}*U>68Ix!8`+r}Q$)DLRvzo?q}<$*%ntAn~5oR!|8tY$io+PUU9
z?oUm=#txLVbd{~>DrGCtXs?R3Tiuv8fsSi#XiZ%^{u6FxKfLR0?%G>XUEJckIDjcF
z*Ks_vmN7{LkLoV+kK@^PgR#w8-NZ9FMN20nJ!_k~)!(nwt8&z_%=%E@Ot>%Kb@HI_
zu|S{3YVJm$<WTp`?L>&=Ob2aj%fH*(@CZ*6F|TiTyP{wz0aVpsuiG=fao1&)e0k{@
zN|a`LWu-fSm5L@=kka$R(=|MaEd{oC(@<`_3ZZF#i6gFv%y5i3KV@`StEMOvaJj7<
z@{d>)8L$o&)=5Y_F6NhKUNgdMz|Q)@3rLd$vtlI`E)_*bI70Kf`@Z5JYf2ZJGsYXM
zTPhZWr5?{1Mj=^>>0*gBQ7vWT5sVxC-sabb+t7aM@A+LRmUU!b^N%0xbXNqEKdVgr
zekoVN+D%ATYN|>*XCSHC_0A^@^9hZ@W$l#97F$Xh@1RS~B;_mU<+uG+4W4_AU(w(d
z6zvRi@+Yod4ZHdM2E+VDrC`xUV6}4pW=j3-I^nWl5$({xwM5WmoR5+Wuj6QLVqt$=
z<|*-ZZnC@rK<nRRS)Oif+euuQu|wTprFt_*T5*Sd6*%47^CFz8la+wV`bz*^|Awv!
zXyc~80mkYb)~bnd1wH=?Jlg6N*wz-*3s(qN89|KUQH0~7H2jORkhiUC%~}Ikw`56<
zZN}CT%dGWmvNmaV)jSM^fU>=ClcjL8m2icTYBsuA4!WFwnx`V}5_Te)YVo6bD3u#s
zU8a#Y*1R<MMow=HRxX^>v*@d>O7C{o*jl)$1*i^R>lR#%!)3rjEhewzk}0#ozp^7H
z6AHLy@-=eeDvpW3(}KaHm+2ku(4)}0n^L{;ha;|ErGX}8PS)6!jWn*l%hnI5G|_K9
zs8WMB9awRUcl6q#*7P;7o+|p+-_jeNae$rRFKLMT(0%&!$sLKQUi~l%-S6#m>qgid
z*CulVQnetgD`Muzx=5=YUn}zRm1W^&r7FHnZj8CBbW<l~R~MF7!#<Zl(!6`sfmFA7
zttxj#nrai?<&<^C-n9Ie2)eF}+oT}QN|xV^*E5<s+&^7MhV?V<Mohgr6R*wAukTl|
z_HyB2&%d2LzjguDmQ+QvQ^=!&$^U5@Mb^BldTlk1=nzGflFp1Re_H?f?#Jp|@1obt
z(May(j$X^=++H6s4RIF1F6+n5y}iB!jWBb)l*r^{-eyk;jp%rOmN1OMLmG3z5Q#;h
z--aUBg5tj2);y$JO3nVC7}gfeH+KNF%Ku+)x9tD#X}7!c;Qwh8seBbZ!NJ8*PJDOi
zS0g&=fM<mZR}<=N;FcIbNHK?)LPX;+W;$$v4<`a9h{F)$7#NnjnhI@KsH+1O4BAUL
zp)q&5N(=zlUKan|<%gv=bEYvRS)L*>seOcFyd~JM1+H`c?P|8V>aJR2ILJKJapTe?
zw2?bUlueNUI)XV(Sr(<mfoq_{Qe%kmWfnWb30g3y8~(sF+^!qdaubev5&phs_d{Bh
z8u-7ONZu61WQ4i6p4;avt@8ie>sI*xesA}I|8F9F{8(afit?|AzvDnlkDljM&e!G*
zWq!23?@>IY>!ybFUv*G+gFaUKf9{so|IY5i`rk;Z(XkgVE43M4jeltUy>c_Tr0B}G
zoJtI;^&qWV|7*C9&&*V=<s($g6WoW_3Hl?&nYZV<SD$5DPzTX9H^}!LXYwI^o~eQV
zPZD$+p8s`P!T)!jJ}Jlle6q9uaQ@#&sw&Cr+z=PMMCV01vmL{qf1-^1Nn?ScQyLza
z5}181o}=Ai-6+7ov%G_Q@*S-Zd#)bjXD?{#oOsLpiX(5h^5sqoU`paQbxx>Vq&j6x
zCG=r+rM!%(q%GcS-I%%+wLgNFcuLv)tsoKkQ<3i!vjE2ejkD_)5A=5W#@N>y?S(bB
z?U$}prmDp(Q+MNDT<O-FE}d^^h8Y@T=VRl**M`4d+tu9U;pyAk#7B^%n?lAa$P1WQ
zf`=iVpc%1uJN8$<;lin=qOTU%5xvZGpIL_MtGwo(WPj~@uEuWPCWTJlCfDlnD!RCa
z{og7SZ$$=JvH$P(dX@MOz5R#y-y2CE%YGS+BH8TyUT)f(2bk?YZ`hIDt)pC1JyLTV
ze^r(Ic@+bN@?Y*$vA`uVzpn84Ji$#B)VHjXqrk5z?|k)2(oZ3J^y+(tPoIo{WMZA)
zf<TmQ1Xm7GSwrV&iTm+VnOloPd0h#p!bdZd-)6|DQj88)F=G1*GJohQ7PJX%?p#2v
z4s`FUDC!E>a)kYof8}zQ1*eP!DzG%dj_hQ-DorRCb#q+i^IR^FKeNady3#jQ2appX
z9K$%dtaxU%^iA<nET2#Aht&>>Brut^Oo0>B-?XhofILS2H&D52v)rN5qhcAWZ^C3U
zcY6Ke%B;qfhnm3h1>RbWD_>xqPFQ)^2KT+gURezA>ck`qjj%olM8q3kIXi`y1<!d1
z#{Cyh4f0<?!;o;6CX$H`({Ox~TYy#i|EGK9_^;jl-h=$Nk)))dLO3aBuPEf_wt_vy
z4n)0;WqlN@YB$eU>Jb_{Y<?b)(C{dmw%_Y%o4MT@ixLRE%6&tlbXV7KgQRy_E&7+Z
zx45xl>MlckRb;<9f=tnew=tR_5=n|@dMGDP%T_hA(|YZb_@LCflXJ7S(|CeWBqsAy
z8XnJx@)qR2@^1d#(C?a7I1T*25;N*1JZ2UD-|zM+_J2<w?teFu6l0E;p6V@&$WPCb
zajdTi$m^MtWMi$Im3ejNy`n>+^1}`M2PmhJ*3YB8imvm#w5?y-mV65~xj4G<wX{aC
zBcp#)d!}|cc8=nzGpF0TR(5yLvj55@xHGJ#Tt`2<=+}Iyy?w6N={m4foszjgHF)BZ
zRL6}iND!+~S4Py}<f^}{$m%hEmL`%7{9ki^{etVx`G0S>V*k_Kd-}ltH<3Pm^jcsR
zo?=f+9#yLE1^b@n$Bx_U6*h~uwKjvTUZyy$eipIgucx2A`lCDJo8|VR$j_(Il_JSD
z8x-9?TYE@rrWO2uX#n1J`&h;QclXQspWTP|KO0JGK9a3It6%G}wDYQ0i?26vJF-d&
zFNnDJp>e6Z=&v2$E$>s;f3AJQ?c;7AaIf|Fx-!G^jp=h0xj(D4oc|Y`4_*5lu!8@0
zpFXMR|DQa_|C>oQO7vRqTLnpeiI=M{!-T)=G3@3l7p{WO9hre=@qqfU@X9y#Hd4NG
z5mOsUKRavWRcfw*SMa^1>;INaz*nySrxp9JZg=lt{cj?<(p=5Uor-cTyTho&in_we
zuLw%PXLNr5d~e!nbhyjz)D%_P1$)t*%Cn!w^{=h-Hevs{_q4ZHvHyJXaQ@p!YFMy}
z`hSVN`qr!o?UcU*YeK_hA5m5~{@Nb(t<|9p@N;rn4U6Cwv{4Z>Gsr4c&An`;z!uT<
zvY(|`AGL))e$?R;J{Cg@)eqnWMd9}-LUE9VTN2i+uC_*<k(w<KIgMFpig~r|)>T{f
zbfB)@nR*NHMhauR+Ohk!&XxPh7FU|mW$wdPVy|ipQ!a@=2+U#>oij8Vk-)VmsQpyi
zU1KAw`zLW@|FxfL`)_QdKv^foidPMMP-AYMyT;PtO`EFZpKJW3)df_r%e@=`rMO&P
z(NJ4?nv3d&H6NQ|+io}%n^_C5{a6I3V6<8ndZd{lCdsKOpSR#-x&|n<y{!>&rREq~
z4zE(qcYP1l5WKF~ngh30Zw&$N1hY|HZgHwuc-NmQ<r*uA=R#d5QndQImWfy0`-E)i
zCr2rY&IAfBiUx%w`2kHyL@+NzyI4{^ui*&9dxh5K%a~BLsrgknq0r3hh;YHkFwLE7
z)qJRDL-h^ZP_MaM{<r=HZgvb<A^-0@-KqHhd9wRp|GSa&u_ol6>pY_R670IhUmPv3
zRqXdw`5D=IHfn|9O59&wCp!^b(?-qnye6H8JDS2ts%fLO7{B=eq{O3_nxw5~j%J8g
zbKG(;{pnK+rGl!6DaG-h(+gb7)v_@!sn=lZeIr-!l5Uz%Z)k)IBxFMrsOu)m%xmP_
zL0*B5^~QRaNCcD2_4_hhUD;N!uxXjsULK%?{HWsPTiLhWZWY2!Spg~JPQC;;uW_Z&
z#-0wY>UCv5Gt7orJ7W`i#Dgpfga-;CC4_%Z;*iASo8mp2l^er4Pqk+>iTK)u-n3{e
zmHLuAj7HcvZ*V5zdNZof(9NG=E#LpAG$w+wyWRhHpVaLC5B^^^ldf^_GIQglnHvpm
zV$9Sb@z@V2!<730op#FmqiJOM{@Bp*t?!dpR6KsH4+mO;vc!Cftm!Isi@Kp}>pW|v
zf`rj2789KEb->C?pTu0CILJ8XU0c_zM)$G@?aQm=z12Sm|D6ui;q^+Y={tQCm67+X
z+KaQl%T0LwIRbLr3ALW#t!Bkl0O;r0?T*Q7*Lyi>z_wE6%}}OEvA>H-l#eT1s5CUr
z1BMcOuA_rO=1RrMyrphj-IW_T^@a@(F=Ci0sn-qZQ_8-Tu0+I(VQI3AI-fJw@N(18
zug-ph)v6=$I5S$Pd|2W8rt;|hih!^x2<%3k|0ONV3i6*n!O@hAW6JPt_OZ(T<H^pG
zlKi*(^vV8%{I`j;1*b>|%wi6Lf~GxOPH+svltl871_=r-&=_;SwFT!B!ohmg06xJ{
z1mlPf^`=AO@nf}!1esyAO*r`|4qICg<FO7b@F-z;L_Xk9FV_FH?ZfLhngfkhO$ibt
zm_bBh?6>@*v-f9$GThpNLpq((7=AfCgOD)Z^2bDU)c-a3Er0kY>!|<RjLEno|7U;l
zS=`AR8lvDLO<+VK%v<02{4!~M=MT|E>pNdelh$|t)7pYx5F<3@aB_6aTT%d$r@)p^
zLX0}P9HYOtTCe~4>iEssUugLk*Z-U2gQJ(n{xrPZK9;WkonEhM|FzrOdC>oEByB+<
z#&YYO`}4O)6Co1b?{vmQOwyq`!WCwW`(qmj2LueyFyk0ho;p}^c_<6i0#lxhF#|C{
zLYA135OZ*hyCrK#xnw)1`YYq`=tt$&_%ZxQ#82r^u@azSf*IeITx*6RqC#Vs>k1CT
zIbd&!Nc0#&Iz=RY43xo`(KPW}t*tFMfAMceZ~m>-8Vm*jjX8~Q>l=`}A26IyKw((G
z3s^i9L}!B(LOWTY1ltOc2csy0>D*&jhwo^_n*>4ubrK6k!&JTPZ?zPw4JL>Q7*Z;@
zU?|~$;v!&S=G+r#3<%!+oDMOIvA|qYuixohWLZ9;+tvcapjk{Xy!#19)126H1U{c^
zTh0$t6r(X_zJXE=&DK4X5Vl(9G#j(b)o?4$E`M4aC@tF{N6MgIM}n&(?_73Cr&BpG
zG)8z4O*B?;<jBdeK=c=Tudgi;QyrnpR}H@_<o)(&tMGdpI93!>I!~?|OAtd-Eaco(
z6FopN3~|;r4k1jLM4%a|=}cnxZA_Z*o7zvE5J%WVf^m`QOom##W(_!)t>Ta2DV@nh
zX-Mhfj7}38W4Xc*=QJQl*!?>vx~4&-Dmb(^!%M~tDX9X*V2w-RjiIujfK<SmDf*o<
zm}y;7t94*9bO$C|{))#K9!2B=!>s4;_`Bf!17<sZ*Y9r2v$A?EqSg$FCG1F$VT57G
zFuIWanigV=6-ZMQrzirX$jKGJTX0UHCmS>i(srJzf#A|KlgwyOmiA>mQ|2)wdUzab
zn!VHgMs$2N2HP1%blA}ybPj(yc=hA)i`PH;({O9H*X?fS0PkpkZLA;l6X*y;&Qgfs
zH8>OJU__Zq>{-w6?fV}jFGXR<FwfY<k;8M8I=m2A$T%P#Vu5zll*|H&wazexcd`Z5
zHXNLuxZgP>XpD1|6xfy=`?#~y?ft#eecI_g>!5^qZe@?eUeD|8ced3)rc#b2v5se?
zSJzRhX4pH01;TlXYtb*4ivFJ}!#n#=p6zZw2Fw^`9HwXvGze0rrQ`%N*@v3ZFwo0P
zlYLOa_=wS|ojx2eViD0Bp&?LCzTG1E)Xye@y*vK-3{DPS0;3V;D$AU6v)wQsWk>_=
zqf73iDf*MfYPk4<ca+XwbW)DlI3*$O5H$5vgDQ@3Df$5SCt@0Hn~9-Eu6KyA+_w!v
zr7+;@6{LiO@)G1E4)o$Ew?H^p4fAkr*|abDVMw_0#G`O*{OG1~_#z7-R=UJiL9qrS
z6mdMru)SBrw)!atR>ZRnrFBvbrS;u+b+NR*`%dj1438+ok2SBZ3)7YD6);V?klTcg
z^A)-Qy!15I3rKMg$?kTl3rJC~X$48@cNiXFhT{Nt)b{V8gt)=}JWc;C1F1Lb?d&uz
zs2>boxZKqlMqDocV&Jz+#8-uO%jf-*A|;+IoA*J=1)UltHt2n8gj7^dM+5?f<+g_7
z5QnDhQtSjY4sarPht4FR__AZ@>d8&c)7(xLlLtpnH`v+sVad!M;sB*w$xw3(E*+`e
zHM^r#JCMXrk@{SqxfB}oTUg<@S|>437D~3^>@JQp;Be-lns}xZiN{(Z7$QDt$$<wV
zvK1W>GM5XyIw6a2xFk`O(*zLkh>Rx!LV6hsGR0<Es0U7PIiV2J_*(&&D9+0~hB-}@
zP-M8Lgq>r%@%CFS4^GV&1Tl@h0P#SJ4N5vek>;%h*p;MpfpKDFFdA}TX&jSy-16Wc
z4An|96cAKji02&@d3QD^_lt8<{e)pUHN9AIz<{Id41lLYhvolIuj}voUD@UT^!9zp
zU!e6XP37@th=$QTqdp3Mmn=Yq^wTXBrBTousAMX&JJ*ni7)?n>b<R72VcgMo_1PzN
zi@cRh3ca*LED(_l){I_>r7SIrK~IaQcv@bbT681RB*Ky)`Yb1>v01j$G!i6<u<|u~
z5D~;NUk4RVaf6VRm?%h1+2O2{q*2uA?eBF;<1Vr_Gu&rtd>(wSQ3wCu|NH;^-}&hE
zS1T)<sVMnO9Au{rTeCDPG_y(~B#}m(Q_>(raX1h03`aD<%s642pn=&xA=^*%o@Xat
zfd*y%V|Ec%guz)ir8#DTO{#suR;Hs72?&bdodro9lQ|KT)hh{(<VcRPk<`pclVuxp
zDZ+jDA!YJ>KUI6D<rdlA<&5a?1f=W&GZdv*>+s+bOa629>0!Vlu@?Udr2-=5>jtop
zTso5Kmy>xW@=4^&?Jvdw<{YuPJZirCzDOP}GwnP%L;^*03|qT9yH|nR$f>(KyW1^w
z$~tsOs!w+#8b$O{N$^T&$`7j<{bjauay2ZiaK6bWu$W-NvQzU+-?X$^3pmZ>nX9A)
z9AO?XqFf?gspc1xBnmV(@3x!P0=(-axMsaCC~XJ@ibew)`+jgG>MDExPC`Q)JD*^F
zca!OJObd8LV|@4BC>kwyms3x=1sto-TJKF6`4cN;)r^EGij3mg>Ri4|>MiUk{EoX>
zMkB|`P!$Ztj7f|+Oz5TB2P<Sz*BR<KG*p)z@@R;|$1o!Zkl9tIC;_FB2^hX(zJBXz
z0fTH1cSxtDG_p2Jwf!$ZS;!gy^gs*0Ii(Ka>PSd9Oi&z3IiIG2lh9N_!iY0};k1B3
zyM4!tXcdhb95@XOfKvFp!1I-4n$RfZ^(#%vs&_udJ4>Gzjf|J9K>@&bWt8WqkA@4+
z;@QYOZgdiRZ`;{Y4g<a7?e4ZFr>=A7SXncD4m5JCm+SVUx`pFfK!5RR0fU%CcTOZl
zBco;tB7$Raa<pEj3w>4wT?<Z*?i$q3FKu!i6=<Yg46W|DM5Di?V0OcFA2g!$g5dRO
zWQ>G(f&(%l0qFYKJ)EZ6zd^vTviebaXL;sRn$!VJaLjoG48<XML&Wj^9_;SGe=lHy
zQ3zgOe(6tlkBY0Od!SL#)7PrL7rF6<bK7R+IjZ!pl3cG3q?{lrWrO_tpj7vDzN%n?
zqXe_7s6LfNM1#sUf6ew@H_UyJL|ZR<Po5t3c0Kj)?(TLrtr-3zB@Bl~o4FEs_pl$S
zf26dqPPYqtN&2qf<~tZ&%k0Fe?P)9+85ZTjU?k@cnkEt61{I|)7S<L)2xVa(Qvq~_
z86%-mG|N*mj%S3?SlvRzlw}r35xFh>%{{Iot%JYbI?81|XDJnQ^-4{yoU-cWWW;GZ
z<*%`X6m^#^q6{eY8uZ%BrUnJ~u#V(@@(NAYTu1T@8y9p9YClrv*24XWQU~d6$-nCX
zZ8B~6d{mAhw~ox9O&<WkPn3~AX)I6#r!<5E(;Q}B6h*3O!#dTvkbTR$UcgHdlWD4K
ztaXS#%R{~vnk`_^+km`Tr4jnDHjU7S2O4$nf!Ap#VTY%0-wF~L4;ZJI1vnOH?5^rX
zGbyaR^@Wk7k`^#{c7HT_iKmp!my+p$Mv_LGI9gX|v{a8;1hAP#P9tA3ofa_o_~{<j
zk+IfhE4yA~woDj)Iz6yv-V72Nk$_l>chjss3xzaTZsjWwzu+B~#vV%4Ca3N#CfQ{0
z5*m6IT-?dt`;d6-nXWtw$o8G%Zj&Uc#(Y~x^!_12V`VBx$KwbCisztOGRIX<y$Hr3
zM08AoJ0HnCq>YN+_3`djvAV-drSMf<8s+J}){)j_>mNr*phgfDaKMH{FvR91Jx_=P
zQby59g5&I6h*grC*N0z1x-S|T4<W0GbX6LehQA~t-4~65)hoyXxF(Ih+;qP*TH}7A
znMN6T9)nPN)DRE{1V7T;ft7wh5r>$$ua6m}LSH_7_$%D#Zd9e(7^Zg#09U-4a3#L`
zxuB@TtiJIb#U`&Nnxi9MnMT!X*e{hpo4!6$_o><;-`YJc;IQykRcQAjBo-8`+snI!
z{od0i_ak$~H&!lVd=ySetc>iIcE3;$R)I_t%s7qJwlkconW=rxRGy`Oap@ke$_<TD
zjt_D@jCllgm|KhtEP#@mDNdG`_A<XMd3kt5eC)$NDZ7X$3gJY35b9axk3S!8tLLp4
zg+NEf1(Eh)P$uzzp1po`=lHl%+N7SLNFx)$gpoKP32IzSi#i7oDaRdWW!)|8_nz)=
z9Tk0E{3oYz!?TG7mZs)=X1((zr~9MPn$q_bW$!X29kDK>wH68QP`cA2^qk1CHxlpe
z!7RwoNV$nyE#ED`zN%1)ZS6pFil@W;@ifoG2i@jf4`$P80fTqHZEhXupdP2nvCNt^
z<uXy)I4!!9Ke6&>Z9OzNZV<lIv`Jp4?~IIV{}&{_Sm%_q$o=BE^r*IV=VQ3Hw19zN
z>0OI;hDIL*LkDcU{sC4$S(eoRv2i+8;(?$rCNnLM4@r#J+=pW#CYWh`o!q6AYVHEh
z``S52f{5gdrhs|{Cgur#43`rUOaMg@z2vz=sgb!=EILlioX7|=#oUKS*dO~ac-Qtk
z)c_8a<Fe<6FHVkMoxeXh>YKmbynb=~{?)<D<M#*c$8d$>-?x7oZ2R^MOWED>yqrdP
z6r**YAH9$$r6W+)A!C@_U=f93?o}+IU!VefllzfE@<}1u)H-+NMH&^ORecq7+Bl7l
z<JlEmXyhy_Dp1RPuP{T5XeSO;PIz~t+ECg!jeem~I>lGfsTL_S)AjEb+|MiB6OCRf
z51{Kko2a9au7BrXe;#R*G;+M;t>5FK;9QSna+z{asWVG^QU{BmBP(gkJLCCOzm8#;
z(<s$$<o+^gv7v4hjYNVtzYJIV2r2-mOM<QKDbF+XD{_^#NxgT8MuL$w7F5pb-r+c4
z^F-iKT`BcdW0ZwAa;agx(QcU+l3qk&?CBZ6@7w})y|l?Yz9Nm*yez-slV#h7_Ve^*
zq)qCA@)-YD=+M;D$85D;20jd8^-xo3@~lF+UWw=HN<YeJph}pkC=Ox34KP_dgNV#<
zj5!~8x&*^0Br@Za(IIxaR$ucV{v}wfPwQJko<+gkCPgDMMPuwIX%y*5_G@*zfD>5_
zWHoJu|JOh8Trn+Ra58#D#VNxa$7^e&uiQ;eBg6RD*L!RCb=i}8EydvvI7p3cL#7@A
zB!COVM4H^uIPN8FQufv~%3UH~X&vR&?i|?9EiGX1M~dbZ>Bs$X3nX-CB+yEi3`GDn
zjRg8^T$OD)8JXdcF|^^vLf7~~zct}Ar_pH|MOv0y?;yK?Gvy~}4kX`~tVfxzBiXz1
zM<K=9)rzt(tfE6uBQ4=j#Xq<j`817e43l-=hiL${%iAn`%GZ}Rd4{z#3L?b$`fg5)
z5=T4Pm**rytwY(&-Gcpjq)pnKSQ;frOs=5!&f*UR0ajWD6=n4+N(&ftHswOYrP293
zS#Ry;G<v6KBj(BSkW5+7A#;%AULH@XV?gL^$+kS%*5{(|S(4=Ws1OF`%y{y<UBVUj
zBPXWT8UR`v>AMMuTpbjMVf%g$&oG-S{dhS<%3F>{X{6)7Id8+^o$<G3;uvZBhl78f
z!NH5~vknhwEEtU<*Uw!(DLhWb+))amOYTJ!h29WFC=M|5f~<aLw&OqRn1F3&nmCVp
zJKIY&5*s}q85%`bc{x$0k$FDxHKk4JR4t9xep3#`{pjm_RenD*gSvlPUl&x78DxDa
z?0qeyx(^zOD?AZ%XmtMKtn^0jD@mKBk!yD4Um_xYpiG5nYd+U5;A8{?RxCs~2$tf<
z>h?&*879I}tqKaV@$9NVM}pJF^vbkL>tz{6;oMj4Hw7-uI<iiW!;r}7fud**NJW3`
z3`wk>G6@P}EFP;nNgXWx5{Y0^55bj?w?RAAWi)EMw^)FUZAre?JBp3oO{}C*jZVBw
zqpwi^y?{YTgA2@5U~3ba(_rNm3AU0(rc0yCEw~u8G_o-!OD~Q}eC`WO3m7Df#9{>P
zf8qYW@HY5|C_zIKshDd1&*=~w#Q85(boxh23XqsG`0s^{`w8uTZ9}`gJy=a6j)RmD
zF+bFvE%F^9vkNL(GpNFu9}F6Q$yEAW_9H>2n5H$nb^);pat(AOX+z`iYZ1A#w1D2T
z?gqM9MWZa(c9}{GB?j5g>Zu~;g2VrYh)l^>afh@?J%cs6Q8qT~-XhiUx?)3cM7Szp
zHmZ_ab}@kyE(nF``HM62G*)N)aPWWRiZ~*(<fc5qQPLTqKRTA9cD62_ac_cABqm-k
z!NJ9b^{|`dbw$*wD55Aj!V#LEX(m<&#RIQ{1#E!R)zZl9KugGD0DPbk^fuCsq><9G
zB`CnJb>x#Z?_q7}@)PB(xedU7uW6HZsxb}m8IEuu)^JCh)l^}Y?UlrcYE=s2oQ&fy
z`Zal;HYqdYYv5r0+lfWtPQrNIGOsGXf_MM0VHzbgyaI7-%?27_6imLnr?0hX!!)|0
z^EyqVOxIlUVfVFAYQr=-BAlh_anJW@IL2c2DaqQ`h5CAc&{#@%r`4w55sjlckdck=
za;O{z{R4WRzg5Zdv{3gWci&ADji%_s+ZfFdi6kLvNVR}s5l9e2Q!Fr30z?h59;=|1
zbX2a0;t-}JKFBhrDHkxr5T{Xe=NPy_T5JZwW*Rw2Yw(R$!0XpXq0OF;>S&b4TFEj$
zrQz|6C{wD!E#Ct4Pel`DgOycLHqF2%G>t;zH-;1KCR!H8ra2#eK@rKEks*emeKPt<
zx1qskD-yO3qDwUA2T?>X+eT~TXrQhcXe9Gy<0av+vz0-w!j4!NJ$-9g$CWpEI!b7G
zR=j{%%erpam4tpj5Y3gj-IppjY*b=kgen4E&Dy(C?arb7%+e+;PKr-U*HnAgX}wDg
zed%iNO=`VMs9jI({h(3ZsMfngqxIC@4>W=WJlRM$H8e^vBT9;RxS3d<7SP+oLaL(?
zPlEt+em-HCPiWMzF%@W}YkV~(#3pU>bmVGiu5dFEVy;{*=d@C%qOT`yGRShHRmswt
z4;CkzJRdR4$)ETN9!^wE$P9@<H(>3EN0b3eV<~#%G)$8a$&>$ebp(!1fQDXXve(gF
z=NVo$;W~FMhi~$M7{fEd35|auTu?TDA(z1#PPe8eR(a0qY(pHTh-jRBp&AC2HYqY#
zH%AF&;*~=9TB;!BhshAA9IxQ3NSlmRZfS&)<djiC1G<KOW8ntWfyC6a-nF!+t<jfF
zw@o_TvNXaU1ZFXc&KVkwNU(f=l44y<<%U9vq|nlyx{+lx6&P%@AauL(OH4!TMKnMW
zPzFJia)Ft5NkR-b4iifL3NBd}FgVnZ-zk|2G$Qex(8xCXK%;AR<I+g1>zF|UD2r<)
z!xzfSR;8RqC#QEvr2>tDt8}=qvmZzTC=9<she4aXny@sAC<?zfUM5x&Y9VPuN1y`i
zS>F_Q4esZa?wdwu>Kyn6#p4F;!vai*6R?T~RTfD6)sXEzXe2lCwPRE*a(QjpK}nf8
zxEmf24ue-$>FKjg_dz4qm+u+?KGLqXQM3(6k_a;r6zHX*5Iu%x-E9@$$b3UnDf^9-
z4uaUzRQN5=pJYDb+qSMee|)w!c$+ji$z<>3C`HkkK*7a229V~e{N!}D*Eu<z?L(NN
z$m6p5*P(aVq=Uga8j<7&G$m29yL=@xj7*sdO~|O8c7z+!ehGTK1q|M`<p|r4LH@hf
zz7q}WDjLlj53)Ip=B~c`Ya*27b*IV;W`?)BV132?Nb3QP2p5bDRS1=3yw0i(LZ^HK
zxvp^|vD6=-$?I$x7(5q-jqP9eupd=C@~i;R`sw-dBgZ$SO`2|%XcVty1i7e<og9Bn
zmXHe=Y~t`xN2B%p3>IZ?=dD;%=<6>pZSty|3x)(9U(M-$LjYgf*4=^p`J_$KNYDtg
zE4{K*0NMam>fy3HeQI~`rnRqt<!#cQq0wp6asVG3I&Dy9P&V?vAjS{)`r#%Pa5$lq
zV;Ev_iE&(t39H@{QI^G97^%O73Obf1@cQ8G`A<9VPv5-$uV3>BvOfG%tM}B~7<Gn!
z3=B`PQZ3o1wiE2coOK&|pT(|zT$_J(eE8=0y!`F;>z_}K%{L%1*igCapkR}79p{9`
zXM!>ny=ASdz6G4=YQS|pednj6j0Y%&A-2!<BvwZ>is&VY$9)(ClwJ_5!;dLXpMO!+
z>LMS?opw`0BjX@-MNqy4s24|u1l4$ahQ}#yrkU5$|84%|I2I(v5!m30cI7?d7z2tp
zZGg&_{~6B*_pWQ*>=||mHk$1jG`ej$9}cvgkldprXG2kBiWEE+b05yp1&(3F=+u%d
z9R?G`grzSTsW3Gh3xCZSB+v!skT4wJ5XT!*;%@eCV#SQD2k>V+Z(c?r5~zMH6_?Ik
z5AZJ2!mw&@)qK8TH;pt3B7$Sl93Nx>>H#rV*iX6M)46gvWHu#hlcHOKOA<wLlPW}+
z)MO(u7bp&}52uuKGRy)2t7pu838ChVgU2uktSOG%&Sbq1MKr$iox2tV8|lB9MtSdk
zK;syzH`Z@iwzL=U_RR}P0>iGd;!43_Ze;E5Qxq=D{hgkK{Z8kn*JtPN`lqkooc}i1
z_TeBEbczHCl&9`7j@5B1EO5ZjBHjCbWTtD8K#l~qfEVTrYc?HYC6t$!MC2Jk-nA`B
zdOJ`3uHW^0{b${7xBVEJzWjFoV!_h1*)we2Ix_5~Nx-|7T-PAatrX`nU<z`b4@Wvw
zVgH)4=}nP$-|MJ?mO&Z72DGclMj<E<LHgus3gj#7-vGsPQ(tM4viRl@V;tIN=+_fC
zH<#{RuB)B81pu!p*EOxBzh27ZIy<Dh5%AWak&c#8@vKo<M<%MqS9F8)`K+S`p`k1@
z)UY&1Xn2qrZqSXsn@DIx$Mds<VH6(Hm<y(^8kY5+(@00e(M<qXZ73g3rja`z!@Z@=
zzO`H$=BS~j4dCnSG*+ea^*B@An0=k{v~z?LhV`qwHEoFvjl#SlXrDcI3-afaHhDKO
z#e$LGx`D7y8J%J=!6^sRQ1;C0j)A}LbRRTIu3{y>fHTZywIot+VhPvw-CuB8z+i8$
zcjwQR3pBdoyNTn%y9ui$wS@YTA556EN!i=d=t}R)o8Fa=3Y1dhGp{4QIQ#rfzAG=$
z=p~JbplrqVRJR|!PB24)GQ|e-mhN~A_m(y(*EP^63+&Nw$9JS25ve7T#{jvUV5a;&
zYWZ7zEm16UPxDt#o7AZ`&?w0k$cedwE9&c<1!N28$6w?tiQ=o`bSTC9-M{^Bppo*c
zFhdP{Qh`Q1U??%37-r}*_sM;0X#s=%?%f+TEu)b}{CPvf#5x)oC!co>^yiWmFxb6k
z8bwQkge>473?WFlpi?Ix$d|nTl+z~dy&Koj1UJ8OS-?-{=ck|x>B~I1m`FVK;Y3&~
zNM&H6yhIN~#1EAb*Fd|<|A3}RgdYPLLCQ%yF8GoDOQg?0W^j;N3t%<azdpAbQmG|n
zwL(7p@MX}&O`pL!8e+sSJEs>o{()4&f-K+^iHQ!=FUx_T%CeC}_%Dd=Yo*U%9W8$=
zw$Nq^f~q_3VnneC5-Prj;&elONOB|$Wlk4G+CRgbrkUfdJ0I@trq5s<>FhUH2?Qh_
z^U_`UOZ6R?E@0RmFGK_3innnX;t^$1HXmcI<F$MVX_I$+4K!j6)Ug1*`D%${(k5x7
zUfjGM{*HsSULKj6a4f6A&(AnaQA|e4adfT(`U=v<Xw*7Oa6m?L6XP(81*YXLxswb$
zk7EHBc>Y{jS-pFl{rTGf5F4lJR$NdROmH-{+s&XT%e7jA!62Y9rx9*_18zx}&OL@B
zj7p(hI)ykd|J?#mkUS?-^-KzlpU=8}*WY=Zxr_F-YjHnF(&szf?o{^KY8^!C5=D?1
zj^>X6!LJ7|UnuEDZ=GCWfM9OkpQ%?i_O1mD>CB0d#_g#hVRS}9d9s+uhRjeb&Xmo-
zEhE4i8QA<ennrqP|A6nlJ15C^-}T{Fnkv{*ZbK?7H5I&bD*g7z`LW$<ZEY#({Lq!o
zTdgyU`|z&vA$O<Yg5{5in509W&_Z^nAn|uZ#5>!5>n+DH7z`XB27>`a<O25<dep#t
z-)||lalppB-vSU3_X5m>CrQ?aPJ+awBWOqF`3atyA{TgGTjB!GTe`ttXp~N|YSU9X
z=00#9skU2kHE6rTeoL<n{p*z~Hl2I2q|Pd|_L8QtFilS7-%^xzKv0d9`jR75<ol;Q
zm7>gSSPN-`LT7^#W<n&8?9C3o4+r1-{`2QH>jKaFaCoG$R3BSghMN{2aq35wAn-Ja
zkRb86bw0uQ14(U9$<rjEOz4Fnk_bj=tjx(Cn>QU;mP5*BQ!u&X0^+t!<%EydMEJJf
z{nq(}a3EaH*-;wl5Yvb&&V#aIrfJzSGH@A1j9O*iat(Fu__&I2$8a2C)kfxru6Q7=
zzHjx5SQkn3i_Gss+rlgX<feGWEnFP6TNaz{ggZYzJAZ%t>X-Mw9K3noQ?p~HTb9ke
zSAVPg+6p^vg>OH81pgNet_2W2efl<|`=Qoe<@6|wx@9>A!%2jKBG<@}FIN;dy8&{I
zbO*Yzmna#)Of3Z;&TCrGp$8RmE~#nm9Vg@XJ&FB^kW9()6~jsbI_)&F!Ok$E!;UsW
z?IaiD4oZ?vg2wog5t-$-ysfDJ4l_pC9dwnqyX{ODjTW^;)n7j-mb6fWlT%6ltJR9{
zGZeiK34`a*?#R{M(O<pnYrC0!m5b`uEnzGt(`DVEd6kMyJZ(uo4!diFT$W=Pg|Fji
z-dDkEO;1K9)SaM&{DK)LH15MpFNzBihkdgFy+n!b5DR4a-@4<H<=i^%{IFz^>EHj?
z(d)zWUr&!ge)&h9U-~(u;rt(_k$>-~U-`$5TR5K{*Y3yp+WUuU@83I<o|B#Y<KxGH
zWCLdciIgAGP;!95r%(UhNnE(<;k10>Wf}=0Il90R;lc~)6p^@wTc`l9R>07o{d|_o
zeN3@a^=uZVvQ=++tEwoCF}!vqo$UQzt96n;6r?lE<jTwB(he4ZS+MWj)vJH_!Du{y
zcctz~gl{6pNEl`WUvBAaC2wr|trKH0l_@TNq;wo*LLxJJT=*D<serlRyCV{Z>Ul90
z6U_3$#dpS_ZouCupx)auHyML%LrG+64&*FLGbsH+^W^Ax`<q{1zkT!m$Jeiad~uw+
zU}$G$^y{Mfa@y^JDyv@U7t0oWGqjg-OFTs+datJshv)DP+TXR|H}x$|xL_DfO}>)<
zI-O34XPr2WB3n#D@Lo9@!IIM|V~Do<t<b)&f64u!{TSN5A*@fRZ84kIYgg3uGAciZ
z_E^o5cD4@RD8Knxq$EK>icbMzxi^%2)2@_7)zUB`j0+gfGyfcF;nX>ZwGxxw#1s4O
zwsacGYru%$C<HnxN(JU_%$|}kQBxZg{K%TNV)KU1e60GA_2K)u6(=6Mrc>W?7!+Zb
zk`MkPMf#FXnIoMA6FfzOZ@J(4TX8jzj%n0$4kCZMY3g>n-Tl2i^>4S^E&to?J?Z|f
z_oVw|XTP`8-QE3Lx3}Nz?f(tBH|}|jlyZUC-?}&Mt30^BNZNuI7|pO|((2%kr-@J+
zKOFOv8AZV139vNgFic4lazJCbu0=sEE^a3zc8}zK>%PbNkm^%;{VNI7Lu|}F#J!LN
zx4;Tkum7jT^}nM&Kdk=^q=GsrL7aPXLQqEjRO{HAU=(83hqgSRNU6Z=t6oIMW92j{
z`(mOEc<ldY@87o@w~+*3eE-%{U}SG>C8jQRw>!~n&x~U`X`i@lujQWX{L(#cnuH{*
zDUu;5yA`+h{9faGz3)lBgTjRX2uhT1>CBjOCT)>Gp-=z{g+g5tCa7>J=$wRo@fUmj
z%m%)+Xa4$!)5)W+|IHWW^}qGJ{-5MA*1w0Eo>$2PUdx3J#VkIcee^t?6TEgZg7clZ
zMbE!C3hzGijmLW2>mSEgUY<q|bP8Cw{<pU*`Ttd~`|^4HKgCm9eXq3Mzq=0q_a@oD
z)Z<?NBqn*0bokNNe|NjI{$Ff8um7ibV7w1vlB;yr#_fh{I=~_YOM^bTn9|ur@=0h5
zClfyo<#mFG=ve*f1?o>6j1$y+gQF-xKPOof{;B!Aq<^=^UjHEVv5}4-6S+Ul6B_st
ziAQ%A1{SXWtxZe*?`^+)UjI+>tOy5Cir%P^M<+=LaSPeV<4hO|Op+^1;YOSUKH}LH
zNUT{eG_=XWn1Jv+6?dCRH_YWcf{6s4_O`=bD22lBO__g>$6o&=9%YzPk2C(%&&TxM
zr+`K4|Hampeg5C-KI{LV<PqcTTCXWL*Ajo7%~IS)2a`0yY_Y?N<pz?3?d{`)=3-fU
z-1^9q7krS^n!#sN>V(ZGSx&U@wU7;JG{c??Ke)t&oPp%sSMfqOE6Z?5G92XE$27@u
zy|64krC4J}{~ip;UjJ!$@t}8q|4~Q(zh&S5z3gp0pZ}la5&QWr+s^xF6QM#NI7z}i
zLbEBvm;Qblj<AeZO(+Tp<+=XAV@-#`zV`k-7SF%HQ(FH?=*grro=7@#Uxu)7{cqdy
zfA{6{{{J-33IwMQc&fr520v!WH04+R$#qPny~+Rk|NnoeFlD9aiuml^z|3*f@I0?k
ze$DpTAqB8~wAt-;pE<)9_1Np*3c2fNnLm5v_228g>e=i6#n!9m_5T!)8C4g2N<adK
zc>ve_ArbO=k>{eX;^+$J5dNdD<ai#ZxsRH|Bx#DbMHJ;eYEEYSr~GJ!?=6ILuL!$q
z7&G%}%7pc49AK~8-`w7M^<8t>dOcaMvBJ#{A+v)YD?3{mt&G<j`-o02JUHGo6lLsl
z({LI^>_BmRg|m!=wjDO7tR(G;MJto!oJhburMC@##mj-vMf+%z9l-o7+=+9tGlZB!
zvp&xx#tNo5qlD%-&bbjghpo`&<roA&u;MHJ#EwlkbAE1+k_P$OC;1Oac3O1Cq|@&`
z@t+@f7Vv-2=|4LEe^Ju^yy(4n=KoLee3|@zDXzcq%;}#w{qu9Tr-J{h{8ta53|zqf
zH#hC`fA7`y)-(TqlIM>6zgf%>&cbb;|8Q(}F8`E#vB!R{pi{V|EV6tgS2!DEKiohx
z#W+OM6tUsXr>VHqgq(Ug#nG@~?_&|U!ZD`wBug&T-9m|3avx4or=VzgQL$gANj9B`
zF3sWf`p76RHP}i>>`BUadE$XjZXb1}o2P%p22k$2ewyMqOuz}X8FRWKl;dndVz>wS
zG4lg_f-?fTog@w!xx3XQf{3Snw1*>qrYgLYqJarVz7`=K)%z{+e&~~En&Go?hUqwo
zLcRf3(flb|b`9b(?QSmJF3_5$5y`*Ld=l^BoC`|4bs504kG8w@1px5z*&|sW-Q3<!
z9zclBXplz-6Tv=Q;zmNbGc=#9<K#Mi7AL-t$KL<NUFw8KjCz=>z(xB1?UyC{-xn`8
zpZEW#ctoTy*XhO#9_Ct#uz%QAJqSUd6_`0PHh~!#PG0}}oR6VPj8joH!z28ukJc`y
z7x;WV^w~tDIR9K&8GTNZ@Ux17{y9!U{F&x{j)&8T;=I-VW=(E%5c%j30@U`=FX!j1
z*7^B|hS)+%_>?M4aPFU9Di_}KGzrgHg8=D+3Wk&V5HG)v{%rQ*pX=?fTdR`cgI6v9
z??dWD21AvHFe9vceYDz>JF_5<`1&}E&tCrzXZ2q^i{$^8J$wDX?7e!v|9g^Wp%H({
zCV#bk$^&w>A=T^c?OJ1w5s_gR)O1zn_CZY^s!EpBs@1Am+qTdJrrFR}0mP@V@^2Ng
zj4o>HfgUPpQ^@Cf00)E;5(ejl(kaf)r&)wvqoxd8;R4hN@uy~^!H!wyhI7`r<)PWA
z?a>L%2nUNwxImuDAUjTSitt=bp&P6U9LDO-t%?xI@x+(~u(OCzV@N&Rj7&x#W4&Mp
zxxmkHxIghpM1k`6pCwu}ko!U^_Ol%m(vom2liT~E<wxn*-+i!NYKD0a1ZpP$!{Y~p
zsEIfCg!p^2@;g1o{!fF9q&e*X`}0JG)$zUCSg`+Zy?phm6#wJJv;6-g&&r=V7bNb`
zaiej%e|Gwh^Mj+a{nNki9KL>u&<Z+``B5%#evQG>FV6_XFJufii9_1Jk)Ki=zV3qY
zApZgSjYb0|(m70|^%lB;Ma8!E*FwlmlPrI|x+%j3MHu~pRs}rdMLAkMJ3iYvJm;vL
z9lYH~AO4KOL@|HvOtj0IA@N9LCiQc)%3A5KGWhLw+rX-iR&PWTx3sVrAVU-f$oma>
z*FCh#nmT@W#^E4<gZ_e4@FcYPm#=z%Mr@-o?1(u!91B9xG_`Q~Q`0D(;e49KN;8KL
zmP)`1fMIeS+ucK_IL~IR_asKE<{-*3YMbrS2;<Z)Yql%Kbaj1Q4#zjhEZ=IW8bbnq
zhDpq^=UD&XlZeM<7q@%tPuB<`f0*OUG1eybf?B=CZKJUQ0c2A@<Ixx6kc({WM{$)%
z8>|36_v7#!KC3x6%_24h;qMhR$TO14fK2i-5hdbp_M;(Y$S=R3RS?!*7vH`{A3j)9
zA&9UapF<-z(=1w1WpAyC`wq|-vA2LURKvgB7Ckqng%fx+Y|ztZp&+~i_>eTTb-50e
zS5+hEGYY0T^1`+L8uEs{mbPvel-+CzeV^h1`f}o<_|_+JgAo>aF>0<J@4P#Evw41U
zdi+2CI6vLrI~bhr9=;o#?Vq0S9v>a;@17kTADzEDJsdQVPIM<5AhC+(KS@GdP!kF-
z)z)W}XJ~C>4XwS8*U)Fds~|tMmmxn4GlMHx(+;h&66o`1gg=oS^@_!Uqq%(_>>r&S
z9PJ<8t@A}*`g*;uZtZvKzKO@&P8Zivy#K1ZHZHXqDo|A`PiMqtq^me7;$(-C$h<aN
zT1G`cAxI`^gmWnTdvE`i{%7oGIqk^1xy~-c>b|!gXrcX2IsV(r&FA~yCwYwcvYQP*
zP1Vm=?alV9Mu_>T0A4|eh&MQza2GEbvXLSmjmc;n&5(cPlL+Ex3qE9cazU~wcG42|
zE*%>ASJ+xmY&V}$h?poCn26rUgDnny5+zrRsr#`%0@#gl!sNPfo~Qi|pT2F9bQ&aJ
zNK3WKG>sBJY+sX0GQlD7+etR+uwN<r)xmKmA5SM2o$b!{MF+4yKTJkRn_i7Nz0Gbn
z{p6W%+i5&%T;kbvl7+P2@WiD#s42Mm+k*hR7e2*}iBF1KE{{j<>?7aLlDHlDGl&`a
zw-I~W4w6Yj`lN+^9L_>~g`*_JS%bfn3$!7E`!j&Dm#X(nR%9L4zG<PI_ZZwg30JOs
zJ*>0E4BTLnh+N^U+ui2n&gETU<4Vq=7wxUB_P4)3qkDdw&s_fhKo<dX`G2pwy;<h}
zuU_?@`TtWqD=X;7D7o;XXol$6&v0l3w;sXQKA6{d9@-PpKGTdO8OdiTh<wT!vmZqu
z+axiLbJ{?v%q}Y;l)g;~=s3kO9g|@Wb^M%Mkch!cQhszp=6kM?OJpUf6!t?u&25(>
z<WKVi!UlUD0>cDE;$f0aion`@b9%GG3T1ex_KxDRkF(H#cBT|(-e^if++i3^bL^?C
zDxJp4N`pw#2WU@jd#u$ArwJu_lFhiWlK9a_>GUEZK^q5I+rOr)olBf`B65-W*{maN
zuS)Q8f7C$izhZOt{3s=G<}MXYr%{B`Bq9N8oBcY0AANK%JWBGD471|_JA!#0`hgXe
zL5K4(R^&mavZsx*t!uL>s)GhJ5$_H1stlmC;i$WUPVo?DI1V6h1ry#Ac2>)<Q07yf
zcu(Z19OD=|0;&$yNotH9bq`<e(@U!2d}D}eqC(kp7(5Svd1*$jd>Gsjp?NmzKn|F(
zr0B^siUtBJLQxV&Gw5no5S`)E5F>HNei_j0cKhg;4-CG%d=YrFF35WmF(4wE^iaUl
zg{?+mG`FRt!XUr#(Dm9?I!cpJ6SBl?>enH9ki-E_bK1F1vP&j}z^gn<q6lZSqczf5
zVFOaM;z28f(USG#tPV<zGzs6TmvWvTXCcmTc#8dS*5F9{p$Fq8Nx<HcIK-cDh=4d0
zjc|@)e8q##Pm-J~ur9Emp{l_R!6?t3+C^UB8O;kKh=ELUsL;l3)ckhiyC#}oKc?v0
zd<;_VclnsNt0MW!@G1aS{O}|necffyD8|T-Xwol>e0h?RfOeE|K9F!XnM{0XrGP^e
z5t_59Av(<Q=3Qo;cXqqoSV7#m+vs*1oJX&5D1)K*yzkn)yIUJCkcYNJM_)j1*i_`*
z<;_j}ON>Zvw6r1e+6yXzCWDc?+iqmZc`<ht^U)%#8~Y9CXEJ=96lpw)GZ@??Y`C{4
zK{O+~u>l3@M#4zs=C-ne=r6xzlDAEVdcBpo&2W}A@zaL-OKmds>LC<a&B>f0=nT^w
zov74ZMHB3UYKHHfsxyp!s-Oo!0>?>m*^tq|ggO=YpWN%@j-u)zI>u4NH6Z|k=PVN%
z-eQZqO#H~7_;IHwU%)@}M@s>QE%U0|?sePUVz(4qlcHZi9;na885KL2qT)#s7Sa60
zh2;HrqT;=nDxS|lcN}-0(1C$U&UQV<BALLzD2nJfnMNU7T|tJ~>StmV{G|*u6r0ue
ze+x{Wu&t^Mr4NQ&<Armsb_Zx|oicbE$mehf<D@a>9H&T_C#O+cN)sxsq&n~x5@M3(
zh{T;_3hau>bdXku!P+@FU@eD?(fJYM5&V`x#48lG;EyyMsK5o%1{cO5fcB1_e-=2K
zABLQtYKa<<0B0>;ZLhN~q~+|B(K&o3UY$Tv7zW}3=Zs$-CVu$6ANg^>$kZuRC~rAG
z6=}=b5Z;T)!vRSC?Dz*+{^SLXV*8AaK{A=(I24J&d77|j26n+rfDyV)u4<?4(ozU6
zm|U)9U=ilVUKk|tRj1efu0xn?011H_nk_PrllM17Z+3WRjUIO3UBh8>40YcoAsNn8
zRY`ideo*#}CrOs~(e~D>?<%Tk`Pqu}Ap(YaQHH`1hb)4cH9eCH-t0gZH@I{OTfbOF
zz6i3w6G-VMQJfzSg_RFa*8nwfWix`3Zkue$LqvW(-VM1-+bNzvG6>CtM?1fXx<BC=
z&lsUB887h+iWOyK_UsAgBV#E6^AHoFSsrF0z*$a)V75cs2J-C7TP=ZLK1n+bi_E%k
z2Odly-88fmTLn_03K>Gap=&?Rk&i+ga+4vRbA>4SY5Si7T1`-%07k9p3Zz5~Dzv@z
zt=f+Yp<PZq=`%wOSC_5gD6Zxu%^9a1%~Z=0cP%;}(tZp?d12-PE<L9S96{ctA!o;|
zl}vvpDTvU-|1_9pBiu)uFaJ}2`z}`cU-``z4P@uIY;mfeke4|l>+{0__Y6+TV&mUx
zciZ0<XJu!F6Lmu7!&7-+o-2V#vUAZvm%fzHalZpE49er3cv0!B3ujJ1e%`6mBB=@%
zt!-eA?aZoG=n8D9OVZr9CP;?pqx56>X#2D@)N%|_5yT4dC{{~QF`LGopTg3E3}G5o
z!wU$FR}PXTP-cz1qnK+7V5o;O*Q5AqFPNTuPvRZ@EyGuC{D|fxxMX`7`0Z(1cASJF
zIFBGGul9GG&GamyQ4){5h+J8w63FKl=8$N22y#O<6FWYH@v}!u;K2^}=t4;xCN^#K
z21ltlE$WTY@iY&U>zGMu9FW@5tu4IX@y=X#6$d*Yhm_k{&4Nxw1VOW#qCDe~sJY99
zoP(3*25J_P2+o>pAvceb5X6b5##U980`@wI^H!;aSX35)*Vjd#+A1X(!vN9@USK3!
z;wBcdY9IYybr0A`T?llMKqu0=aB!k^f1PKREn_L=zq8CA4oSdyWG$3+a<#-QxdWE7
z4=OqB!3j009-L5Zxw(1`JeYU3V8@lkO@?K$tautljiT<MP^9c0?47Prnf}JIchY-Z
zBKZJ#+^HXrFlV%-MP{7Cj<}pvekpGRsbBi6jp-fFi=`7|`TQgObXQi;F&jzZN5#-h
zE-;*b(kz*<W~Wqm1W}oKkG6ST<HV+2GKy)X{>?Lt)h%Tb=NY-^6wp0&2g!gor2i3h
zEN&q?moP&#$o!PVqq(A<gyQO$s4tHRQr`Qn*X@-7IBOMBHT%U!nbAgd&r`7LW8>#M
zBs;vpLYx-G8ba7FJAH{3erECrJNL8U21^`Bc&a9ms3R5t-zH5;I%%m+BDu<a2(Dea
zB0_>L<|mhB#RO#_{wDL#c^>*`7-s{tkD{Oguem_0_Q%OJ8bV^5IFDxRbS+6K8s>CE
z>#{9E(N>pAL&(Axw+uQJ2O+*t<rtzIM|hIsYzCp04Zw0-By=c>^K2&a3YVI&WKolJ
z8zMO^0f~WUlw`-BO!f(CLuIYo$0-KaHqn&DLG_X2?#xi%L8M+mBvI1U0Y3~0W3_(7
zW^u~SgSe_c2*+WXkT|D^PJ=NMUkZ=D4S~ZMZ)<}cqq*?70ZJ<-aktfs<ZyOW<0q<Z
zyQh0R=qae5!1RnAvrW82aS<MM=i~s&74x0MMCZvo|2%tXh`(h4Sdy)%DmU9;I6@yK
z{l(7nQL<Lfzxm5PdO;Ud=h|_zHh<SgTU*^l)wx5I)i}JXSDlf{s?Djlsjfqfid@+X
z%TBKbuMgB>?9Hn@^rNU$_Xj_UR7?r3C7JTeZhph;((9GAMIhXkqhTVHP2(N<jxwTt
z_Z_#vl@T(<Zzyq;#HUG;YuoFxxTsSf?6B&WBSfdON!aR{RCAJ%D-z)m-lu^dSsroF
z$sn1eCs{HSj#iphVH&gH6=nl`O#Re{OMQZsb61!pX^}W&=kQSV_h%uiSYkfa_JU!O
z1-$dw6f|G*vP+yooN+V^q85uE`MiYChWeo*s@^yQS#YZzRmC`a%G+)&k+lG>k`6mH
z2jaZsBQAqOTMF&ZLe3KU2a#-BpV({+cusB5F-RmNH&!wiIv8qMU%A1-N@2;$H~8X)
z#c0F7NVH2!GK!N7hwX-ac!1kM-p61rzH$<?lQs?u)QIc|!^KQATS|TohQYiU;lTzc
zi52VJXHRgUJ-!E;wufV!NlEr3^5H-*)AuE_w9M*mP81VQy{}aS$`h16N^9V^X;Q;@
zRg)M(`65)`5gFoO7DO0s|7gA27G)7o@TB5TPl5CRWT%0OR@9nW(ez6+hwVPcp=L0|
zUh881NfH+OsFul$=0yf$0kZAbbPctO60g;rDa={OQy+uP6rD~mIykx727`D^DW+|8
zdvT%Cb+eXOsj@!$L7Q+yQHpVXon)8dm|Zk4PlHGLcdj52Ov!yLtU4Fz7hpOR1Ah5*
ztslz|3sJVZw(C4Ur8v{_rGr~K%BGAX!i|H~qZDTolEd|3TL1yeV>VB?!I++Wz0UMz
z+~|tnYp{GF@yKJm+)FP07Y8}*aFjbM@UKU4go8ZExLhQ#J!QxWt*hu3QU#0inDoJh
zv&=wz*FPiB$mhXWm>gK2<aO&rMoQ#znx|kI<sq*39oo=Tr&343+mR(#5E;S&7kGV~
z6!Zp`PjWe@spNOOuq*`%O0fXM(UqcgXlX+^z_c{Hpt^~ur!He&eP{I`&5}F`lBkc)
zc2As@HW${iCTHNs^7w^~>6s)O#pI*@1hf5r8szL04a(VKdhq3EO&7SUO(KlG_t}=Y
z69kyjhOJg{%w0d6kho(w|97$rKLF!K_D5lMB5o<Ufj&C@erMM>wit?{#tJ$*K0~Mb
zyT@<e?jP;#@AY*#tGG%fu`oiKB~u^|{)B@mYbU!PdFE#`nOY7e!4xi|MA#{fSvFSC
zKLmg{xdsF+>ATJA0F(${;S6jlnVg|S(pjUf;Q&yL&>Ux;xccsJ@aiWcpA{TSXZJog
z5Yq?&_oQ(3{1a<4QnFg*1-AxX(g-s5a{@MsoP6pQ$E<T;A|Nk<-~xvKx!@kI22i2L
z(y#W4tbvOvYZkA)_STDbuST6})7PEo+Mm(lnqS^YgID55Hhv$`Fo{Aw79Tt8y~o}*
z5Wm5GlhAxHqjN@~`Vx!ViM^vR@_q#RYc`LAF%G8@&NdKkkJ_k7^CY`$wi|V?s2mfq
zxTTs*qnxA>_Ea;p(@=kFMsF+P-bTp(fh7t`Axi}vEH1m5I10Q*H)9c2Z^&e=nw4^p
z#8-?x3w!L?pGe~a>9aZFCt|ohfK3K{{O2$4-(P$0-?u+}v-*(>MSjf05_#ds1d~!E
z-6Gg9l6+bNs>5u#VX9Lim)6CR%CKqDrk_}H+F`_6g6P7h<0XOm*=RZuX7wB_M0hD+
zHu+mm#3yXiad9nsnD`;W@fFFE7|aE({ETobqG6Uy3cI(?K!#Sq@zoDmGSM2~cfE`^
zHsnsnB?vzZAz!qNzrv5Fat2b-6*$u75e2Pv!L=L4mDt(gpw67iBU;>ctrS1Ex4wO;
zI=z08BvES)BEq5qrl7)SgUKVH-=;XHsA(6RVcKLH7B{(NYlP!-iZwy!{}d7jp#4k}
zO34L3<qE~1P>X?Qn_>BawD2|HFvrB8CVROHHCXeMYvB_fuM@6g<X2@sXTB40JvmM>
z+oma=ALA2-fK5%r&em*NMt(NJ=ydOUL}Ndt<0PkTw0`+5MP+UHoh-!Dg#V{F4RYgf
z4Ns4&dKwD@lx}y6*)M{WGO_Fe>!+*2N>|Tq>j-M9Z`*7_Dv(gdaoSRq4tQu#6ynIA
zX+bmiRlI?jI0QICiEeeZGcEK}hs1*?a0$wUs9Tj6$2Kb<Y44?GR;$#&bCI-Tm+Bw}
zQ@L(M0MjZUlo!+kofc4j;89Q)Ln((#eW}^nh#;|bN8S}x)*ku-=>5h%Gm(3U!M8v@
z$mqM!Tz>dnQ0_4PE->>Zz(9n0t~vbW(7yWMOJMgKcB-TF5QA<2e2^h8qqzKlmtovt
zxXVE14fal!`7>#0RGb#Ye%nx2azY$akp_P_d^dQr_r3m0zkb+>!McTnhIfUOhuNsW
z0aEH_<p2mxHXO!$HcW7dwgFLVKqluwHU&7)a&yNV64M;}AvoxOk{GRPMp$4yGD(>5
z-a_jXV|0O|<eG1}`VBbyq<QaJfeTmcOOK*&s%Jt9=J!g_idOXp;qF;@`^##qVc|<D
z9njm#KS?DQxQKAa5TPogmTR*FLKW(Pr%Kf({wFVDXGLv-zV$z$37#a`Ot>*{osl0%
zk0fbj+g84<graF2kqOE9r3RR`au|Ko>^7ai`GIqpHm;J$&q;*6D4SZ%c*55XHT6PT
z!+V$uK$tRtRUYU<5YI0B;BuN$<Y!7>YqSez*S5xBz*GXoNshUa6ryUP^(6K}LN8kk
zs4zCCxtQMquFU@F(HXb@6E{~ezUH1@ZE!6C6Ub{HsFP-x9sJb&4qG9d!?MOAP>2=6
zG)Gf}tpBdtMLmrOV2~oX@CM>(exn(p7}oxn3#$++g8jHA8A#yV2zvuiWxTKOPGJae
zRU0EN4hfvkd1izv3Nl<hi8+v=kDBb1z`uqUK{81*Zmem48ROuRPABqpjq9^w&4_Eh
zI`?KDi&|v#5nSr{h22Bmmw|fl<Xz`2UkwarBg6-{PL&!F1V%PAryW>kZi`=4NS!$4
z8r<x5-xB#UNT+?&>vkvn1qWEF@(QYyFS8ESW!9S{xvUZm9^rm#5x*|(zxXDe;Xz*9
zk>gJ|C<3DvTE3=;=GWXn%?^{7*wPbDd!0NZqY=(L89~J(Lr*yR&~fua!{x!WlzWn>
z|4wLVb*BWb^%;oz18#)<u#UuBG3<$E38>)syT$Gf5_RqJm3!iVl8|a$(5HnK7MGV(
z`VwU>4_4`FGHOmN{6hmwl4Y2i`MNhfJxP`NO~w4OHE{f%!cxvam9+~Jhiig;k}Iq(
z9T{ZhEi5h%Id2^Lf$&9O1^cMmhX0jyKMI}usDB)Ns?q>$E>HoL@wt~4NP??Y1PSbn
zw}$1(m!=__GkiPm&fcJP#*|5hQ=c8f7{P?XN1c=?N;26A4Fs=!%4<{fQPECj4*DoI
zGm62gouQ{?yRmjgm2XHnl1ZF>w%;ifKXM73Z(I5i(1i(aQV0|uTMa#{5g*FpxBN?E
znh1X)G#3FKEw4HsUE-O#wY->Ft^R~(A4@$k`T@<{xi1?`oR5=S`4*9wLHXZl9H_8d
z=%Wk<ULKkjFgxBm8Sh-VRB*w7uT|Ddb~2M9l^T9EUZg~)w(f;o3xMy0AqZI{C-n3|
zaw+32O*-Ha%~cmFbQWj~pVfh1mO9YZjnx@empbrS)%PH(zO83fpP47@aWsA1e<4lZ
zmKy7~Bqo#T1jWi>njbFlrxXW8<Qm2v*tQ_^>1`?ie+PY@zUG%v>G>rkV4>s_5bvd#
z)6{YXigPq`ZFCGyrV^jApG#<dh8bbNSTK|VgfMNRWJ3JN2V;jd)z+s^pH%W$_G1kw
zAmLqL;hPZ^ZoZ))J(~ERxYSAoE^S#26o&Uu7TS_Ff>7ultPgKOqKMF9)_1#I)vgQ{
zDt!#Dq!LlDq^2C4ij{{-?^^|mag->+5ombSsxA5}n>CEH4Wu95F53W478zxil}Rr2
zYUz`#hUco3#9`y1bV_QLvL*jJs*^UCP$!jzizhRgUZm0(xa6LP&}!86R4J*2+6{-x
zjOH-Y<111*%!uDEhnXdj(4A%GxyqE0ak|bdcARm!%~UwelwD>Dhnd1%W(Dm~It4>2
z@a$uAD#AHOg(8w~C=*M*3$XV*aRfItmAjcbgc`gjaM)Z57uyx_Nt%X<X%geS9V8iU
z(}c0gB#y<Lk?F*MX|915?1(LBZXdm&{9U-aUY<la)AW&P!ggUwMqtgfR6Ih1({wlx
z2#~?}NoNHF31R5`kZ{>#%Bknap{I4myTG~c4Y8jyQa@mGl6=shALqoAZ$x~^g4QmA
zG9b#_yD(kUJ+V%eNfr;Lx0E}UimOQ>3f3fz2pw~^h}Z>L8ze)z$CeC<2%3&?Z<>*K
zG~oAMBpw~`?T5eK2lH15CC&s99;J$3Jq>XNn_>;K=(@xPjVS!CCc8P(RnBO&UC~O^
zf6xxinLU+0Z!0Shn~dL5Lx@lwl|prqze2?r)EhxnkMX%{Oh)6pk6w0*w-O?b1KihN
z3(ti8PxAJSTAz!2a%qy=pCHt*$m)5N<OgxN02ks*KsjKMjBjN{jOtRpfaS$yIRxtN
zfMv>?U%B^&G2JA}%Pl5jD1dnsE+J*QOOFtXI)0k=(alW}A*iWB0<tZmiQ4G))~=Ls
zXMU(?r(M&_=1H1F$!G>jKyv|%6Pkk|`U6hGUe}z5Nhm3NhO>#)^?3xFPclKYrKwh*
zZWiUl+1m?~iBIA-V_j{Nn!hD6=5u@Ht~Q>sMUSQsB`rvp3<BF^ry)NM;M;ET$@Za;
z1rdjWG$_?U0sT*iUgB$%4Ef>`JF+ky|1`M7*LoPrGug%^7H1GwTLuM-%KI_whFY-V
z4e&)q3{Em+vfcF<$M0h5=Y$Rk5BbEy&}wlQRJ@1<SA=@1cCMisqK}Lfeca&AQ!bD^
zxdz*f1;Hvww=e5J3@{bk4gEUxXKd6fvq3oP>&_ilz4rF2A~vg4Fx7*zEey@3DvJOq
z`~vhViOe}%L4McU>^Un)f0ZKYiXCvptRtdbh|nr}V3nf9;;j*FMeg@(gX+9VXs%r|
zD~lm0xBrPy?gAH(ESOHff(DYuioF4xLc^F_SVUa-f%~K+2&NfjQdod9CWh*c0F=A2
zL+)N~^~3n2ij<YBcp-2Xs>e$-gB)=MYaUUgNJMG0Z#$que}i<|5hhdW_|6a69eF@6
zyUw7pn|?OZmAl$ZEArp!Rnd-eLFfM*PJP5P+i*fjy$PIVh2@?cV^EqTQ6w~i$xs3j
zgUJVpd&g1aYk`E>@dfUXaeRfY{0x2M8K?ID=j8bGZ2$CpuzPxNa`v&!=MG78#Xa5$
zsg;M$^wHtF9dE!9z9PQVK~6*?QwpK9!S045<rNt75fR`&i!&HZVs2F^=ny0+!6EpB
zIO8x?EpIbzj0ng?0ra^*;+!|pj;4OOc~M59!TR8dzd2(os=&E{Cjw-IW`hU{LLngu
zuPSzexWqFGlo86-0><}AKDIxrC}mv4q8p$b6}nL$z4>wfZ0GQhO-tclEnvM(GM-!l
z`4`DF7mK%;TM*E$6sKJpsCMv`A2DD8AUC|@jiA>;aaA<76NVr^+PH%g4^1W*jeR;s
zBu3!{Xed`e2ms?RKZ@3ygZ;z(-LvKfdf75tM6Zo<qPxuv)MQ{i29`TA)7;N#Q`RO!
zl%fB7jbakX%xvs68^H68D~1S3eUj1jti|)gtw2c5iwL(#OmUX4^S*ANs}`uLs>e@M
z#^6|`{Z&wh@vC8yumO9qIj^neFiBJw+$COYHUS}F6Dg;K2%?nmU+XPM8j5j<byP%}
zN)D^haEH_?>=*A9P^&tu@7;rG)eNOo4y2`8zE>EnQV=Z#_P!ys+yS%{_{R>P<qB7@
zOz12-aFzn_JA}=u6*P+*D%T8|RS__YTirOM*1_)1(Like;f1&&1<j^^i8(Wb6vSZZ
z1b%EG8G@c57dNQt*qtX3cp$>M6LFCFbQ~o~>bCD-Ed9qKue~V}T4oobY!Q7=W~~3(
zAs{XVPzC^$GVa%gjC&`u6DHhf!c@hj^>S7sC7AX#^VZ`Uv{cw~%pF79!s7meSPAh#
zM$v};Aj7x_=$*&$0MbA$zrOY>wQNsH=$0)LHidf5877(s=4ez$c%B#E*&W^45!+c_
zAUeF1%LbQU38Q*{$^$A7l?kS9E_r8LNyg+q7A@2<p0sTy0sRxrY_hS!$u!3}@)FND
zATWbm=U2&s5)xDk^4CD*1e$<T21YwS571x>B^eqF-lz!bn*BzG^TwTwGwa!8&ZSpl
zr544Ov&=L|^0C#hZ8HB)%%^!KnIehNJbO%KNy+|bG*X;VLUSDF{8rf3!WG}e4RfPx
zF$K3<TxSV6Q5l1fl{i#1;GQ-J!glj22SYh58`2R+3+nw}`m4XF8q)OHYq}~mn;U`&
zDI4W*7W)$t@NBk}BrzASIkagkC&s!KZmk6hJl;?|jiL<{C#A+fTc<2I*g+uQK*2ak
z3Xda|O;NOrvo=EOqjZyrNjpCeHi`u9{20vO{P@%U22B31AdBK4_k+upb``6k(Pw0k
z!?o-Hn1KGTQLuJ%xTUfFBnjc5#(%zLzvLD5DfYvkGm_)uIKb6_DESR;#>sDtId*>}
z^ITHYT&u_{aA*qjs<<YI%V?}(r*_6-Ek$uTOT;m4oKUcPfF>ACH(*NG%cU&?RON|c
z(2R44Q-p-lX7WV4v4Vc~vl#RSz{VzIG|r14hs9#$foedtr()R98O`zJPYnrE_3fQJ
zy}%hsuOe|*j&8!xJ%?m=n4P}C#LK6}^#c|03daHkKjWF}d>)%2EzVaf@<)fY(Q#Zv
z6n<}H$QH+StR<7;A(D#h72*;&Npc>#P2@lz6h;0t4#q%aZg4dA;}JjhCf6}H6O?@x
zV<zMLu-8`HIQEXOCChvSBE%-wv2kTPCojbYXX+p$kYQ<RFw6xT;z9o6q`**_d^OC}
z7ShaO1^vLprd-S2CH6K;Q_E&6oK+cd&khG>svQpMtVqox4(Td64`^ao3$Qmf^N6+?
zfFDSNo5-_s_iXSImw2WZ5UEBOEKwlvcdLOwSp6NK2ow&-kgJaB#lvy2!OCPsydzX~
zMaq>U9P6pbxUCzg%~+#UP6jg6QWPDDJZ5^fGp-~P?nc7RM$QwJBPoxl9t;Pm45>q-
zivndy%D&XV6?Y7>)}=_a)PM|2df`hvEBVIAT6<(TB-nd{qiEvCXnpTZ3n1Z7Vr}SF
z(j>xYU0xy!;Nh5UDmv-4O+dD?yW{MX8r(h#eCQLzv*L1_74{6&_Yklw1dSpu)&7NU
zeWrB$p)D>6#85~MS^+E&N_ft1!s#S!XW_*;AM7L}BNF=&YX<lztp+3wG;L6g6(wmh
zwg+`Xo`6mdv6KvLfSxRi;~)uvDWJ=583w2O|NZXZbbpVlfVLz?ec0pI_-=ZBiDzpt
z2iJJ>`~?_K3k)m|oyH2<|DT<=Cx`n;P|yayMz{K%&c!si#JTF<S_vUK)~Z0Oh31gN
zaP*1TMn>Wwnu3_Qd&-l5u6gYFe*edVBXm00K_{mNf8ROVM?dZV1HQbE+wHdgA9%Ze
zwC60nR?#B^KgP)aCPJ2X*xpm!F)j#e)Bu=P?}kY>DH7=xIc(50BYm{S<Dqprzp!?}
z=uHaNfBV1~d7m9Wf9Zr5A1bi7k&pn(@YMZWe|ziIcWVt<r(qr73y)p+uEmZ=+g)|T
zI>5O#U(`LH*fHd8pbU>oGmKjtJ6yw*h2xfy6V$oRJb8>`{gWFg8#CnbN#vTOY~E|}
z$AO%hVw8#P!01iHHu!N)bPR5M1RfI2ou3EigZ<sp{j>9(-QE4c;QXikfArCR{p0xE
zss83KTKVGj`N5tn%YXf)z(?*P@<hf~^1&XHs>F>Gx8$!&uTsOB&#YvibW5;KfLX8+
zQ-i#)nG!t~HdQdFC7U|k|MB4XXd(Ozk9af%2Ak4x9ioATAV@1`SvB8SFxM6}s!2W&
zeIiJUUeU4K-15Y#E#q_igl84(w#euVLh*a)Y{C2UaS7Htm+SJ|o?<Lj1W1DxS~BC}
z{^NA2BD)LGx*;S@;e}zHFMM^v*g!Pd(6f(m^A!;@2O{XEIEF1$o+sEawRgvURyGLM
zuCRk7!wJ>11xY)<6@H~JPkVqc;Z`-N(Iefqh96S`b@A`G`?2WJt~9REj2pyNl=6oL
ze-)hjOb{_s4;<>3N=h)}SAJZ}p`pY!nrR$!i|=+rzr&NY-z3*48Rj?^QHg~@3u19{
zUm`VN>q9?^C`6lqXsM$px$vX5C_s|<TwdjUgnLrX09);be#h7As&K3j$(XB5)IoDy
zdI(v==omleJKZp0F9{%orm%WVNqZ8muwDX6nGtqdGpH1+9QhH>@;<-dKS{#9<T@7L
z5I9(I!wTUN!B@%oG`;!X<l=Sn=0*rdy5*isfy}M<nz!inYt&UBhDp{(FDL4Eq(#`~
zO;CJ=GcfZEG6IQw)kj?+qSXkoFiK#|^Hk<CM>jW!VYtehXtP(hw@q|=3#U`Pp9s<E
zWa4MD<*GMq^-AGt!5JSX4T+8TAYjLH5R+Va*YNSt-B4ta24E+w(L|z8z18{+E@*5~
zLtM$UuoZs#FE;_+Gth*2<k$6C+;s(#<g*2-MH=%}B4I7>0dG*xJ73BJ0MM(m0F-=m
zXgMJO*BV_L0hzdA{HY;0Uy*#q=0%Z5pn@4%`aV1Q|6-M&T_Y-S%6AKL1qd^2XQlwS
z)A&8|1URz<IC2Ec%@9x-yMMXt02R3bYCxZ#7vL$g0$4c#Dl!68=L4w922hy`0H)qU
zW&+Uj00?cnBVUB{00kxyVs<Lhme=0V0OdRjr>NnYJ4H4$50UiyC<!i$7*t>Z870$@
zNgP)s1eI&fO`3R5xUE@4;!A0E##OXj<%uSK?2m8=xPTSwmB?FF!2cP8xm6LH7*yH{
z42~)HE%$THj{<DG8Lb6S)_@6C+9CQ`FeW+Xgl1&<arZ>@Y42#DCA4R++M^^HMHs}9
zVxfCD9+4RH#Xe51y*%N?y)dRLdIK5;0SU7{>TQ45-hBC@-EDU}y=~1RfEGlS^X%o8
zR=t>F@AgjW7KPbJ(}?8XXFiGdaL)A_g>)-qG<1RUYm8$Rg<E)xa?4h5Q2{XMg2CbW
z(<oXmF8*7Fz_+b55RS&@+`Ih8^YbWA;!pGOrpFVj2JHAmJ5ogLNI9H#j*idv2krb*
zewQ}7-EMdL#S8ei+wI!_Zob@p`5(QP-Itr&z0K~{)_-(2yPGe1|AD#>-`(;vrMaK|
zNB7=s*`51?JVHDZAtgZTf<rJcXNQ&{iZKLdLxu%Ho3WM_>Z03QaGAKdaePO&w>LM4
zozib_k$`5FlJ_XLw?$~U5~!k30gdsV!gaki?nPXyO7x8)^Ln5PF6e}#oCY(oJ+ay5
z$1|H}$pjQTB<6Q_A}vP0;r0VFPm^u?qLpg|Zg1Q4DrgH(ZP<kyjWffS0~*sk5c`eB
z&5ft`9juRTZyUWfI!jQ7^Nipt>@Y5YjSC0k1g);KJu=86G{Q;)Tc;<;OHlKFX%eS?
zK7M`E4*lH!WsPC5_TjdPKBEht;_Vm6^FkaXA#ODqn{BjP^rsL6L`V~MKm`#&`ohCy
zK1IHWxYtJCt4wN8yAGNjr<K<Q@G4I9G!r-HV=S8QLp~@;4EzZP$RqVgQMBR3C6_)q
zz{m^4Ah0cV+-PhS)F>j|a)Rt09<T+%BMi!OZ;NB7gmUEh=)b^e#XH#<47?vskKcM+
zC;S(f7&xL>%!boxjC@TsFptbnPKeF9gy=UKMyJQMFj;1u0j*%&e@Vhj&Heve1S)Um
zX|!}3^Y{N(o7*pY*8bn?ZEij9|4;GU+;qN1S7g!$J@b%6IG?5X^@Ncn7~?+rx^sKW
zcK~r#ZHi2zMO5h~o72`FA--y1e|RC3r_sDZZS)zDIK**|UP!Q#!+;KxWWtz;U%<?j
zKcIw#m}5icw#+po5LGb1S?+<+L`VLl9j&5nBcs>5#Ir@!goQ^1_O>yM4m=!t+!}aM
z6D|N6cdBT%u<0-;;nyQZsj|C4{A=O-0#VVevCx9nwjgM&h6?-U$@pV&;%dbX<Xa(?
zYT<g(?d=RxCbIEK7$-`6t3fwmNMmN6(93e&MXll)X8VpO)BG_4vu#dXL^|-We)6VP
z!2)ZQ-=y_l+e=ZcRIM|YBn}TKYSM@VxGC%2-YUI<2Hp5}a|6vWECsek6%9Z2N?Yk>
zZFj5g9#@E~s0euh#`MBs(G&9x<_{FoZ0wz7tftC;y4a-=G|j~^ivshRrn}sI`KEpF
znaesMJh&(Wf4czbh32o4WmxjOvd>)k$+@x-Z~D;~vp(qe<IVG#pdC@MM1^J%@v+Id
zlgW{)IhMU15!~Pk6^2>Saq6&gS~k&YbtB8N#6qLXh6y-hO(bCdsly>%Ls^$At6<)D
zV7(E!Xwz}i?&<jm=jXgP>n(I6zUAnfLMcy%=oi#n9qb>S9USc+o}V0_o;8t&e??vN
z;m^|9y?Bh1V{`Rpuz&jZgWdhxCh}7LTL3yc900J}X4M=Qgkk4yt>VtRvo{Qy7bko@
zU2`viLYd@wdBhI8fzQ@@-Bqut%9dZ@thEJgX)Sq-(bnRzMW@u{9N}E#D)Ia<%)E;k
zTt+eyz1<m{?Vq0iczXQq<hF@Ezc)r^l;IS4`)F-_{h#mY*X!%+zjVFtK79VA=Y98q
z|Jj3oZZ>Z}Z~oHtUWm7wFMsKJFF&;2w_7(`x69UQy{BKVwm$1^?sz}=-tfasZ{x*n
zzjgEKw)FOMzt#HeEWCZY-Y=D2Ul*+j4Bm&Id+)>dA;<Es@59#m`}V>ztaq*ImS5hk
zub10y-Sjp#S+ys@;YB45teWf7Ump^&Ihbu#V)mi}vzzY5=Is+<w^@nZ%WCYlo(j8O
zC3f4@*u8iR?D|!RysAdz<-;S=TK~`XH?6-i#?e|+ObkoY)1~*C$Ju9|S@JVWerCzf
zEcxG<B@c-@GkBagL!de53FAD&c{Wq$j6%QkdaVEmWnQn|^t8iagmL=1Fy0v^86t?p
zXmy?9Ur~>-S*Ui~Z2g%>*D4;-0xMcVsAZIdgN_$7X#DeS(|N#Q&qap)OXIB|gn=_!
zU0>&ae1k}<Xe~_QVjqJ`VXaM_h$Li44`=oft*Cb(N|1OY?)b#r?s~<Z)M~ez77QeA
z0gI#^buRo`8`}N{M)9!aRn&E!m|F!Ve4BjTbdD3BIA}{NuMHNjS}|C%hpX$MpW_z#
zA(=|&RYfTULW5rtHEck8B;-z*q!v6eJ?zE7lQKHS6_PO;gTfUtuF;cz26|}{qV@Nh
z0Ccc-zIt<Tw73612H9Cv^!6X;TDjNF_p7dI<#vt6R&Pu&*8E5dvItqIwITA+urL4p
z?)dcGTOBisL*x<E?9t9YRn8MMnUN5cntJ~}?lcW~Z}<4<hudbQ4&&@_aDKXfa(J-2
zb9QiibiRMI^ZnueUK73Met+|3l0DYF+y3ee4`rz|8d^W}zHFL(5pl>Yx*!G;l|Ujz
zB($)*m6LZ4?hlOj(l~4UlVhuySH{US4zNd3w0g61baedgXm|hofQi$8`3tf^-dS-a
zi6q-&1kzjUyL49;#i~#T-Mw4)HLnYm16c>h``}jtH<P1DFP}y1OivxJ^D;45#iYOM
z^1SB0AUxHw@>X7Ixe6jN2+6QwIRb5(^0hUWEg+svW*002)Zz)SL^qf0;zM<BQP;`~
z-UL>)+HF{30tQJs6Q((i`L~;-AR<Y{Zq+oD<joVbW;C@{lnGK)$|tR5Bd?;G8<85@
zJIBRbg$vLz^I27JT_ua;)AU?=kvM2K5Q#{psq!_MBSRKxsNoX!6Pt`&fUu>vrjjhs
zYt-z{livm^7m6^a^VM80A_s6Ye9`f?Yr0A#tGK7NNOYdYur(&5wNV=K-2B24mkEUD
zoMzaX=hD%~7pr?+F4H(cNsKG@XxjN_`)g6M{dI?Lw(g1O<|#i48XKI1q*au>h)5hp
zGvv!WOY4RDtysiehz_QIk_L+{;9tBMvxU9=A9mgyo}Cv*f)UPfoS%;qnp4z8pOJrk
ziPmmVnvpn1t37nPW>JM74}N1bFu~0^)A63|XIYZ<(L0${LHWv*PFFb2!Ci;8ED`~*
zPb3%F9_3@55G5hS8INFjj98!eGado5Xt0F{NYGYioLpTl7R6#<7KwY@yDS$q7Zzh+
zFBzNoi&jl#d6%@2^2pQkZY_(gXqhWZ*}ADNHnqexZXwfR32J-&zvShl3d4=+sOcY`
zzJj&}8kMT4V)i&RQtb6(>Z8QOTrZGl!Txu0eDq@_Z{kR?B5U@i`)Q(3p?X=MA#>`i
z7+$6{F(h$Vt*!by&K$a`%5y;76I&|wA2F}y3iy>0brldBfJWZ(SQeTp^ryLlYO9lW
z{dg_sI4o8s6##bf98Xd%8zns5oXXyc)PSm2p!{=9$J&Qv9e2oQCsl^U7VkbMFVY5;
zw@@;Cwk3INTM{)_95<EXa`IQSc69vX@$uf^aOdy)Yp7yUxF)qqIm{D5$oM=4yz;oC
zDoI8LFy&_eTV|1ud7g0=5qT-PrH{6VX7h?AXa7^o{71goex4xnCdiO998CF55<xsB
zhD@(ZanN*Z$i1$k=FeCL*?^$y+D5QOnfx6m*KM>zFJY^ybHRh|$>JZ2zt3G+kFl(*
zft!2X<T^_(x@SW7xN9=&TdGq1nC4ItsYz8nOF7S6$Z<$>7MwFevVY>JybBYS2PEao
zc>|8WBp$V0sLnqcFT8k@RP}=~9MP8%mzJk(UAiu$sp|lnCABo>e&|8e<V8wLO$o^k
zJ!`^>+)Fc(K;-7`nq8?}WWJVF*Tfh|gRYMqllq>zXDkj(Jn+oxrb|V%dINPeQZeYS
zR}B>lBdLIL+iaE2A*@Wr&ADvnoTPKE&kL0xNh>!IQ!C=scPU+Gh1$!Z3)NJAuPs%V
zQ_)pIM^hjzP;6G4hhO;_)$POI91qTpcHZtY4k;7HwhH$u-LES-7n4Z2XPq9)+nWId
zd~+9dI%@%S*gTO4tgL+PiJ}Jof4#_IM<=T|&I_h*{NlR>pjp>yfn&ojHjVx%JjA`W
zELyCk*F1nSTcX;PfmX=wTG@xwJlU4ZTFyX*;$LsxxFRr%x`0<X8;J@2x{k$2xfRDH
zAA=;1Ob`dHhU<$(n5CdrcseffVIwig^#x<@jDy_Ia<%!vijhGN)k*`3Xd0?%qg+^e
zZ4_lEmm$g689*D#hK7O2j6{B8EXv#}v>P&B1ESPr5PVeML{0uF-c>SH@ukqWn^$(W
ztkf(C4N||Jk8vdz)_8CsJm6@dWTt7OL={cAaGV3AJinO7t)S~9yQC_e0l(`a6h%B4
zlOIb7->v!5cXfa)M@hTj9s5_<V5V!UH`>qJHIeWZc;=eiTErethH7`z>*&We?E=oC
zn<bt!Gyz6m7f6$i*_pEMImW;|sR_Z09ZN+vQf-6XAMEa&?C+g3Sg%*tCH~^L`kCK#
zVYEg&zr62!^`Z0r{a2mQTI<i+kjl$2moHXl^+s>uwtPocbyX_oh3u?;kgm~b!>>&A
z+udtr)>L#~Z|j~!FdWD%YN(buSqv(eL@-(1DfYt|u(~RanP+4)!kH&e2Ob%UbF0ok
z#gb!U6aIBhpruy%yB*A^C1JA7VE6D~|LE-e_=If-ubX#M=Y5&lJRFA=ViY^e$~7G6
zrwc;Ql|ihz+CkS;I48{UlH||)TN(?J<=>8wH!hNFms_nIeG^7n8STPu-tsne*VV#T
zt=^QTP6;L>z6KF8A4}dEpfyJLzR=yE&!1)TFZQ&AFkT)h#bg+lQDeoGH9hpf<T896
zLK^5e31J%#rdh@_&GMQXY#R~l5BchRu2?SX$f_meqW)_~h-RlG+>rB!rb$fkl5@)G
z|Ef=}Me522oMaXYnKM`H!^V<R%@r)|4zo>?rqIvc+>}RBRgs5AIkn`7@ms3npPJ~y
z2U`XZY+e<0iC~)MMr77_y(RUU*JH+~+%x&Buh6PY_Unyu)P=dN-INL)srv0$CVHc*
z>+1>}>Z$up?aq?-M(LYH{>$MsQhQs~_BAA*JP6R~L0Heyo;63XKRrI&m&Z*mW)w%z
zr6qp{KfjO71K=jEE@7QM8#~m!J=0k|8xJ9rt<erJ{Z41Cc=JB%bab7Kt=)XYVGu)b
z4{R$fDAYlaPs&;W1Zqx8eVIH@&-+eK;XeaApc-ZE<&u;2@dw8-Y46pCIYvMvCVADI
zrQ@<utx)+i?l!T7jq`Y#hskx!4sy?Pd+E7dJvE<(yqvU4@W+y(Oh`plx-v}!GR#qz
zQ<rHf6)s3^6_?FU)Q}XG;IBOMQ`7`8uiHdt`=@U;)Y&=4A*$&jZaJEHTSh%s(hORl
ze?(O}NNwS9Mg-P#s~RQU7qkxPQD4Kyhx=R@mV#>4B`@b2#%tsDves>}bN_VWrEy%2
zpX&A95EOs%!Cs)_9{UgrwH*vct|)El^ZX!f&SDE=v`K>wAb`Mr!cMt)keVkB6|q^H
zg0f9fq%Dgm4w9=B|Cu;ERaF%wN;P@xtGSKx66Km>99+(=2nFOyi6BcZ8e>1o$LH|v
ze4OX$`810JWEptQF*pY&SKBJ<^6l*}{r(5V+WOyq`|Y=OH1CRvS1+!%Z8i+!!BA1Z
z!7<RAW(0LOzQ2i238Y%$e}_q&N69FjMp1F_S%pl-{nv$F0p1R$QB<vza9l5OSW;OJ
zwQ{tcCj&?=sA+t7iI!3Co|+IXsv2Q+r*Tdq4I6cJunPk`(DO&goJ08-&%iSxP9`LV
z{6!jfxbTBZHUxYYkfGooiiMot+_1LI5h_-U7==7YJ%Au5ru;3JlBOLZLq0SMlr{wj
z%J6HlZ57!XocG!LxKtj0O4-WfsUOid$3JO}8?()7;^g4y$2tH{j*otHLy*Y5uL|Gt
zzCx)|quJB_lf#|e{d2i3S>s}1^55?c&NQGk=Mj?J>r_GqeASY<)$9^vi9V#|5iAHc
zWvHW%u;SOO%z?IVJIBSo4q8DW4oE1?a^!^NiBx$BZ9WgPB+l9QVeZ-rD>fV^92T7E
zo;<L!`!Wi=)Y4HJp&)Z}d?DGsO{OtVSPn9)tJo!;iNU!$-z~yC-oNi!ZU}=6c5(}w
zOr_)&93gixSHg#T^xk3&Q;N^!JiE9o&!dW2#Ey5zaWu21(hB%XRZP#~+r6k>iHlS!
z-<dj2ViZ_g#FJZ*A4Mvu5o0NkOpIbI(!kHy$s)ciHYdlH<f42f?P*Se%h~sS<i`PH
zm&HtmR~Tt2ZV?*$bnNA`6r9*7h(meRWO$Gr&wcAvvB!OpdmD*|$$O-Qk*xtvyRoXZ
zP1WmXt&MC-u~*v6$PnEinq8fPVdc8|&_cK92E`XNyINl;2({1%qfK;=9dj<{yVFjJ
zhHSmfE&T&4aeIq0Lb19AnI8gq5nr3b6`t4WA7Y&v3soPzCtIigYRhNwYMS6YBSA^t
zRFVPBedR-9pNAh%K#*wMTRvduc^Uq7ifOLcE(tKwaz^7%tQnkf4xBQ1b`DB3$ov!w
zskdOXj4mScsPPJv13K0C>kJPwOvfS%_Pl`IvVEDOSc^`+qGt}5X{TUWH5?t#0XVc#
zb3<#-QJ0<DrlD_kPEL>i=O4NSuBKUoB6<uD{Ud6w>b0A{lVYR>Zx|*SijpMN-JpA2
z-Tm1x=U>P-&{tm>uFb+f$_KX+XiZMs#h`fdct+nDT3=;Ywotp>Zn8FXLjz?lped6j
zkdi;b!e*Ou%=Zg(Sw~a0YF7r1sdEFc7%K_1Fyc_R7}9L8N_o+7VGGuR<|K73V3(Si
ziy;xY!ZD`QVGPK6yS^xO;j^`0+5W0*eYL=zuckGh!_3NQWF^OMLB`AiNDWgymvz;B
z%=pS?RVsP}U!>AQN)p$!gbI9$k$Q)ST&+yj`+Ru3vv+Xx<JT?pXK9!FbxW){`3h5?
zXPD*}Z3|Wj<6h)>nLIC(FK(HLn@ZE9Pz1g}j*SdrnUu^5&Hd<kydH48)SWjUFZT2G
z>Uzn(Q<%^+dw&X>*3c#qhFf;`-MHYB02YesLn?e=A{!JOUu{TCsGNt|ivqQBvws%V
z*?%PpYHp?xv?{a+ICOYy6xdqkB`$kct-##ws~KIz-Iagwvl#R{@b^j+^d$|@@5w+M
z*|;lsL8bNiVm7k0<@vohzk@?8;Q45-$fd8JN6P<NH~;S#M=8!8BmZx&*WKPM=l|V&
z&j0%qPwo7_ov$0a8TNCG{KBbt8bveo>(q~gCw|J~;kO$<gUwtVK=~YPZy`3fD7wIb
zKcyJaWP;I8(+ix%ILB1vyeBvcDcrS1WI}Qr@&xXLqV<az9Q{RpeDE(!anNcv0Kd}F
z!5jN+t_$*t&wz7#mrZg=)~&b%D|vi{vy6loedd@moY|jbGMEmB<P&Oo1u(WKy+0~l
z3O$)uRy4|wiX5^`Wr14sVoX~8SdE1WulA5=cnS*zDxet2*9%;Yw@V`knyVpd{wMYR
zlWqM5G~VtqlcefzF?&vV*d;onK^`G8@kh8~@Y=jg8_E>ztY&ybXr9faYE%)n879Fc
z&e|l=1Q>vEz(BNR#R63BkMxmg0{73|wOQHENGVgx)a(2w?K1+J2)YqT6H4+Vn{gBz
z>&!!ZrG+H#qrc@i7{>`s(s4o?<2+Akztb6!d_28q2g#(PfA0jzWRk=l>~5V#<X_;3
zwrTFip`V2uUka;8y?cYB2@(YxXZjcZ64v4nZWO@raLOcg5~B&u{m{>Sw)}L?!?RJE
z4f6r?)3jfaZ&TA{k8wtFe}ti^nvVma4E~IMohCU*K^gyKmJ_Q$6#_z7t-`wu4@HBI
zMSR(eq`D9MFXw#Dk3)2YGfI-U-8jfmm|%(~BqkF-LYM}AD%IdqP(JC5QV!PsCx4Pg
z7$ws@o#y=pLcb-+CB`Yvyk2{=z12YII?2K`!<2ek?ag-Ye6!no)!poU=NhzvE*{8)
za5KO?%u(~3CTgBHCI9+6M;(1GF%XTv&D}xR90W=vLp~qH0Q*6ZOygV{lvT5KQDKLd
zKdNH#X0dj_TldrfOs)U*xwkB>DuA)@!!$Un1-dEzXx0MaVxLY5lnhlBYjfDS=4pi1
zEtP{^>~n!}vxV9PyemH<;oCCM43F@qw|*XsQS+a_ynlb~y?@{S@XczojDj{aZg9MS
z)5q1?wPX(65H)uYz*^8R95cobUI?P%`h+3PmY9xqtBIP;`NL3bVsJZ?rdg6^1Vo&a
z$W_6XZJLB3q1hDd9xkTg2<P(zl{5+WRPpb5@dBbbvv>W}zaSCG38w9xlLJwRw%_;^
zHPa*_!K`!DQzrfVc1r(HEedGGE^zMm=5O&p5Tq!QO{GB@3c)i3hlugqVUkT4`Hxc^
z(=i$5jdzrB_=e#T%eg1xs;Qq7=-{kPsH)TyGqOa)IW_8&jpAUMvHFRu-6n}aEa=`s
zYBWx99D*~xL@Q#<jRW6J;v9d<QHWC<hiv*Kd?HCIwbA!8wFpU$z-NYVLsdwM0Pou9
zAVvw8lgo+}MdT6}6h_w=Wq6WYVFhkVan|99ym*8Xl#hM3^ML;8I>|2CP9pj7Me>P9
zpJ6{TO!JJe@${~GXt29mHGtYUWI%_3+4Ck^4@r;%xz#JVc$G!2RSDF3yy$AH&J?I<
zTCp=f^wS)N5`6zPY8Utv43`Yi`uciXG%m3mMahL9waj_iDyB_K+dYeTCvGU#WG|*3
zU|1ppgnw?f&^nVI9t^5K%@YQ+VjRsCC>m_Fw0*AgH9F-}jl|lduQA_9tj$<!^1&EO
zHI+SNuTe4~dFgd?NP+7&Q8SyyJM<mJnfzOP@XD%JZSdO^ACh?b=@|GhH9L7Q6id>N
z5uT*^3?&!;i-UYaTWlmp!z`J|RWprp5vL3AlSf~YBlv^z?Tg1GBa|{C-KpOu+GZ~$
zdoq8Se-}e24&X3UO!8-&7#{gqh{1;?M%grud8!tS)QV*znP%jQM0kWlZYZS|DckZ*
zgxgx#0=2rG4KzmHbobrvsT+{6q-w&^?jQanvg`id8ms5$A)lK1U;YZN0VobKoVREG
zq^>4-zW%q{-G24T(*JICH@BblzfbW9Uc@#}<34#EHUaSle<GCe>;VjYODHa+Al^q;
zy~ZVp!#?5#8d43yj^FGUSEb=7S?sYNH1z|A0s~&_S_~x4{7m4|Lde)k7Tf6-ndW_$
zc(wtDuPGefiXP{gf5>$`#o3jWMz^<soTy_UWZa46vlREyaq9m%#SKXf?P`jV`KJP&
zaaud^DZNgz5Pe1$+b?h&=<Voy{NCfg)cPO$g>9WUt=HiL3)cVE_KTO+`hW3a>-qlY
zNuK5HYLyC~uSm9N%Ij3qO)q79dsFg?u3?Jnd0rJef;sBuNApcaOUy{?vRI4tc@Xc>
zGJMFe@_ztk#FMAyAXL-7I>}Kyxx(2lJD+42HUH~%uifi<-6mQ!H3L6QFR&nQ`$v+C
zKb7@`<OP0|j{Wwf(#p0;(#ewuXMT>oX$;259*)B_A#qOosF`O|^P0QL|C(zCi!R8J
z3tU27RM@7x)*wxBP)U!!FnaWsrAIowhzK1YB{_r%-3h}CQ;KPyheI@a%QuPLXi9UO
z9h|V*NtV-oqhvNQ*HN{BkSAt#9;Cvn42Fi4>6iRQ$`Q8HEXk7~iTdbl_XOVLem27S
z3Dk%34QocZM#>S6TOuZc!RHZOh?o^_y9RCotP4LU0o}$YCJlLsImkLgu+K+UgIZ(O
zyP}U5<P>3T=M%Ilgn2zQ=aALnP~3UO^ca$;g8PjuG6z=$r9M69f+)g48XcfG!a<&7
zePKXV+?a7t#<iKiLSECAcSpW6at<#FH?@4Q7B@_j5TYzJ%Uh6GA8G^AaDK%7e_8pD
zyZuc3bcqAt0{O4^YTK6owtCO<-_tx!xrzISz4g;Op5%&Ia_2K0TSxP6y_ErE)s43(
zP~3Lw_prCOUhziWQCW+<UT%lQhsk2iM74xCB_dZlZ9e+xRStTQu%nMY+gBUl0a%nM
z0=F7@HmWKbg^Ieuld!6max|3X%b{vZRbA0++rlc@>1C<!Vwz`S6;4LXu(rj#6@>Ez
zJuA6ViYYcXlza);g23}_Yd=|*|H}>5qd`W}yw-lOQ2+PRw*TDTeD&g)|3AfJS%xV2
zi4QNTQuN(>hp3!K|6*D|NgCcwP8@z{ts=QXbkk%ck2C(uu74ikZaFb<k^I-&?%Mjl
zt?g&|?@6A=S>5(5c@_g7K`PU|r%Gag!_8cvT6V3isBC)Qw&mfu?7CH|@AmJqMUUs_
z3wW00|1r+5lkC#t7IF2I01Np4i>=Ml{ZH>@_nH4c#be2TVt7yZ=xXPn^2H3_DvtCD
zhO8(+k$BX;{FZXV!MpA!=B!(CH<{Z--@H?>?n&w~_5~1^XY<DC@e$=)6Y+Y=i7K4=
zMG8V`5)KRnD_9jDYWsPO&3f+UYizuHMx4!3ETDVnARc9yQt@kF{=o2uER-h_8P7l&
zDZfuA=C$!(t`|}#uC?P8O7iMk8&R{QBCi18ys&V=VB;$1PBx9^Od3wr(`kg&%;Chn
zxk2k-U$5@yrV(yS-8*fe)mAZQUzNz9U+%Gr@Y<?iEE5tN<2%ffiF<^9=K)4v&Im8k
zeA#rIL&-U`T!NZ4=_xg3U+BWon0UQ4B&M#lh&bi%y^O?VU9pC&oAbGg%l56WeVtsB
zzKgF@YY@5o=kG04{ehlk<^MFiSjO}do`w3K?w0NU|El+F|M?`3wGTL4u1eOPZuY#$
zSxY-JoRo{+^<a>O7yn`kV<|_|CljK}Drwg&aI2*s#0K^G`Td@y`F{~H7et3Td%+_9
zzxm=tN&nw__00dD;<5R^8eS%i>c;_n2M{@rNIYr>Nrn>&ZvX1~;KTrOcW;3CxE1!e
zF4uutbzF9B6*YYoV_9eKVk?2VHV<7;|1*jg7^NZvj)Lk)yA<tEIqsK*5h-Q4k#FWv
zuw3iL4g<#cf~1Lda;X3arCYGyN`id*EY3gKvn>D5lA26kdluP$yxQzp{C~6e%>SR}
zarl3^ql2ik{)HdNch<H5pV)j#GV&W}z%|W3-x^Mn`)mmRN^(Buk_`{}Df!Xh^UWsQ
z(()`L>aB8{XdrZjvkUcsou2N_Ebp@ZF9^hGsLcizp8tEc{I~Vu#q;`qlIM3=|KIcJ
z^UMZ7)SE)M1mFaQ)0!av0@}C&J^_{3Iz7chMq9~X<_u5+A&oyTH5|`!+8_E^mj5sB
z{lAd^Z}xh&{&(}mi)Z_fCwcUcFX}dj=1GPvuYaU60IfoVvr}Gbu*Dc+^PhC9-|4i!
z`TWlT|HBMVSri|<;pN-k{H^^>UzTfVfq|g-4<ruDHC@ib99K%mZ7wjiTGb%7=0Vsh
z0Nf?K!6LtDv2va*As;Qef|x`1oj<&>!QjpLPy7GqL(U^tX@;zd&TxC%w67xPU{Y@y
zay)i^9-I&McTe}v&Ubcq_XmSHSZ%fW96K-J#^DqI&JXq~VfaCSDJ{crU$s8Ef%^0F
zsL%5If9<dz>RGh^zbfhfH@7!mKJWie@hl%V;|n>VRXHwM7EJPeU!-LWZ9ew!JJnJR
zi1l>$CQ25oH||)!Rk1Vf6E?#Yzao%-_t6ngEm#%N;vT^)9wUy$JwjMKLG+6I2CjI#
zm=*U8SMgYpDrzwZXNU@q{o_XRZXqh>MyIG5n__NQiunc}^Z5TA_kR(Q{6YLbHoIHf
zCI63S|KF#1Ds~G~_gj4)HdK{$#f3_x<@4G2LC(hW$8^5OOSNF&s6ID=G*{;sK_x3Q
zknwY?uvd2XLKfBRAePNiP*!NoBbtSxt6eS6gDl@%giWj5#4>n6?w6Bk6!F3^g!Vg^
zmwBmPVQ$fVHl+UdeeSsb3k$G^+5ca?wB!H2*nH7@-v6KC(e8iOb$(q$rQiepRt$JZ
zC=;J|P7Zd*IJiXXi*iU**$OsM3$?WDD^(3jaot(A__&;f;=pL*!Soypx}rxARk_dp
z(6`rh8*<a*VH{42c%pEgt8?_4cRaLkwCx?8Hj;HJ*EpG4wR0Td3C^?GiC^StP5pda
ztL;+lJ0L(NIGL(rE)6n2#b^9wJsb)ER_l;OW%1JIBfFz)XHT*u#TjEX5|9*gY<pT`
zlKyXU0rPzMb?tCvhJ`APuWB4p7CLe)<3n1*>0_?Ov&8?G-v71GmJeh9wY~YWXUG5A
zdb#;*|Meu#BVFj1%AK+a#7n|l>UTQpf9?OW<Ng19@3*e^-T8-a*8ke?|MJhjefXyJ
z*T1#?T6}7I{M-BY;Z1Mj<!$S)>woQc-oFpOY5jFo*bnG?zn`X5+v>%H9o*f?OlhF+
zuAQjUP9KS&=1-|9SW2o`pef+$?`j3X)4R5*(BwzUNOdx{yrtVO0?tE}i?@F4kMIP?
zId|hWy(Y@vdBtfO`Z*rtnV;j)jCYt{qLl6t%%W{pYR-klgv1bTe1L-_4h5RlOGhKl
zYR2X%DJDisTS71ncDNL-MZ>`*olZI=CNi`iw9V7$t<Mc1+A4pyBZWGO6hSlfkIulK
zEn7ung{dlkw<2Nb1u8;a=|vVr<ZOLLbnI`w+@{kBs&w8-!i86ORvESUzD3o}I{Nvq
z>Uh<%v%$<gskM;ix?ec^@aWe}DsRpa%bOK7x$LPj22_BrmW`phE=M~^5m~`2YK5&>
zMtHl+Hc)RXFi%qRb^<%Lu#*yZ+<j{AK#oS`-r$(};#L)B6B5JJ{xS0de1bEQga+FJ
zUOKOs>$0{U*s67-bh*J8htmjW=KL^Tn={|8(X820oP_FBQWVnPy0&Jc)-sGi0uX6D
z^r%({X)j%k>UC<h=?{mDkI#z0Tlxin_^699#xYVaz>rDVv2fMVvO|HPM>?_FRj1D#
z-heuN+WmEwT-ZGDF~+%bvNNy$V?Q$rAtOSH%;LK@WvhF@Cl`rF2ctMqulGOUV9GEw
zBlLKj^||Bvp!u<V(9%3m$GLV~AarNuDQ9Y$M9FCO6Q1>vnUZ0g(3}Bq&IK_%86M*7
z&eXleWHiqEsMqaUXt8k@!+D0YNtw6{24>;V+<kDC9-jLR(2_%BtzPq|!L~TiLCR#f
z-6W<t69jW=+ldwJmx>l)#3ufy!6m*nwvp-<L}^Xg+tVp$^tTp3t%jbKT)wtajr^9x
zxT!aIJ;w37nEE-PL&7>=v)NKTy>YP?@J>9t_Gd<Wm2<ap&MrS!YtPZU%*{o6qU$b}
z7rf_<?7ThFN}J97>>n)Mw4IdO$TICjux!k62eS_t{Ar#{*ca2P<Se<wv1KS`8YIYi
zP*NL%nB==M7cZ@lE$NH~d33;rqRbKGl|P(fc}X>=VDwx)6(ITWS~FG+xkF>1W0I;O
zdhNm`*fE>*>Z+hNV!f^{d{<BbNckqA`Cw)U_E$+Xo#40Zs}XEZ*v};tNTjcFR`djp
zWS!DyhYS=XlZhXPi#jKYRd(%h*GIi{>~7r37cjclEh7=5R-2t-%Ws2mavhhaCi~7R
zc<|jZI}L8r&TyJgc36i4TIqA{kNy~>EM|)~6HO9$#%Zgnv9?NyZYUo-)Cv9EuQ~aR
zqUOYhPo>E&D{8u{2Ohe4oQBlmF^=;M=-71TQg>wNxX_nmBZGn+CT%2fG!tsVj!@+N
zAtoV?ulmcUIrZvgHMM8iVE^ds;AsEw{9x}~%TlVQC~KxrvVv9G`<VToq5i3l{xfvi
zriuJ@EwsLB2v9B7g07kTjPh(62k3>%Ud&;rXXC%~?(B_??+-?FSuxxh&VRx);k;fv
zrAuquXbu^Vy5Ff+!F}*E0M!k<qyaQ{IR0E(@_vyAdKq)Xs@d_tRGwp_xPaU>Yd!?s
zO_ztI2f(0hc_b7m=k5WVdsXZL7LPO3Hhy><M>CNd)`q%hXQ>!9rymN3tAofR>IFE<
zb*WAGk(9m&f`~iAhw*LIdn(F!bj#ie=~gfaJMiB=7$f9=yj`y81-fw2l!h^0jvP+7
zh1m>xZ_Zty0vchcW(>HZaE3?RI^FZcpKdo_RgQh<Q{D51NfuzVR^eO>6hXJQYkc-~
z!s#S!XW_-UiRM>dAvQ|LqYKNCVMWnD+dW757{@3`k#}VkwHrw?GWs(bl2T)nt8(RY
z>vvP%+kdcPpL4EhvCPuas|uc=cV?;0sftD3A@qO&avAovgorzzKP=~kk6au=TW5kr
zL?b^Zf!|3|98)^>f{5Ta|Ciww*#vn*wr#OljDvB4JdEBqS8qg+g4_2^^cVKop7FtW
zl7#3*w~Jg~C7W4_1Hq+Miab&VsU9yuY=8q$Bm9JCU@1)E(d#&=uEEY=KgG#)%qr0z
zNQ7T^LVVSUr%_Z<%gLwI6aq%&uJ~`jzP|8d(=%&*aMsE#?5dfo&`vI5uhK=DKmTUh
z2%GZ)vt502JUBbrdApB3qfv%a<o$})gewfryspV*zWNHq0rIZVOXOYs#(F9SDUJL9
z??e$&CXnyncizA6thc{zHRp~NYOdb&ZkskYmW=98W&Tqtw=}Eg^F4?N@}{n827b4<
z$nzY$%!%#-zWS7GwI)|ZpF#Jb*&Qv-nd-8<rTEw5vKmX<l4t&baifAP3;a1Hi;ZC0
zdAJTr*E9uJ`f|8YiIq4{-NBUR$z)gDQaJ5ITm>uGmwSWq#PZZaV^quslflhFcqbcG
zShbW&Er}{$OF<G3JB6L+Je<E|(Pe?I6BNSss(V&^@@J0Xb5337oE7ZU$ziKzu&gt0
z`qpS#+WDSj$%W(27$Kv8K9XP&=0|%t^5+<2oA4cVEYqX~_KhaE)NS3!9w7(Rg=7{t
zLD4CMkUJY^n2wVuTnNmrV1gU^B${TpJ~+FA2@ZcMEKT`SV(k1eBt`kk3rep#Jll1r
zWJ|vE+){Stm6OXXvHa|^TDbT0vf$lkep#UIIl(Mw_nu)Eyx(<->Fx+i&oP?&Sw2lG
zXPEwd`T1o)zxV7ipxtL~8G!CNvkX}Go>vC6Kg6t>dnlKSWx=W3O4)f+J20F?-E}(9
z&JiW|Z+C{ux@*RHlcu4df|}Js!vXGhzi+I(T12k1<5S)@x?%CDTLL6ryM;z}GX1+o
z)ru2rRq5&kMG}XI3~?|EB3!*RR1x>mu*2p3L5{wKgWlrPZ$;TV9)K+}EqesEkf}Ze
zy9(a@AZ$1^{?X3DH%kQfDxZy?t%V-$(0o%T9Otve(34mUmF#=x3l<8*<LMJBnz)Bl
zUIFoLl6eKNJ4@#k@a`d@S3vxoq;!|3`4W<>>da#*8LAq2h&lHls)j0P_n&nSr*NnO
z`3IkOkEM8UH}DWM?g7*fZdmu9Z4ae{a0C2<%(S_h2yGQTh%&+*c)jRE#kmd5)dx7E
zu~+oAYF#;w-E+dOFM-qj)D&N+LZKSiQW^zKR;{O0m{Z}NdIe2NsZcH0x`iSjjyEKq
zzEl;%TvHvV>rgq`&li1;mbg885jhM_p7jC+z-KR_Kd4S%uFQfOW-B&ZXN>H7#>e(>
zjsr;6y4bP%`O-koOIIU5lzo#U%h|i4GiVunvo=Nbk?)JmS{q{#2F<xQmQ~m_11^KG
zA(h$%{XFD(MWC+NMVzkrqTUz3iRwM%gL=BZcQ82L+1op{R+}^YF^%@i=TcN`i!eoK
zztho@Ks2Ky@S|};wXP_Lei&w$QfrD-&iradrX%n`?b}C=I)@H>->?aNvNIU`e0;iB
z#=X3I%-cVf-lvz|spst(ciye%Y!?q?{-#GXBx%K=kB`Ov|C}73p6#EW4|Y!vPR?A@
zsl%a&f7;R1zY{7I%ccUIv%|sp?%~1y(HUeS{o&wn--(-I?;Sl#QAFF9c=iK{O4n<P
z8r$7JJ-b6|?B#OJ?cBL3f7j8N^E_x=36#%-YHW;>RSFPW-#Z7MS+pA99L0<VYdOVC
zLG?u`)pV*?D>|IH+)$+uwd`8dg&1DKz)PIP;e$63ss87T`CZoEA~~vBlB&ARa=8W6
za|u}N4&W*5Z|u;HX+{zd2_m0T7-cPkhA1<Nk_$g_6jfkLpZIh@M!N>t`AjHzC0G(N
z|M}KW`z0B**1?0<pZICRInaxvGgU@mlHr4N#8NRORk2d9>&|m;-Xy*+QB*QU0o^7N
zdq|Ea)Q+|Y`>bQZ$)1-syG8x45ZAoQ#lz*AIh=zrdtRu_v5NO*c)mGR+>(q1XfefE
zM;5y?mR@+KqV%E0pM!G_yIA>elMwe&_tndnPPW8#taEviEHZ~7S&&nlQ9^SZ=e(|Y
zoaF3cH}c8kOs3A@S!t~FiL4hqJ;8|u5GuoWJJNdTMC}N@zW8WZ>Od(SpoHX#<6J!p
zMDT2vCZp7(h*oXsy#bIO2AU_LXQS-sUv+<qTBcF~SbZrFb*Uqo>>}%C_}3|>rYu17
zB(v4!C0r=^&6#~+-h>i>VUM!vtm9u%(`(kNtGW2<uSFp0X2Z=m97X4L&_q^)>XaOy
zEj^^M5%aFZQ4H--^;RZhJv)K6^`_^yfG24_+au2S+47q$s^0w3b0sdB{|Cx>Ax@)Y
zHo-L$0MF0=(|gr@*|qcky?C+pod4%3o*O&JIE=8qt?_+oPYt;<*UlX?>xky=oLcA0
z%!(&BvC=U{Qny$?GP?_hLXEUAH*?aPSsPb|uLv8EH-vHI*&&&bypMWSxojjJ=0)Md
zBr4O!6fF+WJU_Y2on{hpr1H26<~4&$FP>47+JF2c9hEYtok2!+d4ltd1hgWNj9scK
zpNydsT98o2hWT)LW#+YF<d><;<e?=-TAUL}HW3U*?u<vGz`36Js7@v!3D{qhPRLcT
zMj8)YgkM2N7>787*z;&g*_@unlO!ZVf<u&D_<=`pK26)RNu<EJu&qo?FXYyHM<KUX
zze6;3H!&YklUtN##N*zm6(}tm)V+2r_KM-DiphTOG&T3kI5RiFjGFI@63w^@K48Kb
z1-^FTnYlF{FaZs3<qw{SrnJrLxYy2j@|;lSu0&okvCMN?m_-1e)528FxEeF9#0=ee
zLzWBKFInXR16s4#5{9&9#XAJgQve<_q<_Z}QS}RwClGt?XHZnflFs9W^f~M>s53Ul
z2MG6Fu`S;(8&M^cdRd98Be>bi^2=N-U;2!^xtGtiW7a&|SGy;&d=^@3ExI*+wzYn0
z|7!<`#kNyLBjY?ze>AV{m9YfBjQ-911iGh`fzjSOy%k^TqQB{PxTWpaRbIEhH)fU{
zmYl$L1D2)Lx8HvIZK=-Uh&@V#+}?Wi-5eI`a!qsWigL$wd7KtV@r|1Gvo3DmcFVY_
zwwCwit5BG_uoXqT`q+Ng>-NgnS{l-M$kq}i7fO+Lj!iqISqH3~J2($Iwm_k*kj8$7
zLysoGrD4Hhh-A}P)vp+VJeo`W6i<dE`v2H_*X1^DY*G08&8NUe?>bx37Mql0*<+qb
z>d2BNX2o_`l9D-7j*kg;gCwG6qXz&*ablk**pIZ|X}`iLEL<9BcJm_1nk1vHiX--A
zEnL?fYt@K+6+(v%A$@1xLU%ag=R63jlLyrrs{ZNWbK8t{-AFG-Rn>$_`Ow3VsoL13
zYH|Ld<N8*w)K%dJ&MjLLhOlBQ-3RRNKDy!QT6f(k{v#uD&iHjJ2R&+S49M#EkIwVM
z7v=bm<HO_5Q~bwcT)$RSA}z&$l<%9_*GjZczx5er#w56)i`bF({s%$$hyg{jadiDB
zFi+k)mZY>ew+=0-VO3$Lmx3mj{NkI31+0O*efUY~haU?OST!mGX0q)gW~w`qK1c{n
zt`w3rVJRCJdAGG7>$P*W$ZZ&C3-z)wCqkHC=k^DIKkQ4A`GW0I<DJM@?_=4*H?mE&
z^d%K8-z-BaghEIbv$Tt@PW!6>)aEj&f>9nSw@2N8p<mau{rIR7!;fdnt*m*~Hb$*G
zyT<t}-C%L+S-+U2MUZjWBL#9t<|*1SA{PLTY>1WEt#!RuWTOc{!1Jn4gH2DfU|o(%
zwMU*-<^wJUGuEZm5Dxi+t_L~_)<Q{l-)yxkt(c|J15SSLIS8O^JrT=c<o|4W>5q2Z
zN&e51;YNYq=2|2F9~?YCD#`yxox|r(^8aI8HR5j0k~1p!ELW1~>sc};5{^Up!h1D=
zulO=5zH0h<L4Wzx`wIVgGW>%Eldp}=esD3k-d<F-I^6IaqS6t%fA$i8x>j6wqW_$w
zWD5qcmi`|cmg)cD!4v&|lxzL@pA{CO>Y!{VGY)a=1#0`O10JcB$2k25SUWuXk7f=R
zEG562V?{BW<}4$byu)dgN8ut$84%qD97O((vsvy`LpTarI`j&k<&0)<sQrfUp?jcs
z^pj-%$GPrI|A#b7Xg1!24XmU8M~BDd^Pk7Z$4~VCF|OY<{eP|3*b^IgFlAyk{Ds64
zIDsDK@PN;n@m+g%N)ZMVpk^7(ipg%+BpAT!?=-bftmvNCo#?+=2b-z@>-@jV^#ADP
zll|v$uJ!c4l)5G$8-IAp{B@{uiE3@;UbUNUOUG(p<S)6YYbM`f+W3TU)d%G{s4!{C
zMNYy<#nW^qB;mb&)ge}mLwyu@>fzuy`TOb*nr|6SUgH#JG2zYK`oZ;H>-Ei|3+}Bt
z{#yC@l4t&*+e~gH;TcY^I3A5?>>qBZe6+F$D}a6Vj`*W@3Hs=T+8JVb8vLiLPP43q
zTzJL~>pQt_ta^PB4tKA=breV~Oq04QOu$ti?cv;oE<IhG2Xf|;ceK<3KdyS&DJL->
z6RAUtZ7lazOW{3B0L6-BkeOF(E9~!;>o)x8*V>GgtK-5e1}!+nRXcc<q2H^AZxbl%
z`%xJ%UXdrYD(c&J4%GInDolKJ$ASR$U~z^%jI|DnZQT`5^8fbNedK>^^!|Ise;#xW
z%KqQu!<SF-pO13g*}Ai(reF;Wn<@+elq+l08>DHuo9dtl%Y<+$-7!@Ap=qh5K5NMn
z>=ym_RQ+imwu(DuI5r??6=xJ5#Uk`XHUG7*`_TWXNz`>u`hRrTS&IKZI(*9i_$Zez
zy!*$?*W_kPs8D48q~AN8koX$ypy(9m7*5DjBBGOi&(J;*y}<%C&03+^IEoo3Ohhr8
zwr>uaXcz6O&$r46xAK$Xof1!~YeUGX45|k=ZEe=U%;R3}h~DoyfN48DxMo-$<}`ux
zYHI~~jW$-+eAZ}Sr54jn5`KeI+Z_9Qo5kS6*jyDX0g)sn>d~U_C0Wkv&Z}+;<nGPU
zwQp@hbmqh>eRHc86>v&zsXPK(OHcHQIB}WN`kdv27rEBzbFc<${1-NaZE|-iQE|=%
z_ItN50<9wi50k-l^LWDhSk<3|&fmnfmHby!h}b6ld#(O|{PIOf{yTi};>DBv_ZU}&
z{vXym2{QJEN9uQ%Lc%>+3hIdXGSnUAsh}#!A1Sa~d%u3j@!w~pVF#w1r?8?b*s7vo
zdRWvC5q(D_YU(;;F^*y`o9HtdzIaZuc)hD*x$;?kS+p9YdKujTZ&2T@w)Wdftk-0*
zE!Jex#~e>ZE$Y$>EAc0j73hCc+;2nr@9M~_*SF;XYv_OH<?}NAKRP~oqW_O_RnY%1
zb6G(DYf^-5#|ZA0ChT8;^smZqR&$^g3o&OrDTqx)<VWkvm-_kNaQ{mpr2e;MpBCwD
z))9g=`~UFZ=;f0C=c)e7<6M=Sw$GBg?pU`dT57R8*1lazztNnKbQ+0Cd&1atvx{Km
ziW$@fbLOBR8+}C-NhuqBDK&<lioW9GFcp32+b~_K%R)6F@pX|}csWz58{8`*<hp#R
zRWEy4Q;V#<E!1j>2}#p$Op4ytQZe|ppTT!Ik6UG3%=NY9E3)Bw<?)w?H0)7TG5i<K
ztn`~IRsNz<>a0%KyGgR%6-j!ls{<(-CvEiCdvXKy?Y-ir6%)9W{OnGN&;Hru?de)`
z-Gl$<EZIy2SjYc6%jbVO$4~PAqg;24|GtNWU@Y*zH~C=WYBd$&!KRgJR!RrW3Ojr-
zn9UlgVU3)yBpH;l{d>9oTc{PgKlS{^DMhWxR_1@y%4^g6AexOBlv)B7wMHOtnLZVD
zdJ+ikClLIm%u-L+BV8-`f261+g_1<~!LiQ%cYIvR|8Vf)<&*vIajs{mkEJ9$6G$?o
z=UP|m8_sB&&}@uy9AD!x5mDnAx|&dd#4Oi&#XxIB<CG1xvzcb&eZ)zMCA}dKW8mG#
zS<-lhGBO6PhjwyKM)Z~>+F$?w??y=Jf{11CrD_t&2}dc-NYseVE<asL#!2HDI%U%-
z%g|4!mnflJG@>z;ZTMF=zYz`p!Q1e!y)hZL)j#&9xXIcDpdpU0XE_?tl!(S&B<6Wz
zFB;<O#$F_+>TkyBxUu(t8_&>Bm{T?rsCRZQ8d1*KFC><Yh$aNL_3NDd(ui(E%o5UW
z#8llKGda!E-zZUCx&JTDPtM+*N7LkfI9BfegM$~Ha{S-Hi_Y=Or~UsJ*E4hh$9Nha
z;Qt?YCQ|0zw((<8*4{-_Ae<qb+~6!G3A!eWmNsz5IGzx29SF5GBh-`XWj2x|L$<=5
zA}d%R3|YyMkbD-)87D@@LxN^8Q7{FHab`td^&ZW}VjoSgm=Lj#QYxg_M}ok=j7yT3
zA44jqI2X{4$s#8_W#g2MMbv0Kdxoyw{?D_EMq@A-46&Fr6hlKw6h=5nP=d2$k&qjx
zupzqbw!J}8mJ_Z>%49ZFqo8+&{+wn);xu(%yZxfDG#alLE^tpOY6+jZkB(5z5=Cnz
zPP>i9o~Cy!u{~D=7i-xXO|g)K>j5?v|3WuFJ1o}`OJ22Fd-evATScK^d=nC5j_?hp
zsnY3o8+%C3nQjKb@uUi~NbwD+K`gezEPT{zMtYg#ESbd$M5A$44AGD=DI|xvME-IV
z-g?|c6FQ!xivp?{rnYXgkXVw@EEPnJxdQaPD}Uz}cTf>;7sdM2si{vZCj`Aw^KAGY
zn&J$P3D@hX&k0nx6jTzS=C1&c4x&H(hvsIliNxrn-xJ6v(v3aT|49v(uG6iCM>A2?
zNQH5xRE~6^8bGrV$8Mtl)*tgR$BAtnoGoZH`k)G;Oex25g4J>(oS=ysh9M!U^Vw`V
zBpk7k8e%x`DCjg#>1bhL*_EccI92+BtwD}<MvS8&QJff!FiqKwS&N|YD#dlzHvTBO
zMK|WC0~>kEK0;R$B8bC|)0EA1e+5ymveAgf6sPC|59eF$yM)EpghP<-C%pg^HBzdM
z&>c>g>b)&F3YCWytc%wtr-<>=(G$d3N<@TC1T1r*HmEL3>;`wl+0=F9+iwn|PIRE?
z*SFssMV+V<_H7>xE?7zi=Km&F$p8c$Gzf7I3OyEy37e$}8WNO{lqfnj#n}v}=>k?*
zd9wB1fR?FYmJB_QZX1nDrNAw<dGI{C9iTTSebBS*-Y<4(%k551rtF3!&{$6L6f4p`
zTmVWk9g-v=3Ho3mxy^0DC5w47BvQ?h(Z=2XB`2h9Hm9N<oDSO+P1)Vo{9%JBDF#64
z^B_hJoW;t38+ZfkcT#n1P>Kc}pp0k^H6+I1JyR@8t^5&{Xu)P2UNOw1r-^uJA6_v>
z-Q9#eD#y7}ShdjxB_vPTLTIjznBJcrjk2`P>|D#KZ0B`)7POj&DVAk;Q;Bm0e5+tp
zH5?45EE{Wrc^ELBO5P+VgmT2@Spmwj7$7s~L(qwjJI{jOyKc#VC;`3CF~?IP6;A_t
zq9l-TB_vRY*Y;eGPNVTH+S|LL`QBa^y`@4bvS!0&h2bItm^g)MpecAp>lV+<K5A=%
zU?xV*qoT;&(poYv{Tb$@mEkG*c6k}-l@A1WX$9DzU4gI=ET&jmC9I$~dMTywfo2oh
z?g)K3^~Y7?9Wh1Op>M#Gi!pYSpl*8u4z!e*by^_RvuqdNjW%y-y7(Q*2v<Uf1JY=G
zMt%DWeMV<Q#GHa~f<B|GMNZ(RhV{Aexuq`sul--}7yN2`MuVzC+5_|%6=CAGlsF}z
zIIF!anb#vD-l~-xAthvwx^B;h1$h$|3q>Del1uob7~3`$f{wFR&XQK9G|FeT<ai5b
zNegF^wp<bN&xk>CC-fN&e*H2)x+CVPYWxp3gman@SQJbN3$7lz5~US45kUGXd!bhd
zHj;USKAXQ3x@Oa&o5_hnWmgChW?#d{CqG`jK|6+9=U52zKMbvaNF&vCJ-K2ReOBUN
zs(_DhDu@UFdjh>VBO{ub)p<=8Xu{GY6lz>>49$>@S28uDO3hbbZ5N8D7VTGn?#zT_
zQ{#MaL!_~|_p2wM!V9k;_S7E$X*rw*jQME7*mVf9S(xyf-R3pJDW2l24MrFU9cb=1
zB_21s&6`ei(1|+D6^-!x0jfP0g?GSg%%Wcf0&tUP39K}NRjpZpT;j39dWFY#LuWf!
ziNc9mx?@)EveR~I9orhb;$U?%S83B%Q0*;b%=<=!z#ugRbf8e1qS9=FEZpbxhNfgp
z&P9whe`$7M#qT#`??7F%`)f1dEN^x{G*8~XZGQZ+-{iCGM7(F&1!J<=m3&6by&nbP
z&F(>`)7ftd5-Wn==WIk%qQJ;SPMY23#VnI_N(^;uezD!QwZQystSxqI<UQS25`2PK
zmM#z-p<GF5LXu4W1W^Tu3S`a*YVj*$Xu^c9fCqB=h?1It4`T~~>@IEKP-#{BKLL6G
zGHgL6G*>T((ZC}<11+c*1ZZG|qJj`<R<(1XzY-d9*D7^`eI+p{4P;34a8R&d{4&e5
zqybcK5IDN}hA0hogB6|8)b(C+T+|;|-9J~id<9%G=enX9x-=^9C1l}NoL52o@X-g@
z3yPW-Ko#}BALO@=N}8BRy$L`S#p=I2PpL5jr76-`1QO&s>nhiP<XA5yueBy(WxG~d
zC!}S63fy02X$o%DPz-r<;?avr24|`y2L3|etvSiWgpMQ%9wBWhDRr{R?AvNT;soci
z>}>2Rp2Uh>Sy!EL;0ZYPA&S*gpm#9hg}hhUr3vQANhaxuCo24PLO?#KmIMj~Ys7f0
z=a$bhrELhJ_KhUqI|s=J3_MgI40I@^Vxl*xkvNRN=Qlua8?#fBGmyY9;|WP-N_g&p
z4d2{8za{Yuwi*_Q<vA0&HMzAuKBVjgr!nDoy%g3O5{X+Qg2BdF2r-H}+wnGJFp4K^
zo~hBMBLsh|VFEIaa0WZGRp?53Oc;}j)J~~@qt)tz6wfj>II7#)%mTB<=9xD9s2`5<
zj#!$gX=T<1!yVl;v`>^d+v+~#SPOhV3ZgYdaQYavQ@sVt(3pN12Tl&JP=Sb&?tvI!
zQA7_2hQJyzfu;(eA<jTixq!=c-8I`+ix!?B^~6;43IX&+@0sj#qV&lSSXnqKfO%mQ
z0jzvBOlcgEm`8Xn+S+v0PU(<izR>!5h{A|KK5U7{A<&o6Vf3<v)0}1`_}X*zYak=S
zNfr||vr0Q>98DP**>yO87Egdhfqg{{NujSBlUfDsgs{&*p7Pkn8WO&l_*^S~l}R>4
zyfCZ6C?Jkz7Y(UiAhi|tv}{r2EL2c~VudwLtE&a3;K8Pfab`A_DG-Ms0Xve6f#9Uo
z7NNRScto&3K`AM3K7MV2!?oEpe>J<uNBd2ihO60a{&?1Je%Y^icy-!ue)*_mK~rrC
z;4B?HZgzkDqF~Vcb;{yv#hYT9@MgDp@Zwc;c>Fx-M4k4*i{_UvAHRHDHx?f{AB*x<
zA37gltik*XmMo&AId9m{-d`fAa}Ji6Wpz8N(Hpr8eOAjHI9NEH#j^2)2A`oB@g&mQ
z#K7Cvhxc1fqR&Vy>5Zb2>bH?-sx{X7QelQ{`V=@=DoS)UyjM352)|TqVUhY$FQO6S
zQ!ITlz6q;S8|j9UdE1oVY$^WI(!(y=dZ)IZ!T(!s7ON;kRnbRJ7~FJ6d69Im*;zt-
zdZDO<=EvZpsDx2gK_U#%eD9PXqG0yjb0bG0{Q{b*H~hXeF9=Tl%BdtjWHD)etVOVz
zlBn4+m^N#$w|vhtZ7*ADb0s@of>b#VTenBhe~{{tQ%^!#d(iogHfsTC)(=vv0%&a>
zS}^dy8|Cp*zmMR98a=6^1`)KCC8)TMOmQM^2x?WYS@O<#zX}23Y7+Vq)e7{yWL4tC
z4?H29Bx><2+)z{r?4B_;c&;^)fIqe-xK)VW)$Gm7vk%->=V?>Q?Mx8u4D(ra#ro0C
z)eV-jG17bEQaPpu-b_wTQ>ru%FnK|6K+c4qYH3Sm4Fo8Lm%y5jV!|aI(HN`IQ4mNb
z)h|$|6-{n>V4Dau6EMFtGuEsbAAJxRgnQkw1-ij0O#%y^Q`JBa2Dny<Pg5}N6pAdk
zCiJxIqrWI&YnDoCqapyDfWZfnLNg%=PLwciS_iIGa*L;VN+7T8lqIv2?4lh(2pW=<
z&3FBgRd<ake1WIwa<`%>zMYb(kyqd0Tcm%f#;SGzKGkR=@MS{cEGCiD9jQRGETvNl
z%r6+mPSrRT2u+>k5?-@Ewm^TwQY>joS}C8Et$p63>c-HlrE~-uW6_%8+g7TDYcRa1
z2^Az}S)wDYVW}Qhfl(k@2^H5V5uzm)S!{G+PZCHdC$UVG{;B|if_(NG1XK7irySNc
zII_e(=xuB!z1RYUK+AfP@F__sXgyXr@<s&2h|*9jh^QO^fp0XaF2@9<EXFC?VHtF6
zS2b4XB`u^`*j9jn?ZpXnoLa{mMj4sw-e@lySp4RAVbts!wR5G>@zvJQjLVK9GSi~n
zia}Ribvo#v)EQ6|PWV_jX;E02KeX+8PDDPQO^tP9NjmYto@&?F=8&x~Z7p0!STtC*
z+Vvw;%#jW+w02@mN+Q%7xv>M~Op&`X!BUU4&7+1Bnv?^Yn3`Vd0puJTYl`WM@X4+(
z@%-iOkC$)GUN`skUtnSmz?1CeFPu$5q+mEfB)g%UX>sfZbE+T;?X7nP_O@10>j%)Y
z^6BG*3Vh*v3r-q(vU@Q_wUARfBJm<li7{iF_utyv=nZ4nqHw@?Ft;%m8MA5eXUidO
zO%#UqhGaaYHzXrM^f?<so8OunC|7rUYjjncLygH0E9(;&VVcf3xteeyCM->w-Q)cx
z_%3mJMpC@E)YP%rJ?iW?bHXW0+^vJ-{iZn=;{iC>Z<_pD-iu!bwLPj3ZPku*orITG
z$tEGRa*x2ItM4IcZ^A&O;V{<F{}6h`(184+Z=*!r_nFEnJV%`sh=QRuf;MG|4;zmp
z;b=ag@uZBy$|aoSRsl6g4_5WAJelCm()TtTyMq<b!&L!-w8_)9$!L`tu3a-wMaYWI
zjsPgWqogwhF2hq7EoH)6#=7*-bS9(@K}UoC^Wo>8=dGWAjz0d!ziHo(3HPw3$C7wG
zU1<Cvi^>@{dIkrv6Wft<!m-IB>^k-0=;f;b1SdG5!Dhd(cYe3KJ?vA>b}zcQcE6Y4
zZNA}oX((%Ud<p(twtOw7(w;A&+H%vEv248SOK3OW_O<;wSOtHxjb9JD+<4FAeA@r9
z{Z6YD3Pup_3vMQ--h$HzPAY>cQ={=~6mSA=mb*Q8segZ!9e7l;1CN(CVCRk-(C<#g
z_OrcPyYT`zn{PW2j9#%7>S5ny%hg~xuE(<FZVM5t*lV47l$-Cgn(iFb!`^I{)xizN
zNok+P1pgh!G3l3ws+TFvP$&ku;!We&XLB^?6g;{q=3}iDiwx&t!la1M&h?*!3+tl-
z9d*Pm;+u-vbH=Yzh7-}wnf|8`wA;_rPp^$F<CQKra5!5gvmuP$+siFDd0FL>skkWA
z+xoaSnTnRD2N%R;AJGwbeBmeyYL;JA+P+$<o*G$f-EwPYd4eUmG~xT;U4T19M1Q6C
z13kOTG(bEzOH-x%c;>+NGu?`o!AZ+jR~LQ6zyYaS*bGRSi;z(oY!Sp)4&}iQ9n4b~
zkYf!?;FoacDf~!h!;31Yo<0|~9MGi3J-iD(d9@OZ$;^Z~6`@jI5Tp4557`Z=aXVSm
z;>fr`K3x;z%Z3M~z#r5?Cx5+E|9v_+Jw3m?{Pg|#-#+!uynW$8G|aZf*y>*6WNfy@
zTBH}}-}QcYe=lr$z&7sY<@xEw`IXn(`yq$d)*`+<0(+c|rb}ki9JLUQNQA^ux7{Aj
z;%g$?>VCwNA!1w`0oULclW1MHFE8JqoYNac53UIq??jv<AB5>D#8&xVN9cR9@LZ%c
zgAjw1X2ga2nE3IZvq<-50HM^c&%f)vM;DhTsDIJ>>E!AheSiKpc=B@=MUnXjZk)eA
zt9)^=zUv!|z3RQ{Zr$L|1mXWn+w;5a9LveJQ(*YA&yWk3iEfm~jT}2-pM2s1raNy)
z!L-Fj#*}O%l#JXc^_ECD)x)GazM@G{gihhC6NmtY{d6L2nIws^KB0rwD>G3?`_EAe
z9mxsM&*yRyoWsz_rudp5Dg!+GXbus6=BNi4^%HWda8(YJ(D7S@TSfjyLEuzr3gzw;
zm$Gl{BNB}x)KtTE-Hg_9CyB+iXyar`GpZWXGByAg&P7__p2<_va!9~1SJlq@#QJ(%
zwH)j_5@5!#QMnt0?tXDC3aT)zaMD$@%Zf0jQrEVAyfW^YWRTVEid_>R>@1gvW^J|J
z*$BDkYE)19Jrr}2kW9(*;O<~PQCVkZ)zezcp%U`k=iYsr0mpQ)U9H?y*0O@xH4Ij`
zh!I>qH@FlXvJr~REcB}h2_j8Pz%{!EPe8^bI5WXCrJcA%K%j;}1scOC7}bixrL>fA
zrwFI3S>@1%w<{vF$|7*p>c~?nUvo^eGa|LK)K#p|`h%%nF(h(MNakRg(_8vfm_7xr
zK%t?6rL!Okv{R^PyA`5*74pDpQ1QaLh&8bgu}tA;Midv`BJZ~I2}y<s#GaBWAA}ER
zSr<3KogRmh3{6==M+@}5+6HNH9H&~k^WnpWd&7jhTtL6y>1AcZF9&U*?iYcdgSNWg
z68i0R(8H)oe<XTg7ixnnPtrMFIH#o#Tgit)@^z5yYg@!yR%7!+I#=L>{S)9C&ctHK
zZmXgCOU?tj#ZohopevfR6c~CC9X*en^E6BYUj$2z(CLXEPys&35Rl0X?*pm;vl>Q`
z=-mV3XG`}%ozc;VlGYoNrc<1uowGN)Adr$<6TIwO-V~~xa~&sP>di*Uq)t)u^27TW
z74*7BUlX@hB+FUK#*53G6P%o~OsTLmlcLI)ZQex!URE<@->%tH_0XsI_VSv{ZTy6|
zCUezllO-ZGw7!yz*8{ar%vrfB+g=z8#;e=C6^8kQWItvCODaa-{MEw)rWY?lY9CE7
zPm~lb*hp3&fs>s^e6oz;5e|3;8Mcd=6{@AiKkjiVeQ>cb94zJE9vI<E5LtJ0F~Im+
z2#YEw8Mnep`7os@rlmMfiPs&ebOi(KS4(J%fUKV&7|TB(zD+z9UW(u<BD4&|ZNjRG
z_65Nxm25tI)eA7$=<WKjkzkCri5yuP+?wE#<wbD+LwC#TY4z#5_4c^{;$2VOE$`Lc
zwL`IGRLbRYYJ*ktzeQ}ya?*tLiqqZWQ+&nGwY4USqfQ5^{O;l6HEIxim5_}ZTwgtE
zqXzH81#Z+Jc%ayg3g)<#A^*;Fp-wI=8dM*<QKS?pJADql_zef??=!|{5DfQ@W^_86
zdYP8AOPbu~BrdFTYSbbRXc=IA{KT4#_VofK>QH>0Scy7pUq4);4)X&<OdPF2@lZh%
z9{l>a3Ae=60^KrX!Xfy>L`_uo=x%`%)u0|McA^^mR|ub|M)b8KD5|kOSP(@u_=kz3
zaIn`$6x8#V3O=<muE0Thn9zby)mVxy0QKBvfqMkK+$L!2^>1EO?8fDm0Dq;KPBId+
zOw6VPsjrp9&WR92MCNNyQ%nd-RCBJ~pubQ4C!6J7r+%s=rw+|svorZPHcHIoFoy0U
zJD$#6;5}d6bg<I@1*c%?cQ;34G|;JgM)1fcd05((0hpfWG^hXtJ_R3^ZwM9T9y)eo
zcjP;5S+`v+607;vYqevmB6gRc-Z2@F#s0|YfVR&5<NCYSMxiD6mOo!$W!=P15oR59
zT!P&YKIc@DtVWWz$cj1i!=28GnGHgo{0-yH{uXgbF303%xsg`yoF%H3xYhBN;p8<=
zF`U0@>wDGK#3JjZ&K49-lQcOr5Y869<swLM;tXmb`3mPInBUctvM!HIK(n?;A+wTD
zSLOb&qp4jfefMmA@{bT|=rIbRUfd}Sh=E^?&bWa>JXdAU&tdc`dR|Hi62N(=)F37)
z$Y#+Ob#8hEtObx-Ci<vl-FfXQ8=33LJ@SrN80+$nc<XTuplW-ayA7%O#N!y|N(pRz
zVqzDLIf1#9nj49j<6N(!RV2lNw$>6Sb1mokb`V4U`Rbrk=JP&K8v;~LE*wHzcEhTn
zby<U3km;lb3qT@$lbdLx4q!P6v9--RwK%jO|Bhvf4A|qBC;i^35?X*C89&ZRzlY$a
zqHdSLXB$pM370qNa5x!UJrFwzxswGcVpuF59ebnq=(Y=C3A@e#UC6?H&T_)7jC@I?
z&vSD3(CxfZ+blqV#4Mg5ETDwQkfcyHM9-yB&-RtVquHI#vpt2n0~>9XQaAia71iVk
zo1+mJLo%5zl)i5li{VweA!w%@#J*DAu0dYVCWX30n8M+Kd_h`<lFTL*g2dFOLGU$v
z?6vuaoN%lc*!Dx?GVa(0N)yAR3$j&Ap`X)S30Ng}({fd}%^D&}O4Or;-O8#luvL|~
z06|YKp*g%O3176}1%I0CR=(R@d9j@^7G8X3#gaH!yCk;CM)k%psSR@IRKtIa>{Mm$
zeTSq>wx6qF?W$<h>hwypHR+W~Sc3#hv)@R9rRttmCiuC-V%aW>&PK8zpJgpj|Fosa
zmkpEQ8nNac>2gAGZpHqyRfj#ZlDgG`#1@*Un275dd$rNWb*i-&M}O*+dtotD7_jI_
z(QY)ynM4>RB!Q5Q1ldv`wiiWaXxEli+rVKATwF!8Z%y}{z2i@vC4g0jUaTZ#6S#<F
zYjpv@6W;B28%pkX48mTv@YF_Ozk0Pc2K&{k<z@k2sI#HDSnI%qwn}5R0Ld)`!Kb}`
z0MOn>z5dz(3jtl}M0(3Av2A1Ji#iqt?UbR)MNafd`XTX56ol6~T+09oVpVR3k$g7l
zT<T%&^(&z<oD9tysMp`LbspSHSe_S9tOkgyIf8N8JG=OIQ@+NeTGd$q)t~;5tfJr+
zVa5{DFDX~H3-;MYbMfB1yj$f>sQR)BBS37P>N69)esdo+{SGw|<EUvdl|spiud0#O
z9~@Xi&mJLMzZz9pH(h>O5k}e)xMl!qY|wV>*P5M$r1AB_nFNED!6R7nXlP$h%TWhY
z8spg;lIFsu0MdCY6<rdOnM~L`i`L9Tsj#jU4fs-0eRvV!F;=X>wsDPOW+Z9t16Z>C
zTRGc2t+f6hE@|fuCPYHk12vB;p&lJ|>f!1^tOsnLS3-VX3s;|ms0C{uZ{A)_Z;jM(
z_4d*~#En>n-kiXT`#L{2Sm4c>6Psoo!Hz9)(3o%uk#9;PYj&G$InCS6{Uzb(nk>|2
zX?C+&nt~sK6RGbsm(1!m?A!r{b!ODOsXNbLf)H)|kW_0;hYESYv5^y@LTe7RvjVRt
zqV-0osR%?<Yuhj;q;>!cG%Gidj!Ac-tc^uqvTiLCZuMy~Zbk?yMPaJmM>&~R1h^N`
z)t*_vY0Hn`%C)#6<A^o>Q}t*2jm->xQA!ASeya-yF%(lC&!&)GjtVg&hKhk}H_3F)
zk5uP=hZVu%c*ddPm0Av%W`2sYQg}Ng#hWnU42Z6+;d0RYVqe#asu)FEV2!#ue>KaY
zfPX7Fb_wo0Z!#bIF*6QBO>qPR&6Sfmx9{sj;z4IwN^c17bYAEz<e%)<OMMTc0hONj
z9g!}>yF*b505tDyU_o7n$neUwh)TBR!-LiEA0RfAjr<uYhk?}K{pxX|HF)n7##!0J
zqcWnUDOx`lzQI5IY}vqHY1=O#1x~)wiqE(3@;Qj5XuR4LUk<>#!;-H<RUXh<RBH$N
zD@18-xa=Q2VzUnO-6J+DdwRGA-QA)$H`{4}$Q|diw#lpO!ZvlZX4^(@u3;3RL(Hu<
zW53>F9c$S@M|9gj5dFWmGmP|8&5!Log8XLECR@A^M#554M;1;PY9Q7GZ<1IGguQZI
z`n<4Iy!Hm&V2%bC=V!gkPv`%;|HH-A`NgNp(~DmJYETmbRrKL2dhY6wd}WtiJ=))g
zudc5BU)M=jhxMQAovUls<GJPPTJSjjxLWKF<cM?dO~g$}lvp}!eRB{UzbuLk7K*^d
zEG1s3Xpv6A6YS0EamPay8=Mk}6D)DfW+)*DRT7;JB6j4lYE|_^05vqDgvQ@$Z`j;c
z@dsy_Ig$fORiPkLQMzeogws@@A&##hyMQTFW?rBy`&0m?F2}`gRIVN&YKAvh^lqIR
z*}>~P6^PHWOc(2o>S{)Wu(|aUYLBMKNnAw2!kN*ED%V~GYi0(#^4>6ILtFj&jKz?n
z+!PkeX*5lqDeN!~p~1MJO`HpTgw^TkUbc@xtECpwHCcQER^ku)?$3_{mk%9g!>=Aa
zh@ez~DLb%VR2BX=bk7>q27oOO{c{5$-9*?>-)NP#xGVAao8zbx9h)#Vc!X9Jx7L}?
zZ0-$^0hTJ$&8eKw3=Iqk7!;H-YBWwvnjv~a(#1Z)=x-<Q-kNw-C9DW%R)!)eI!ltJ
z_+GHN$rucE{1b?nQy@x}olWKY>cI|1sx=DEAJ>e4S8e)lYzA%6Os5Fe{NRE4xa0lU
z)dicibfw2j4dG?=S!*@gMK$Ik<af%1G?t0dq14i`Yd8ZWgg%w6j|gi=Mvkc(OwMLw
zU1oaVHFAJvSweU@@jYbpE1zhN&?SN7W7k5T=yr7u@eQUah;61pQKRv}B#-biDC*Mn
zYE`p&mNJ~^x}0h`8)H6Hux=M$>=s~x)@%wX_-MD$@D_&7F4(fH>_umQ=9Xm#zRl9m
zh(dB+9!xBB$?(NAg^lH-=%VI}PE)U|_e_#*qj3<SOEx9t+4QUEtE~j5C-fRH<@o>m
zzy6a%<EYzESPFd4P|v3NIgW1s`@jCvC!`$D4gHu2!oiuFNuaAZla!Nx=%H&LM;&hl
z6xg7~hh!}X6z`&grDvx8M;9G8O3is5-6CBaUHv+`bK{-|jRTO|f;g(|pLWc<-W8oQ
z4@}q4u^I73!);_YZL=JtnZ$Vs4fBR|;<oOe_50tVKWi4%0^Y8x$)i8Ra{6{)LSI5s
z<^fUbz6H8`Yf96UTDAA6)9KW&<fR-1TP@}qoL!AnFYMk(hd7%grAju)2vKc-`V@q^
znDknj25K435P?~<cMbWsp+F(k3QkNgUYGD8TCUL|Cqy`|1A4QobBMD=DQe$Nv_`J0
zr*fhgnBs1BFiUf0!cL5SQkRMXI$b?SMIH$##*e^&Z<1AAn$t;*#)V0Wy0Fz-kpRj9
znSGoXd96S5YLlWVjwh;RlA$@{P#(t~px#%X<(Nwv&r-}0)me$1FeKO%-^MJ<28PwB
z?WlEnc!%Rm<d`doXflKRLSrJL#uY;eLxSzYz^I8;qKOi3Ax|b8!bu?B{4}h=s*x7C
zng(`p==s}6UTvph>3Sb@8_0SKx**Os5b~3Fxtm7b>B72iq4tnwZ80&wTDP(J>vIeK
zKqi3{YRyqb6wToza)a~D0c;QbB8ex=<aYcPxpZJ{JumI)wCxSrCpBnl%-W{SdW(6d
z0?jGOMgt5RE<{Lp)f0_12umeh%To9R$hkPn*er`(IzKRz6&0flad(a)wI-+(<veOb
zGJ>NGszo##M~$ArJi;_pn_vk|uMgCLNl$zjVIdL8KvdZ|=s0WM6yGWyScb71HBPiO
zBv#ux2C6r~c}_AogE=9H@pwXn1m%nhl#|S5*U4DnR2&sGQAO0apyC<|{OYP)Xh>oV
zhN5yG;AoYCH-OV8V)C9zC_;B)PeAG=HP}Zul@rx3*i^2~`$dR6OFRRt&6b&HgY6u1
z5CXg&fvOWV8vW%kLS4C6jjXd``3ErdzEh+^k!Hw8Yb+Y8V-pL7h-QKCT-2VTQqw3C
z2B|YqQ6hjb)Kv^EGA4OWzYJkC2%;$mg$33t{RxD@%HlSb)?`KZONW+4Z&yb&YPd4l
zmUMy+SGY*~Iv<!K3Ph19W9uHx(sU6u8cH#MiL;|=Nqra+E13;)1sjzYrWuwswP7R?
zs9ysYpgKUql*QL!HefGEmW>cbAGFQOex$|ZuM#i28#S)9z7Bf7KsXi56M<Y!Yx928
zP|Ab0T$b1>=n|2p*La#Xf@R`JvOk)ZE<5O5Lta~GsbsBvq%J5&qise0Z3JI+(R9($
z+JlZ!X*pQ#-JB&`!F^U3H4I-09^*Xk7EHumzy8`n(Mg_zZ4iC=Vje$x2CgV!)`1e9
za%1VT#y6t~rfj~uZ<nE(1^tC&g>d6(u)@OE;Jfap8cubqi(VYPeC6Fn$W}P+qN~$>
z#RrFLzR&`+UdgZ>bZC<nTs*6|A0zMgXbOqY&>#r0S1PYIPC<fQ6Fr|Gn&^yeX$rdw
zXXUMVO%|GLUHbV^xo_g|v!o_AscEC}BS?aZ(rRfnU7+iX%`>zh(u7giaNUXwtcs1s
zj4Kh6X|@#L<eELJ-J%D?imZj5U?wLFY$IuknqC{5y3VDTFfMmZ@xUQ~Rg`0bZ>Sn{
zYNPBGwWQg&TgsO(r&6&Rt3G68jyP$-`d3Ph$wob#Nt7_6S-JiOdgk{fLhtY|5I(Nx
z6ytPE)$}G*#51U;Z|m0QoDEYlMH4IxBUda?bEiL7m;}#omMqS!eau+J+B#~beQ<d2
zZKTauIcGT&Btb56MGfMNbM4KbYHKR8Z_Ot*yu?ccs>YtrGWB$b#l(8toMh^T5v6QQ
zW3Aqw-w?i7m#^3PW^GRI9W2Z`8ZO*??5ZZKwa2GQ1yay^BPHOOX*9io@WU=5nb7G@
zNH7uqE)Zuaa8QE_3p6Kb8U^swRBjAYlYX1w!j>X*=UCLY5eNWEqcW<8$uz93i%LWk
zsI?536XQ##LbD3JBm~-lv#2&7vv7r99nv{oAS(Y|poC=vB{Ob?zMN^*VpluHoZc1S
zHE~gjf*1kG1#Mob4+?GyIp!hXyGfj7Rtue)@}eLjJVU2C!|Gc$214^ZI(QzvLM^nn
zhx$KUoxi{8oxDY_FV0WC@4f#HoxVAF|J`|n_VyY*rAH^TSfAfVIt>BPF_W|v!tYH$
z+*x&kg{0B)4$s>24%X5MpSHZn{RP(hZ%9aHup|-sD;8*Puc*Yfw}-A6+S{v4{;;=K
zlvCBJAr-(yqDD&}kXUMf4VDIpa(nb%)b9%9dh8Dmq7G`6hx-!kc*kANNY06t&vvzh
zXiRTPs`O_hDPFXTyMNi&9`o5yIESgW#Ed9O6H(-d4^CT{qfv7Lg%lhXn)&B&ZVsY@
zSKUTq)nTBSWSrtuv@L?R$wtv`G)}ajD?kx2JJstQ%apDm0*v~RKqis(1ZPM!!qe}d
za)mam+p4>IQ%%_o277}`3R#!VBMK8{7#p<xYF#prrLT8-qY8z1x6x>Abu~_Ak`;O1
zVZ1c&wVp(y0DhQ|blOtGUkKeEpUN1YGnV|)cCYO={=cW|>3X{UWv~Ai00960ym$q_
H0I~%DyO4T6

literal 0
HcmV?d00001

diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/.helmignore b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/.helmignore
new file mode 100644
index 00000000..825c0077
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+OWNERS
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/Chart.lock b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/Chart.lock
new file mode 100644
index 00000000..1ac55e23
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: redis-ha
+  repository: https://dandydeveloper.github.io/charts
+  version: 4.33.8
+digest: sha256:99abe093ebc97b930cad234e3bce566bb55e11ed0b2324e195d9783aaf5d1ace
+generated: "2025-08-13T08:08:37.645426006+02:00"
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/Chart.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/Chart.yaml
new file mode 100644
index 00000000..e5343cb0
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/Chart.yaml
@@ -0,0 +1,39 @@
+annotations:
+  artifacthub.io/changes: |
+    - kind: added
+      description: Add support for new container resize policy feature
+      links:
+        - name: Github PR
+          url: https://github.com/oauth2-proxy/manifests/pull/346
+apiVersion: v2
+appVersion: 7.12.0
+dependencies:
+- alias: redis
+  condition: redis.enabled
+  name: redis-ha
+  repository: https://dandydeveloper.github.io/charts
+  version: 4.33.8
+description: A reverse proxy that provides authentication with Google, Github or other
+  providers
+home: https://oauth2-proxy.github.io/oauth2-proxy/
+keywords:
+- kubernetes
+- oauth
+- oauth2
+- authentication
+- google
+- github
+- redis
+kubeVersion: '>=1.16.0-0'
+maintainers:
+- email: pierluigi.lenoci@gmail.com
+  name: pierluigilenoci
+- email: jan@larwig.com
+  name: tuunit
+- email: joel.speed@hotmail.co.uk
+  name: JoelSpeed
+name: oauth2-proxy
+sources:
+- https://github.com/oauth2-proxy/oauth2-proxy
+- https://github.com/oauth2-proxy/manifests
+version: 8.2.0
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/README.md b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/README.md
new file mode 100644
index 00000000..fe13f75e
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/README.md
@@ -0,0 +1,380 @@
+# oauth2-proxy
+
+[oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy) is a reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by e-mail, domain, or group.
+
+## TL;DR;
+
+```console
+$ helm repo add oauth2-proxy https://oauth2-proxy.github.io/manifests
+$ helm install my-release oauth2-proxy/oauth2-proxy
+```
+
+## Introduction
+
+This chart bootstraps an oauth2-proxy deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+$ helm install my-release oauth2-proxy/oauth2-proxy
+```
+
+The command deploys oauth2-proxy on the Kubernetes cluster in the default configuration.
+The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+$ helm uninstall my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like v1.2.3 -> v2.0.0) indicates an incompatible breaking change needing manual actions.
+
+### To 1.0.0
+
+This version upgrades oauth2-proxy to v4.0.0. To upgrade, please see the [changelog](https://github.com/oauth2-proxy/oauth2-proxy/blob/v4.0.0/CHANGELOG.md#v400).
+
+### To 2.0.0
+
+Version 2.0.0 of this chart introduces support for Kubernetes v1.16.x by addressing the Deployment object apiVersion `apps/v1beta2` deprecation.
+See [the v1.16 API deprecations page](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for more information.
+
+Due to [this issue](https://github.com/helm/helm/issues/6583), errors may occur when performing a `helm upgrade` of this chart from versions earlier than 2.0.0.
+
+### To 3.0.0
+
+Version 3.0.0 introduces support for [EKS IAM roles for service accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) by adding a managed service account to the chart.
+This is a breaking change since the service account is enabled by default.
+To disable this behaviour set `serviceAccount.enabled` to `false`
+
+### To 4.0.0
+
+Version 4.0.0 adds support for the new Ingress apiVersion **networking.k8s.io/v1**.
+Therefore, the `ingress.extraPaths` parameter must be updated to the new format.
+See the [v1.22 API deprecations guide](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#ingress-v122) for more information.
+
+For the same reason `service.port` was renamed to `service.portNumber`.
+
+### To 5.0.0
+
+Version 5.0.0 introduces support for custom labels and refactor [Kubernetes recommended labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/). 
+This is a breaking change because many labels of all resources need to be updated to stay consistent.
+
+In order to upgrade, delete the Deployment before upgrading:
+
+```bash
+kubectl delete deployment my-release-oauth2-proxy
+```
+
+This will introduce a slight downtime.
+
+For users who don't want downtime, you can perform these actions:
+
+- Perform a non-cascading removal of the deployment that keeps the pods running
+- Add new labels to pods
+- Perform `helm upgrade`
+
+### To 6.0.0
+
+Version 6.0.0 bumps the version of the Redis subchart from ~10.6.0 to ~16.4.0. 
+You probably need to adjust your Redis configuration. 
+See [here](https://github.com/bitnami/charts/tree/master/bitnami/redis#upgrading) for detailed upgrade instructions.
+
+### To 7.0.0
+
+Version 7.0.0 introduces a new implementation to support multiple hostAliases. 
+You probably need to adjust your hostAliases config. 
+See [here](https://github.com/oauth2-proxy/manifests/pull/164/) for detailed information.
+
+### To 8.0.0 - Bitnami 💀
+
+Version 8.0.0 removes the dependency on the Bitnami Redis subchart and replaces it with the `dandydeveloper/redis-ha` chart. Therefore this version introduces a breaking change to the redis subchart deployment configuration. Please refer to the official [redis-ha repository](https://github.com/DandyDeveloper/charts/tree/master/charts/redis-ha) for details. Furthermore, you can reference the redis CI test value files we use [here](https://github.com/oauth2-proxy/manifests/tree/main/helm/oauth2-proxy/ci).
+
+Furthermore, you can read up on why this change was necessary in [Breaking changes in Bitnami Catalog #323](https://github.com/oauth2-proxy/manifests/issues/323)
+
+
+## Configuration
+
+The following table lists the configurable parameters of the oauth2-proxy chart and their default values.
+
+| Parameter                                             | Description                                                                                                                                                                                                                                                      | Default                                                                                              |
+| ----------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
+| `affinity`                                            | node/pod affinities                                                                                                                                                                                                                                              | None                                                                                                 |
+| `authenticatedEmailsFile.enabled`                     | Enables authorize individual e-mail addresses                                                                                                                                                                                                                    | `false`                                                                                              |
+| `authenticatedEmailsFile.persistence`                 | Defines how the e-mail addresses file will be projected, via a configmap or secret                                                                                                                                                                               | `configmap`                                                                                          |
+| `authenticatedEmailsFile.template`                    | Name of the configmap or secret that is handled outside of that chart                                                                                                                                                                                            | `""`                                                                                                 |
+| `authenticatedEmailsFile.restrictedUserAccessKey`     | The key of the configmap or secret that holds the e-mail addresses list                                                                                                                                                                                          | `""`                                                                                                 |
+| `authenticatedEmailsFile.restricted_access`           | [e-mail addresses](https://oauth2-proxy.github.io/oauth2-proxy/configuration/providers/#email-authentication) list config                                                                                                                                        | `""`                                                                                                 |
+| `authenticatedEmailsFile.annotations`                 | configmap or secret annotations                                                                                                                                                                                                                                  | `nil`                                                                                                |
+| `config.clientID`                                     | oauth client ID                                                                                                                                                                                                                                                  | `""`                                                                                                 |
+| `config.clientSecret`                                 | oauth client secret                                                                                                                                                                                                                                              | `""`                                                                                                 |
+| `config.cookieSecret`                                 | server specific cookie for the secret; create a new one with `openssl rand -base64 32 \| head -c 32 \| base64`                                                                                                                                                   | `""`                                                                                                 |
+| `config.existingSecret`                               | existing Kubernetes secret to use for OAuth2 credentials. See [oauth2-proxy.secrets helper](https://github.com/oauth2-proxy/manifests/blob/main/helm/oauth2-proxy/templates/_helpers.tpl#L157C13-L157C33) for the required values                                | `nil`                                                                                                |
+| `config.configFile`                                   | custom [oauth2_proxy.cfg](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/contrib/oauth2-proxy.cfg.example) contents for settings not overridable via environment nor command line                                                                      | `""`                                                                                                 |
+| `config.existingConfig`                               | existing Kubernetes configmap to use for the configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/configmap.yaml) for the required values                                                 | `nil`                                                                                                |
+| `config.cookieName`                                   | The name of the cookie that oauth2-proxy will create.                                                                                                                                                                                                            | `""`                                                                                                 |
+| `autoscaling.enabled`                                 | Deploy a Horizontal Pod Autoscaler.                                                                                                                                                                                                                              | `false`                                                                                              |
+| `autoscaling.minReplicas`                             | Minimum replicas for the Horizontal Pod Autoscaler.                                                                                                                                                                                                              | `1`                                                                                                  |
+| `autoscaling.maxReplicas`                             | Maximum replicas for the Horizontal Pod Autoscaler.                                                                                                                                                                                                              | `10`                                                                                                 |
+| `autoscaling.targetCPUUtilizationPercentage`          | Horizontal Pod Autoscaler setting.                                                                                                                                                                                                                               | `80`                                                                                                 |
+| `autoscaling.targetMemoryUtilizationPercentage`       | Horizontal Pod Autoscaler setting.                                                                                                                                                                                                                               | ``                                                                                                   |
+| `autoscaling.annotations`                             | Horizontal Pod Autoscaler annotations.                                                                                                                                                                                                                           | `{}`                                                                                                 |
+| `autoscaling.behavior`                                | Configure HPA behavior policies for scaling. See [docs](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#configuring-scaling-behavior)                                                                                                | `{}`                                                                                                 |
+| `alphaConfig.enabled`                                 | Flag to toggle any alpha config-related logic                                                                                                                                                                                                                    | `false`                                                                                              |
+| `alphaConfig.annotations`                             | Configmap annotations                                                                                                                                                                                                                                            | `{}`                                                                                                 |
+| `alphaConfig.serverConfigData`                        | Arbitrary configuration data to append to the server section                                                                                                                                                                                                     | `{}`                                                                                                 |
+| `alphaConfig.metricsConfigData`                       | Arbitrary configuration data to append to the metrics section                                                                                                                                                                                                    | `{}`                                                                                                 |
+| `alphaConfig.configData`                              | Arbitrary configuration data to append                                                                                                                                                                                                                           | `{}`                                                                                                 |
+| `alphaConfig.configFile`                              | Arbitrary configuration to append, treated as a Go template and rendered with the root context                                                                                                                                                                   | `""`                                                                                                 |
+| `alphaConfig.existingConfig`                          | existing Kubernetes configmap to use for the alpha configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/secret-alpha.yaml) for the required values                                        | `nil`                                                                                                |
+| `alphaConfig.existingSecret`                          | existing Kubernetes secret to use for the alpha configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/secret-alpha.yaml) for the required values                                           | `nil`                                                                                                |
+| `customLabels`                                        | Custom labels to add into metadata                                                                                                                                                                                                                               | `{}`                                                                                                 |
+| `config.google.adminEmail`                            | user impersonated by the Google service account                                                                                                                                                                                                                  | `""`                                                                                                 |
+| `config.google.useApplicationDefaultCredentials`      | use the application-default credentials (i.e. Workload Identity on GKE) instead of providing a service account JSON                                                                                                                                              | `false`                                                                                              |
+| `config.google.targetPrincipal`                       | service account to use/impersonate                                                                                                                                                                                                                               | `""`                                                                                                 |
+| `config.google.serviceAccountJson`                    | Google service account JSON contents                                                                                                                                                                                                                             | `""`                                                                                                 |
+| `config.google.existingConfig`                        | existing Kubernetes configmap to use for the service account file. See [Google secret template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/google-secret.yaml) for the required values                                    | `nil`                                                                                                |
+| `config.google.groups`                                | restrict logins to members of these Google groups                                                                                                                                                                                                                | `[]`                                                                                                 |
+| `containerPort`                                       | used to customize port on the deployment                                                                                                                                                                                                                         | `""`                                                                                                 |
+| `enableServiceLinks`                                  | configure deployment enableServiceLinks                                                                                                                                                                                                                          | `true`                                                                                               |
+| `extraArgs`                                           | Extra arguments to give the binary. Either as a map with key:value pairs or as a list type, which allows the same flag to be configured multiple times. (e.g. `["--allowed-role=CLIENT_ID:CLIENT_ROLE_NAME_A", "--allowed-role=CLIENT_ID:CLIENT_ROLE_NAME_B"]`). | `{}` or `[]`                                                                                         |
+| `extraContainers`                                     | List of extra containers to be added to the pod                                                                                                                                                                                                                  | `[]`                                                                                                 |
+| `extraInitContainers`                                 | List of extra initContainers to be added to the pod                                                                                                                                                                                                              | `[]`                                                                                                 |
+| `extraEnv`                                            | key:value list of extra environment variables to give the binary                                                                                                                                                                                                 | `[]`                                                                                                 |
+| `extraVolumes`                                        | list of extra volumes                                                                                                                                                                                                                                            | `[]`                                                                                                 |
+| `extraVolumeMounts`                                   | list of extra volumeMounts                                                                                                                                                                                                                                       | `[]`                                                                                                 |
+| `hostAliases`                                         | hostAliases is a list of aliases to be added to /etc/hosts for network name resolution.                                                                                                                                                                          |                                                                                                      |
+| `htpasswdFile.enabled`                                | enable htpasswd-file option                                                                                                                                                                                                                                      | `false`                                                                                              |
+| `htpasswdFile.entries`                                | list of [encrypted user:passwords](https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#command-line-options)                                                                                                                                      | `{}`                                                                                                 |
+| `htpasswdFile.existingSecret`                         | existing Kubernetes secret to use for OAuth2 htpasswd file                                                                                                                                                                                                       | `""`                                                                                                 |
+| `httpScheme`                                          | `http` or `https`. `name` used for the port on the deployment. `httpGet` port `name` and `scheme` used for `liveness`- and `readinessProbes`. `name` and `targetPort` used for the service.                                                                      | `http`                                                                                               |
+| `image.pullPolicy`                                    | Image pull policy                                                                                                                                                                                                                                                | `IfNotPresent`                                                                                       |
+| `image.command`                                       | Define command to be executed by container at startup                                                                                                                                                                                                            | `[]`                                                                                                 |
+| `image.repository`                                    | Image repository                                                                                                                                                                                                                                                 | `quay.io/oauth2-proxy/oauth2-proxy`                                                                  |
+| `image.tag`                                           | Image tag                                                                                                                                                                                                                                                        | `""` (defaults to appVersion)                                                                        |
+| `imagePullSecrets`                                    | Specify image pull secrets                                                                                                                                                                                                                                       | `nil` (does not add image pull secrets to deployed pods)                                             |
+| `ingress.enabled`                                     | Enable Ingress                                                                                                                                                                                                                                                   | `false`                                                                                              |
+| `ingress.className`                                   | name referencing IngressClass                                                                                                                                                                                                                                    | `nil`                                                                                                |
+| `ingress.path`                                        | Ingress accepted path                                                                                                                                                                                                                                            | `/`                                                                                                  |
+| `ingress.pathType`                                    | Ingress [path type](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types)                                                                                                                                                                 | `ImplementationSpecific`                                                                             |
+| `ingress.extraPaths`                                  | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/guide/ingress/annotations/).                            | `[]`                                                                                                 |
+| `ingress.labels`                                      | Ingress extra labels                                                                                                                                                                                                                                             | `{}`                                                                                                 |
+| `ingress.annotations`                                 | Ingress annotations                                                                                                                                                                                                                                              | `nil`                                                                                                |
+| `ingress.hosts`                                       | Ingress accepted hostnames                                                                                                                                                                                                                                       | `nil`                                                                                                |
+| `ingress.tls`                                         | Ingress TLS configuration                                                                                                                                                                                                                                        | `nil`                                                                                                |
+| `initContainers.waitForRedis.enabled`                 | If `redis.enabled` is true, use an init container to wait for the Redis master pod to be ready. If `serviceAccount.enabled` is true, create additionally a role/binding to get, list, and watch the Redis master pod                                             | `true`                                                                                               |
+| `initContainers.waitForRedis.image.pullPolicy`        | kubectl image pull policy                                                                                                                                                                                                                                        | `IfNotPresent`                                                                                       |
+| `initContainers.waitForRedis.image.repository`        | kubectl image repository                                                                                                                                                                                                                                         | `docker.io/bitnami/kubectl`                                                                          |
+| `initContainers.waitForRedis.kubectlVersion`          | kubectl version to use for the init container                                                                                                                                                                                                                    | `printf "%s.%s" .Capabilities.KubeVersion.Major (.Capabilities.KubeVersion.Minor \| replace "+" "")` |
+| `initContainers.waitForRedis.securityContext.enabled` | enable Kubernetes security context on container                                                                                                                                                                                                                  | `true`                                                                                               |
+| `initContainers.waitForRedis.timeout`                 | number of seconds                                                                                                                                                                                                                                                | 180                                                                                                  |
+| `initContainers.waitForRedis.resources`               | pod resource requests & limits                                                                                                                                                                                                                                   | `{}`                                                                                                 |
+| `livenessProbe.enabled`                               | enable Kubernetes livenessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks)                                                                                                             | `true`                                                                                               |
+| `livenessProbe.initialDelaySeconds`                   | number of seconds                                                                                                                                                                                                                                                | 0                                                                                                    |
+| `livenessProbe.timeoutSeconds`                        | number of seconds                                                                                                                                                                                                                                                | 1                                                                                                    |
+| `namespaceOverride`                                   | Override the deployment namespace                                                                                                                                                                                                                                | `""`                                                                                                 |
+| `nodeSelector`                                        | node labels for pod assignment                                                                                                                                                                                                                                   | `{}`                                                                                                 |
+| `deploymentAnnotations`                               | annotations to add to the deployment                                                                                                                                                                                                                             | `{}`                                                                                                 |
+| `podAnnotations`                                      | annotations to add to each pod                                                                                                                                                                                                                                   | `{}`                                                                                                 |
+| `podLabels`                                           | additional labels to add to each pod                                                                                                                                                                                                                             | `{}`                                                                                                 |
+| `podDisruptionBudget.enabled`                         | Enabled creation of PodDisruptionBudget (only if replicaCount > 1)                                                                                                                                                                                               | true                                                                                                 |
+| `podDisruptionBudget.maxUnavailable`                  | maxUnavailable parameter for PodDisruptionBudget, one of maxUnavailable and minAvailable must be null                                                                                                                                                            | null                                                                                                 |
+| `podDisruptionBudget.minAvailable`                    | minAvailable parameter for PodDisruptionBudget, one of maxUnavailable and minAvailable must be null                                                                                                                                                              | 1                                                                                                    |
+| `podDisruptionBudget.unhealthyPodEvictionPolicy`      | Policy for when unhealthy pods should be considered for eviction. Valid values are "IfHealthyBudget" and "AlwaysAllow". See [Kubernetes docs](https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy)                   | `""`                                                                                                 |
+| `podSecurityContext`                                  | Kubernetes security context to apply to pod                                                                                                                                                                                                                      | `{}`                                                                                                 |
+| `priorityClassName`                                   | priorityClassName                                                                                                                                                                                                                                                | `nil`                                                                                                |
+| `readinessProbe.enabled`                              | enable Kubernetes readinessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks)                                                                                                            | `true`                                                                                               |
+| `readinessProbe.initialDelaySeconds`                  | number of seconds                                                                                                                                                                                                                                                | 0                                                                                                    |
+| `readinessProbe.timeoutSeconds`                       | number of seconds                                                                                                                                                                                                                                                | 5                                                                                                    |
+| `readinessProbe.periodSeconds`                        | number of seconds                                                                                                                                                                                                                                                | 10                                                                                                   |
+| `readinessProbe.successThreshold`                     | number of successes                                                                                                                                                                                                                                              | 1                                                                                                    |
+| `replicaCount`                                        | desired number of pods                                                                                                                                                                                                                                           | `1`                                                                                                  |
+| `resources`                                           | pod resource requests & limits                                                                                                                                                                                                                                   | `{}`                                                                                                 |
+| `resizePolicy`                                        | Container resize policy for runtime resource updates. See [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/resize-container-resources/)                                                                                               | `[]`                                                                                                 |
+| `revisionHistoryLimit`                                | maximum number of revisions maintained                                                                                                                                                                                                                           | 10                                                                                                   |
+| `service.portNumber`                                  | port number for the service                                                                                                                                                                                                                                      | `80`                                                                                                 |
+| `service.appProtocol`                                 | application protocol on the port of the service                                                                                                                                                                                                                  | `http`                                                                                               |
+| `service.externalTrafficPolicy`                       | denotes if the service desires to route external traffic to node-local or cluster-wide endpoints                                                                                                                                                                 | `Cluster`                                                                                            |
+| `service.internalTrafficPolicy`                       | denotes if the service desires to route internal traffic to node-local or cluster-wide endpoints                                                                                                                                                                 | `Cluster`                                                                                            |
+| `service.type`                                        | type of service                                                                                                                                                                                                                                                  | `ClusterIP`                                                                                          |
+| `service.clusterIP`                                   | cluster ip address                                                                                                                                                                                                                                               | `nil`                                                                                                |
+| `service.loadBalancerIP`                              | ip of load balancer                                                                                                                                                                                                                                              | `nil`                                                                                                |
+| `service.loadBalancerSourceRanges`                    | allowed source ranges in load balancer                                                                                                                                                                                                                           | `nil`                                                                                                |
+| `service.nodePort`                                    | external port number for the service when service.type is `NodePort`                                                                                                                                                                                             | `nil`                                                                                                |
+| `service.targetPort`                                  | (optional) a numeric port number (e.g., 80) or a port name defined in the pod's container(s) (e.g., http)                                                                                                                                                        | `""`                                                                                                 |
+| `service.ipDualStack.enabled`                         | enable IPv4/IPv6 dual-stack for the service                                                                                                                                                                                                                      | `false`                                                                                              |
+| `service.ipDualStack.ipFamilies`                      | ip families for the service if IPv4/IPv6 dual-stack is enabled                                                                                                                                                                                                   | `["IPv6", "IPv4"]`                                                                                   |
+| `service.ipDualStack.ipFamilyPolicy`                  | ip family policy for the service if IPv4/IPv6 dual-stack is enabled                                                                                                                                                                                              | `"PreferDualStack"`                                                                                  |
+| `service.trafficDistribution`                         | traffic distribution policy for the service. See [Kubernetes docs](https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution)                                                                                                        | `""`                                                                                                 |
+| `serviceAccount.enabled`                              | create a service account                                                                                                                                                                                                                                         | `true`                                                                                               |
+| `serviceAccount.name`                                 | the service account name                                                                                                                                                                                                                                         | ``                                                                                                   |
+| `serviceAccount.annotations`                          | (optional) annotations for the service account                                                                                                                                                                                                                   | `{}`                                                                                                 |
+| `strategy`                                            | configure deployment strategy                                                                                                                                                                                                                                    | `{}`                                                                                                 |
+| `tolerations`                                         | list of node taints to tolerate                                                                                                                                                                                                                                  | `[]`                                                                                                 |
+| `securityContext.enabled`                             | enable Kubernetes security context on container                                                                                                                                                                                                                  | `true`                                                                                               |
+| `proxyVarsAsSecrets`                                  | Choose between environment values or secrets for setting up OAUTH2_PROXY variables. When set to false, remember to add the variables OAUTH2_PROXY_CLIENT_ID, OAUTH2_PROXY_CLIENT_SECRET, OAUTH2_PROXY_COOKIE_SECRET in extraEnv                                  | `true`                                                                                               |
+| `sessionStorage.type`                                 | Session storage type which can be one of the following: `cookie` or `redis`                                                                                                                                                                                      | `cookie`                                                                                             |
+| `sessionStorage.redis.existingSecret`                 | Name of the Kubernetes secret containing the Redis & Redis sentinel password values (see also `sessionStorage.redis.passwordKey`)                                                                                                                                | `""`                                                                                                 |
+| `sessionStorage.redis.password`                       | Redis password. Applicable for all Redis configurations. Taken from Redis subchart secret if not set. `sessionStorage.redis.existingSecret` takes precedence                                                                                                     | `nil`                                                                                                |
+| `sessionStorage.redis.passwordKey`                    | Key of the Kubernetes secret data containing the Redis password value                                                                                                                                                                                            | `redis-password`                                                                                     |
+| `sessionStorage.redis.clientType`                     | Allows the user to select which type of client will be used for the Redis instance. Possible options are: `sentinel`, `cluster` or `standalone`                                                                                                                  | `standalone`                                                                                         |
+| `sessionStorage.redis.standalone.connectionUrl`       | URL of Redis standalone server for Redis session storage (e.g., `redis://HOST[:PORT]`). Automatically generated if not set.                                                                                                                                      | `""`                                                                                                 |
+| `sessionStorage.redis.cluster.connectionUrls`         | List of Redis cluster connection URLs (e.g., `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`)                                                                                                                                                             | `[]`                                                                                                 |
+| `sessionStorage.redis.sentinel.existingSecret`        | Name of the Kubernetes secret containing the Redis sentinel password value (see also `sessionStorage.redis.sentinel.passwordKey`). Default: `sessionStorage.redis.existingSecret`                                                                                | `""`                                                                                                 |
+| `sessionStorage.redis.sentinel.password`              | Redis sentinel password. Used only for sentinel connection; any Redis node passwords need to use `sessionStorage.redis.password`                                                                                                                                 | `nil`                                                                                                |
+| `sessionStorage.redis.sentinel.passwordKey`           | Key of the Kubernetes secret data containing the Redis sentinel password value                                                                                                                                                                                   | `redis-sentinel-password`                                                                            |
+| `sessionStorage.redis.sentinel.masterName`            | Redis sentinel master name                                                                                                                                                                                                                                       | `nil`                                                                                                |
+| `sessionStorage.redis.sentinel.connectionUrls`        | List of Redis sentinel connection URLs (e.g. `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`)                                                                                                                                                             | `[]`                                                                                                 |
+| `topologySpreadConstraints`                           | List of pod topology spread constraints                                                                                                                                                                                                                          | `[]`                                                                                                 |
+| `redis.enabled`                                       | Enable the Redis subchart deployment                                                                                                                                                                                                                             | `false`                                                                                              |
+| `checkDeprecation`                                    | Enable deprecation checks                                                                                                                                                                                                                                        | `true`                                                                                               |
+| `metrics.enabled`                                     | Enable Prometheus metrics endpoint                                                                                                                                                                                                                               | `true`                                                                                               |
+| `metrics.port`                                        | Serve Prometheus metrics on this port                                                                                                                                                                                                                            | `44180`                                                                                              |
+| `metrics.nodePort`                                    | External port for the metrics when service.type is `NodePort`                                                                                                                                                                                                    | `nil`                                                                                                |
+| `metrics.service.appProtocol`                         | application protocol of the metrics port in the service                                                                                                                                                                                                          | `http`                                                                                               |
+| `metrics.serviceMonitor.enabled`                      | Enable Prometheus Operator ServiceMonitor                                                                                                                                                                                                                        | `false`                                                                                              |
+| `metrics.serviceMonitor.namespace`                    | Define the namespace where to deploy the ServiceMonitor resource                                                                                                                                                                                                 | `""`                                                                                                 |
+| `metrics.serviceMonitor.prometheusInstance`           | Prometheus Instance definition                                                                                                                                                                                                                                   | `default`                                                                                            |
+| `metrics.serviceMonitor.interval`                     | Prometheus scrape interval                                                                                                                                                                                                                                       | `60s`                                                                                                |
+| `metrics.serviceMonitor.scrapeTimeout`                | Prometheus scrape timeout                                                                                                                                                                                                                                        | `30s`                                                                                                |
+| `metrics.serviceMonitor.labels`                       | Add custom labels to the ServiceMonitor resource                                                                                                                                                                                                                 | `{}`                                                                                                 |
+| `metrics.serviceMonitor.scheme`                       | HTTP scheme for scraping. It can be used with `tlsConfig` for example, if using Istio mTLS.                                                                                                                                                                      | `""`                                                                                                 |
+| `metrics.serviceMonitor.tlsConfig`                    | TLS configuration when scraping the endpoint. For example, if using Istio mTLS.                                                                                                                                                                                  | `{}`                                                                                                 |
+| `metrics.serviceMonitor.bearerTokenFile`              | Path to bearer token file.                                                                                                                                                                                                                                       | `""`                                                                                                 |
+| `metrics.serviceMonitor.annotations`                  | Used to pass annotations that are used by the Prometheus installed in your cluster                                                                                                                                                                               | `{}`                                                                                                 |
+| `metrics.serviceMonitor.metricRelabelings`            | Metric relabel configs to apply to samples before ingestion.                                                                                                                                                                                                     | `[]`                                                                                                 |
+| `metrics.serviceMonitor.relabelings`                  | Relabel configs to apply to samples before ingestion.                                                                                                                                                                                                            | `[]`                                                                                                 |
+| `extraObjects`                                        | Extra K8s manifests to deploy                                                                                                                                                                                                                                    | `[]`                                                                                                 |
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```console
+$ helm install my-release oauth2-proxy/oauth2-proxy \
+  --set=image.tag=v0.0.2,resources.limits.cpu=200m
+```
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+
+```console
+$ helm install my-release oauth2-proxy/oauth2-proxy -f values.yaml
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml)
+
+## TLS Configuration
+
+See: [TLS Configuration](https://oauth2-proxy.github.io/oauth2-proxy/configuration/tls/).
+Use ```values.yaml``` like:
+
+```yaml
+...
+extraArgs:
+  tls-cert-file: /path/to/cert.pem
+  tls-key-file: /path/to/cert.key
+
+extraVolumes:
+  - name: ssl-cert
+    secret:
+      secretName: my-ssl-secret
+
+extraVolumeMounts:
+  - mountPath: /path/to/
+    name: ssl-cert
+...
+```
+
+With a secret called `my-ssl-secret`:
+
+```yaml
+...
+data:
+  cert.pem: AB..==
+  cert.key: CD..==
+```
+
+## Extra environment variable templating
+The extraEnv value supports the tpl function, which evaluates strings as templates inside the deployment template.
+This is useful for passing a template string as a value to the chart's extra environment variables and rendering external configuration environment values.
+
+```yaml
+...
+tplValue: "This is a test value for the tpl function"
+extraEnv:
+  - name: TEST_ENV_VAR_1
+    value: test_value_1
+  - name: TEST_ENV_VAR_2
+    value: '{{ .Values.tplValue }}'
+```
+
+## Custom templates configuration
+You can replace the default template files using a Kubernetes `configMap` volume. The default templates are the two files [sign_in.html](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/pkg/app/pagewriter/sign_in.html) and [error.html](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/pkg/app/pagewriter/error.html).
+
+```yaml
+config:
+  configFile: |
+    ...
+    custom_templates_dir = "/data/custom-templates"
+
+extraVolumes:
+  - name: custom-templates
+    configMap:
+      name: oauth2-proxy-custom-templates
+
+extraVolumeMounts:
+  - name: custom-templates
+    mountPath: "/data/custom-templates"
+    readOnly: true
+
+extraObjects:
+  - apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: oauth2-proxy-custom-templates
+    data:
+      sign_in.html: |
+        <!DOCTYPE html>
+        <html>
+        <body>sign_in</body>
+        </html>
+      error.html: |
+        <!DOCTYPE html>
+        <html>
+        <body>
+        <h1>error</h1>
+        <p>{{`{{ .StatusCode }}`}}</p>
+        </body>
+        </html>
+```
+
+## Multi whitelist-domain configuration
+You must use the config.configFile section for a multi-whitelist-domain configuration for one Oauth2-proxy instance.
+
+It will be overwriting the `/etc/oauth2_proxy/oauth2_proxy.cfg` [configuration file](https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#config-file).
+In this example, Google provider is used, but you can find all other provider configurations here [oauth_provider](https://oauth2-proxy.github.io/oauth2-proxy/configuration/providers/).
+
+```
+config:
+  ...
+  clientID="$YOUR_GOOGLE_CLIENT_ID"
+  clientSecret="$YOUR_GOOGLE_CLIENT_SECRET"
+  cookieSecret="$YOUR_COOKIE_SECRET"
+  configFile: |
+    ...
+    email_domains = [ "*" ]
+    upstreams = [ "file:///dev/null" ]
+    cookie_secure = "false"
+    cookie_domains = [ ".domain.com", ".example.io" ]
+    whitelist_domains = [ ".domain.com", ".example.io"]
+    provider = "google"
+```
+
+## Route requests to sidecar container
+You can route requests to a sidecar container first by setting the `service.targetPort` variable. The possible values for the targetPort field of a Kubernetes Service can be either a port number or the name of a port defined in the pod. By default, the service's `targetPort` value equals to `httpSchema`'s.
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/.helmignore b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/.helmignore
new file mode 100644
index 00000000..ee9c40f0
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/.helmignore
@@ -0,0 +1,25 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+ci/
+*.gotmpl
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/Chart.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/Chart.yaml
new file mode 100644
index 00000000..4622e91f
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/Chart.yaml
@@ -0,0 +1,19 @@
+apiVersion: v2
+appVersion: 7.2.7
+description: This Helm chart provides a highly available Redis implementation with
+  a master/slave configuration and uses Sentinel sidecars for failover management
+home: http://redis.io/
+icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png
+keywords:
+- redis
+- keyvalue
+- database
+maintainers:
+- email: aaron.layfield@gmail.com
+  name: dandydeveloper
+name: redis-ha
+sources:
+- https://redis.io/download
+- https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha
+- https://github.com/oliver006/redis_exporter
+version: 4.33.8
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/README.md b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/README.md
new file mode 100644
index 00000000..e1562b08
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/README.md
@@ -0,0 +1,485 @@
+# Redis
+
+[Redis](http://redis.io/) is an advanced key-value cache and store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets, sorted sets, bitmaps and hyperloglogs.
+
+## TL;DR
+
+```bash
+helm repo add dandydev https://dandydeveloper.github.io/charts
+helm install dandydev/redis-ha
+```
+
+By default this chart install 3 pods total:
+
+* one pod containing a redis master and sentinel container (optional prometheus metrics exporter sidecar available)
+* two pods each containing a redis slave and sentinel containers (optional prometheus metrics exporter sidecars available)
+
+## Introduction
+
+This chart bootstraps a [Redis](https://redis.io) highly available master/slave statefulset in a [Kubernetes](http://kubernetes.io) cluster using the Helm package manager.
+
+## Prerequisites
+
+* Kubernetes 1.8+ with Beta APIs enabled
+* PV provisioner support in the underlying infrastructure
+
+## Upgrading the Chart
+
+Please note that there have been a number of changes simplifying the redis management strategy (for better failover and elections) in the 3.x version of this chart. These changes allow the use of official [redis](https://hub.docker.com/_/redis/) images that do not require special RBAC or ServiceAccount roles. As a result when upgrading from version >=2.0.1 to >=3.0.0 of this chart, `Role`, `RoleBinding`, and `ServiceAccount` resources should be deleted manually.
+
+### Upgrading the chart from 3.x to 4.x
+
+Starting from version `4.x` HAProxy sidecar prometheus-exporter removed and replaced by the embedded [HAProxy metrics endpoint](https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter), as a result when upgrading from version 3.x to 4.x section `haproxy.exporter` should be removed and the `haproxy.metrics` need to be configured for fit your needs.
+
+## Installing the Chart
+
+To install the chart
+
+```bash
+helm repo add dandydev https://dandydeveloper.github.io/charts
+helm install dandydev/redis-ha
+```
+
+The command deploys Redis on the Kubernetes cluster in the default configuration. By default this chart install one master pod containing redis master container and sentinel container along with 2 redis slave pods each containing their own sentinel sidecars. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall/delete the deployment:
+
+```bash
+helm delete <chart-name>
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+The following table lists the configurable parameters of the Redis chart and their default values.
+
+### General parameters
+
+| Parameter | Description | Type | Default |
+|-----|------|---------|-------------|
+| `additionalAffinities` | Additional affinities to add to the Redis server pods. # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | object | `{}` |
+| `affinity` | Override all other affinity settings for the Redis server pods with a string. | string | `""` |
+| `auth` | Configures redis with AUTH (requirepass & masterauth conf params) | bool | `false` |
+| `authKey` | Defines the key holding the redis password in existing secret. | string | `"auth"` |
+| `configmap.labels` | Custom labels for the redis configmap | object | `{}` |
+| `configmapTest.image` | Image for redis-ha-configmap-test hook | object | `{"repository":"koalaman/shellcheck","tag":"v0.10.0"}` |
+| `configmapTest.image.repository` | Repository of the configmap shellcheck test image. | string | `"koalaman/shellcheck"` |
+| `configmapTest.image.tag` | Tag of the configmap shellcheck test image. | string | `"v0.10.0"` |
+| `configmapTest.resources` | Resources for the ConfigMap test pod | object | `{}` |
+| `containerSecurityContext` | Security context to be added to the Redis containers. | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}}` |
+| `emptyDir` | Configuration of `emptyDir`, used only if persistentVolume is disabled and no hostPath specified | object | `{}` |
+| `existingSecret` | An existing secret containing a key defined by `authKey` that configures `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`, cannot be used in conjunction with `.Values.redisPassword`) | string | `nil` |
+| `extraContainers` | Extra containers to include in StatefulSet | list | `[]` |
+| `extraInitContainers` | Extra init containers to include in StatefulSet | list | `[]` |
+| `extraLabels` | Labels added here are applied to all created resources | object | `{}` |
+| `extraVolumes` | Extra volumes to include in StatefulSet | list | `[]` |
+| `fullnameOverride` | Full name of the Redis HA Resources | string | `""` |
+| `global.compatibility` | Openshift compatibility options | object | `{"openshift":{"adaptSecurityContext":"auto"}}` |
+| `global.priorityClassName` | Default priority class for all components | string | `""` |
+| `hardAntiAffinity` | Whether the Redis server pods should be forced to run on separate nodes. # This is accomplished by setting their AntiAffinity with requiredDuringSchedulingIgnoredDuringExecution as opposed to preferred. # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature | bool | `true` |
+| `hostPath.chown` | if chown is true, an init-container with root permissions is launched to change the owner of the hostPath folder to the user defined in the security context | bool | `true` |
+| `hostPath.path` | Use this path on the host for data storage. path is evaluated as template so placeholders are replaced | string | `""` |
+| `image.pullPolicy` | Redis image pull policy | string | `"IfNotPresent"` |
+| `image.repository` | Redis image repository | string | `"public.ecr.aws/docker/library/redis"` |
+| `image.tag` | Redis image tag | string | `"7.2.7-alpine"` |
+| `imagePullSecrets` | Reference to one or more secrets to be used when pulling redis images | list | `[]` |
+| `init.resources` | Extra init resources | object | `{}` |
+| `labels` | Custom labels for the redis pod | object | `{}` |
+| `nameOverride` | Name override for Redis HA resources  | string | `""` |
+| `networkPolicy.annotations` | Annotations for NetworkPolicy | object | `{}` |
+| `networkPolicy.egressRules` | user can define egress rules too, uses the same structure as ingressRules | list | `[{"ports":[{"port":53,"protocol":"UDP"},{"port":53,"protocol":"TCP"}],"selectors":[{"namespaceSelector":{}},{"ipBlock":{"cidr":"169.254.0.0/16"}}]}]` |
+| `networkPolicy.egressRules[0].selectors[0]` | Allow all destinations for DNS traffic | object | `{"namespaceSelector":{}}` |
+| `networkPolicy.enabled` | whether NetworkPolicy for Redis StatefulSets should be created. when enabled, inter-Redis connectivity is created | bool | `false` |
+| `networkPolicy.ingressRules` | User defined ingress rules that Redis should permit into. Uses the format defined in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors | list | `[]` |
+| `networkPolicy.labels` | Labels for NetworkPolicy | object | `{}` |
+| `nodeSelector` | Node labels for pod assignment | object | `{}` |
+| `persistentVolume.accessModes` | Persistent volume access modes | list | `["ReadWriteOnce"]` |
+| `persistentVolume.annotations` | Annotations for the volume | object | `{}` |
+| `persistentVolume.enabled` | Enable persistent volume | bool | `true` |
+| `persistentVolume.labels` | Labels for the volume | object | `{}` |
+| `persistentVolume.size` | Persistent volume size | string | `"10Gi"` |
+| `persistentVolume.storageClass` | redis-ha data Persistent Volume Storage Class | string | `nil` |
+| `podDisruptionBudget` | Pod Disruption Budget rules | object | `{}` |
+| `podManagementPolicy` | The statefulset pod management policy | string | `"OrderedReady"` |
+| `priorityClassName` | Kubernetes priorityClass name for the redis-ha-server pod | string | `""` |
+| `rbac.create` | Create and use RBAC resources | bool | `true` |
+| `redis.annotations` | Annotations for the redis statefulset | object | `{}` |
+| `redis.authClients` | It is possible to disable client side certificates authentication when "authClients" is set to "no" | string | `""` |
+| `redis.config` | Any valid redis config options in this section will be applied to each server, For multi-value configs use list instead of string (for example loadmodule) (see below) | object | see values.yaml |
+| `redis.config.maxmemory` | Max memory to use for each redis instance. Default is unlimited. | string | `"0"` |
+| `redis.config.maxmemory-policy` | Max memory policy to use for each redis instance. Default is volatile-lru. | string | `"volatile-lru"` |
+| `redis.config.min-replicas-max-lag` | Value in seconds | int | `5` |
+| `redis.config.repl-diskless-sync` | When enabled, directly sends the RDB over the wire to slaves, without using the disk as intermediate storage. Default is false. | string | `"yes"` |
+| `redis.config.save` | Please note that local (on-disk) RDBs will still be created when re-syncing with a new slave. The only way to prevent this is to enable diskless replication. | string | `"900 1"` |
+| `redis.customArgs` | Allows overriding the redis container arguments | list | `[]` |
+| `redis.customCommand` | Allows overriding the redis container command | list | `[]` |
+| `redis.customConfig` | Allows for custom redis.conf files to be applied. If this is used then `redis.config` is ignored | string | `nil` |
+| `redis.disableCommands` | Array with commands to disable | list | `["FLUSHDB","FLUSHALL"]` |
+| `redis.envFrom` | Load environment variables from ConfigMap/Secret | list | `[]` |
+| `redis.extraVolumeMounts` | additional volumeMounts for Redis container | list | `[]` |
+| `redis.lifecycle` | Container Lifecycle Hooks for redis container Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ | object | see values.yaml |
+| `redis.livenessProbe` | Liveness probe parameters for redis container | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15}` |
+| `redis.livenessProbe.enabled` | Enable the Liveness Probe | bool | `true` |
+| `redis.livenessProbe.failureThreshold` | Failure threshold for liveness probe | int | `5` |
+| `redis.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe | int | `30` |
+| `redis.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | int | `15` |
+| `redis.livenessProbe.successThreshold` | Success threshold for liveness probe | int | `1` |
+| `redis.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe | int | `15` |
+| `redis.masterGroupName` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | string | `"mymaster"` |
+| `redis.port` | Port to access the redis service | int | `6379` |
+| `redis.readinessProbe` | Readiness probe parameters for redis container | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15}` |
+| `redis.readinessProbe.enabled` | Enable the Readiness Probe | bool | `true` |
+| `redis.readinessProbe.failureThreshold` | Failure threshold for readiness probe | int | `5` |
+| `redis.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe | int | `30` |
+| `redis.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | int | `15` |
+| `redis.readinessProbe.successThreshold` | Success threshold for readiness probe | int | `1` |
+| `redis.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe | int | `15` |
+| `redis.resources` | CPU/Memory for master/slave nodes resource requests/limits | object | `{}` |
+| `redis.startupProbe` | Startup probe parameters for redis container | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":5,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":15}` |
+| `redis.startupProbe.enabled` | Enable Startup Probe | bool | `true` |
+| `redis.startupProbe.failureThreshold` | Failure threshold for startup probe | int | `3` |
+| `redis.startupProbe.initialDelaySeconds` | Initial delay in seconds for startup probe | int | `5` |
+| `redis.startupProbe.periodSeconds` | Period in seconds after which startup probe will be repeated | int | `10` |
+| `redis.startupProbe.successThreshold` | Success threshold for startup probe | int | `1` |
+| `redis.startupProbe.timeoutSeconds` | Timeout seconds for startup probe | int | `15` |
+| `redis.terminationGracePeriodSeconds` | Increase terminationGracePeriodSeconds to allow writing large RDB snapshots. (k8s default is 30s) ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination-forced | int | `60` |
+| `redis.tlsPort` | TLS Port to access the redis service | int | `nil` |
+| `redis.tlsReplication` | Configures redis with tls-replication parameter, if true sets "tls-replication yes" in redis.conf | bool | `nil` |
+| `redis.updateStrategy` | Update strategy for Redis StatefulSet # ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies | object | `{"type":"RollingUpdate"}` |
+| `redisPassword` | A password that configures a `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`) | string | `nil` |
+| `replicas` | Number of redis master/slave | int | `3` |
+| `restore.existingSecret` | Set existingSecret to true to use secret specified in existingSecret above | bool | `false` |
+| `restore.s3.access_key` | Restore init container - AWS AWS_ACCESS_KEY_ID to access restore.s3.source | string | `""` |
+| `restore.s3.region` | Restore init container - AWS AWS_REGION to access restore.s3.source | string | `""` |
+| `restore.s3.secret_key` | Restore init container - AWS AWS_SECRET_ACCESS_KEY to access restore.s3.source | string | `""` |
+| `restore.s3.source` | Restore init container - AWS S3 location of dump - i.e. s3://bucket/dump.rdb or false | string | `""` |
+| `restore.ssh.key` | Restore init container - SSH private key to scp restore.ssh.source to init container. Key should be in one line separated with \n. i.e. `-----BEGIN RSA PRIVATE KEY-----\n...\n...\n-----END RSA PRIVATE KEY-----` | string | `""` |
+| `restore.ssh.source` | Restore init container - SSH scp location of dump - i.e. user@server:/path/dump.rdb or false | string | `""` |
+| `restore.timeout` | Timeout for the restore | int | `600` |
+| `ro_replicas` | Comma separated list of slaves which never get promoted to be master. Count starts with 0. Allowed values 1-9. i.e. 3,4 - 3th and 4th redis slave never make it to be master, where master is index 0. | string | `""` |
+| `schedulerName` | Use an alternate scheduler, e.g. "stork". ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ | string | `""` |
+| `securityContext` | Security context to be added to the Redis StatefulSet. | object | `{"fsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` |
+| `serviceAccount.annotations` | Annotations to be added to the service account for the redis statefulset | object | `{}` |
+| `serviceAccount.automountToken` | opt in/out of automounting API credentials into container. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | bool | `true` |
+| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | bool | `true` |
+| `serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the redis-ha.fullname template | string | `""` |
+| `serviceLabels` | Custom labels for redis service | object | `{}` |
+| `splitBrainDetection.interval` | Interval between redis sentinel and server split brain checks (in seconds) | int | `60` |
+| `splitBrainDetection.resources` | splitBrainDetection resources | object | `{}` |
+| `sysctlImage.command` | sysctlImage command to execute | list | `[]` |
+| `sysctlImage.enabled` | Enable an init container to modify Kernel settings | bool | `false` |
+| `sysctlImage.mountHostSys` | Mount the host `/sys` folder to `/host-sys` | bool | `false` |
+| `sysctlImage.pullPolicy` | sysctlImage Init container pull policy | string | `"Always"` |
+| `sysctlImage.registry` | sysctlImage Init container registry | string | `"public.ecr.aws/docker/library"` |
+| `sysctlImage.repository` | sysctlImage Init container name | string | `"busybox"` |
+| `sysctlImage.resources` | sysctlImage resources | object | `{}` |
+| `sysctlImage.tag` | sysctlImage Init container tag | string | `"1.34.1"` |
+| `tls.caCertFile` | Name of CA certificate file | string | `"ca.crt"` |
+| `tls.certFile` | Name of certificate file | string | `"redis.crt"` |
+| `tls.dhParamsFile` | Name of Diffie-Hellman (DH) key exchange parameters file (Example: redis.dh) | string | `nil` |
+| `tls.keyFile` | Name of key file | string | `"redis.key"` |
+| `topologySpreadConstraints.enabled` | Enable topology spread constraints | bool | `false` |
+| `topologySpreadConstraints.maxSkew` | Max skew of pods tolerated | string | `""` |
+| `topologySpreadConstraints.topologyKey` | Topology key for spread constraints | string | `""` |
+| `topologySpreadConstraints.whenUnsatisfiable` | Enforcement policy, hard or soft | string | `""` |
+
+### Redis Sentinel parameters
+
+| Parameter | Description | Type | Default |
+|-----|------|---------|-------------|
+| `sentinel.auth` | Enables or disables sentinel AUTH (Requires `sentinel.password` to be set) | bool | `false` |
+| `sentinel.authClients` | It is possible to disable client side certificates authentication when "authClients" is set to "no" | string | `""` |
+| `sentinel.authKey` | The key holding the sentinel password in an existing secret. | string | `"sentinel-password"` |
+| `sentinel.config` | Valid sentinel config options in this section will be applied as config options to each sentinel (see below) | object | see values.yaml |
+| `sentinel.customArgs` |  | list | `[]` |
+| `sentinel.customCommand` |  | list | `[]` |
+| `sentinel.customConfig` | Allows for custom sentinel.conf files to be applied. If this is used then `sentinel.config` is ignored | string | `""` |
+| `sentinel.existingSecret` | An existing secret containing a key defined by `sentinel.authKey` that configures `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`, cannot be used in conjunction with `.Values.sentinel.password`) | string | `""` |
+| `sentinel.extraVolumeMounts` | additional volumeMounts for Sentinel container | list | `[]` |
+| `sentinel.lifecycle` | Container Lifecycle Hooks for sentinel container. Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ | object | `{}` |
+| `sentinel.livenessProbe.enabled` |  | bool | `true` |
+| `sentinel.livenessProbe.failureThreshold` | Failure threshold for liveness probe | int | `5` |
+| `sentinel.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe | int | `30` |
+| `sentinel.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | int | `15` |
+| `sentinel.livenessProbe.successThreshold` | Success threshold for liveness probe | int | `1` |
+| `sentinel.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe | int | `15` |
+| `sentinel.password` | A password that configures a `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`) | string | `nil` |
+| `sentinel.port` | Port to access the sentinel service | int | `26379` |
+| `sentinel.quorum` | Minimum number of nodes expected to be live. | int | `2` |
+| `sentinel.readinessProbe.enabled` |  | bool | `true` |
+| `sentinel.readinessProbe.failureThreshold` | Failure threshold for readiness probe | int | `5` |
+| `sentinel.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe | int | `30` |
+| `sentinel.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | int | `15` |
+| `sentinel.readinessProbe.successThreshold` | Success threshold for readiness probe | int | `3` |
+| `sentinel.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe | int | `15` |
+| `sentinel.resources` | CPU/Memory for sentinel node resource requests/limits | object | `{}` |
+| `sentinel.startupProbe` | Startup probe parameters for redis container | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":5,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":15}` |
+| `sentinel.startupProbe.enabled` | Enable Startup Probe | bool | `true` |
+| `sentinel.startupProbe.failureThreshold` | Failure threshold for startup probe | int | `3` |
+| `sentinel.startupProbe.initialDelaySeconds` | Initial delay in seconds for startup probe | int | `5` |
+| `sentinel.startupProbe.periodSeconds` | Period in seconds after which startup probe will be repeated | int | `10` |
+| `sentinel.startupProbe.successThreshold` | Success threshold for startup probe | int | `1` |
+| `sentinel.startupProbe.timeoutSeconds` | Timeout seconds for startup probe | int | `15` |
+| `sentinel.tlsPort` | TLS Port to access the sentinel service | int | `nil` |
+| `sentinel.tlsReplication` | Configures sentinel with tls-replication parameter, if true sets "tls-replication yes" in sentinel.conf | bool | `nil` |
+
+### HAProxy parameters
+
+| Parameter | Description | Type | Default |
+|-----|------|---------|-------------|
+| `haproxy.IPv6.enabled` | Enable HAProxy parameters to bind and consume IPv6 addresses. Enabled by default. | bool | `true` |
+| `haproxy.additionalAffinities` | Additional affinities to add to the haproxy pods. | object | `{}` |
+| `haproxy.affinity` | Override all other affinity settings for the haproxy pods with a string. | string | `""` |
+| `haproxy.annotations` | HAProxy template annotations | object | `{}` |
+| `haproxy.checkFall` | haproxy.cfg `check fall` setting | int | `1` |
+| `haproxy.checkInterval` | haproxy.cfg `check inter` setting | string | `"1s"` |
+| `haproxy.containerPort` | Modify HAProxy deployment container port | int | `6379` |
+| `haproxy.containerSecurityContext` | Security context to be added to the HAProxy containers. | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` |
+| `haproxy.customConfig` | Allows for custom config-haproxy.cfg file to be applied. If this is used then default config will be overwriten | string | `nil` |
+| `haproxy.deploymentStrategy` | Deployment strategy for the haproxy deployment | object | `{"type":"RollingUpdate"}` |
+| `haproxy.emptyDir` | Configuration of `emptyDir` | object | `{}` |
+| `haproxy.enabled` | Enabled HAProxy LoadBalancing/Proxy | bool | `false` |
+| `haproxy.extraConfig` | Allows to place any additional configuration section to add to the default config-haproxy.cfg | string | `nil` |
+| `haproxy.hardAntiAffinity` | Whether the haproxy pods should be forced to run on separate nodes. | bool | `true` |
+| `haproxy.image.pullPolicy` | HAProxy Image PullPolicy | string | `"IfNotPresent"` |
+| `haproxy.image.repository` | HAProxy Image Repository | string | `"public.ecr.aws/docker/library/haproxy"` |
+| `haproxy.image.tag` | HAProxy Image Tag | string | `"2.9.4-alpine"` |
+| `haproxy.imagePullSecrets` | Reference to one or more secrets to be used when pulling images ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | list | `[]` |
+| `haproxy.init.resources` | Extra init resources | object | `{}` |
+| `haproxy.labels` | Custom labels for the haproxy pod | object | `{}` |
+| `haproxy.lifecycle` | Container lifecycle hooks. Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ | object | `{}` |
+| `haproxy.metrics.enabled` | HAProxy enable prometheus metric scraping | bool | `false` |
+| `haproxy.metrics.port` | HAProxy prometheus metrics scraping port | int | `9101` |
+| `haproxy.metrics.portName` | HAProxy metrics scraping port name | string | `"http-exporter-port"` |
+| `haproxy.metrics.scrapePath` | HAProxy prometheus metrics scraping path | string | `"/metrics"` |
+| `haproxy.metrics.serviceMonitor.disableAPICheck` | Disable API Check on ServiceMonitor | bool | `false` |
+| `haproxy.metrics.serviceMonitor.enabled` | When set true then use a ServiceMonitor to configure scraping | bool | `false` |
+| `haproxy.metrics.serviceMonitor.endpointAdditionalProperties` | Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more. | object | `{}` |
+| `haproxy.metrics.serviceMonitor.interval` | Set how frequently Prometheus should scrape (default is 30s) | string | `""` |
+| `haproxy.metrics.serviceMonitor.labels` | Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator | object | `{}` |
+| `haproxy.metrics.serviceMonitor.namespace` | Set the namespace the ServiceMonitor should be deployed | string | `.Release.Namespace` |
+| `haproxy.metrics.serviceMonitor.telemetryPath` | Set path to redis-exporter telemtery-path (default is /metrics) | string | `""` |
+| `haproxy.metrics.serviceMonitor.timeout` | Set timeout for scrape (default is 10s) | string | `""` |
+| `haproxy.networkPolicy.annotations` | Annotations for Haproxy NetworkPolicy | object | `{}` |
+| `haproxy.networkPolicy.egressRules` | user can define egress rules too, uses the same structure as ingressRules | list | `[]` |
+| `haproxy.networkPolicy.enabled` | whether NetworkPolicy for Haproxy should be created | bool | `false` |
+| `haproxy.networkPolicy.ingressRules` | user defined ingress rules that Haproxy should permit into. uses the format defined in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors | list | `[]` |
+| `haproxy.networkPolicy.labels` | Labels for Haproxy NetworkPolicy | object | `{}` |
+| `haproxy.podDisruptionBudget` | Pod Disruption Budget ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ | object | `{}` |
+| `haproxy.priorityClassName` | Kubernetes priorityClass name for the haproxy pod | string | `""` |
+| `haproxy.readOnly` | Enable read-only redis-slaves | object | `{"enabled":false,"port":6380}` |
+| `haproxy.readOnly.enabled` | Enable if you want a dedicated port in haproxy for redis-slaves | bool | `false` |
+| `haproxy.readOnly.port` | Port for the read-only redis-slaves | int | `6380` |
+| `haproxy.replicas` | Number of HAProxy instances | int | `3` |
+| `haproxy.resources` | HAProxy resources | object | `{}` |
+| `haproxy.securityContext` | Security context to be added to the HAProxy deployment. | object | `{"fsGroup":99,"runAsNonRoot":true,"runAsUser":99}` |
+| `haproxy.service.annotations` | HAProxy service annotations | string | `nil` |
+| `haproxy.service.externalIPs` | HAProxy external IPs | object | `{}` |
+| `haproxy.service.externalTrafficPolicy` | HAProxy service externalTrafficPolicy value (haproxy.service.type must be LoadBalancer) | string | `nil` |
+| `haproxy.service.labels` | HAProxy service labels | object | `{}` |
+| `haproxy.service.loadBalancerIP` | HAProxy service loadbalancer IP | string | `nil` |
+| `haproxy.service.loadBalancerSourceRanges` | List of CIDR's allowed to connect to LoadBalancer | list | `[]` |
+| `haproxy.service.nodePort` | HAProxy service nodePort value (haproxy.service.type must be NodePort) | int | `nil` |
+| `haproxy.service.type` | HAProxy service type "ClusterIP", "LoadBalancer" or "NodePort" | string | `"ClusterIP"` |
+| `haproxy.serviceAccount.automountToken` |  | bool | `false` |
+| `haproxy.serviceAccount.create` | Specifies whether a ServiceAccount should be created | bool | `true` |
+| `haproxy.serviceAccountName` | HAProxy serviceAccountName | string | `"redis-sa"` |
+| `haproxy.servicePort` | Modify HAProxy service port | int | `6379` |
+| `haproxy.stickyBalancing` | HAProxy sticky load balancing to Redis nodes. Helps with connections shutdown. | bool | `false` |
+| `haproxy.tests.resources` | Pod resources for the tests against HAProxy. | object | `{}` |
+| `haproxy.timeout.check` | haproxy.cfg `timeout check` setting | string | `"2s"` |
+| `haproxy.timeout.client` | haproxy.cfg `timeout client` setting | string | `"330s"` |
+| `haproxy.timeout.connect` | haproxy.cfg `timeout connect` setting | string | `"4s"` |
+| `haproxy.timeout.server` | haproxy.cfg `timeout server` setting | string | `"330s"` |
+| `haproxy.tls` | Enable TLS termination on HAproxy, This will create a volume mount | object | `{"certMountPath":"/tmp/","enabled":false,"keyName":null,"secretName":""}` |
+| `haproxy.tls.certMountPath` | Path to mount the secret that contains the certificates. haproxy | string | `"/tmp/"` |
+| `haproxy.tls.enabled` | If "true" this will enable TLS termination on haproxy | bool | `false` |
+| `haproxy.tls.keyName` | Key file name | string | `nil` |
+| `haproxy.tls.secretName` | Secret containing the .pem file | string | `""` |
+
+### Prometheus exporter parameters
+
+| Parameter | Description | Type | Default |
+|-----|------|---------|-------------|
+| `exporter.address` | Address/Host for Redis instance. Exists to circumvent issues with IPv6 dns resolution that occurs on certain environments | string | `"localhost"` |
+| `exporter.enabled` | If `true`, the prometheus exporter sidecar is enabled | bool | `false` |
+| `exporter.extraArgs` | Additional args for redis exporter | object | `{}` |
+| `exporter.image` | Exporter image | string | `"oliver006/redis_exporter"` |
+| `exporter.livenessProbe.httpGet.path` | Exporter liveness probe httpGet path | string | `"/metrics"` |
+| `exporter.livenessProbe.httpGet.port` | Exporter liveness probe httpGet port | int | `9121` |
+| `exporter.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe of exporter | int | `15` |
+| `exporter.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | int | `15` |
+| `exporter.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe of exporter | int | `3` |
+| `exporter.port` | Exporter port | int | `9121` |
+| `exporter.portName` | Exporter port name | string | `"exporter-port"` |
+| `exporter.pullPolicy` | Exporter image pullPolicy | string | `"IfNotPresent"` |
+| `exporter.readinessProbe.httpGet.path` | Exporter readiness probe httpGet path | string | `"/metrics"` |
+| `exporter.readinessProbe.httpGet.port` | Exporter readiness probe httpGet port | int | `9121` |
+| `exporter.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe of exporter | int | `15` |
+| `exporter.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | int | `15` |
+| `exporter.readinessProbe.successThreshold` | Success threshold for readiness probe of exporter | int | `2` |
+| `exporter.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe of exporter | int | `3` |
+| `exporter.resources` | cpu/memory resource limits/requests | object | `{}` |
+| `exporter.scrapePath` | Exporter scrape path | string | `"/metrics"` |
+| `exporter.script` | A custom custom Lua script that will be mounted to exporter for collection of custom metrics. Creates a ConfigMap and sets env var `REDIS_EXPORTER_SCRIPT`. | string | `""` |
+| `exporter.serviceMonitor.disableAPICheck` | Disable API Check on ServiceMonitor | bool | `false` |
+| `exporter.serviceMonitor.enabled` | When set true then use a ServiceMonitor to configure scraping | bool | `false` |
+| `exporter.serviceMonitor.endpointAdditionalProperties` | Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more. | object | `{}` |
+| `exporter.serviceMonitor.interval` | Set how frequently Prometheus should scrape (default is 30s) | string | `""` |
+| `exporter.serviceMonitor.labels` | Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator | object | `{}` |
+| `exporter.serviceMonitor.namespace` | Set the namespace the ServiceMonitor should be deployed | string | `.Release.Namespace` |
+| `exporter.serviceMonitor.telemetryPath` | Set path to redis-exporter telemtery-path (default is /metrics) | string | `""` |
+| `exporter.serviceMonitor.timeout` | Set timeout for scrape (default is 10s) | string | `""` |
+| `exporter.tag` | Exporter image tag | string | `"v1.57.0"` |
+| `prometheusRule.additionalLabels` | Additional labels to be set in metadata. | object | `{}` |
+| `prometheusRule.enabled` | If true, creates a Prometheus Operator PrometheusRule. | bool | `false` |
+| `prometheusRule.interval` | How often rules in the group are evaluated (falls back to `global.evaluation_interval` if not set). | string | `"10s"` |
+| `prometheusRule.namespace` | Namespace which Prometheus is running in. | string | `nil` |
+| `prometheusRule.rules` | Rules spec template (see https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#rule). | list | `[]` |
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```bash
+$ helm repo add dandydev https://dandydeveloper.github.io/charts
+$ helm install \
+  --set image=redis \
+  --set tag=5.0.5-alpine \
+    dandydev/redis-ha
+```
+
+The above command sets the Redis server within `default` namespace.
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
+
+```bash
+helm install -f values.yaml dandydev/redis-ha
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml)
+
+## Custom Redis and Sentinel config options
+
+This chart allows for most redis or sentinel config options to be passed as a key value pair through the `values.yaml` under `redis.config` and `sentinel.config`. See links below for all available options.
+
+[Example redis.conf](http://download.redis.io/redis-stable/redis.conf)
+[Example sentinel.conf](http://download.redis.io/redis-stable/sentinel.conf)
+
+For example `repl-timeout 60` would be added to the `redis.config` section of the `values.yaml` as:
+
+```yml
+    repl-timeout: "60"
+```
+
+Note:
+
+1. Some config options should be renamed by redis version，e.g.:
+
+   ```yml
+   # In redis 5.x，see https://raw.githubusercontent.com/antirez/redis/5.0/redis.conf
+   min-replicas-to-write: 1
+   min-replicas-max-lag: 5
+
+   # In redis 4.x and redis 3.x，see https://raw.githubusercontent.com/antirez/redis/4.0/redis.conf and https://raw.githubusercontent.com/antirez/redis/3.0/redis.conf
+   min-slaves-to-write 1
+   min-slaves-max-lag 5
+   ```
+
+Sentinel options supported must be in the the `sentinel <option> <master-group-name> <value>` format. For example, `sentinel down-after-milliseconds 30000` would be added to the `sentinel.config` section of the `values.yaml` as:
+
+```yml
+    down-after-milliseconds: 30000
+```
+
+If more control is needed from either the redis or sentinel config then an entire config can be defined under `redis.customConfig` or `sentinel.customConfig`. Please note that these values will override any configuration options under their respective section. For example, if you define `sentinel.customConfig` then the `sentinel.config` is ignored.
+
+## Host Kernel Settings
+
+Redis may require some changes in the kernel of the host machine to work as expected, in particular increasing the `somaxconn` value and disabling transparent huge pages.
+To do so, you can set up a privileged initContainer with the `sysctlImage` config values, for example:
+
+```yml
+sysctlImage:
+  enabled: true
+  mountHostSys: true
+  command:
+    - /bin/sh
+    - -xc
+    - |-
+      sysctl -w net.core.somaxconn=10000
+      echo never > /host-sys/kernel/mm/transparent_hugepage/enabled
+```
+
+## HAProxy startup
+
+When HAProxy is enabled, it will attempt to connect to each announce-service of each redis replica instance in its init container before starting.
+It will fail if announce-service IP is not available fast enough (10 seconds max by announce-service).
+A such case could happen if the orchestator is pending the nomination of redis pods.
+Risk is limited because announce-service is using `publishNotReadyAddresses: true`, although, in such case, HAProxy pod will be rescheduled afterward by the orchestrator.
+
+PodDisruptionBudgets are not configured by default, you may need to set the `haproxy.podDisruptionBudget` parameter in values.yaml to enable it.
+
+## Network policies
+
+If `networkPolicy.enabled` is set to `true`, then a `NetworkPolicy` resource is created with default rules to allow inter-Redis and Sentinel connectivity.
+This is a requirement for Redis Pods to come up successfully.
+
+You will need to define `ingressRules` to permit your application connectivity to Redis.
+The `selectors` block should be in the format of a [label selector](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors).
+Templating is also supported in the selectors.
+See such a configuration below.
+
+```yaml
+networkPolicy: true
+  ingressRules:
+    - selectors:
+      - namespaceSelector:
+          matchLabels:
+            name: my-redis-client-namespace
+        podSelector:
+          matchLabels:
+            # template example
+            app: |-
+              {{- .App.Name }}
+      ## ports block is optional (defaults to below), define the block to override the defaults
+      # ports:
+      #   - port: 6379
+      #     protocol: TCP
+      #   - port: 26379
+      #     protocol: TCP
+```
+
+Should your Pod require additional egress rules, define them in a `egressRules` key which is structured identically to an `ingressRules` key.
+
+## Sentinel and redis server split brain detection
+
+Under not entirely known yet circumstances redis sentinel and its corresponding redis server reach a condition that this chart authors call "split brain" (for short). The observed behaviour is the following: the sentinel switches to the new re-elected master, but does not switch its redis server. Majority of original discussion on the problem has happened at the <https://github.com/DandyDeveloper/charts/issues/121>.
+
+The proposed solution is currently implemented as a sidecar container that runs a bash script with the following logic:
+
+1. Every `splitBrainDetection.interval` seconds a master (as known by sentinel) is determined
+1. If it is the current node: ensure the redis server's role is master as well.
+1. If it is not the current node: ensure the redis server also replicates from the same node.
+
+If any of the checks above fails - the redis server reinitialisation happens (it regenerates configs the same way it's done during the pod init), and then the redis server is instructed to shutdown. Then kubernetes restarts the container immediately.
+
+# Change Log
+
+## 4.14.9 - ** POTENTIAL BREAKING CHANGE. **
+Introduced the ability to change the Haproxy Deployment container pod
+- Container port in redis-haproxy-deployment.yam has been changed. Was **redis.port** To **haproxy.containerPort**. Default value is 6379.
+- Port in redis-haproxy-service.yaml has been changed. Was **redis.port** To **haproxy.servicePort**. Default value is 6379.
+
+## 4.21.0 - BREAKING CHANGES (Kubernetes Deprecation)
+This version introduced the deprecation of the PSP and subsequently added fields to the securityContexts that were introduced in Kubernetes v1.19:
+
+https://kubernetes.io/docs/tutorials/security/seccomp/
+
+As a result, from this version onwards Kubernetes versions older than 1.19 will fail to install without the removal of `.Values.containerSecurityContext.seccompProfile` and `.Values.haproxy.containerSecurityContext.seccompProfile` (If HAProxy is enabled)
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/NOTES.txt b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/NOTES.txt
new file mode 100644
index 00000000..07ea4297
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/NOTES.txt
@@ -0,0 +1,25 @@
+Redis can be accessed via {{ if ne (int .Values.redis.port) 0 }}port {{ .Values.redis.port }}{{ end }}  {{ if .Values.redis.tlsPort }} tls-port {{ .Values.redis.tlsPort }}{{ end }} and Sentinel can be accessed via {{ if ne (int .Values.sentinel.port) 0 }}port {{ .Values.sentinel.port }}{{ end }}  {{ if .Values.sentinel.tlsPort }} tls-port {{ .Values.sentinel.tlsPort }}{{ end }}  on the following DNS name from within your cluster:
+{{ template "redis-ha.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
+
+To connect to your Redis server:
+
+{{- if .Values.auth }}
+1. To retrieve the redis password:
+   echo $(kubectl get secret {{ template "redis-ha.fullname" . }} -o "jsonpath={.data['auth']}" | base64 --decode)
+
+2. Connect to the Redis master pod that you can use as a client. By default the {{ template "redis-ha.fullname" . }}-server-0 pod is configured as the master:
+
+   kubectl exec -it {{ template "redis-ha.fullname" . }}-server-0 -n {{ .Release.Namespace }} -c redis -- sh
+
+3. Connect using the Redis CLI (inside container):
+
+   redis-cli -a <REDIS-PASS-FROM-SECRET>
+{{- else }}
+1. Run a Redis pod that you can use as a client:
+
+   kubectl exec -it {{ template "redis-ha.fullname" . }}-server-0 -n {{ .Release.Namespace }} -c redis -- sh
+
+2. Connect using the Redis CLI:
+
+  redis-cli -h {{ template "redis-ha.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/_configs.tpl b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/_configs.tpl
new file mode 100644
index 00000000..e1222ad2
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/_configs.tpl
@@ -0,0 +1,730 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{- define "config-redis.conf" }}
+{{- if .Values.redis.customConfig }}
+{{ tpl .Values.redis.customConfig . | indent 4 }}
+{{- else }}
+    dir "/data"
+    port {{ .Values.redis.port }}
+    {{- if .Values.sentinel.tlsPort }}
+    tls-port {{ .Values.redis.tlsPort }}
+    tls-cert-file /tls-certs/{{ .Values.tls.certFile }}
+    tls-key-file /tls-certs/{{ .Values.tls.keyFile }}
+    {{- if .Values.tls.dhParamsFile }}
+    tls-dh-params-file /tls-certs/{{ .Values.tls.dhParamsFile }}
+    {{- end }}
+    {{- if .Values.tls.caCertFile }}
+    tls-ca-cert-file /tls-certs/{{ .Values.tls.caCertFile }}
+    {{- end }}
+    {{- if eq (default "yes" .Values.redis.authClients) "no"}}
+    tls-auth-clients no
+    {{- end }}
+    tls-replication {{ if .Values.redis.tlsReplication }}yes{{ else }}no{{ end }}
+    {{- end }}
+    {{- if .Values.redis.disableCommands }}
+    {{- range .Values.redis.disableCommands }}
+    rename-command {{ . }} ""
+    {{- end }}
+    {{- end }}
+    {{- range $key, $value := .Values.redis.config }}
+    {{- if kindIs "slice" $value }}
+        {{- range $value }}
+    {{ $key }} {{ . }}
+        {{- end }}
+        {{- else }}
+    {{ $key }} {{ $value }}
+        {{- end }}
+    {{- end }}
+{{- if .Values.auth }}
+    requirepass replace-default-auth
+    masterauth replace-default-auth
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "config-sentinel.conf" }}
+{{- if .Values.sentinel.customConfig }}
+{{ tpl .Values.sentinel.customConfig . | indent 4 }}
+{{- else }}
+    dir "/data"
+    port {{ .Values.sentinel.port }}
+    {{- if .Values.sentinel.bind }}
+    bind {{ .Values.sentinel.bind }}
+    {{- end }}
+    {{- if .Values.sentinel.tlsPort }}
+    tls-port {{ .Values.sentinel.tlsPort }}
+    tls-cert-file /tls-certs/{{ .Values.tls.certFile }}
+    tls-key-file /tls-certs/{{ .Values.tls.keyFile }}
+    {{- if .Values.tls.dhParamsFile }}
+    tls-dh-params-file /tls-certs/{{ .Values.tls.dhParamsFile }}
+    {{- end }}
+    {{- if .Values.tls.caCertFile }}
+    tls-ca-cert-file /tls-certs/{{ .Values.tls.caCertFile }}
+    {{- end }}
+    {{- if eq (default "yes" .Values.sentinel.authClients) "no"}}
+    tls-auth-clients no
+    {{- end }}
+    tls-replication {{ if .Values.sentinel.tlsReplication }}yes{{ else }}no{{ end }}
+    {{- end }}
+    {{- range $key, $value := .Values.sentinel.config }}
+    {{- if eq "maxclients" $key  }}
+        {{ $key }} {{ $value }}
+    {{- else }}
+        sentinel {{ $key }} {{ template "redis-ha.masterGroupName" $ }} {{ $value }}
+    {{- end }}
+    {{- end }}
+{{- if .Values.auth }}
+    sentinel auth-pass {{ template "redis-ha.masterGroupName" . }} replace-default-auth
+{{- end }}
+{{- if .Values.sentinel.auth }}
+    requirepass replace-default-sentinel-auth
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "lib.sh" }}
+    sentinel_get_master() {
+    set +e
+        if [ "$SENTINEL_PORT" -eq 0 ]; then
+            redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" {{ if .Values.sentinel.auth }} -a "${SENTINELAUTH}" --no-auth-warning{{ end }} --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} sentinel get-master-addr-by-name "${MASTER_GROUP}" |\
+            grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))'
+        else
+            redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" {{ if .Values.sentinel.auth }} -a "${SENTINELAUTH}" --no-auth-warning{{ end }} sentinel get-master-addr-by-name "${MASTER_GROUP}" |\
+            grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))'
+        fi
+    set -e
+    }
+
+    sentinel_get_master_retry() {
+        master=''
+        retry=${1}
+        sleep=3
+        for i in $(seq 1 "${retry}"); do
+            master=$(sentinel_get_master)
+            if [ -n "${master}" ]; then
+                break
+            fi
+            sleep $((sleep + i))
+        done
+        echo "${master}"
+    }
+
+    identify_master() {
+        echo "Identifying redis master (get-master-addr-by-name).."
+        echo "  using sentinel ({{ template "redis-ha.fullname" . }}), sentinel group name ({{ template "redis-ha.masterGroupName" . }})"
+        MASTER="$(sentinel_get_master_retry 3)"
+        if [ -n "${MASTER}" ]; then
+            echo "  $(date) Found redis master (${MASTER})"
+        else
+            echo "  $(date) Did not find redis master (${MASTER})"
+        fi
+    }
+
+    sentinel_update() {
+        echo "Updating sentinel config.."
+        echo "  evaluating sentinel id (\${SENTINEL_ID_${INDEX}})"
+        eval MY_SENTINEL_ID="\$SENTINEL_ID_${INDEX}"
+        echo "  sentinel id (${MY_SENTINEL_ID}), sentinel grp (${MASTER_GROUP}), quorum (${QUORUM})"
+        sed -i "1s/^/sentinel myid ${MY_SENTINEL_ID}\\n/" "${SENTINEL_CONF}"
+        if [ "$SENTINEL_TLS_REPLICATION_ENABLED" = true ]; then
+            echo "  redis master (${1}:${REDIS_TLS_PORT})"
+            sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_TLS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}"
+        else
+            echo "  redis master (${1}:${REDIS_PORT})"
+            sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}"
+        fi
+        echo "sentinel announce-ip ${ANNOUNCE_IP}" >> ${SENTINEL_CONF}
+        if [ "$SENTINEL_PORT" -eq 0 ]; then
+            echo "  announce (${ANNOUNCE_IP}:${SENTINEL_TLS_PORT})"
+            echo "sentinel announce-port ${SENTINEL_TLS_PORT}" >> ${SENTINEL_CONF}
+        else
+            echo "  announce (${ANNOUNCE_IP}:${SENTINEL_PORT})"
+            echo "sentinel announce-port ${SENTINEL_PORT}" >> ${SENTINEL_CONF}
+        fi
+    }
+
+    redis_update() {
+        echo "Updating redis config.."
+        if [ "$REDIS_TLS_REPLICATION_ENABLED" = true ]; then
+            echo "  we are slave of redis master (${1}:${REDIS_TLS_PORT})"
+            echo "slaveof ${1} ${REDIS_TLS_PORT}" >> "${REDIS_CONF}"
+            echo "slave-announce-port ${REDIS_TLS_PORT}" >> ${REDIS_CONF}
+        else
+            echo "  we are slave of redis master (${1}:${REDIS_PORT})"
+            echo "slaveof ${1} ${REDIS_PORT}" >> "${REDIS_CONF}"
+            echo "slave-announce-port ${REDIS_PORT}" >> ${REDIS_CONF}
+        fi
+        echo "slave-announce-ip ${ANNOUNCE_IP}" >> ${REDIS_CONF}
+    }
+
+    copy_config() {
+        echo "Copying default redis config.."
+        echo "  to '${REDIS_CONF}'"
+        cp /readonly-config/redis.conf "${REDIS_CONF}"
+        echo "Copying default sentinel config.."
+        echo "  to '${SENTINEL_CONF}'"
+        cp /readonly-config/sentinel.conf "${SENTINEL_CONF}"
+    }
+
+    setup_defaults() {
+        echo "Setting up defaults.."
+        echo "  using statefulset index (${INDEX})"
+        if [ "${INDEX}" = "0" ]; then
+            echo "Setting this pod as master for redis and sentinel.."
+            echo "  using announce (${ANNOUNCE_IP})"
+            redis_update "${ANNOUNCE_IP}"
+            sentinel_update "${ANNOUNCE_IP}"
+            echo "  make sure ${ANNOUNCE_IP} is not a slave (slaveof no one)"
+            sed -i "s/^.*slaveof.*//" "${REDIS_CONF}"
+        else
+            echo "Getting redis master ip.."
+            echo "  blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master"
+            DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')"
+            if [ -z "${DEFAULT_MASTER}" ]; then
+                echo "Error: Unable to resolve redis master (getent hosts)."
+                exit 1
+            fi
+            echo "  identified redis (may be redis master) ip (${DEFAULT_MASTER})"
+            echo "Setting default slave config for redis and sentinel.."
+            echo "  using master ip (${DEFAULT_MASTER})"
+            redis_update "${DEFAULT_MASTER}"
+            sentinel_update "${DEFAULT_MASTER}"
+        fi
+    }
+
+    redis_ping() {
+    set +e
+        if [ "$REDIS_PORT" -eq 0 ]; then
+            redis-cli -h "${MASTER}"{{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} ping
+        else
+            redis-cli -h "${MASTER}"{{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_PORT}" ping
+        fi
+    set -e
+    }
+
+    redis_ping_retry() {
+        ping=''
+        retry=${1}
+        sleep=3
+        for i in $(seq 1 "${retry}"); do
+            if [ "$(redis_ping)" = "PONG" ]; then
+               ping='PONG'
+               break
+            fi
+            sleep $((sleep + i))
+            MASTER=$(sentinel_get_master)
+        done
+        echo "${ping}"
+    }
+
+    find_master() {
+        echo "Verifying redis master.."
+        if [ "$REDIS_PORT" -eq 0 ]; then
+            echo "  ping (${MASTER}:${REDIS_TLS_PORT})"
+        else
+            echo "  ping (${MASTER}:${REDIS_PORT})"
+        fi
+        if [ "$(redis_ping_retry 3)" != "PONG" ]; then
+            echo "  $(date) Can't ping redis master (${MASTER})"
+            echo "Attempting to force failover (sentinel failover).."
+
+            if [ "$SENTINEL_PORT" -eq 0 ]; then
+                echo "  on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})"
+                if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" {{ if .Values.sentinel.auth }} -a "${SENTINELAUTH}" --no-auth-warning{{ end }} --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
+                    echo "  $(date) Failover returned with 'NOGOODSLAVE'"
+                    echo "Setting defaults for this pod.."
+                    setup_defaults
+                    return 0
+                fi
+            else
+                echo "  on sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})"
+                if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" {{ if .Values.sentinel.auth }} -a "${SENTINELAUTH}" --no-auth-warning{{ end }} sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
+                    echo "  $(date) Failover returned with 'NOGOODSLAVE'"
+                    echo "Setting defaults for this pod.."
+                    setup_defaults
+                    return 0
+                fi
+            fi
+
+            echo "Hold on for 10sec"
+            sleep 10
+            echo "We should get redis master's ip now. Asking (get-master-addr-by-name).."
+            if [ "$SENTINEL_PORT" -eq 0 ]; then
+                echo "  sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})"
+            else
+                echo "  sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})"
+            fi
+            MASTER="$(sentinel_get_master)"
+            if [ "${MASTER}" ]; then
+                echo "  $(date) Found redis master (${MASTER})"
+                echo "Updating redis and sentinel config.."
+                sentinel_update "${MASTER}"
+                redis_update "${MASTER}"
+            else
+                echo "$(date) Error: Could not failover, exiting..."
+                exit 1
+            fi
+        else
+            echo "  $(date) Found reachable redis master (${MASTER})"
+            echo "Updating redis and sentinel config.."
+            sentinel_update "${MASTER}"
+            redis_update "${MASTER}"
+        fi
+    }
+
+    redis_ro_update() {
+        echo "Updating read-only redis config.."
+        echo "  redis.conf set 'replica-priority 0'"
+        echo "replica-priority 0" >> ${REDIS_CONF}
+    }
+
+    getent_hosts() {
+        index=${1:-${INDEX}}
+        service="${SERVICE}-announce-${index}"
+        host=$(getent hosts "${service}")
+        echo "${host}"
+    }
+
+    identify_announce_ip() {
+        echo "Identify announce ip for this pod.."
+        echo "  using (${SERVICE}-announce-${INDEX}) or (${SERVICE}-server-${INDEX})"
+        ANNOUNCE_IP=$(getent_hosts | awk '{ print $1 }')
+        echo "  identified announce (${ANNOUNCE_IP})"
+    }
+{{- end }}
+
+{{- define "vars.sh" }}
+    HOSTNAME="$(hostname)"
+    {{- if .Values.ro_replicas }}
+    RO_REPLICAS="{{ .Values.ro_replicas }}"
+    {{- end }}
+    INDEX="${HOSTNAME##*-}"
+    SENTINEL_PORT={{ .Values.sentinel.port }}
+    ANNOUNCE_IP=''
+    MASTER=''
+    MASTER_GROUP="{{ template "redis-ha.masterGroupName" . }}"
+    QUORUM="{{ .Values.sentinel.quorum }}"
+    REDIS_CONF=/data/conf/redis.conf
+    REDIS_PORT={{ .Values.redis.port }}
+    REDIS_TLS_PORT={{ .Values.redis.tlsPort }}
+    SENTINEL_CONF=/data/conf/sentinel.conf
+    SENTINEL_TLS_PORT={{ .Values.sentinel.tlsPort }}
+    SERVICE={{ template "redis-ha.fullname" . }}
+    SENTINEL_TLS_REPLICATION_ENABLED={{ default false .Values.sentinel.tlsReplication }}
+    REDIS_TLS_REPLICATION_ENABLED={{ default false .Values.redis.tlsReplication }}
+{{- end }}
+
+{{- define "config-init.sh" }}
+    echo "$(date) Start..."
+    {{- include "vars.sh" . }}
+
+    set -eu
+
+    {{- include "lib.sh" . }}
+
+    mkdir -p /data/conf/
+
+    echo "Initializing config.."
+    copy_config
+
+    # where is redis master
+    identify_master
+
+    identify_announce_ip
+
+    if [ -z "${ANNOUNCE_IP}" ]; then
+        "Error: Could not resolve the announce ip for this pod"
+        exit 1
+    elif [ "${MASTER}" ]; then
+        find_master
+    else
+        setup_defaults
+    fi
+
+    {{- if .Values.ro_replicas }}
+    # works only if index is less than 10
+    echo "Verifying redis read-only replica.."
+    echo "  we have RO_REPLICAS='${RO_REPLICAS}' with INDEX='${INDEX}'"
+    if echo "${RO_REPLICAS}" | grep -q "${INDEX}" ; then
+        redis_ro_update
+    fi
+    {{- end }}
+
+    if [ "${AUTH:-}" ]; then
+        echo "Setting redis auth values.."
+        ESCAPED_AUTH=$(echo "${AUTH}" | sed -e 's/[\/&]/\\&/g');
+        sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}" "${SENTINEL_CONF}"
+    fi
+
+    if [ "${SENTINELAUTH:-}" ]; then
+        echo "Setting sentinel auth values"
+        ESCAPED_AUTH_SENTINEL=$(echo "$SENTINELAUTH" | sed -e 's/[\/&]/\\&/g');
+        sed -i "s/replace-default-sentinel-auth/${ESCAPED_AUTH_SENTINEL}/" "$SENTINEL_CONF"
+    fi
+
+    echo "$(date) Ready..."
+{{- end }}
+
+{{- define "trigger-failover-if-master.sh" }}
+    {{- if or (eq (int .Values.redis.port) 0) (eq (int .Values.sentinel.port) 0) }}
+    TLS_CLIENT_OPTION="--tls --cacert /tls-certs/{{ .Values.tls.caCertFile }}{{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{end}}"
+    {{- end }}
+    get_redis_role() {
+      is_master=$(
+        redis-cli \
+        {{- if .Values.auth }}
+          -a "${AUTH}" --no-auth-warning \
+        {{- end }}
+          -h localhost \
+        {{- if (int .Values.redis.port) }}
+          -p {{ .Values.redis.port }} \
+        {{- else }}
+          -p {{ .Values.redis.tlsPort }} ${TLS_CLIENT_OPTION} \
+        {{- end}}
+          info | grep -c 'role:master' || true
+      )
+    }
+    get_redis_role
+    if [[ "$is_master" -eq 1 ]]; then
+      echo "This node is currently master, we trigger a failover."
+      {{- $masterGroupName := include "redis-ha.masterGroupName" . }}
+      response=$(
+        redis-cli \
+        {{- if .Values.sentinel.auth }}
+          -a "${SENTINELAUTH}" --no-auth-warning \
+        {{- end }}
+          -h localhost \
+        {{- if (int .Values.sentinel.port) }}
+          -p {{ .Values.sentinel.port }} \
+        {{- else }}
+          -p {{ .Values.sentinel.tlsPort }} ${TLS_CLIENT_OPTION} \
+        {{- end}}
+          SENTINEL failover {{ $masterGroupName }}
+      )
+      if [[ "$response" != "OK" ]] ; then
+        echo "$response"
+        exit 1
+      fi
+      timeout=30
+      while [[ "$is_master" -eq 1 && $timeout -gt 0 ]]; do
+        sleep 1
+        get_redis_role
+        timeout=$((timeout - 1))
+      done
+      echo "Failover successful"
+    fi
+{{- end }}
+
+{{- define "fix-split-brain.sh" }}
+    {{- include "vars.sh" . }}
+
+    ROLE=''
+    REDIS_MASTER=''
+
+    set -eu
+
+    {{- include "lib.sh" . }}
+
+    redis_role() {
+    set +e
+        if [ "$REDIS_PORT" -eq 0 ]; then
+            ROLE=$(redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} info | grep role | sed 's/role://' | sed 's/\r//')
+        else
+            ROLE=$(redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//')
+        fi
+    set -e
+    }
+
+    identify_redis_master() {
+    set +e
+        if [ "$REDIS_PORT" -eq 0 ]; then
+            REDIS_MASTER=$(redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} info | grep master_host | sed 's/master_host://' | sed 's/\r//')
+        else
+            REDIS_MASTER=$(redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//')
+        fi
+    set -e
+    }
+
+    reinit() {
+    set +e
+        sh /readonly-config/init.sh
+
+        if [ "$REDIS_PORT" -eq 0 ]; then
+            echo "shutdown" | redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }}
+        else
+            echo "shutdown" | redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_PORT}"
+        fi
+    set -e
+    }
+
+    identify_announce_ip
+
+    while [ -z "${ANNOUNCE_IP}" ]; do
+        echo "Error: Could not resolve the announce ip for this pod."
+        sleep 30
+        identify_announce_ip
+    done
+
+    trap "exit 0" TERM
+    while true; do
+        sleep {{ .Values.splitBrainDetection.interval }}
+
+        # where is redis master
+        identify_master
+
+        if [ "$MASTER" = "$ANNOUNCE_IP" ]; then
+            redis_role
+            if [ "$ROLE" != "master" ]; then
+                reinit
+            fi
+        elif [ "${MASTER}" ]; then
+            identify_redis_master
+            if [ "$REDIS_MASTER" != "$MASTER" ]; then
+                reinit
+            fi
+        fi
+    done
+
+{{- end }}
+
+{{- define "config-haproxy.cfg" }}
+{{- if .Values.haproxy.customConfig }}
+{{ tpl .Values.haproxy.customConfig . | indent 4 }}
+{{- else }}
+    defaults REDIS
+      mode tcp
+      timeout connect {{ .Values.haproxy.timeout.connect }}
+      timeout server {{ .Values.haproxy.timeout.server }}
+      timeout client {{ .Values.haproxy.timeout.client }}
+      timeout check {{ .Values.haproxy.timeout.check }}
+
+    listen health_check_http_url
+      bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:8888  {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }}
+      mode http
+      monitor-uri /healthz
+      option      dontlognull
+
+    {{- $root := . }}
+    {{- $fullName := include "redis-ha.fullname" . }}
+    {{- $replicas := int (toString .Values.replicas) }}
+    {{- $masterGroupName := include "redis-ha.masterGroupName" . }}
+    {{- range $i := until $replicas }}
+    # Check Sentinel and whether they are nominated master
+    backend check_if_redis_is_master_{{ $i }}
+      mode tcp
+      option tcp-check
+      tcp-check connect
+      {{- if $root.Values.sentinel.auth }}
+      tcp-check send "AUTH ${SENTINELAUTH}"\r\n
+      tcp-check expect string +OK
+      {{- end }}
+      tcp-check send PING\r\n
+      tcp-check expect string +PONG
+      tcp-check send SENTINEL\ get-master-addr-by-name\ {{ $masterGroupName }}\r\n
+      tcp-check expect string REPLACE_ANNOUNCE{{ $i }}
+      tcp-check send QUIT\r\n
+      {{- range $i := until $replicas }}
+      server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:26379 check inter {{ $root.Values.haproxy.checkInterval }}
+      {{- end }}
+    {{- end }}
+
+    # decide redis backend to use
+    #master
+    frontend ft_redis_master
+      {{- if .Values.haproxy.tls.enabled }}
+      bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ $root.Values.haproxy.containerPort }} ssl crt {{ .Values.haproxy.tls.certMountPath }}{{ .Values.haproxy.tls.keyName }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }}
+      {{ else }}
+      bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ if ne (int $root.Values.redis.port) 0 }}{{ $root.Values.redis.port }}{{ else }}{{ $root.Values.redis.tlsPort }}{{ end }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }}
+      {{- end }}
+      use_backend bk_redis_master
+    {{- if .Values.haproxy.readOnly.enabled }}
+    #slave
+    frontend ft_redis_slave
+      bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ .Values.haproxy.readOnly.port }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }}
+      use_backend bk_redis_slave
+    {{- end }}
+    # Check all redis servers to see if they think they are master
+    backend bk_redis_master
+      {{- if .Values.haproxy.stickyBalancing }}
+      balance source
+      hash-type consistent
+      {{- end }}
+      mode tcp
+      option tcp-check
+      tcp-check connect
+      {{- if .Values.auth }}
+      tcp-check send "AUTH ${AUTH}"\r\n
+      tcp-check expect string +OK
+      {{- end }}
+      tcp-check send PING\r\n
+      tcp-check expect string +PONG
+      tcp-check send info\ replication\r\n
+      tcp-check expect string role:master
+      tcp-check send QUIT\r\n
+      tcp-check expect string +OK
+      {{- range $i := until $replicas }}
+      use-server R{{ $i }} if { srv_is_up(R{{ $i }}) } { nbsrv(check_if_redis_is_master_{{ $i }}) ge 2 }
+      server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:{{ $root.Values.redis.port }} check inter {{ $root.Values.haproxy.checkInterval }} fall {{ $root.Values.haproxy.checkFall }} rise 1
+      {{- end }}
+    {{- if .Values.haproxy.readOnly.enabled }}
+    backend bk_redis_slave
+      {{- if .Values.haproxy.stickyBalancing }}
+      balance source
+      hash-type consistent
+      {{- end }}
+      mode tcp
+      option tcp-check
+      tcp-check connect
+      {{- if .Values.auth }}
+      tcp-check send "AUTH ${AUTH}"\r\n
+      tcp-check expect string +OK
+      {{- end }}
+      tcp-check send PING\r\n
+      tcp-check expect string +PONG
+      tcp-check send info\ replication\r\n
+      tcp-check expect  string role:slave
+      tcp-check send QUIT\r\n
+      tcp-check expect string +OK
+      {{- range $i := until $replicas }}
+      server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:{{ $root.Values.redis.port }} check inter {{ $root.Values.haproxy.checkInterval }} fall {{ $root.Values.haproxy.checkFall }} rise 1
+      {{- end }}
+    {{- end }}
+    {{- if .Values.haproxy.metrics.enabled }}
+    frontend stats
+      mode http
+      bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ .Values.haproxy.metrics.port }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }}
+      http-request use-service prometheus-exporter if { path {{ .Values.haproxy.metrics.scrapePath }} }
+      stats enable
+      stats uri /stats
+      stats refresh 10s
+    {{- end }}
+{{- if .Values.haproxy.extraConfig }}
+    # Additional configuration
+{{ .Values.haproxy.extraConfig | indent 4 }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+
+{{- define "config-haproxy_init.sh" }}
+    HAPROXY_CONF=/data/haproxy.cfg
+    cp /readonly/haproxy.cfg "$HAPROXY_CONF"
+    {{- $fullName := include "redis-ha.fullname" . }}
+    {{- $replicas := int (toString .Values.replicas) }}
+    {{- range $i := until $replicas }}
+    for loop in $(seq 1 10); do
+      getent hosts {{ $fullName }}-announce-{{ $i }} && break
+      echo "Waiting for service {{ $fullName }}-announce-{{ $i }} to be ready ($loop) ..." && sleep 1
+    done
+    ANNOUNCE_IP{{ $i }}=$(getent hosts "{{ $fullName }}-announce-{{ $i }}" | awk '{ print $1 }')
+    if [ -z "$ANNOUNCE_IP{{ $i }}" ]; then
+      echo "Could not resolve the announce ip for {{ $fullName }}-announce-{{ $i }}"
+      exit 1
+    fi
+    sed -i "s/REPLACE_ANNOUNCE{{ $i }}/$ANNOUNCE_IP{{ $i }}/" "$HAPROXY_CONF"
+
+    {{- end }}
+{{- end }}
+
+{{- define "redis_liveness.sh" }}
+    {{- if not (ne (int .Values.sentinel.port) 0) }}
+    TLS_CLIENT_OPTION="--tls --cacert /tls-certs/{{ .Values.tls.caCertFile }}{{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{end}}"
+    {{- end }}
+    response=$(
+      redis-cli \
+      {{- if .Values.auth }}
+        -a "${AUTH}" --no-auth-warning \
+      {{- end }}
+        -h localhost \
+      {{- if ne (int .Values.redis.port) 0 }}
+        -p {{ .Values.redis.port }} \
+      {{- else }}
+        -p {{ .Values.redis.tlsPort }} ${TLS_CLIENT_OPTION} \
+      {{- end}}
+        ping
+    )
+    echo "response=$response"
+    case $response in
+      PONG|LOADING*) ;;
+      *) exit 1 ;;
+    esac
+    exit 0
+{{- end }}
+
+{{- define "redis_readiness.sh" }}
+    {{- if not (ne (int .Values.sentinel.port) 0) }}
+    TLS_CLIENT_OPTION="--tls --cacert /tls-certs/{{ .Values.tls.caCertFile }}{{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{end}}"
+    {{- end }}
+    response=$(
+      redis-cli \
+      {{- if .Values.auth }}
+        -a "${AUTH}" --no-auth-warning \
+      {{- end }}
+        -h localhost \
+      {{- if ne (int .Values.redis.port) 0 }}
+        -p {{ .Values.redis.port }} \
+      {{- else }}
+        -p {{ .Values.redis.tlsPort }} ${TLS_CLIENT_OPTION} \
+      {{- end}}
+        ping
+    )
+    if [ "$response" != "PONG" ] ; then
+      echo "ping=$response"
+      exit 1
+    fi
+
+    response=$(
+      redis-cli \
+      {{- if .Values.auth }}
+        -a "${AUTH}" --no-auth-warning \
+      {{- end }}
+        -h localhost \
+      {{- if ne (int .Values.redis.port) 0 }}
+        -p {{ .Values.redis.port }} \
+      {{- else }}
+        -p {{ .Values.redis.tlsPort }} ${TLS_CLIENT_OPTION} \
+      {{- end}}
+        role
+    )
+    role=$( echo "$response" | sed "1!d" )
+    if [ "$role" = "master" ]; then
+      echo "role=$role"
+      exit 0
+    elif [ "$role" = "slave" ]; then
+      repl=$( echo "$response" | sed "4!d" )
+      echo "role=$role; repl=$repl"
+      if [ "$repl" = "connected" ]; then
+        exit 0
+      else
+        exit 1
+      fi
+    else
+      echo "role=$role"
+      exit 1
+    fi
+{{- end }}
+
+{{- define "sentinel_liveness.sh" }}
+    {{- if not (ne (int .Values.sentinel.port) 0) }}
+    TLS_CLIENT_OPTION="--tls --cacert /tls-certs/{{ .Values.tls.caCertFile }}{{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{end}}"
+    {{- end }}
+    response=$(
+      redis-cli \
+      {{- if .Values.sentinel.auth }}
+        -a "${SENTINELAUTH}" --no-auth-warning \
+      {{- end }}
+        -h localhost \
+      {{- if ne (int .Values.sentinel.port) 0 }}
+        -p {{ .Values.sentinel.port }} \
+      {{- else }}
+        -p {{ .Values.sentinel.tlsPort }} ${TLS_CLIENT_OPTION} \
+      {{- end}}
+        ping
+    )
+    if [ "$response" != "PONG" ]; then
+      echo "$response"
+      exit 1
+    fi
+    echo "response=$response"
+{{- end }}
+
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/_helpers.tpl b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/_helpers.tpl
new file mode 100644
index 00000000..047e05fb
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/_helpers.tpl
@@ -0,0 +1,130 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "redis-ha.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "redis-ha.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+
+{{/*
+Return sysctl image
+*/}}
+{{- define "redis.sysctl.image" -}}
+{{- $registryName :=  default "docker.io" .Values.sysctlImage.registry -}}
+{{- $tag := default "latest" .Values.sysctlImage.tag | toString -}}
+{{- printf "%s/%s:%s" $registryName .Values.sysctlImage.repository $tag -}}
+{{- end -}}
+
+{{- /*
+Credit: @technosophos
+https://github.com/technosophos/common-chart/
+labels.standard prints the standard Helm labels.
+The standard labels are frequently used in metadata.
+*/ -}}
+{{- define "labels.standard" -}}
+app: {{ template "redis-ha.name" . }}
+heritage: {{ .Release.Service | quote }}
+release: {{ .Release.Name | quote }}
+chart: {{ template "chartref" . }}
+{{- end -}}
+
+{{- /*
+Credit: @technosophos
+https://github.com/technosophos/common-chart/
+chartref prints a chart name and version.
+It does minimal escaping for use in Kubernetes labels.
+Example output:
+  zookeeper-1.2.3
+  wordpress-3.2.1_20170219
+*/ -}}
+{{- define "chartref" -}}
+  {{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "redis-ha.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "redis-ha.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{- define "redis-ha.masterGroupName" -}}
+{{- $masterGroupName := tpl ( .Values.redis.masterGroupName | default "") . -}}
+{{- $validMasterGroupName := regexMatch "^[\\w-\\.]+$" $masterGroupName -}}
+{{- if $validMasterGroupName -}}
+{{ $masterGroupName }}
+{{- else -}}
+{{ required "A valid .Values.redis.masterGroupName entry is required (matching ^[\\w-\\.]+$)" ""}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for poddisruptionbudget.
+*/}}
+{{- define "redis-ha.podDisruptionBudget.apiVersion" -}}
+{{- if .Capabilities.APIVersions.Has "policy/v1" }}
+{{- print "policy/v1" -}}
+{{- else -}}
+{{- print "policy/v1beta1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/* 
+Return true if the detected platform is Openshift
+Usage:
+{{- include "common.compatibility.isOpenshift" . -}}
+*/}}
+{{- define "compatibility.isOpenshift" -}}
+{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}}
+{{- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC
+Usage:
+{{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}}
+*/}}
+{{- define "compatibility.renderSecurityContext" -}}
+{{- $adaptedContext := .secContext -}}
+
+{{- if (((.context.Values.global).compatibility).openshift) -}}
+  {{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "compatibility.isOpenshift" .context)) -}}
+    {{/* Remove incompatible user/group values that do not work in Openshift out of the box */}}
+    {{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}}
+    {{- if not .secContext.seLinuxOptions -}}
+    {{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}}
+    {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}
+{{/* Remove fields that are disregarded when running the container in privileged mode */}}
+{{- if $adaptedContext.privileged -}}
+  {{- $adaptedContext = omit $adaptedContext "capabilities" "seLinuxOptions" -}}
+{{- end -}}
+{{- omit $adaptedContext "enabled" | toYaml -}}
+{{- end -}}
\ No newline at end of file
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-auth-secret.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-auth-secret.yaml
new file mode 100644
index 00000000..a1fd6311
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-auth-secret.yaml
@@ -0,0 +1,15 @@
+{{- if and .Values.auth (not .Values.existingSecret) -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "redis-ha.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+{{ include "labels.standard" . | indent 4 }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+type: Opaque
+data:
+  {{ .Values.authKey }}: {{ .Values.redisPassword | b64enc | quote }}
+{{- end -}}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-announce-service.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-announce-service.yaml
new file mode 100644
index 00000000..dc24249d
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-announce-service.yaml
@@ -0,0 +1,64 @@
+{{- $fullName := include "redis-ha.fullname" . }}
+{{- $namespace := .Release.Namespace -}}
+{{- $replicas := int (toString .Values.replicas) }}
+{{- $root := . }}
+{{- range $i := until $replicas }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ $fullName }}-announce-{{ $i }}
+  namespace: {{ $namespace | quote}}
+  labels:
+{{ include "labels.standard" $root | indent 4 }}
+    {{- range $key, $value := $root.Values.extraLabels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  annotations:
+{{- if (semverCompare "<=1.10-0" $.Capabilities.KubeVersion.GitVersion) }}
+    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+{{- end }}
+  {{- if $root.Values.serviceAnnotations }}
+{{ toYaml $root.Values.serviceAnnotations | indent 4 }}
+  {{- end }}
+spec:
+{{- if (semverCompare ">=1.11-0" $.Capabilities.KubeVersion.GitVersion) }}
+  publishNotReadyAddresses: true
+{{- end }}
+  type: ClusterIP
+  ports:
+  {{- if ne (int $root.Values.redis.port) 0 }}
+  - name: tcp-server
+    port: {{ $root.Values.redis.port }}
+    protocol: TCP
+    targetPort: redis
+  {{- end }}
+  {{- if $root.Values.redis.tlsPort }}
+  - name: server-tls
+    port: {{ $root.Values.redis.tlsPort }}
+    protocol: TCP
+    targetPort: redis-tls
+  {{- end }}
+  {{- if ne (int $root.Values.sentinel.port) 0 }}
+  - name: tcp-sentinel
+    port: {{ $root.Values.sentinel.port }}
+    protocol: TCP
+    targetPort: sentinel
+  {{- end }}
+  {{- if $root.Values.sentinel.tlsPort }}
+  - name: sentinel-tls
+    port: {{ $root.Values.sentinel.tlsPort }}
+    protocol: TCP
+    targetPort: sentinel-tls
+  {{- end }}
+  {{- if $root.Values.exporter.enabled }}
+  - name: http-exporter
+    port: {{ $root.Values.exporter.port }}
+    protocol: TCP
+    targetPort: {{ $root.Values.exporter.portName }}
+  {{- end }}
+  selector:
+    release: {{ $root.Release.Name }}
+    app: {{ include "redis-ha.name" $root }}
+    "statefulset.kubernetes.io/pod-name": {{ $fullName }}-server-{{ $i }}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-configmap.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-configmap.yaml
new file mode 100644
index 00000000..48f2b03a
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-configmap.yaml
@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "redis-ha.fullname" . }}-configmap
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+    app: {{ template "redis-ha.fullname" . }}
+    {{- range $key, $value := .Values.configmap.labels }}
+    {{ $key }}: {{ $value | toString }}
+    {{- end }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+data:
+  redis.conf: |
+{{- include "config-redis.conf" . }}
+
+  sentinel.conf: |
+{{- include "config-sentinel.conf" . }}
+
+  init.sh: |
+{{- include "config-init.sh" . }}
+
+  fix-split-brain.sh: |
+{{- include "fix-split-brain.sh" . }}
+
+{{ if .Values.haproxy.enabled }}
+  haproxy.cfg: |
+{{- include "config-haproxy.cfg" . }}
+{{- end }}
+  haproxy_init.sh: |
+{{- include "config-haproxy_init.sh" . }}
+  trigger-failover-if-master.sh: |
+{{- include "trigger-failover-if-master.sh" . }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-exporter-script-configmap.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-exporter-script-configmap.yaml
new file mode 100644
index 00000000..a649df48
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-exporter-script-configmap.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.exporter.script }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "redis-ha.fullname" . }}-exporter-script-configmap
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+{{ include "labels.standard" . | indent 4 }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+data:
+  script: {{ toYaml .Values.exporter.script | indent 2 }}
+{{- end }}
\ No newline at end of file
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-health-configmap.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-health-configmap.yaml
new file mode 100644
index 00000000..7aa70022
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-health-configmap.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "redis-ha.fullname" . }}-health-configmap
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+    app: {{ template "redis-ha.fullname" . }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+data:
+  redis_liveness.sh: |
+{{- include "redis_liveness.sh" . }}
+  redis_readiness.sh: |
+{{- include "redis_readiness.sh" . }}
+  sentinel_liveness.sh: |
+{{- include "sentinel_liveness.sh" . }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-network-policy.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-network-policy.yaml
new file mode 100644
index 00000000..8f688caf
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-network-policy.yaml
@@ -0,0 +1,80 @@
+{{- if .Values.networkPolicy.enabled }}
+{{- $root := . }}
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: {{ template "redis-ha.fullname" . }}-network-policy
+  namespace: {{ .Release.Namespace | quote }}
+{{- if .Values.networkPolicy.annotations }}
+  annotations:
+    {{- range $key, $value := .Values.networkPolicy.annotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+{{- end }}
+  labels:
+{{ include "labels.standard" . | indent 4 }}
+    {{- range $key, $value := .Values.networkPolicy.labels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+spec:
+  podSelector:
+    matchLabels:
+      release: {{ .Release.Name }}
+      app: {{ template "redis-ha.name" . }}
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - to:
+      - podSelector: 
+          matchLabels:
+            release: {{ .Release.Name }}
+            app: {{ template "redis-ha.name" . }}
+      ports:
+        - port: {{ .Values.redis.port }}
+          protocol: TCP
+        - port: {{ .Values.sentinel.port }}
+          protocol: TCP
+{{-  range $rule := .Values.networkPolicy.egressRules }}
+    - to:
+{{ (tpl (toYaml $rule.selectors) $) | indent 7 }}
+      ports:
+{{ toYaml $rule.ports | indent 7 }}
+{{- end }}
+  ingress:
+    - from:
+      - podSelector:
+          matchLabels:
+            release: {{ .Release.Name }}
+            app: {{ template "redis-ha.name" . }}
+      ports: 
+        - port: {{ .Values.redis.port }}
+          protocol: TCP
+        - port: {{ .Values.sentinel.port }}
+          protocol: TCP
+{{- if .Values.haproxy.enabled }}
+    - from:
+        - podSelector:
+            matchLabels:
+              release: {{ .Release.Name }}
+              app: {{ template "redis-ha.name" . }}-haproxy
+      ports:
+        - port: {{ .Values.redis.port }}
+          protocol: TCP
+        - port: {{ .Values.sentinel.port }}
+          protocol: TCP
+{{- end }}
+{{-  range $rule := .Values.networkPolicy.ingressRules }}
+    - from:
+{{ (tpl (toYaml $rule.selectors) $) | indent 7 }}
+      ports:
+{{- if $rule.ports }}
+{{ toYaml $rule.ports | indent 7 }}
+{{- else }}
+        - port: {{ $root.Values.redis.port }}
+          protocol: TCP
+        - port: {{ $root.Values.sentinel.port }}
+          protocol: TCP
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-pdb.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-pdb.yaml
new file mode 100644
index 00000000..fbcb5062
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-pdb.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.podDisruptionBudget -}}
+apiVersion: {{ template "redis-ha.podDisruptionBudget.apiVersion" . }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "redis-ha.fullname" . }}-pdb
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+{{ include "labels.standard" . | indent 4 }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+spec:
+  selector:
+    matchLabels:
+      release: {{ .Release.Name }}
+      app: {{ template "redis-ha.name" . }}
+{{ toYaml .Values.podDisruptionBudget | indent 2 }}
+{{- end -}}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-prometheus-rule.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-prometheus-rule.yaml
new file mode 100644
index 00000000..2e9ab72b
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-prometheus-rule.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.prometheusRule.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: {{ template "redis-ha.fullname" . }}
+  {{- if .Values.prometheusRule.namespace }}
+  namespace: {{ .Values.prometheusRule.namespace }}
+  {{- end }}
+  {{- if .Values.prometheusRule.additionalLabels }}
+  labels: {{- toYaml .Values.prometheusRule.additionalLabels | nindent 4 }}
+  {{- end }}
+spec:
+  groups:
+    - name: {{ template "redis-ha.fullname" . }}
+      {{- if .Values.prometheusRule.interval }}
+      interval: {{ .Values.prometheusRule.interval }}
+      {{- end }}
+      rules: {{- tpl (toYaml .Values.prometheusRule.rules) . | nindent 8 }}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-role.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-role.yaml
new file mode 100644
index 00000000..aa65cce0
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-role.yaml
@@ -0,0 +1,19 @@
+{{- if and .Values.serviceAccount.create .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "redis-ha.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+{{ include "labels.standard" . | indent 4 }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+rules:
+- apiGroups:
+    - ""
+  resources:
+    - endpoints
+  verbs:
+    - get
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-rolebinding.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-rolebinding.yaml
new file mode 100644
index 00000000..402ba0d1
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-rolebinding.yaml
@@ -0,0 +1,19 @@
+{{- if and .Values.serviceAccount.create .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "redis-ha.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+{{ include "labels.standard" . | indent 4 }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "redis-ha.serviceAccountName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "redis-ha.fullname" . }}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-secret.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-secret.yaml
new file mode 100644
index 00000000..91cc7f26
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-secret.yaml
@@ -0,0 +1,32 @@
+{{- if not .Values.restore.existingSecret }}
+
+
+{{- $regexRestoreS3 := "^s3://.+|^S3://.+" -}}
+{{- $regexRestoreSSH := "^.+@.+:.+" -}}
+
+{{- if or (regexFind $regexRestoreSSH (toString .Values.restore.ssh.source)) (regexFind $regexRestoreS3 (toString .Values.restore.s3.source)) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "redis-ha.fullname" . }}-secret
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+    app: {{ template "redis-ha.fullname" . }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+type: Opaque
+data:
+{{- if regexFind $regexRestoreSSH (toString .Values.restore.ssh.source) }}
+  SSH_KEY: "{{ .Values.restore.ssh.key | b64enc }}"
+{{- end }}
+{{- if regexFind $regexRestoreS3 (toString .Values.restore.s3.source) }}
+  AWS_SECRET_ACCESS_KEY: "{{ .Values.restore.s3.secret_key | b64enc }}"
+  AWS_ACCESS_KEY_ID: "{{ .Values.restore.s3.access_key | b64enc }}"
+{{- end }}
+{{- end }}
+
+{{- end }}
\ No newline at end of file
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-service.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-service.yaml
new file mode 100644
index 00000000..5fe077ea
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-service.yaml
@@ -0,0 +1,57 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "redis-ha.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+{{ include "labels.standard" . | indent 4 }}
+{{- if .Values.exporter.enabled }}
+    exporter: enabled
+{{- end }}
+{{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ $value | quote }}
+{{- end }}
+{{- range $key, $value := .Values.serviceLabels }}
+    {{ $key }}: {{ $value | quote }}
+{{- end }}
+  annotations:
+  {{- if .Values.serviceAnnotations }}
+{{ toYaml .Values.serviceAnnotations | indent 4 }}
+  {{- end }}
+spec:
+  type: ClusterIP
+  clusterIP: None
+  ports:
+  {{- if ne (int .Values.redis.port) 0 }}
+  - name: tcp-server
+    port: {{ .Values.redis.port }}
+    protocol: TCP
+    targetPort: redis
+  {{- end }}
+  {{- if .Values.redis.tlsPort }}
+  - name: server-tls
+    port: {{ .Values.redis.tlsPort }}
+    protocol: TCP
+    targetPort: redis-tls
+  {{- end }}
+  {{- if ne (int .Values.sentinel.port) 0 }}
+  - name: tcp-sentinel
+    port: {{ .Values.sentinel.port }}
+    protocol: TCP
+    targetPort: sentinel
+  {{- end }}
+  {{- if .Values.sentinel.tlsPort }}
+  - name: sentinel-tls
+    port: {{ .Values.sentinel.tlsPort }}
+    protocol: TCP
+    targetPort: sentinel-tls
+  {{- end }}
+{{- if .Values.exporter.enabled }}
+  - name: http-exporter-port
+    port: {{ .Values.exporter.port }}
+    protocol: TCP
+    targetPort: {{ .Values.exporter.portName }}
+{{- end }}
+  selector:
+    release: {{ .Release.Name }}
+    app: {{ template "redis-ha.name" . }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-serviceaccount.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-serviceaccount.yaml
new file mode 100644
index 00000000..9e1b21e1
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-serviceaccount.yaml
@@ -0,0 +1,31 @@
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "redis-ha.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+    app: {{ template "redis-ha.fullname" . }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+{{- if .Values.serviceAccount.annotations }}
+  annotations:
+{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
+{{- end }}
+{{- if or .Values.auth .Values.sentinel.auth }}
+secrets:
+{{- end }}
+{{- if .Values.auth }}
+- name: {{ default (include "redis-ha.fullname" .) .Values.existingSecret }}
+{{- end }}
+{{- if .Values.sentinel.auth }}
+- name: {{ default (printf "%s-sentinel" (include "redis-ha.fullname" .)) .Values.sentinel.existingSecret }}
+{{- end }}
+{{- if .Values.imagePullSecrets }}
+imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 0 }}
+{{- end }}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-servicemonitor.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-servicemonitor.yaml
new file mode 100644
index 00000000..6b374a87
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-servicemonitor.yaml
@@ -0,0 +1,39 @@
+{{- if and ( or .Values.exporter.serviceMonitor.disableAPICheck ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ) ( .Values.exporter.serviceMonitor.enabled ) ( .Values.exporter.enabled ) }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "redis-ha.fullname" . }}
+  namespace: {{ .Values.exporter.serviceMonitor.namespace | default .Release.Namespace | quote }}
+  labels:
+{{ include "labels.standard" . | indent 4 }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+    {{- range $key, $value := .Values.exporter.serviceMonitor.labels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+spec:
+  endpoints:
+  - targetPort: {{ .Values.exporter.port }}
+{{- if .Values.exporter.serviceMonitor.interval }}
+    interval: {{ .Values.exporter.serviceMonitor.interval }}
+{{- end }}
+{{- if .Values.exporter.serviceMonitor.telemetryPath }}
+    path: {{ .Values.exporter.serviceMonitor.telemetryPath }}
+{{- end }}
+{{- if .Values.exporter.serviceMonitor.timeout }}
+    scrapeTimeout: {{ .Values.exporter.serviceMonitor.timeout }}
+{{- end }}
+{{- with .Values.exporter.serviceMonitor.endpointAdditionalProperties }}
+{{- toYaml . | nindent 4 }}
+{{- end }}
+  jobLabel: {{ template "redis-ha.fullname" . }}
+  namespaceSelector:
+    matchNames:
+    - {{ .Release.Namespace | quote }}
+  selector:
+    matchLabels:
+      app: {{ template "redis-ha.name" . }}
+      release: {{ .Release.Name }}
+      exporter: enabled
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-statefulset.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-statefulset.yaml
new file mode 100644
index 00000000..1351ab18
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-ha-statefulset.yaml
@@ -0,0 +1,668 @@
+{{- $regexRestoreS3 := "^s3://.+|^S3://.+" -}}
+{{- $regexRestoreSSH := "^.+@.+:.+" -}}
+{{- $regexRestoreRedis := "^redis://(?:[A-Za-z0-9_]+(?::[^@]+)?@)?[A-Za-z0-9.-]+(?::\\d{1,5})?(?:/\\d+)?$" -}}
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "redis-ha.fullname" . }}-server
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{ template "redis-ha.fullname" . }}: replica
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+{{ include "labels.standard" . | indent 4 }}
+  annotations:
+{{ toYaml .Values.redis.annotations | indent 4 }}
+spec:
+  selector:
+    matchLabels:
+      release: {{ .Release.Name }}
+      app: {{ template "redis-ha.name" . }}
+  serviceName: {{ template "redis-ha.fullname" . }}
+  replicas: {{ .Values.replicas }}
+  podManagementPolicy: {{ .Values.podManagementPolicy }}
+  updateStrategy:
+    type: {{ .Values.redis.updateStrategy.type }}
+  {{- if .Values.redis.minReadySeconds }}
+  minReadySeconds: {{ .Values.redis.minReadySeconds }}
+  {{- end }}
+  template:
+    metadata:
+      annotations:
+        checksum/init-config: {{ print (include "config-redis.conf" .) (include "config-sentinel.conf" .) (include "config-init.sh" .) (include "fix-split-brain.sh" .) (include "redis_liveness.sh" .) (include "redis_readiness.sh" .) (include "sentinel_liveness.sh" .) (include "trigger-failover-if-master.sh" .)| sha256sum }}
+      {{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | indent 8 }}
+      {{- end }}
+      {{- if and (.Values.exporter.enabled) (not .Values.exporter.serviceMonitor.enabled) }}
+        prometheus.io/port: "{{ .Values.exporter.port }}"
+        prometheus.io/scrape: "true"
+        prometheus.io/path: {{ .Values.exporter.scrapePath }}
+      {{- end }}
+      labels:
+        release: {{ .Release.Name }}
+        app: {{ template "redis-ha.name" . }}
+        {{ template "redis-ha.fullname" . }}: replica
+        {{- range $key, $value := .Values.labels }}
+        {{ $key }}: {{ $value | toString }}
+        {{- end }}
+        {{- range $key, $value := .Values.extraLabels }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
+    spec:
+      {{- if .Values.redis.terminationGracePeriodSeconds }}
+      terminationGracePeriodSeconds: {{ .Values.redis.terminationGracePeriodSeconds }}
+      {{- end }}
+      {{- if .Values.schedulerName }}
+      schedulerName: "{{ .Values.schedulerName }}"
+      {{- end }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end }}
+      {{- if .Values.tolerations }}
+      tolerations:
+{{ toYaml .Values.tolerations | indent 8 }}
+      {{- end }}
+      affinity:
+    {{- if .Values.affinity }}
+    {{- with .Values.affinity }}
+{{ tpl . $ | indent 8 }}
+    {{- end }}
+    {{- else }}
+    {{- if .Values.additionalAffinities }}
+{{ toYaml .Values.additionalAffinities | indent 8 }}
+    {{- end }}
+        podAntiAffinity:
+    {{- if .Values.hardAntiAffinity }}
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchLabels:
+                  app: {{ template "redis-ha.name" . }}
+                  release: {{ .Release.Name }}
+                  {{ template "redis-ha.fullname" . }}: replica
+              topologyKey: kubernetes.io/hostname
+    {{- else }}
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - weight: 100
+              podAffinityTerm:
+                labelSelector:
+                  matchLabels:
+                    app: {{ template "redis-ha.name" . }}
+                    release: {{ .Release.Name }}
+                    {{ template "redis-ha.fullname" . }}: replica
+                topologyKey: kubernetes.io/hostname
+    {{- end }}
+    {{- end }}
+    {{- if .Values.topologySpreadConstraints.enabled }}
+      topologySpreadConstraints:
+      - maxSkew: {{ .Values.topologySpreadConstraints.maxSkew | default 1 }}
+        topologyKey: {{ .Values.topologySpreadConstraints.topologyKey | default "topology.kubernetes.io/zone" }}
+        whenUnsatisfiable: {{ .Values.topologySpreadConstraints.whenUnsatisfiable | default "ScheduleAnyway" }}
+        labelSelector:
+          matchLabels:
+            app: {{ template "redis-ha.name" . }}
+            release: {{ .Release.Name }}
+            {{ template "redis-ha.fullname" . }}: replica
+      {{- end }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
+      {{- end }}
+      securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.securityContext "context" $) | nindent 8 }}
+      serviceAccountName: {{ template "redis-ha.serviceAccountName" . }}
+      automountServiceAccountToken: {{ .Values.serviceAccount.automountToken }}
+      initContainers:
+      {{- if .Values.sysctlImage.enabled }}
+      - name: init-sysctl
+        image: {{ template "redis.sysctl.image" . }}
+        imagePullPolicy: {{ .Values.sysctlImage.pullPolicy }}
+        resources: {{ toYaml .Values.sysctlImage.resources | nindent 10 }}
+        {{- if .Values.sysctlImage.mountHostSys }}
+        volumeMounts:
+        - name: host-sys
+          mountPath: /host-sys
+        {{- end }}
+        command: {{ toYaml .Values.sysctlImage.command | nindent 10 }}
+        securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }}
+      {{- end }}
+{{- if and .Values.hostPath.path .Values.hostPath.chown }}
+      - name: hostpath-chown
+        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }}
+        command:
+        - chown
+        - "{{ .Values.containerSecurityContext.runAsUser }}"
+        - /data
+        volumeMounts:
+        - name: data
+          mountPath: /data
+{{- end }}
+      - name: config-init
+        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        resources:
+{{ toYaml .Values.init.resources | indent 10 }}
+        command:
+        - sh
+        args:
+        - /readonly-config/init.sh
+        securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }}
+        env:
+{{- $replicas := int (toString .Values.replicas) -}}
+{{- range $i := until $replicas }}
+        - name: SENTINEL_ID_{{ $i }}
+          value: {{ printf "%s\n%s\nindex: %d" (include "redis-ha.name" $) ($.Release.Name) $i | sha256sum | trunc 40 }}
+{{- end }}
+{{- if .Values.auth }}
+        - name: AUTH
+          valueFrom:
+            secretKeyRef:
+            {{- if .Values.existingSecret }}
+              name: {{ .Values.existingSecret }}
+            {{- else }}
+              name: {{ template "redis-ha.fullname" . }}
+            {{- end }}
+              key: {{ .Values.authKey }}
+{{- end }}
+{{- if .Values.sentinel.auth }}
+        - name: SENTINELAUTH
+          valueFrom:
+            secretKeyRef:
+            {{- if .Values.sentinel.existingSecret }}
+              name: {{ .Values.sentinel.existingSecret }}
+            {{- else }}
+              name: {{ template "redis-ha.fullname" . }}-sentinel
+            {{- end }}
+              key: {{ .Values.sentinel.authKey }}
+{{- end }}
+        volumeMounts:
+        - name: config
+          mountPath: /readonly-config
+          readOnly: true
+        - name: data
+          mountPath: /data
+        {{- if .Values.redis.tlsPort }}
+        - mountPath: /tls-certs
+          name: tls-certs
+        {{- end}}
+{{ if regexFind $regexRestoreS3 (toString .Values.restore.s3.source) }}
+      - name: restore-s3
+        image: s3cmd/s3cmd:latest
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        resources:
+{{ toYaml .Values.init.resources | indent 10 }}
+        command:
+        - sh
+        args:
+        - "-c"
+        - "timeout -t {{ .Values.restore.timeout }} \
+             s3cmd get {{ if .Values.restore.s3.region }}--region {{ .Values.restore.s3.region }} {{ end }}--force '{{ .Values.restore.s3.source }}' /data/dump.rdb_ \
+           && test -s /data/dump.rdb_ \
+           && if test -s /data/dump.rdb; \
+              then cp -v /data/dump.rdb /data/dump.rdb_orig; fi \
+           && mv -v /data/dump.rdb_ /data/dump.rdb"
+        envFrom:
+        - secretRef:
+          {{- if .Values.restore.existingSecret }}
+            name: {{ .Values.existingSecret }}
+          {{- else }}
+            name: {{ include "redis-ha.fullname" . }}-secret
+          {{- end }}
+        volumeMounts:
+        - name: data
+          mountPath: /data
+{{- end }}
+{{ if regexFind $regexRestoreSSH (toString .Values.restore.ssh.source) }}
+      - name: restore-ssh
+        image: lgatica/openssh-client:latest
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        resources:
+{{ toYaml .Values.init.resources | indent 10 }}
+        command:
+        - sh
+        args:
+        - "-c"
+        - "rm -f key && echo -e \"${SSH_KEY}\" >key \
+           && chmod 400 key \
+           && timeout {{ .Values.restore.timeout }} \
+                scp -i key \
+                    -o StrictHostKeyChecking=no \
+                    -o UserKnownHostsFile=/dev/null \
+                    '{{ .Values.restore.ssh.source }}' \
+                    /data/dump.rdb_ \
+           && test -s /data/dump.rdb_ \
+           && if test -s /data/dump.rdb; \
+              then cp -v /data/dump.rdb /data/dump.rdb_orig; fi \
+           && mv -v /data/dump.rdb_ /data/dump.rdb"
+        securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }}
+        envFrom:
+        - secretRef:
+          {{- if .Values.restore.existingSecret }}
+            name: {{ .Values.existingSecret }}
+          {{- else }}
+            name: {{ include "redis-ha.fullname" . }}-secret
+          {{- end }}
+        volumeMounts:
+        - name: data
+          mountPath: /data
+{{- end }}
+{{ if regexFind $regexRestoreRedis (toString .Values.restore.redis.source) }}
+      - name: restore-redis
+        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        resources:
+{{ toYaml .Values.init.resources | indent 10 }}
+        command:
+        - sh
+        args:
+        - "-c"
+        - "echo $HOSTNAME | grep -q 'ha-server-0' \
+          && nc -w 5 -vz {{ regexReplaceAll  "^redis:\\/\\/(.*)" .Values.restore.redis.source "${1}" }} \
+          && test ! -s /data/dump.rdb \
+          && timeout {{ .Values.restore.timeout }} \
+          redis-cli -u {{ .Values.restore.redis.source }} --rdb /data/dump.rdb_ \
+          && test -s /data/dump.rdb_ \
+          && if test -s /data/dump.rdb; \
+              then cp -v /data/dump.rdb /data/dump.rdb_orig; fi \
+          && mv -v /data/dump.rdb_ /data/dump.rdb || true"
+        {{- if .Values.restore.existingSecret }}
+        envFrom:
+        - secretRef:
+            name: {{ .Values.existingSecret }}
+        {{- end }}
+        volumeMounts:
+        - name: data
+          mountPath: /data
+{{- end }}
+{{- if .Values.extraInitContainers }}
+{{- toYaml .Values.extraInitContainers | nindent 6 }}
+{{- end }}
+      containers:
+      - name: redis
+        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        command:
+        {{- if .Values.redis.customCommand }}
+{{ toYaml .Values.redis.customCommand | indent 10 }}
+        {{- else }}
+          - redis-server
+        {{- end }}
+        args:
+        {{- if .Values.redis.customArgs }}
+{{ toYaml .Values.redis.customArgs | indent 10 }}
+        {{- else }}
+          - /data/conf/redis.conf
+        {{- end }}
+        securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }}
+        {{- if .Values.auth }}
+        env:
+        - name: AUTH
+          valueFrom:
+            secretKeyRef:
+            {{- if .Values.existingSecret }}
+              name: {{ .Values.existingSecret }}
+            {{- else }}
+              name: {{ template "redis-ha.fullname" . }}
+            {{- end }}
+              key: {{ .Values.authKey }}
+        {{- end }}
+        {{- if .Values.redis.envFrom }}
+        envFrom:
+{{ toYaml .Values.redis.envFrom | indent 10 }}
+        {{- end }}
+        {{- if .Values.redis.livenessProbe.enabled }}
+        livenessProbe:
+          initialDelaySeconds: {{ .Values.redis.livenessProbe.initialDelaySeconds }}
+          periodSeconds: {{ .Values.redis.livenessProbe.periodSeconds }}
+          timeoutSeconds: {{ .Values.redis.livenessProbe.timeoutSeconds }}
+          successThreshold: {{ .Values.redis.livenessProbe.successThreshold }}
+          failureThreshold: {{ .Values.redis.livenessProbe.failureThreshold }}
+          exec:
+            command:
+              - sh
+              - -c
+              - /health/redis_liveness.sh
+        {{- end }}
+        {{- if .Values.redis.readinessProbe.enabled }}
+        readinessProbe:
+          initialDelaySeconds: {{ .Values.redis.readinessProbe.initialDelaySeconds }}
+          periodSeconds: {{ .Values.redis.readinessProbe.periodSeconds }}
+          timeoutSeconds: {{ .Values.redis.readinessProbe.timeoutSeconds }}
+          successThreshold: {{ .Values.redis.readinessProbe.successThreshold }}
+          failureThreshold: {{ .Values.redis.readinessProbe.failureThreshold }}
+          exec:
+            command:
+              - sh
+              - -c
+              - /health/redis_readiness.sh
+        {{- end }}
+        {{- if .Values.redis.startupProbe.enabled }}
+        startupProbe:
+          initialDelaySeconds: {{ .Values.redis.startupProbe.initialDelaySeconds }}
+          periodSeconds: {{ .Values.redis.startupProbe.periodSeconds }}
+          timeoutSeconds: {{ .Values.redis.startupProbe.timeoutSeconds }}
+          successThreshold: {{ .Values.redis.startupProbe.successThreshold }}
+          failureThreshold: {{ .Values.redis.startupProbe.failureThreshold }}
+          exec:
+            command:
+              - sh
+              - -c
+              - /health/redis_readiness.sh
+        {{- end }}
+        resources:
+{{ toYaml .Values.redis.resources | indent 10 }}
+        ports:
+        {{- if ne (int .Values.redis.port) 0 }}
+        - name: redis
+          containerPort: {{ .Values.redis.port }}
+        {{- end }}
+        {{- if .Values.redis.tlsPort }}
+        - name: redis-tls
+          containerPort: {{ .Values.redis.tlsPort }}
+        {{- end }}
+        volumeMounts:
+        - name: config
+          mountPath: /readonly-config
+          readOnly: true
+        - mountPath: /data
+          name: data
+        {{- if .Values.redis.tlsPort }}
+        - mountPath: /tls-certs
+          name: tls-certs
+        {{- end}}
+        - mountPath: /health
+          name: health
+{{- if .Values.redis.extraVolumeMounts }}
+{{- toYaml .Values.redis.extraVolumeMounts | nindent 8 }}
+{{- end }}
+        lifecycle:
+{{ toYaml .Values.redis.lifecycle | indent 10 }}
+      - name: sentinel
+        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        command:
+        {{- if .Values.sentinel.customCommand }}
+{{ toYaml .Values.sentinel.customCommand | indent 10 }}
+        {{- else }}
+          - redis-sentinel
+        {{- end }}
+        args:
+        {{- if .Values.sentinel.customArgs }}
+{{ toYaml .Values.sentinel.customArgs | indent 10 }}
+        {{- else }}
+          - /data/conf/sentinel.conf
+        {{- end }}
+        securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }}
+{{- if or .Values.auth .Values.sentinel.auth}}
+        env:
+  {{- if .Values.auth }}
+        - name: AUTH
+          valueFrom:
+            secretKeyRef:
+            {{- if .Values.existingSecret }}
+              name: {{ .Values.existingSecret }}
+            {{- else }}
+              name: {{ template "redis-ha.fullname" . }}
+            {{- end }}
+              key: {{ .Values.authKey }}
+  {{- end }}
+  {{- if .Values.sentinel.auth }}
+        - name: SENTINELAUTH
+          valueFrom:
+            secretKeyRef:
+            {{- if .Values.sentinel.existingSecret }}
+              name: {{ .Values.sentinel.existingSecret }}
+            {{- else }}
+              name: {{ template "redis-ha.fullname" . }}-sentinel
+            {{- end }}
+              key: {{ .Values.sentinel.authKey }}
+  {{- end }}
+{{- end }}
+        {{- if .Values.sentinel.livenessProbe.enabled }}
+        livenessProbe:
+          initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }}
+          periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }}
+          timeoutSeconds: {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
+          successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }}
+          failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }}
+          exec:
+            command:
+              - sh
+              - -c
+              - /health/sentinel_liveness.sh
+        {{- end }}
+        {{- if .Values.sentinel.readinessProbe.enabled }}
+        readinessProbe:
+          initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }}
+          periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }}
+          timeoutSeconds: {{ .Values.sentinel.readinessProbe.timeoutSeconds }}
+          successThreshold: {{ .Values.sentinel.readinessProbe.successThreshold }}
+          failureThreshold: {{ .Values.sentinel.readinessProbe.failureThreshold }}
+          exec:
+            command:
+              - sh
+              - -c
+              - /health/sentinel_liveness.sh
+        {{- end }}
+        {{- if .Values.sentinel.startupProbe.enabled }}
+        startupProbe:
+          initialDelaySeconds: {{ .Values.sentinel.startupProbe.initialDelaySeconds }}
+          periodSeconds: {{ .Values.sentinel.startupProbe.periodSeconds }}
+          timeoutSeconds: {{ .Values.sentinel.startupProbe.timeoutSeconds }}
+          successThreshold: {{ .Values.sentinel.startupProbe.successThreshold }}
+          failureThreshold: {{ .Values.sentinel.startupProbe.failureThreshold }}
+          exec:
+            command:
+              - sh
+              - -c
+              - /health/sentinel_liveness.sh
+        {{- end }}
+        resources:
+{{ toYaml .Values.sentinel.resources | indent 10 }}
+        ports:
+        {{- if ne (int .Values.sentinel.port) 0 }}
+          - name: sentinel
+            containerPort: {{ .Values.sentinel.port }}
+        {{- end }}
+        {{- if .Values.sentinel.tlsPort }}
+          - name: sentinel-tls
+            containerPort: {{ .Values.sentinel.tlsPort }}
+        {{- end }}
+        volumeMounts:
+        - mountPath: /data
+          name: data
+        {{- if .Values.redis.tlsPort }}
+        - mountPath: /tls-certs
+          name: tls-certs
+        {{- end }}
+        - mountPath: /health
+          name: health
+{{- if .Values.sentinel.extraVolumeMounts }}
+{{- toYaml .Values.sentinel.extraVolumeMounts | nindent 8 }}
+{{- end }}
+        lifecycle:
+{{ toYaml .Values.sentinel.lifecycle | indent 10 }}
+
+      - name: split-brain-fix
+        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        command:
+          - sh
+        args:
+          - /readonly-config/fix-split-brain.sh
+        securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }}
+        env:
+{{- $replicas := int (toString .Values.replicas) -}}
+{{- range $i := until $replicas }}
+        - name: SENTINEL_ID_{{ $i }}
+          value: {{ printf "%s\n%s\nindex: %d" (include "redis-ha.name" $) ($.Release.Name) $i | sha256sum | trunc 40 }}
+{{- end }}
+{{- if .Values.auth }}
+        - name: AUTH
+          valueFrom:
+            secretKeyRef:
+            {{- if .Values.existingSecret }}
+              name: {{ .Values.existingSecret }}
+            {{- else }}
+              name: {{ template "redis-ha.fullname" . }}
+            {{- end }}
+              key: {{ .Values.authKey }}
+{{- end }}
+{{- if .Values.sentinel.auth }}
+        - name: SENTINELAUTH
+          valueFrom:
+            secretKeyRef:
+            {{- if .Values.sentinel.existingSecret }}
+              name: {{ .Values.sentinel.existingSecret }}
+            {{- else }}
+              name: {{ template "redis-ha.fullname" . }}-sentinel
+            {{- end }}
+              key: {{ .Values.sentinel.authKey }}
+{{- end }}
+        resources: 
+          {{- toYaml .Values.splitBrainDetection.resources | nindent 10 }}
+        volumeMounts:
+        - name: config
+          mountPath: /readonly-config
+          readOnly: true
+        - mountPath: /data
+          name: data
+        {{- if .Values.redis.tlsPort }}
+        - mountPath: /tls-certs
+          name: tls-certs
+        {{- end }}
+
+{{- if .Values.exporter.enabled }}
+      - name: redis-exporter
+        image: "{{ .Values.exporter.image }}:{{ .Values.exporter.tag }}"
+        imagePullPolicy: {{ .Values.exporter.pullPolicy }}
+        args:
+        {{- range $key, $value := .Values.exporter.extraArgs }}
+          - --{{ $key }}={{ $value }}
+        {{- end }}
+        securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }}
+        env:
+          - name: REDIS_ADDR
+          {{- if .Values.exporter.sslEnabled }}
+            value: rediss://{{ default "localhost" .Values.exporter.address }}:{{ .Values.redis.tlsPort }}
+          {{- else }}
+            value: redis://{{ default "localhost" .Values.exporter.address }}:{{ .Values.redis.port }}
+          {{- end }}
+        {{- if .Values.auth }}
+          - name: REDIS_PASSWORD
+            valueFrom:
+              secretKeyRef:
+              {{- if .Values.existingSecret }}
+                name: {{ .Values.existingSecret }}
+              {{- else }}
+                name: {{ template "redis-ha.fullname" . }}
+              {{- end }}
+                key: {{ .Values.authKey }}
+        {{- end }}
+        {{- if .Values.exporter.script }}
+          - name: REDIS_EXPORTER_SCRIPT
+            value: /script/script.lua
+        {{- end }}
+        {{- if .Values.exporter.sslEnabled }}
+          - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE
+            value: /tls-certs/{{ .Values.tls.keyFile }}
+          - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE
+            value: /tls-certs/{{ .Values.tls.certFile }}
+          - name: REDIS_EXPORTER_TLS_CA_CERT_FILE
+            value: /tls-certs/{{ .Values.tls.caCertFile }}
+        {{- end }}
+        livenessProbe:
+{{ toYaml .Values.exporter.livenessProbe | indent 10 }}
+        readinessProbe:
+{{ toYaml .Values.exporter.readinessProbe | indent 10 }}
+        resources:
+{{ toYaml .Values.exporter.resources | indent 10 }}
+        ports:
+          - name: {{ .Values.exporter.portName }}
+            containerPort: {{ .Values.exporter.port }}
+        volumeMounts:
+          {{- if .Values.exporter.script }}
+          - mountPath: /script
+            name: script-mount
+          {{- end }}
+          {{- if .Values.exporter.sslEnabled }}
+          - mountPath: /tls-certs
+            name: tls-certs
+          {{- end }}
+{{- end }}
+{{- if .Values.extraContainers }}
+{{- toYaml .Values.extraContainers | nindent 6 }}
+{{- end -}}
+      {{- with .Values.priorityClassName | default .Values.global.priorityClassName }}
+      priorityClassName: {{ . }}
+      {{- end }}
+      volumes:
+      - name: config
+        configMap:
+          name: {{ template "redis-ha.fullname" . }}-configmap
+      {{- if .Values.sysctlImage.mountHostSys }}
+      - name: host-sys
+        hostPath:
+          path: /sys
+      {{- end }}
+      {{- if .Values.exporter.script }}
+      - name: script-mount
+        configMap:
+          name: {{ template "redis-ha.fullname" . }}-exporter-script-configmap
+          items:
+            - key: script
+              path: script.lua
+      {{- end }}
+      {{- if .Values.redis.tlsPort }}
+      - name: tls-certs
+        secret:
+          {{- if .Values.tls.secretName }}
+          secretName: {{ .Values.tls.secretName }}
+          {{- else }}
+          secretName: {{ template "redis-ha.fullname" . }}-tls-secret
+          {{- end }}
+      {{- end }}
+      - name: health
+        configMap:
+          name: {{ template "redis-ha.fullname" . }}-health-configmap
+          defaultMode: 0755
+{{- if .Values.extraVolumes }}
+{{- toYaml .Values.extraVolumes | nindent 6 }}
+{{- end -}}
+{{- if .Values.persistentVolume.enabled }}
+  volumeClaimTemplates:
+  - apiVersion: v1
+    kind: PersistentVolumeClaim
+    metadata:
+      name: data
+      annotations:
+      {{- range $key, $value := .Values.persistentVolume.annotations }}
+        {{ $key }}: {{ $value }}
+      {{- end }}
+      labels: {{- toYaml .Values.persistentVolume.labels | nindent 8 }}
+
+    spec:
+      accessModes:
+      {{- range .Values.persistentVolume.accessModes }}
+        - {{ . | quote }}
+      {{- end }}
+      resources:
+        requests:
+          storage: {{ .Values.persistentVolume.size | quote }}
+    {{- if .Values.persistentVolume.storageClass }}
+    {{- if (eq "-" .Values.persistentVolume.storageClass) }}
+      storageClassName: ""
+    {{- else }}
+      storageClassName: "{{ .Values.persistentVolume.storageClass }}"
+    {{- end }}
+{{- end }}
+{{- else if .Values.hostPath.path }}
+      - name: data
+        hostPath:
+          path: {{ tpl .Values.hostPath.path .}}
+{{- else }}
+      - name: data
+        emptyDir:
+{{ toYaml .Values.emptyDir | indent 10 }}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-deployment.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-deployment.yaml
new file mode 100644
index 00000000..07677fcd
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-deployment.yaml
@@ -0,0 +1,202 @@
+{{- if .Values.haproxy.enabled }}
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: {{ template "redis-ha.fullname" . }}-haproxy
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+{{ include "labels.standard" . | indent 4 }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+spec:
+  {{- with .Values.haproxy.deploymentStrategy }}
+  strategy:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  revisionHistoryLimit: 1
+  replicas: {{ .Values.haproxy.replicas }}
+  selector:
+    matchLabels:
+      app: {{ template "redis-ha.name" . }}-haproxy
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      name: {{ template "redis-ha.fullname" . }}-haproxy
+      labels:
+        app: {{ template "redis-ha.name" . }}-haproxy
+        release: {{ .Release.Name }}
+        {{- range $key, $value := .Values.haproxy.labels }}
+        {{ $key }}: {{ $value | toString }}
+        {{- end }}
+        {{- range $key, $value := .Values.extraLabels }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
+      annotations:
+      {{- if and (.Values.haproxy.metrics.enabled) (not .Values.haproxy.metrics.serviceMonitor.enabled)  }}
+        prometheus.io/port: "{{ .Values.haproxy.metrics.port }}"
+        prometheus.io/scrape: "true"
+        prometheus.io/path: "{{ .Values.haproxy.metrics.scrapePath }}"
+      {{- end }}
+        checksum/config: {{ print (include "config-haproxy.cfg" .) (include "config-haproxy_init.sh" .) | sha256sum }}
+      {{- if .Values.haproxy.annotations }}
+{{ toYaml .Values.haproxy.annotations | indent 8 }}
+      {{- end }}
+    spec:
+      # Needed when using unmodified rbac-setup.yml
+      {{ if .Values.haproxy.serviceAccount.create }}
+      serviceAccountName: {{ template "redis-ha.serviceAccountName" . }}-haproxy
+      {{- else }}
+      serviceAccountName: {{ .Values.haproxy.serviceAccountName }}
+      {{- end }}
+      securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.haproxy.securityContext "context" $) | nindent 8 }}
+      automountServiceAccountToken: {{ .Values.haproxy.serviceAccount.automountToken }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      tolerations:
+{{ toYaml .Values.tolerations | indent 8 }}
+      affinity:
+    {{- if .Values.haproxy.affinity }}
+    {{- with .Values.haproxy.affinity }}
+{{ tpl . $ | indent 8 }}
+    {{- end }}
+    {{- else }}
+    {{- if .Values.haproxy.additionalAffinities }}
+{{ toYaml .Values.haproxy.additionalAffinities | indent 8 }}
+    {{- end }}
+        podAntiAffinity:
+    {{- if .Values.haproxy.hardAntiAffinity }}
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchLabels:
+                  app: {{ template "redis-ha.name" . }}-haproxy
+                  release: {{ .Release.Name }}
+              topologyKey: kubernetes.io/hostname
+    {{- else }}
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - weight: 100
+              podAffinityTerm:
+                labelSelector:
+                  matchLabels:
+                    app: {{ template "redis-ha.name" . }}-haproxy
+                    release: {{ .Release.Name }}
+                topologyKey: kubernetes.io/hostname
+    {{- end }}
+    {{- end }}
+    {{- if .Values.topologySpreadConstraints.enabled }}
+      topologySpreadConstraints:
+      - maxSkew: {{ .Values.topologySpreadConstraints.maxSkew | default 1 }}
+        topologyKey: {{ .Values.topologySpreadConstraints.topologyKey | default "topology.kubernetes.io/zone" }}
+        whenUnsatisfiable: {{ .Values.topologySpreadConstraints.whenUnsatisfiable | default "ScheduleAnyway" }}
+        labelSelector:
+          matchLabels:
+            app: {{ template "redis-ha.name" . }}-haproxy
+            release: {{ .Release.Name }}
+      {{- end }}
+      initContainers:
+      - name: config-init
+        image: {{ .Values.haproxy.image.repository }}:{{ .Values.haproxy.image.tag }}
+        imagePullPolicy: {{ .Values.haproxy.image.pullPolicy }}
+        resources:
+{{ toYaml .Values.haproxy.init.resources | indent 10 }}
+        command:
+        - sh
+        args:
+        - /readonly/haproxy_init.sh
+        securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.haproxy.containerSecurityContext "context" $) | nindent 10 }}
+        volumeMounts:
+        - name: config-volume
+          mountPath: /readonly
+          readOnly: true
+        - name: data
+          mountPath: /data
+      {{- if .Values.haproxy.imagePullSecrets }}
+      imagePullSecrets: {{ toYaml .Values.haproxy.imagePullSecrets | nindent 8 }}
+      {{- end }}
+      containers:
+      - name: haproxy
+        image: {{ .Values.haproxy.image.repository }}:{{ .Values.haproxy.image.tag }}
+        imagePullPolicy: {{ .Values.haproxy.image.pullPolicy }}
+        securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.haproxy.containerSecurityContext "context" $) | nindent 10 }}
+    {{- if or .Values.auth .Values.sentinel.auth}}
+        env:
+      {{- if .Values.auth }}
+        - name: AUTH
+          valueFrom:
+            secretKeyRef:
+            {{- if .Values.existingSecret }}
+              name: {{ .Values.existingSecret }}
+            {{- else }}
+              name: {{ template "redis-ha.fullname" . }}
+            {{- end }}
+              key: {{ .Values.authKey }}
+      {{- end }}
+      {{- if .Values.sentinel.auth }}
+        - name: SENTINELAUTH
+          valueFrom:
+            secretKeyRef:
+            {{- if .Values.sentinel.existingSecret }}
+              name: {{ .Values.sentinel.existingSecret }}
+            {{- else }}
+              name: {{ template "redis-ha.fullname" . }}-sentinel
+            {{- end }}
+              key: {{ .Values.sentinel.authKey }}
+      {{- end }}
+    {{- end }}
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: probe
+          initialDelaySeconds: 5
+          periodSeconds: 3
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: probe
+          initialDelaySeconds: 5
+          periodSeconds: 3
+        ports:
+        - name: probe
+          containerPort: 8888
+        - name: redis
+          containerPort: {{ default "6379" .Values.haproxy.containerPort }}
+        {{- if .Values.haproxy.readOnly.enabled }}
+        - name: readonlyport
+          containerPort: {{ default "6380" .Values.haproxy.readOnly.port }}
+        {{- end }}
+        {{- if .Values.haproxy.metrics.enabled }}
+        - name: metrics-port
+          containerPort: {{ default "9101" .Values.haproxy.metrics.port }}
+        {{- end }}
+        resources:
+{{ toYaml .Values.haproxy.resources | indent 10 }}
+        volumeMounts:
+        - name: data
+          mountPath: /usr/local/etc/haproxy
+        - name: shared-socket
+          mountPath: /run/haproxy
+{{- if .Values.haproxy.tls.enabled }}
+        - name: pemfile
+          mountPath: {{ .Values.haproxy.tls.certMountPath }}
+{{- end }}
+        lifecycle:
+{{ toYaml .Values.haproxy.lifecycle | indent 10 }}
+      {{- with .Values.haproxy.priorityClassName | default .Values.global.priorityClassName }}
+      priorityClassName: {{ . }}
+      {{- end }}
+      volumes:
+{{- if .Values.haproxy.tls.enabled }}
+      - name: pemfile
+        secret:
+          secretName: {{ .Values.haproxy.tls.secretName }}
+{{- end }}
+      - name: config-volume
+        configMap:
+          name: {{ template "redis-ha.fullname" . }}-configmap
+      - name: shared-socket
+        emptyDir:
+{{ toYaml .Values.haproxy.emptyDir | indent 10 }}
+      - name: data
+        emptyDir:
+{{ toYaml .Values.haproxy.emptyDir | indent 10 }}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-network-policy.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-network-policy.yaml
new file mode 100644
index 00000000..2b746ea2
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-network-policy.yaml
@@ -0,0 +1,74 @@
+{{- if and .Values.haproxy.enabled .Values.haproxy.networkPolicy.enabled }}
+{{- $root := . }}
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: {{ template "redis-ha.fullname" . }}-haproxy-network-policy
+  namespace: {{ .Release.Namespace | quote }}
+  {{- if .Values.haproxy.networkPolicy.annotations }}
+  annotations:
+    {{- range $key, $value := .Values.haproxy.networkPolicy.annotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+  labels:
+    {{- include "labels.standard" . | nindent 4 }}
+    {{- range $key, $value := .Values.haproxy.networkPolicy.labels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+spec:
+  podSelector:
+    matchLabels:
+      release: {{ .Release.Name }}
+      app: {{ template "redis-ha.name" . }}-haproxy
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - to:
+        - podSelector:
+            matchLabels:
+              release: {{ .Release.Name }}
+              app: {{ template "redis-ha.name" . }}
+      ports:
+        - port: {{ .Values.redis.port }}
+          protocol: TCP
+        - port: {{ .Values.sentinel.port }}
+          protocol: TCP
+    - to:
+        - namespaceSelector: {}
+      ports:
+        - port: 53
+          protocol: UDP
+        - port: 53
+          protocol: TCP
+    {{-  range $rule := .Values.haproxy.networkPolicy.egressRules }}
+    - to:
+        {{- (tpl (toYaml $rule.selectors) $) | nindent 8 }}
+      ports:
+        {{- toYaml $rule.ports | nindent 8 }}
+    {{- end }}
+  ingress:
+    - from:
+        - podSelector:
+            matchLabels:
+              release: {{ .Release.Name }}
+              app: {{ template "redis-ha.name" . }}
+      ports:
+        - port: {{ .Values.redis.port }}
+          protocol: TCP
+        - port: {{ .Values.sentinel.port }}
+          protocol: TCP
+    {{-  range $rule := .Values.haproxy.networkPolicy.ingressRules }}
+    - from:
+        {{- (tpl (toYaml $rule.selectors) $) | nindent 8 }}
+      ports:
+        {{- if $rule.ports }}
+        {{- toYaml $rule.ports | nindent 8 }}
+        {{- end }}
+        - port: {{ $root.Values.redis.port }}
+          protocol: TCP
+        - port: {{ $root.Values.sentinel.port }}
+          protocol: TCP
+    {{- end }}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-pdb.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-pdb.yaml
new file mode 100644
index 00000000..9094ddf5
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-pdb.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.haproxy.podDisruptionBudget -}}
+apiVersion: {{ template "redis-ha.podDisruptionBudget.apiVersion" . }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "redis-ha.fullname" . }}-haproxy-pdb
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+{{ include "labels.standard" . | indent 4 }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+spec:
+  selector:
+    matchLabels:
+      release: {{ .Release.Name }}
+      app: {{ template "redis-ha.name" . }}-haproxy
+{{ toYaml .Values.haproxy.podDisruptionBudget | indent 2 }}
+{{- end -}}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-role.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-role.yaml
new file mode 100644
index 00000000..c6fd1df1
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-role.yaml
@@ -0,0 +1,22 @@
+{{- if .Values.haproxy.enabled }}
+{{- if and .Values.haproxy.serviceAccount.create .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "redis-ha.fullname" . }}-haproxy
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+{{ include "labels.standard" . | indent 4 }}
+    component: {{ template "redis-ha.fullname" . }}-haproxy
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+rules:
+- apiGroups:
+    - ""
+  resources:
+    - endpoints
+  verbs:
+    - get
+{{- end }}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-rolebinding.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-rolebinding.yaml
new file mode 100644
index 00000000..629de554
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- if .Values.haproxy.enabled }}
+{{- if and .Values.haproxy.serviceAccount.create .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "redis-ha.fullname" . }}-haproxy
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+{{ include "labels.standard" . | indent 4 }}
+    component: {{ template "redis-ha.fullname" . }}-haproxy
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "redis-ha.serviceAccountName" . }}-haproxy
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "redis-ha.fullname" . }}-haproxy
+{{- end }}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-service.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-service.yaml
new file mode 100644
index 00000000..2feff9bf
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-service.yaml
@@ -0,0 +1,60 @@
+{{- if .Values.haproxy.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "redis-ha.fullname" . }}-haproxy
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+{{ include "labels.standard" . | indent 4 }}
+    component: {{ template "redis-ha.fullname" . }}-haproxy
+{{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ $value | quote }}
+{{- end }}
+{{- range $key, $value := .Values.haproxy.service.labels }}
+    {{ $key }}: {{ $value | quote }}
+{{- end }}
+  annotations:
+  {{- if .Values.haproxy.service.annotations }}
+{{ toYaml .Values.haproxy.service.annotations | indent 4 }}
+  {{- end }}
+spec:
+  type: {{ default "ClusterIP" .Values.haproxy.service.type }}
+  {{- if and (eq .Values.haproxy.service.type "LoadBalancer") .Values.haproxy.service.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.haproxy.service.loadBalancerIP }}
+  {{- end }}
+  {{- if and (eq .Values.haproxy.service.type "LoadBalancer") .Values.haproxy.service.externalTrafficPolicy }}
+  externalTrafficPolicy: {{ .Values.haproxy.service.externalTrafficPolicy }}
+  {{- end }}
+  {{- if and (eq .Values.haproxy.service.type "LoadBalancer") .Values.haproxy.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges: {{ toYaml .Values.haproxy.service.loadBalancerSourceRanges | nindent 2 }}
+  {{- end }}
+  {{- if .Values.haproxy.service.externalIPs }}
+  externalIPs:
+    {{- range $key, $value := .Values.haproxy.service.externalIPs }}
+    - {{ $value }}
+    {{- end }}
+  {{- end }}
+  ports:
+  - name: tcp-haproxy
+    port: {{ .Values.haproxy.servicePort }}
+    protocol: TCP
+    targetPort: redis
+  {{- if and (eq .Values.haproxy.service.type "NodePort") .Values.haproxy.service.nodePort }}
+    nodePort: {{ .Values.haproxy.service.nodePort }}
+  {{- end }}
+{{- if .Values.haproxy.readOnly.enabled }}
+  - name: tcp-haproxyreadonly
+    port: {{ .Values.haproxy.readOnly.port }}
+    protocol: TCP
+    targetPort: {{ .Values.haproxy.readOnly.port }}
+{{- end }}
+{{- if .Values.haproxy.metrics.enabled }}
+  - name: {{ .Values.haproxy.metrics.portName }}
+    port: {{ .Values.haproxy.metrics.port }}
+    protocol: TCP
+    targetPort: metrics-port
+{{- end }}
+  selector:
+    release: {{ .Release.Name }}
+    app: {{ template "redis-ha.name" . }}-haproxy
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-serviceaccount.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-serviceaccount.yaml
new file mode 100644
index 00000000..f016855f
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-serviceaccount.yaml
@@ -0,0 +1,15 @@
+{{- if and .Values.haproxy.serviceAccount.create .Values.haproxy.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "redis-ha.serviceAccountName" . }}-haproxy
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+    app: {{ template "redis-ha.fullname" . }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-servicemonitor.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-servicemonitor.yaml
new file mode 100644
index 00000000..188eac0c
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-haproxy-servicemonitor.yaml
@@ -0,0 +1,39 @@
+{{- if and ( or .Values.haproxy.metrics.serviceMonitor.disableAPICheck ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ) ( .Values.haproxy.metrics.serviceMonitor.enabled ) ( .Values.haproxy.metrics.enabled ) }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "redis-ha.fullname" . }}-haproxy
+  namespace: {{ .Values.haproxy.metrics.serviceMonitor.namespace | default .Release.Namespace | quote }}
+  labels:
+{{ include "labels.standard" . | indent 4 }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+    {{- range $key, $value := .Values.haproxy.metrics.serviceMonitor.labels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+spec:
+  endpoints:
+  - targetPort: {{ .Values.haproxy.metrics.port }}
+{{- if .Values.haproxy.metrics.serviceMonitor.interval }}
+    interval: {{ .Values.haproxy.metrics.serviceMonitor.interval }}
+{{- end }}
+{{- if .Values.haproxy.metrics.serviceMonitor.telemetryPath }}
+    path: {{ .Values.haproxy.metrics.serviceMonitor.telemetryPath }}
+{{- end }}
+{{- if .Values.haproxy.metrics.serviceMonitor.timeout }}
+    scrapeTimeout: {{ .Values.haproxy.metrics.serviceMonitor.timeout }}
+{{- end }}
+{{- with .Values.haproxy.metrics.serviceMonitor.endpointAdditionalProperties }}
+{{- toYaml . | nindent 4 }}
+{{- end }}
+  jobLabel: {{ template "redis-ha.fullname" . }}-haproxy
+  namespaceSelector:
+    matchNames:
+    - {{ .Release.Namespace | quote }}
+  selector:
+    matchLabels:
+      app: {{ template "redis-ha.name" . }}
+      release: {{ .Release.Name }}
+      component: {{ template "redis-ha.fullname" . }}-haproxy
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-tls-secret.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-tls-secret.yaml
new file mode 100644
index 00000000..d3034706
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/redis-tls-secret.yaml
@@ -0,0 +1,27 @@
+{{- if and .Values.redis.tlsPort (not .Values.tls.secretName) -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  metadata:
+  name: {{ template "redis-ha.fullname" . }}-tls-secret
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+{{ include "labels.standard" . | indent 4 }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+type: Opaque
+data:
+  {{- if .Values.tls.caCertFile }}
+  {{ .Values.tls.caCertFile }}: {{ .Files.Get "certs/ca.crt" | b64enc }}
+  {{- end }}
+  {{- if .Values.tls.certFile }}
+  {{ .Values.tls.certFile }}: {{ .Files.Get "certs/redis.crt" | b64enc }}
+  {{- end }}
+  {{- if .Values.tls.keyFile }}
+  {{ .Values.tls.keyFile }}: {{ .Files.Get "certs/redis.key" | b64enc }}
+  {{- end }}
+  {{- if .Values.tls.dhParamsFile }}
+  {{ .Values.tls.dhParamsFile }}: {{ .Files.Get "certs/redis.dh" | b64enc }}
+  {{- end }}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/sentinel-auth-secret.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/sentinel-auth-secret.yaml
new file mode 100644
index 00000000..d351be65
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/sentinel-auth-secret.yaml
@@ -0,0 +1,15 @@
+{{- if and .Values.sentinel.auth (not .Values.sentinel.existingSecret) -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "redis-ha.fullname" . }}-sentinel
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+{{ include "labels.standard" . | indent 4 }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+type: Opaque
+data:
+  {{ .Values.sentinel.authKey }}: {{ .Values.sentinel.password | b64enc | quote }}
+{{- end -}}
\ No newline at end of file
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/tests/test-redis-ha-configmap.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/tests/test-redis-ha-configmap.yaml
new file mode 100644
index 00000000..fbf31ad4
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/tests/test-redis-ha-configmap.yaml
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ template "redis-ha.fullname" . }}-configmap-test
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+{{ include "labels.standard" . | indent 4 }}
+  annotations:
+    "helm.sh/hook": test-success
+spec:
+  nodeSelector: {{ toYaml .Values.nodeSelector | nindent 4 }}
+  tolerations: {{ toYaml .Values.tolerations | nindent 4 }}
+  containers:
+  - name: check-init
+    image: {{ .Values.configmapTest.image.repository }}:{{ .Values.configmapTest.image.tag }}
+    args:
+    - --shell=sh
+    - /readonly-config/init.sh
+    volumeMounts:
+    - name: config
+      mountPath: /readonly-config
+      readOnly: true
+    resources: {{ toYaml .Values.configmapTest.resources | nindent 6 }}
+    securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 6 }}
+  {{- if .Values.imagePullSecrets }}
+  imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 4 }}
+  {{- end }}
+  restartPolicy: Never
+  volumes:
+  - name: config
+    configMap:
+      name: {{ template "redis-ha.fullname" . }}-configmap
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/tests/test-redis-ha-pod.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/tests/test-redis-ha-pod.yaml
new file mode 100644
index 00000000..ac0c84ea
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/templates/tests/test-redis-ha-pod.yaml
@@ -0,0 +1,29 @@
+{{- if .Values.haproxy.enabled }}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ template "redis-ha.fullname" . }}-service-test
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+{{ include "labels.standard" . | indent 4 }}
+  annotations:
+    "helm.sh/hook": test-success
+spec:
+  nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 4 }}
+  tolerations:
+{{ toYaml .Values.tolerations | indent 4 }}
+  containers:
+  - name: "{{ .Release.Name }}-service-test"
+    image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+    command:
+      - sh
+      - -c
+      - redis-cli -h {{ template "redis-ha.fullname" . }}-haproxy -p {{ .Values.redis.port }} info server
+    resources: {{ toYaml .Values.haproxy.tests.resources | nindent 6 }}
+    securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 6 }}
+  {{- if .Values.imagePullSecrets }}
+  imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 4 }}
+  {{- end }}
+  restartPolicy: Never
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/values.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/values.yaml
new file mode 100644
index 00000000..e857f158
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/charts/redis-ha/values.yaml
@@ -0,0 +1,1010 @@
+## Globally shared configuration
+global:
+  # -- Default priority class for all components
+  priorityClassName: ""
+  # -- Openshift compatibility options
+  compatibility:
+    openshift:
+      adaptSecurityContext: auto
+
+## -- Image information for Redis HA
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+image:
+  # -- Redis image repository
+  repository: public.ecr.aws/docker/library/redis
+  # -- Redis image tag
+  tag: 7.2.7-alpine
+  # -- Redis image pull policy
+  pullPolicy: IfNotPresent
+
+# -- Full name of the Redis HA Resources
+fullnameOverride: ""
+
+# -- Name override for Redis HA resources
+nameOverride: ""
+
+## Reference to one or more secrets to be used when pulling images
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+## This imagePullSecrets is only for redis images
+##
+# -- Reference to one or more secrets to be used when pulling redis images
+imagePullSecrets: []
+# - name: "image-pull-secret"
+
+# -- Number of redis master/slave
+replicas: 3
+
+## Customize the statefulset pod management policy:
+## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
+# -- The statefulset pod management policy
+podManagementPolicy: OrderedReady
+
+## read-only replicas
+## indexed slaves get never promoted to be master
+## index starts with 0 - which is master on init
+## i.e. "8,9" means 8th and 9th slave will be replica with replica-priority=0
+## see also: https://redis.io/topics/sentinel
+# -- Comma separated list of slaves which never get promoted to be master.
+# Count starts with 0. Allowed values 1-9. i.e. 3,4 - 3th and 4th redis slave never make it to be master, where master is index 0.
+ro_replicas: ""
+
+# -- Kubernetes priorityClass name for the redis-ha-server pod
+priorityClassName: ""
+
+# -- Custom labels for the redis pod
+labels: {}
+
+# -- Custom labels for redis service
+serviceLabels: {}
+
+## Custom labels for the redis configmap
+configmap:
+  # -- Custom labels for the redis configmap
+  labels: {}
+
+## ConfigMap Test Parameters
+configmapTest:
+  # -- Image for redis-ha-configmap-test hook
+  image:
+    # -- Repository of the configmap shellcheck test image.
+    repository: koalaman/shellcheck
+    # -- Tag of the configmap shellcheck test image.
+    tag: v0.10.0
+  # -- Resources for the ConfigMap test pod
+  resources: {}
+
+## Pods Service Account
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+serviceAccount:
+  # -- Specifies whether a ServiceAccount should be created
+  create: true
+  # -- The name of the ServiceAccount to use.
+  # If not set and create is true, a name is generated using the redis-ha.fullname template
+  name: ""
+  # -- opt in/out of automounting API credentials into container.
+  # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+  automountToken: false
+  # -- Annotations to be added to the service account for the redis statefulset
+  annotations: {}
+
+## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master.
+## Recommend for externally exposed Redis clusters.
+## ref: https://cbonte.github.io/haproxy-dconv/1.9/intro.html
+haproxy:
+  # -- Enabled HAProxy LoadBalancing/Proxy
+  enabled: false
+  # -- Modify HAProxy service port
+  servicePort: 6379
+  # -- Modify HAProxy deployment container port
+  containerPort: 6379
+  # -- Enable TLS termination on HAproxy, This will create a volume mount
+  tls:
+    # -- If "true" this will enable TLS termination on haproxy
+    enabled: false
+    # -- Secret containing the .pem file
+    secretName: ""
+    # -- Key file name
+    keyName:
+    # -- Path to mount the secret that contains the certificates. haproxy
+    certMountPath: /tmp/
+
+  # -- Enable read-only redis-slaves
+  readOnly:
+    # -- Enable if you want a dedicated port in haproxy for redis-slaves
+    enabled: false
+    # -- Port for the read-only redis-slaves
+    port: 6380
+  # -- Number of HAProxy instances
+  replicas: 3
+  # -- Deployment strategy for the haproxy deployment
+  deploymentStrategy:
+    type: RollingUpdate
+    # rollingUpdate:
+    #   maxSurge: 25%
+    #   maxUnavailable: 25%
+  image:
+    # -- HAProxy Image Repository
+    repository: public.ecr.aws/docker/library/haproxy
+    # -- HAProxy Image Tag
+    tag: 3.0.8-alpine
+    # -- HAProxy Image PullPolicy
+    pullPolicy: IfNotPresent
+
+  # -- Custom labels for the haproxy pod
+  labels: {}
+
+  # -- Reference to one or more secrets to be used when pulling images
+  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+  imagePullSecrets: []
+  # - name: "image-pull-secret"
+
+  # -- HAProxy template annotations
+  annotations: {}
+  # -- HAProxy resources
+  resources: {}
+  # -- Configuration of `emptyDir`
+  emptyDir: {}
+
+  # -- Pod Disruption Budget
+  # ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
+  podDisruptionBudget: {}
+    # Use only one of the two
+    # maxUnavailable: 1
+    # minAvailable: 1
+
+  ## Enable sticky sessions to Redis nodes via HAProxy
+  ## Very useful for long-living connections as in case of Sentry for example
+  # -- HAProxy sticky load balancing to Redis nodes. Helps with connections shutdown.
+  stickyBalancing: false
+  # -- Kubernetes priorityClass name for the haproxy pod
+  priorityClassName: ""
+
+  ## Service for HAProxy
+  service:
+    # -- HAProxy service type "ClusterIP", "LoadBalancer" or "NodePort"
+    type: ClusterIP
+    # -- (int) HAProxy service nodePort value (haproxy.service.type must be NodePort)
+    nodePort: ~
+    # -- HAProxy service loadbalancer IP
+    loadBalancerIP:
+    # -- (string) HAProxy service externalTrafficPolicy value (haproxy.service.type must be LoadBalancer)
+    externalTrafficPolicy: ~
+    # -- HAProxy external IPs
+    externalIPs: {}
+    # -- HAProxy service labels
+    labels: {}
+    # -- HAProxy service annotations
+    annotations: null
+
+    # -- List of CIDR's allowed to connect to LoadBalancer
+    loadBalancerSourceRanges: []
+
+  # -- HAProxy serviceAccountName
+  serviceAccountName: redis-sa
+  serviceAccount:
+    # -- Specifies whether a ServiceAccount should be created
+    create: true
+    automountToken: true
+
+  ## Official HAProxy embedded prometheus metrics settings.
+  ## Ref: https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter
+  ##
+  metrics:
+    # -- HAProxy enable prometheus metric scraping
+    enabled: false
+    # -- HAProxy prometheus metrics scraping port
+    port: 9101
+    # -- HAProxy metrics scraping port name
+    portName: http-exporter-port
+    # -- HAProxy prometheus metrics scraping path
+    scrapePath: /metrics
+
+    serviceMonitor:
+      # -- When set true then use a ServiceMonitor to configure scraping
+      enabled: false
+      # -- Set the namespace the ServiceMonitor should be deployed
+      # @default -- `.Release.Namespace`
+      namespace: ""
+      # -- Set how frequently Prometheus should scrape (default is 30s)
+      interval: ""
+      # -- Set path to redis-exporter telemtery-path (default is /metrics)
+      telemetryPath: ""
+      # -- Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
+      labels: {}
+      # -- Set timeout for scrape (default is 10s)
+      timeout: ""
+      # -- Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more.
+      endpointAdditionalProperties: {}
+      # -- Disable API Check on ServiceMonitor
+      disableAPICheck: false
+  init:
+    # -- Extra init resources
+    resources: {}
+  timeout:
+    # -- haproxy.cfg `timeout connect` setting
+    connect: 4s
+    # -- haproxy.cfg `timeout server` setting
+    server: 330s
+    # -- haproxy.cfg `timeout client` setting
+    client: 330s
+    # -- haproxy.cfg `timeout check` setting
+    check: 2s
+  # -- haproxy.cfg `check inter` setting
+  checkInterval: 1s
+  # -- haproxy.cfg `check fall` setting
+  checkFall: 1
+
+  # -- Security context to be added to the HAProxy deployment.
+  securityContext:
+    runAsUser: 99
+    fsGroup: 99
+    runAsNonRoot: true
+
+  # -- Security context to be added to the HAProxy containers.
+  containerSecurityContext:
+    runAsNonRoot: true
+    allowPrivilegeEscalation: false
+    seccompProfile:
+      type: RuntimeDefault
+    capabilities:
+      drop:
+      - ALL
+
+  # -- Whether the haproxy pods should be forced to run on separate nodes.
+  hardAntiAffinity: true
+
+  # -- Additional affinities to add to the haproxy pods.
+  additionalAffinities: {}
+
+  # -- Override all other affinity settings for the haproxy pods with a string.
+  affinity: |
+
+  ## Custom config-haproxy.cfg files used to override default settings. If this file is
+  ## specified then the config-haproxy.cfg above will be ignored.
+  # -- (string) Allows for custom config-haproxy.cfg file to be applied. If this is used then default config will be overwriten
+  customConfig: ~
+  # customConfig: |-
+    # Define configuration here
+
+  ## Place any additional configuration section to add to the default config-haproxy.cfg
+  # -- (string) Allows to place any additional configuration section to add to the default config-haproxy.cfg
+  extraConfig: ~
+  # extraConfig: |-
+    # Define configuration here
+
+  # -- Container lifecycle hooks.
+  # Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  lifecycle: {}
+
+  ## HAProxy test related options
+  tests:
+    # -- Pod resources for the tests against HAProxy.
+    resources: {}
+
+  ## Enable HAProxy parameters to bind and consume IPv6 addresses. Enabled by default.
+  IPv6:
+    # -- Enable HAProxy parameters to bind and consume IPv6 addresses. Enabled by default.
+    enabled: true
+
+  networkPolicy:
+    # -- whether NetworkPolicy for Haproxy should be created
+    enabled: false
+    # -- Annotations for Haproxy NetworkPolicy
+    annotations: {}
+    # -- Labels for Haproxy NetworkPolicy
+    labels: {}
+    # -- user defined ingress rules that Haproxy should permit into.
+    # uses the format defined in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
+    ingressRules: []
+      # - selectors:
+      #   - namespaceSelector:
+      #       matchLabels:
+      #         name: my-redis-client-namespace
+      #     podSelector:
+      #       matchLabels:
+      #         application: redis-client
+      ## if ports is not defined then it defaults to the ports defined for enabled services (redis, sentinel)
+      #   ports:
+      #     - port: 6379
+      #       protocol: TCP
+      #     - port: 26379
+      #       protocol: TCP
+
+    # -- user can define egress rules too, uses the same structure as ingressRules
+    egressRules: []
+
+## Role Based Access
+## Ref: https://kubernetes.io/docs/admin/authorization/rbac/
+##
+rbac:
+  # -- Create and use RBAC resources
+  create: true
+
+# NOT RECOMMENDED: Additional container in which you can execute arbitrary commands to update sysctl parameters
+# You can now use securityContext.sysctls to leverage this capability
+# Ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/
+##
+sysctlImage:
+  # -- Enable an init container to modify Kernel settings
+  enabled: false
+  # -- sysctlImage command to execute
+  command: []
+  # -- sysctlImage Init container registry
+  registry: public.ecr.aws/docker/library
+  # -- sysctlImage Init container name
+  repository: busybox
+  # -- sysctlImage Init container tag
+  tag: 1.34.1
+  # -- sysctlImage Init container pull policy
+  pullPolicy: Always
+  # -- Mount the host `/sys` folder to `/host-sys`
+  mountHostSys: false
+  # -- sysctlImage resources
+  resources: {}
+
+# -- Use an alternate scheduler, e.g. "stork".
+# ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+schedulerName: ""
+
+## Redis specific configuration options
+redis:
+  # -- Port to access the redis service
+  port: 6379
+  # -- Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated
+  masterGroupName: "mymaster"       # must match ^[\\w-\\.]+$) and can be templated
+
+  # -- Allows overriding the redis container command
+  customCommand: []
+  # - bash
+
+  # -- Allows overriding the redis container arguments
+  customArgs: []
+  # - "custom-startup.sh"
+
+  # -- Load environment variables from ConfigMap/Secret
+  envFrom: []
+  # - secretRef:
+  #     name: add-env-secret
+
+  ## Configures redis with tls-port parameter
+  # -- (int) TLS Port to access the redis service
+  tlsPort: ~
+  # tlsPort: 6385
+
+  # -- (bool) Configures redis with tls-replication parameter, if true sets "tls-replication yes" in redis.conf
+  tlsReplication: ~
+
+  # -- It is possible to disable client side certificates authentication when "authClients" is set to "no"
+  authClients: ""
+  # authClients: "no"
+
+  # -- Increase terminationGracePeriodSeconds to allow writing large RDB snapshots. (k8s default is 30s)
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination-forced
+  terminationGracePeriodSeconds: 60
+
+  # -- Liveness probe parameters for redis container
+  livenessProbe:
+    # -- Enable the Liveness Probe
+    enabled: true
+    # -- Initial delay in seconds for liveness probe
+    initialDelaySeconds: 30
+    # -- Period in seconds after which liveness probe will be repeated
+    periodSeconds: 15
+    # -- Timeout seconds for liveness probe
+    timeoutSeconds: 15
+    # -- Success threshold for liveness probe
+    successThreshold: 1
+    # -- Failure threshold for liveness probe
+    failureThreshold: 5
+
+  # -- Readiness probe parameters for redis container
+  readinessProbe:
+    # -- Enable the Readiness Probe
+    enabled: true
+    # -- Initial delay in seconds for readiness probe
+    initialDelaySeconds: 30
+    # -- Period in seconds after which readiness probe will be repeated
+    periodSeconds: 15
+    # -- Timeout seconds for readiness probe
+    timeoutSeconds: 15
+    # -- Success threshold for readiness probe
+    successThreshold: 1
+    # -- Failure threshold for readiness probe
+    failureThreshold: 5
+
+  # -- Startup probe parameters for redis container
+  startupProbe:
+    # -- Enable Startup Probe
+    enabled: true
+    # -- Initial delay in seconds for startup probe
+    initialDelaySeconds: 30
+    # -- Period in seconds after which startup probe will be repeated
+    periodSeconds: 15
+    # -- Timeout seconds for startup probe
+    timeoutSeconds: 15
+    # -- Success threshold for startup probe
+    successThreshold: 1
+    # -- Failure threshold for startup probe
+    failureThreshold: 5
+
+  # -- Array with commands to disable
+  disableCommands:
+    - FLUSHDB
+    - FLUSHALL
+
+  # -- Any valid redis config options in this section will be applied to each server, For multi-value configs use list instead of string (for example loadmodule) (see below)
+  # @default -- see values.yaml
+  config:
+    ## -- Additional redis conf options can be added below
+    ## -- For all available options see http://download.redis.io/redis-stable/redis.conf
+    min-replicas-to-write: 1
+    # -- Value in seconds
+    min-replicas-max-lag: 5
+    # -- Max memory to use for each redis instance. Default is unlimited.
+    maxmemory: "0"
+    # -- Max memory policy to use for each redis instance. Default is volatile-lru.
+    maxmemory-policy: "volatile-lru"
+    # -- Determines if scheduled RDB backups are created. Default is false.
+    # -- Please note that local (on-disk) RDBs will still be created when re-syncing with a new slave. The only way to prevent this is to enable diskless replication.
+    save: "900 1"
+    # -- When enabled, directly sends the RDB over the wire to slaves, without using the disk as intermediate storage. Default is false.
+    repl-diskless-sync: "yes"
+    rdbcompression: "yes"
+    rdbchecksum: "yes"
+
+  # -- (string) Allows for custom redis.conf files to be applied. If this is used then `redis.config` is ignored
+  customConfig: ~
+  # customConfig: |-
+    # Define configuration here
+
+  # -- CPU/Memory for master/slave nodes resource requests/limits
+  resources: {}
+  #  requests:
+  #    memory: 200Mi
+  #    cpu: 100m
+  #  limits:
+  #    memory: 700Mi
+
+  # -- Container Lifecycle Hooks for redis container
+  # Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  # @default -- see values.yaml
+  lifecycle:
+    preStop:
+      exec:
+        command: ["/bin/sh", "/readonly-config/trigger-failover-if-master.sh"]
+
+  # -- Annotations for the redis statefulset
+  annotations: {}
+
+  # -- Update strategy for Redis StatefulSet
+  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategy:
+    type: RollingUpdate
+
+  # -- additional volumeMounts for Redis container
+  extraVolumeMounts: []
+  #  - name: empty
+  #    mountPath: /empty
+
+## Sentinel specific configuration options
+sentinel:
+  # -- Port to access the sentinel service
+  port: 26379
+
+  ## Configure the 'bind' directive to bind to a list of network interfaces
+  # bind: 0.0.0.0
+
+  ## Configures sentinel with tls-port parameter
+  # -- (int) TLS Port to access the sentinel service
+  tlsPort: ~
+  # tlsPort: 26385
+
+  # -- (bool) Configures sentinel with tls-replication parameter, if true sets "tls-replication yes" in sentinel.conf
+  tlsReplication: ~
+  # tlsReplication: true
+
+  # -- It is possible to disable client side certificates authentication when "authClients" is set to "no"
+  authClients: ""
+  # authClients: "no"
+
+  ## Configures sentinel with AUTH (requirepass params)
+  # -- Enables or disables sentinel AUTH (Requires `sentinel.password` to be set)
+  auth: false
+
+  # -- (string) A password that configures a `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`)
+  password: ~
+  # password: password
+
+  # -- An existing secret containing a key defined by `sentinel.authKey` that configures `requirepass`
+  # in the conf parameters (Requires `sentinel.auth: enabled`, cannot be used in conjunction with `.Values.sentinel.password`)
+  existingSecret: ""
+
+  ## Defines the key holding the sentinel password in existing secret.
+  # -- The key holding the sentinel password in an existing secret.
+  authKey: sentinel-password
+
+  customCommand: []
+  customArgs: []
+
+  # liveness probe parameters for sentinel container
+  livenessProbe:
+    enabled: true
+    # -- Initial delay in seconds for liveness probe
+    initialDelaySeconds: 30
+    # -- Period in seconds after which liveness probe will be repeated
+    periodSeconds: 15
+    # -- Timeout seconds for liveness probe
+    timeoutSeconds: 15
+    # -- Success threshold for liveness probe
+    successThreshold: 1
+    # -- Failure threshold for liveness probe
+    failureThreshold: 5
+
+  # readiness probe parameters for sentinel container
+  readinessProbe:
+    enabled: true
+    # -- Initial delay in seconds for readiness probe
+    initialDelaySeconds: 30
+    # -- Period in seconds after which readiness probe will be repeated
+    periodSeconds: 15
+    # -- Timeout seconds for readiness probe
+    timeoutSeconds: 15
+    # -- Success threshold for readiness probe
+    successThreshold: 3
+    # -- Failure threshold for readiness probe
+    failureThreshold: 5
+
+  # -- Startup probe parameters for redis container
+  startupProbe:
+    # -- Enable Startup Probe
+    enabled: true
+    # -- Initial delay in seconds for startup probe
+    initialDelaySeconds: 5
+    # -- Period in seconds after which startup probe will be repeated
+    periodSeconds: 10
+    # -- Timeout seconds for startup probe
+    timeoutSeconds: 15
+    # -- Success threshold for startup probe
+    successThreshold: 1
+    # -- Failure threshold for startup probe
+    failureThreshold: 3
+
+  # -- Minimum number of nodes expected to be live.
+  quorum: 2
+
+  # -- Valid sentinel config options in this section will be applied as config options to each sentinel (see below)
+  # @default -- see values.yaml
+  config:
+    ## Additional sentinel conf options can be added below. Only options that
+    ## are expressed in the format simialar to 'sentinel xxx mymaster xxx' will
+    ## be properly templated expect maxclients option.
+    ## For available options see http://download.redis.io/redis-stable/sentinel.conf
+    down-after-milliseconds: 10000
+    ## Failover timeout value in milliseconds
+    failover-timeout: 180000
+    parallel-syncs: 5
+    maxclients: 10000
+
+  ## Custom sentinel.conf files used to override default settings. If this file is
+  ## specified then the sentinel.config above will be ignored.
+  # -- Allows for custom sentinel.conf files to be applied. If this is used then `sentinel.config` is ignored
+  customConfig: ""
+  # customConfig: |-
+    # Define configuration here
+
+  # -- CPU/Memory for sentinel node resource requests/limits
+  resources: {}
+  #  requests:
+  #    memory: 200Mi
+  #    cpu: 100m
+  #  limits:
+  #    memory: 200Mi
+
+  # -- Container Lifecycle Hooks for sentinel container.
+  # Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  lifecycle: {}
+
+  # -- additional volumeMounts for Sentinel container
+  extraVolumeMounts: []
+  #  - name: empty
+  #    mountPath: /empty
+
+# -- Security context to be added to the Redis StatefulSet.
+securityContext:
+  runAsUser: 1000
+  fsGroup: 1000
+  runAsNonRoot: true
+
+# -- Security context to be added to the Redis containers.
+containerSecurityContext:
+  runAsUser: 1000
+  runAsNonRoot: true
+  allowPrivilegeEscalation: false
+  seccompProfile:
+    type: RuntimeDefault
+  capabilities:
+    drop:
+    - ALL
+
+  ## Assuming your kubelet allows it, you can the following instructions to configure
+  ## specific sysctl parameters
+  ##
+  # sysctls:
+  # - name: net.core.somaxconn
+  #   value: '10000'
+
+## Node labels, affinity, and tolerations for pod assignment
+## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
+## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+# -- Node labels for pod assignment
+nodeSelector: {}
+
+# -- Whether the Redis server pods should be forced to run on separate nodes.
+## This is accomplished by setting their AntiAffinity with requiredDuringSchedulingIgnoredDuringExecution as opposed to preferred.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature
+hardAntiAffinity: true
+
+# -- Additional affinities to add to the Redis server pods.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+additionalAffinities: {}
+##
+## Example:
+##   nodeAffinity:
+##     preferredDuringSchedulingIgnoredDuringExecution:
+##       - weight: 50
+##         preference:
+##           matchExpressions:
+##             - key: spot
+##               operator: NotIn
+##               values:
+##                 - "true"
+##
+
+# -- Override all other affinity settings for the Redis server pods with a string.
+affinity: |
+##
+## Example:
+## affinity: |
+##   podAntiAffinity:
+##     requiredDuringSchedulingIgnoredDuringExecution:
+##       - labelSelector:
+##           matchLabels:
+##             app: {{ template "redis-ha.name" . }}
+##             release: {{ .Release.Name }}
+##         topologyKey: kubernetes.io/hostname
+##     preferredDuringSchedulingIgnoredDuringExecution:
+##       - weight: 100
+##         podAffinityTerm:
+##           labelSelector:
+##             matchLabels:
+##               app:  {{ template "redis-ha.name" . }}
+##               release: {{ .Release.Name }}
+##           topologyKey: failure-domain.beta.kubernetes.io/zone
+##
+
+## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+topologySpreadConstraints:
+  # -- Enable topology spread constraints
+  enabled: false
+  # -- Max skew of pods tolerated
+  maxSkew: ""
+  # -- Topology key for spread constraints
+  topologyKey: ""
+  # -- Enforcement policy, hard or soft
+  whenUnsatisfiable: ""
+
+# Prometheus exporter specific configuration options
+exporter:
+  # -- If `true`, the prometheus exporter sidecar is enabled
+  enabled: false
+  # -- Exporter image
+  image: quay.io/oliver006/redis_exporter
+  # -- Exporter image tag
+  tag: v1.67.0
+  # -- Exporter image pullPolicy
+  pullPolicy: IfNotPresent
+
+  # -- Exporter port
+  port: &exporter_port 9121
+  # -- Exporter port name
+  portName: exporter-port
+  # -- Exporter scrape path
+  scrapePath: &exporter_scrapePath /metrics
+
+  # -- Address/Host for Redis instance.
+  # Exists to circumvent issues with IPv6 dns resolution that occurs on certain environments
+  address: localhost
+
+  ## Set this to true if you want to connect to redis tls port
+  # sslEnabled: true
+
+  # -- cpu/memory resource limits/requests
+  resources: {}
+
+  # -- Additional args for redis exporter
+  extraArgs: {}
+
+  # --  A custom custom Lua script that will be mounted to exporter for collection of custom metrics.
+  # Creates a ConfigMap and sets env var `REDIS_EXPORTER_SCRIPT`.
+  script: ""
+  # Used to mount a LUA-Script via config map and use it for metrics-collection
+  # script: |
+  #   -- Example script copied from: https://github.com/oliver006/redis_exporter/blob/master/contrib/sample_collect_script.lua
+  #   -- Example collect script for -script option
+  #   -- This returns a Lua table with alternating keys and values.
+  #   -- Both keys and values must be strings, similar to a HGETALL result.
+  #   -- More info about Redis Lua scripting: https://redis.io/commands/eval
+  #
+  #   local result = {}
+  #
+  #   -- Add all keys and values from some hash in db 5
+  #   redis.call("SELECT", 5)
+  #   local r = redis.call("HGETALL", "some-hash-with-stats")
+  #   if r ~= nil then
+  #   for _,v in ipairs(r) do
+  #   table.insert(result, v) -- alternating keys and values
+  #   end
+  #   end
+  #
+  #   -- Set foo to 42
+  #   table.insert(result, "foo")
+  #   table.insert(result, "42") -- note the string, use tostring() if needed
+  #
+  #   return result
+
+  serviceMonitor:
+    # -- When set true then use a ServiceMonitor to configure scraping
+    enabled: false
+    # -- Set the namespace the ServiceMonitor should be deployed
+    # @default -- `.Release.Namespace`
+    namespace: ""
+    # -- Set how frequently Prometheus should scrape (default is 30s)
+    interval: ""
+    # -- Set path to redis-exporter telemtery-path (default is /metrics)
+    telemetryPath: ""
+    # -- Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
+    labels: {}
+    # -- Set timeout for scrape (default is 10s)
+    timeout: ""
+    # -- Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more.
+    endpointAdditionalProperties: {}
+    # -- Disable API Check on ServiceMonitor
+    disableAPICheck: false
+
+  # prometheus exporter SCANS redis db which can take some time
+  # allow different probe settings to not let container crashloop
+  livenessProbe:
+    httpGet:
+      # -- Exporter liveness probe httpGet path
+      path: *exporter_scrapePath
+      # -- Exporter liveness probe httpGet port
+      port: *exporter_port
+    # -- Initial delay in seconds for liveness probe of exporter
+    initialDelaySeconds: 15
+    # -- Timeout seconds for liveness probe of exporter
+    timeoutSeconds: 3
+    # -- Period in seconds after which liveness probe will be repeated
+    periodSeconds: 15
+
+  readinessProbe:
+    httpGet:
+      # -- Exporter readiness probe httpGet path
+      path: *exporter_scrapePath
+      # -- Exporter readiness probe httpGet port
+      port: *exporter_port
+    # -- Initial delay in seconds for readiness probe of exporter
+    initialDelaySeconds: 15
+    # -- Timeout seconds for readiness probe of exporter
+    timeoutSeconds: 3
+    # -- Period in seconds after which readiness probe will be repeated
+    periodSeconds: 15
+    # -- Success threshold for readiness probe of exporter
+    successThreshold: 2
+
+# -- Pod Disruption Budget rules
+podDisruptionBudget: {}
+  # Use only one of the two
+  # maxUnavailable: 1
+  # minAvailable: 1
+
+# -- Configures redis with AUTH (requirepass & masterauth conf params)
+auth: false
+# -- (string) A password that configures a `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`)
+redisPassword: ~
+
+## Use existing secret containing key `authKey` (ignores redisPassword)
+## Can also store AWS S3 or SSH secrets in this secret
+# -- An existing secret containing a key defined by `authKey` that configures `requirepass` and `masterauth` in the conf
+# parameters (Requires `auth: enabled`, cannot be used in conjunction with `.Values.redisPassword`)
+existingSecret: ~
+
+# -- Defines the key holding the redis password in existing secret.
+authKey: auth
+
+persistentVolume:
+  # -- Enable persistent volume
+  enabled: true
+  ## redis-ha data Persistent Volume Storage Class
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack)
+  ##
+  # storageClass: "-"
+  # -- redis-ha data Persistent Volume Storage Class
+  storageClass: ~
+  # -- Persistent volume access modes
+  accessModes:
+    - ReadWriteOnce
+  # -- Persistent volume size
+  size: 10Gi
+  # -- Annotations for the volume
+  annotations: {}
+  # -- Labels for the volume
+  labels: {}
+init:
+  # -- Extra init resources
+  resources: {}
+
+# To use a hostPath for data, set persistentVolume.enabled to false
+# and define hostPath.path.
+# Warning: this might overwrite existing folders on the host system!
+hostPath:
+  # -- Use this path on the host for data storage.
+  # path is evaluated as template so placeholders are replaced
+  path: ""
+  # path: "/data/{{ .Release.Name }}"
+
+  # -- if chown is true, an init-container with root permissions is launched to
+  # change the owner of the hostPath folder to the user defined in the
+  # security context
+  chown: true
+
+# -- Configuration of `emptyDir`, used only if persistentVolume is disabled and no hostPath specified
+emptyDir: {}
+
+tls:
+  ## Fill the name of secret if you want to use your own TLS certificates.
+  ## The secret should contains keys named by "tls.certFile" - the certificate, "tls.keyFile" - the private key, "tls.caCertFile" - the certificate of CA and "tls.dhParamsFile" - the dh parameter file
+  ## These secret will be genrated using files from certs folder if the secretName is not set and redis.tlsPort is set
+  # secretName: tls-secret
+
+  # -- Name of certificate file
+  certFile: redis.crt
+  # -- Name of key file
+  keyFile: redis.key
+  # -- (string) Name of Diffie-Hellman (DH) key exchange parameters file (Example: redis.dh)
+  dhParamsFile: ~
+  # -- Name of CA certificate file
+  caCertFile: ca.crt
+
+# restore init container is executed if restore.[s3|ssh].source is not false
+# restore init container creates /data/dump.rdb_ from original if exists
+# restore init container overrides /data/dump.rdb
+# secrets are stored into environment of init container - stored encoded on k8s
+# REQUIRED for s3 restore: AWS 'access_key' and 'secret_key' or stored in existingSecret
+# EXAMPLE source for s3 restore: 's3://bucket/dump.rdb'
+# REQUIRED for ssh restore: 'key' should be in one line including CR i.e. '-----BEGIN RSA PRIVATE KEY-----\n...\n...\n...\n-----END RSA PRIVATE KEY-----'
+# EXAMPLE source for ssh restore: 'user@server:/path/dump.rdb'
+# REQUIRED for redis restore: 'source' should be in form of redis connection uri: 'redis://[username:password@]host:port[/db]'
+# EXAMPLE source for redis restore: 'redis://username:password@localhost:6379'
+restore:
+  # -- Timeout for the restore
+  timeout: 600
+  # -- Set existingSecret to true to use secret specified in existingSecret above
+  existingSecret: false
+  s3:
+    # -- Restore init container - AWS S3 location of dump - i.e. s3://bucket/dump.rdb or false
+    source: ""
+    # If using existingSecret, that secret must contain:
+    # AWS_SECRET_ACCESS_KEY: <YOUR_ACCESS_KEY:>
+    # AWS_ACCESS_KEY_ID: <YOUR_KEY_ID>
+    # If not set the key and ID as strings below:
+    # -- Restore init container - AWS AWS_ACCESS_KEY_ID to access restore.s3.source
+    access_key: ""
+    # -- Restore init container - AWS AWS_SECRET_ACCESS_KEY to access restore.s3.source
+    secret_key: ""
+    # -- Restore init container - AWS AWS_REGION to access restore.s3.source
+    region: ""
+  ssh:
+    # -- Restore init container - SSH scp location of dump - i.e. user@server:/path/dump.rdb or false
+    source: ""
+    # -- Restore init container - SSH private key to scp restore.ssh.source to init container.
+    # Key should be in one line separated with \n.
+    # i.e. `-----BEGIN RSA PRIVATE KEY-----\n...\n...\n-----END RSA PRIVATE KEY-----`
+    key: ""
+  redis:
+    source: ""
+
+## Custom PrometheusRule to be defined
+## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
+## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
+prometheusRule:
+  # -- If true, creates a Prometheus Operator PrometheusRule.
+  enabled: false
+  # -- Additional labels to be set in metadata.
+  additionalLabels: {}
+  # -- Namespace which Prometheus is running in.
+  namespace:
+  # -- How often rules in the group are evaluated (falls back to `global.evaluation_interval` if not set).
+  interval: 10s
+  # -- Rules spec template (see https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#rule).
+  rules: []
+    # Example:
+    # - alert: RedisPodDown
+    #   expr: |
+    #     redis_up{job="{{ include "redis-ha.fullname" . }}"} == 0
+    #   for: 5m
+    #   labels:
+    #     severity: critical
+    #   annotations:
+    #     description: Redis pod {{ "{{ $labels.pod }}" }} is down
+    #     summary: Redis pod {{ "{{ $labels.pod }}" }} is down
+
+# -- Extra init containers to include in StatefulSet
+extraInitContainers: []
+#  - name: extraInit
+#    image: alpine
+
+# -- Extra containers to include in StatefulSet
+extraContainers: []
+#  - name: extra
+#    image: alpine
+
+# -- Extra volumes to include in StatefulSet
+extraVolumes: []
+#  - name: empty
+#    emptyDir: {}
+
+# -- Labels added here are applied to all created resources
+extraLabels: {}
+
+networkPolicy:
+  # -- whether NetworkPolicy for Redis StatefulSets should be created.
+  # when enabled, inter-Redis connectivity is created
+  enabled: false
+  # -- Annotations for NetworkPolicy
+  annotations: {}
+  # -- Labels for NetworkPolicy
+  labels: {}
+  # -- User defined ingress rules that Redis should permit into.
+  # Uses the format defined in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
+  ingressRules: []
+    # - selectors:
+    #   - namespaceSelector:
+    #       matchLabels:
+    #         name: my-redis-client-namespace
+    #     podSelector:
+    #       matchLabels:
+    #         application: redis-client
+    ## if ports is not defined then it defaults to the ports defined for enabled services (redis, sentinel)
+    #   ports:
+    #     - port: 6379
+    #       protocol: TCP
+    #     - port: 26379
+    #       protocol: TCP
+
+  # -- user can define egress rules too, uses the same structure as ingressRules
+  egressRules:
+    - selectors:
+      # -- Allow all destinations for DNS traffic
+      - namespaceSelector: {}
+      - ipBlock:
+          # Cloud Provider often uses the local link local range to host managed DNS resolvers.
+          # We need to allow this range to ensure that the Redis pods can resolve DNS.
+          # Example architecture for GCP Cloud DNS: https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-dns#architecture
+          cidr: 169.254.0.0/16
+      ports:
+        - port: 53
+          protocol: UDP
+        - port: 53
+          protocol: TCP
+
+splitBrainDetection:
+  # -- Interval between redis sentinel and server split brain checks (in seconds)
+  interval: 60
+  # -- splitBrainDetection resources
+  resources: {}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/default-values.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/default-values.yaml
new file mode 100644
index 00000000..fc2ba605
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/default-values.yaml
@@ -0,0 +1 @@
+# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml.
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/extra-args-as-dict-values.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/extra-args-as-dict-values.yaml
new file mode 100644
index 00000000..92dc4518
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/extra-args-as-dict-values.yaml
@@ -0,0 +1,4 @@
+extraArgs:
+  pass-authorization-header: "true"
+  request-logging: "true"
+  allowed-role: client_id:client_role
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/extra-args-as-list-values.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/extra-args-as-list-values.yaml
new file mode 100644
index 00000000..5f47a5f4
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/extra-args-as-list-values.yaml
@@ -0,0 +1,5 @@
+extraArgs:
+  - "--pass-authorization-header=true"
+  - "--request-logging=true"
+  - --allowed-role=client_id:client_role_A
+  - --allowed-role=client_id_B:client_role_C
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/extra-env-tpl-values.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/extra-env-tpl-values.yaml
new file mode 100644
index 00000000..357dba91
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/extra-env-tpl-values.yaml
@@ -0,0 +1,6 @@
+tplValue: "This is a test value for the template function"
+extraEnv:
+  - name: TEST_ENV_VAR_1
+    value: test_value_1
+  - name: TEST_ENV_VAR_2
+    value: '{{ .Values.tplValue }}'
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/extra-init-container.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/extra-init-container.yaml
new file mode 100644
index 00000000..8ad06f7e
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/extra-init-container.yaml
@@ -0,0 +1,7 @@
+extraInitContainers:
+  - name: extra-init-container
+    image: busybox
+    command:
+      - sh
+      - -c
+      - echo "Hello World!"
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/horizontal-pod-autoscaling-values.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/horizontal-pod-autoscaling-values.yaml
new file mode 100644
index 00000000..fd1a0060
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/horizontal-pod-autoscaling-values.yaml
@@ -0,0 +1,5 @@
+# Enables Horizontal Pod Autoscaler and removes replica count in deployment
+autoscaling:
+  enabled: true
+  annotations:
+    test-annotations/test: "true"
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/ingress-extra-paths-values.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/ingress-extra-paths-values.yaml
new file mode 100644
index 00000000..e74a393d
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/ingress-extra-paths-values.yaml
@@ -0,0 +1,14 @@
+ingress:
+  enabled: true
+  path: /
+  pathType: ImplementationSpecific
+  hosts:
+    - chart-example.local
+  extraPaths:
+    - path: /*
+      pathType: ImplementationSpecific
+      backend:
+        service:
+          name: ssl-redirect
+          port:
+            name: use-annotation
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/pdb-values.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/pdb-values.yaml
new file mode 100644
index 00000000..25b16272
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/pdb-values.yaml
@@ -0,0 +1 @@
+replicaCount: 2  # Enables PodDisruptionBudget which is disabled when replicaCount is 1
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/pod-security-context-values.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/pod-security-context-values.yaml
new file mode 100644
index 00000000..b7c8cea5
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/pod-security-context-values.yaml
@@ -0,0 +1,4 @@
+# Allocate a FSGroup that owns the pod’s volumes via podSecurityContext
+---
+podSecurityContext:
+  fsGroup: 2000
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/redis-sentinel-array-values.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/redis-sentinel-array-values.yaml
new file mode 100644
index 00000000..4a34107c
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/redis-sentinel-array-values.yaml
@@ -0,0 +1,34 @@
+sessionStorage:
+  type: redis
+  redis:
+    clientType: sentinel
+    sentinel:
+      password: "foo"
+      masterName: "mymaster"
+      connectionUrls:
+        - "redis://oauth2-proxy-redis-announce-0:26379"
+        - "redis://oauth2-proxy-redis-announce-1:26379"
+
+# provision an instance of the redis-ha sub-chart
+redis:
+  enabled: true
+  fullnameOverride: oauth2-proxy-redis
+
+  redisPassword: "foo"
+
+  redis:
+    masterGroupName: mymaster
+
+  replicas: 2
+  hardAntiAffinity: false
+
+  persistentVolume:
+    enabled: false
+  haproxy:
+    enabled: false
+  exporter:
+    enabled: false
+
+initContainers:
+  waitForRedis:
+    enabled: true
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/redis-sentinel-comma-values.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/redis-sentinel-comma-values.yaml
new file mode 100644
index 00000000..a30a976d
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/redis-sentinel-comma-values.yaml
@@ -0,0 +1,32 @@
+sessionStorage:
+  type: redis
+  redis:
+    clientType: sentinel
+    sentinel:
+      password: "foo"
+      masterName: "mymaster"
+      connectionUrls: "redis://oauth2-proxy-redis-announce-0:26379,redis://oauth2-proxy-redis-announce-1:26379"
+
+# provision an instance of the redis-ha sub-chart
+redis:
+  enabled: true
+  fullnameOverride: oauth2-proxy-redis
+
+  redisPassword: "foo"
+
+  redis:
+    masterGroupName: mymaster
+
+  replicas: 2
+  hardAntiAffinity: false
+
+  persistentVolume:
+    enabled: false
+  haproxy:
+    enabled: false
+  exporter:
+    enabled: false
+
+initContainers:
+  waitForRedis:
+    enabled: true
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/redis-standalone-values.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/redis-standalone-values.yaml
new file mode 100644
index 00000000..e29fd8ef
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/redis-standalone-values.yaml
@@ -0,0 +1,65 @@
+sessionStorage:
+  type: redis
+  redis:
+    clientType: "standalone"
+    password: "foo"
+
+# provision an instance of the redis-ha sub-chart
+redis:
+  enabled: true
+
+  redisPassword: "foo"
+
+  replicas: 1
+
+  # Remove sentinel overhead, speed up startup and redis itself
+  sentinel:
+    livenessProbe:
+      enabled: false
+    readinessProbe:
+      enabled: false
+    startupProbe:
+      enabled: false
+    quorum: 1
+
+  hardAntiAffinity: false
+
+  redis:
+    config:
+      min-replicas-to-write: 0
+      save: ""
+      appendonly: "no"
+
+    terminationGracePeriodSeconds: 10
+    livenessProbe:
+      initialDelaySeconds: 5
+      periodSeconds: 5
+      timeoutSeconds: 3
+      failureThreshold: 2
+    readinessProbe:
+      initialDelaySeconds: 5
+      periodSeconds: 5
+      timeoutSeconds: 3
+      failureThreshold: 2
+    startupProbe:
+      initialDelaySeconds: 5
+      periodSeconds: 2
+      timeoutSeconds: 3
+      failureThreshold: 10
+  splitBrainDetection:
+    interval: 60
+  persistentVolume:
+    enabled: false
+  emptyDir: {}
+  haproxy:
+    enabled: false
+  exporter:
+    enabled: false
+  sysctlImage:
+    enabled: false
+  hostPath:
+    chown: false
+
+initContainers:
+  waitForRedis:
+    enabled: true
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/servicemonitor-values.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/servicemonitor-values.yaml
new file mode 100644
index 00000000..0c232bf5
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/servicemonitor-values.yaml
@@ -0,0 +1,18 @@
+metrics:
+  enabled: true
+  serviceMonitor:
+    enabled: true
+    annotations:
+      key: value
+    metricRelabelings:
+    - action: keep
+      regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+      sourceLabels: [__name__]
+
+    relabelings:
+    - sourceLabels: [__meta_kubernetes_pod_node_name]
+      separator: ;
+      regex: ^(.*)$
+      targetLabel: nodename
+      replacement: $1
+      action: replace
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/tpl-values.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/tpl-values.yaml
new file mode 100644
index 00000000..d2176530
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/ci/tpl-values.yaml
@@ -0,0 +1,62 @@
+extraEnv:
+  - name: TEST_ENV_VAR_2
+    value: '{{ $.Release.Name }}'
+ingress:
+  enabled: true
+  hosts:
+    - "{{ $.Release.Name }}.local"
+  tls:
+    - hosts:
+        - "{{ $.Release.Name }}.local"
+  annotations:
+    test-annotations/test: "{{ $.Release.Name }}"
+oauth2-proxy:
+  checkDeprecation: false
+  config:
+    clientSecret: '{{ $.Release.Name }}'
+    configFile: |
+      oidc_issuer_url = "https://{{ $.Release.Name }}/dex"
+
+pass_authorization_header: "true"
+
+extraArgs:
+  pass-authorization-header: "{{ $.Values.pass_authorization_header }}"
+
+extraVolumes:
+  - name: "{{ $.Release.Name }}-secret"
+    secret:
+      secretName: "{{ .Release.Name }}-secret"
+      items:
+        - key: secret
+          path: secret
+
+authenticatedEmailsFile:
+  annotations:
+    test-annotations/test: "{{ $.Release.Name }}"
+
+config:
+  annotations:
+    test-annotations/test: "{{ $.Release.Name }}"
+
+deploymentAnnotations:
+  test-annotations/test: "{{ $.Release.Name }}"
+
+autoscaling:
+  annotations:
+    test-annotations/test: "{{ $.Release.Name }}"
+
+alphaConfig:
+  annotations:
+    test-annotations/test: "{{ $.Release.Name }}"
+
+service:
+  annotations:
+    test-annotations/test: "{{ $.Release.Name }}"
+
+serviceAccount:
+  annotations:
+    test-annotations/test: "{{ $.Release.Name }}"
+
+serviceMonitor:
+  annotations:
+    test-annotations/test: "{{ $.Release.Name }}"
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/scripts/check-redis.sh b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/scripts/check-redis.sh
new file mode 100644
index 00000000..4420b537
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/scripts/check-redis.sh
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+RETRY_INTERVAL=5  # Interval between retries in seconds
+elapsed=0  # Elapsed time
+
+check_redis() {
+    host=$1
+    port=$2
+    while [ $elapsed -lt $TOTAL_RETRY_TIME ]; do
+        echo "Checking Redis at $host:$port... Elapsed time: ${elapsed}s"
+        if nc -z -w1 $TIMEOUT $host $port > /dev/null 2>&1; then
+            echo "Redis is up at $host:$port!"
+            return 0
+        else
+            echo "Redis is down at $host:$port. Retrying in $RETRY_INTERVAL seconds."
+            sleep $RETRY_INTERVAL
+            elapsed=$((elapsed + RETRY_INTERVAL))
+        fi
+    done
+    echo "Failed to connect to Redis at $host:$port after $TOTAL_RETRY_TIME seconds."
+    return 1
+}
+
+# For parsing and checking connections
+parse_and_check() {
+    url=$1
+
+    # Strip either redis:// or rediss://
+    if [[ $url == rediss://* ]]; then
+        clean_url=${url#rediss://}
+        echo "Using secure Rediss connection..."
+    else
+        clean_url=${url#redis://}
+        echo "Using standard Redis connection..."
+    fi
+
+    host=$(echo $clean_url | cut -d':' -f1)
+    port=$(echo $clean_url | cut -d':' -f2)
+    check_redis $host $port
+}
+
+# Main
+if [ -n "$OAUTH2_PROXY_REDIS_CLUSTER_CONNECTION_URLS" ]; then
+    echo "Checking Redis in cluster mode..."
+    echo "$OAUTH2_PROXY_REDIS_CLUSTER_CONNECTION_URLS" | tr ',' '\n' | while read -r addr; do
+        parse_and_check $addr || exit 1
+    done
+elif [ -n "$OAUTH2_PROXY_REDIS_SENTINEL_CONNECTION_URLS" ]; then
+    echo "Checking Redis in sentinel mode..."
+    echo "$OAUTH2_PROXY_REDIS_SENTINEL_CONNECTION_URLS" | tr ',' '\n' | while read -r addr; do
+        parse_and_check $addr || exit 1
+    done
+elif [ -n "$OAUTH2_PROXY_REDIS_CONNECTION_URL" ]; then
+    echo "Checking standalone Redis..."
+    parse_and_check "$OAUTH2_PROXY_REDIS_CONNECTION_URL" || exit 1
+else
+    echo "Redis configuration not specified."
+    exit 1
+fi
+
+echo "Redis check completed."
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/NOTES.txt b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/NOTES.txt
new file mode 100644
index 00000000..36ded358
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/NOTES.txt
@@ -0,0 +1,3 @@
+To verify that oauth2-proxy has started, run:
+
+  kubectl --namespace={{ template "oauth2-proxy.namespace" $ }} get pods -l "app={{ template "oauth2-proxy.name" . }}"
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/_capabilities.tpl b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/_capabilities.tpl
new file mode 100644
index 00000000..f959f10e
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/_capabilities.tpl
@@ -0,0 +1,23 @@
+{{/*
+Returns the appropriate apiVersion for podDisruptionBudget object.
+*/}}
+{{- define "capabilities.podDisruptionBudget.apiVersion" -}}
+{{- if semverCompare ">=1.21-0" ( .Values.kubeVersion | default .Capabilities.KubeVersion.Version ) -}}
+{{- print "policy/v1" -}}
+{{- else -}}
+{{- print "policy/v1beta1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for ingress object.
+*/}}
+{{- define "capabilities.ingress.apiVersion" -}}
+{{- if semverCompare "<1.14-0" ( .Values.kubeVersion | default .Capabilities.KubeVersion.Version ) -}}
+{{- print "extensions/v1beta1" -}}
+{{- else if semverCompare "<1.19-0" ( .Values.kubeVersion | default .Capabilities.KubeVersion.Version ) -}}
+{{- print "networking.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/_helpers.tpl b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/_helpers.tpl
new file mode 100644
index 00000000..73868de9
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/_helpers.tpl
@@ -0,0 +1,161 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "oauth2-proxy.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "oauth2-proxy.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "oauth2-proxy.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Generate basic labels
+*/}}
+{{- define "oauth2-proxy.labels" }}
+helm.sh/chart: {{ include "oauth2-proxy.chart" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/component: authentication-proxy
+app.kubernetes.io/part-of: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "oauth2-proxy.selectorLabels" }}
+app.kubernetes.io/name: {{ include "oauth2-proxy.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Get the secret name.
+*/}}
+{{- define "oauth2-proxy.secretName" -}}
+{{- if .Values.config.existingSecret -}}
+{{- printf "%s" .Values.config.existingSecret -}}
+{{- else -}}
+{{- printf "%s" (include "oauth2-proxy.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "oauth2-proxy.serviceAccountName" -}}
+{{- if .Values.serviceAccount.enabled -}}
+    {{ default (include "oauth2-proxy.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts
+*/}}
+{{- define "oauth2-proxy.namespace" -}}
+  {{- if .Values.namespaceOverride -}}
+    {{- .Values.namespaceOverride -}}
+  {{- else -}}
+    {{- .Release.Namespace -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Redis subcharts fullname
+*/}}
+{{- define "oauth2-proxy.redis.fullname" -}}
+{{- if .Values.redis.enabled -}}
+{{- include "redis-ha.fullname" (dict "Chart" (dict "Name" "redis") "Release" .Release "Values" .Values.redis) -}}
+{{- else -}}
+{{ fail "attempting to use redis subcharts fullname, even though the subchart is not enabled. This will lead to misconfiguration" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compute the redis url if not set explicitly.
+*/}}
+{{- define "oauth2-proxy.redis.StandaloneUrl" -}}
+{{- if .Values.sessionStorage.redis.standalone.connectionUrl -}}
+{{ .Values.sessionStorage.redis.standalone.connectionUrl }}
+{{- else if .Values.redis.enabled -}}
+{{- printf "redis://%s:%.0f" (include "oauth2-proxy.redis.fullname" .) .Values.redis.redis.port -}}
+{{- else -}}
+{{ fail "please set sessionStorage.redis.standalone.connectionUrl or enable the redis subchart via redis.enabled" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns the version
+*/}}
+{{- define "oauth2-proxy.version" -}}
+{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}
+{{- end -}}
+
+{{/*
+Returns the kubectl version
+Workaround for EKS https://github.com/aws/eks-distro/issues/1128
+*/}}
+{{- define "kubectl.version" -}}
+{{- if .Values.initContainers.waitForRedis.kubectlVersion -}}
+{{ .Values.initContainers.waitForRedis.kubectlVersion }}
+{{- else -}}
+{{- printf "%s.%s" .Capabilities.KubeVersion.Major (.Capabilities.KubeVersion.Minor | replace "+" "") -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "oauth2-proxy.alpha-config" -}}
+---
+server:
+  BindAddress: '0.0.0.0:4180'
+{{- if .Values.alphaConfig.serverConfigData }}
+{{- toYaml .Values.alphaConfig.serverConfigData | nindent 2 }}
+{{- end }}
+{{- if .Values.metrics.enabled }}
+metricsServer:
+  BindAddress: '0.0.0.0:44180'
+{{- if .Values.alphaConfig.metricsConfigData }}
+{{- toYaml .Values.alphaConfig.metricsConfigData | nindent 2 }}
+{{- end }}
+{{- end }}
+{{- if .Values.alphaConfig.configData }}
+{{- toYaml .Values.alphaConfig.configData | nindent 0 }}
+{{- end }}
+{{- if .Values.alphaConfig.configFile }}
+{{- tpl .Values.alphaConfig.configFile $ | nindent 0 }}
+{{- end }}
+{{- end -}}
+
+{{- define "oauth2-proxy.secrets" -}}
+cookie-secret: {{ tpl .Values.config.cookieSecret $ | b64enc | quote }}
+client-secret: {{ tpl .Values.config.clientSecret $ | b64enc | quote }}
+client-id: {{ tpl .Values.config.clientID $ | b64enc | quote }}
+{{- end -}}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/_ingress.tpl b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/_ingress.tpl
new file mode 100644
index 00000000..f4a3cad0
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/_ingress.tpl
@@ -0,0 +1,46 @@
+{{/*
+Returns `true` if the API `ingressClassName` field is supported and `false` otherwise
+*/}}
+{{- define "ingress.supportsIngressClassName" -}}
+{{- if ( semverCompare "<1.18-0" ( .Values.kubeVersion | default .Capabilities.KubeVersion.Version ) ) -}}
+{{- print "false" -}}
+{{- else -}}
+{{- print "true" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns `true` if the API `pathType` field is supported and `false` otherwise
+*/}}
+{{- define "ingress.supportsPathType" -}}
+{{- if ( semverCompare "<1.18-0" ( .Values.kubeVersion | default .Capabilities.KubeVersion.Version ) ) -}}
+{{- print "false" -}}
+{{- else -}}
+{{- print "true" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns the appropriate ingress `backend` fields depending on the Kubernetes API version.
+e.g.: `{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }}`
+Where the dict must contain the following entries:
+- `serviceName` {String} - Name of an existing service backend
+- `servicePort` {String|Number} - Port name or port number of the service.
+- `context` {Dict} - (Parent) Context for the template evaluation required for the API version detection.
+*/}}
+{{- define "ingress.backend" -}}
+{{- $apiVersion := ( include "capabilities.ingress.apiVersion" .context ) -}}
+{{- if or ( eq $apiVersion "extensions/v1beta1" ) ( eq $apiVersion "networking.k8s.io/v1beta1" ) -}}
+serviceName: {{ .serviceName }}
+servicePort: {{ .servicePort }}
+{{- else -}}
+service:
+  name: {{ .serviceName }}
+  port:
+    {{- if typeIs "string" .servicePort }}
+    name: {{ .servicePort }}
+    {{- else if or ( typeIs "int" .servicePort ) ( typeIs "float64" .servicePort ) }}
+    number: {{ .servicePort }}
+    {{- end }}
+{{- end -}}
+{{- end -}}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml
new file mode 100644
index 00000000..68c9d766
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.authenticatedEmailsFile.enabled }}
+{{- if and (.Values.authenticatedEmailsFile.restricted_access) (eq .Values.authenticatedEmailsFile.persistence "configmap")  }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+{{- with .Values.authenticatedEmailsFile.annotations }}
+  annotations:
+{{ tpl ( toYaml . ) $ | indent 4 }}
+{{- end }}
+  name: {{ template "oauth2-proxy.fullname" . }}-accesslist
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
+data:
+  {{ default "restricted_user_access" .Values.authenticatedEmailsFile.restrictedUserAccessKey }}: {{ .Values.authenticatedEmailsFile.restricted_access | quote }}
+{{- end }}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/configmap-wait-for-redis.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/configmap-wait-for-redis.yaml
new file mode 100644
index 00000000..721048d7
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/configmap-wait-for-redis.yaml
@@ -0,0 +1,13 @@
+{{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+  name: {{ template "oauth2-proxy.fullname" . }}-wait-for-redis
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
+data:
+  check-redis.sh: |
+{{ .Files.Get "scripts/check-redis.sh" | indent 4 }}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/configmap.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/configmap.yaml
new file mode 100644
index 00000000..0f164d23
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/configmap.yaml
@@ -0,0 +1,18 @@
+{{- if not .Values.config.existingConfig }}
+{{- if .Values.config.configFile }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+{{- with .Values.config.annotations }}
+  annotations:
+{{ tpl ( toYaml . ) $ | indent 4 }}
+{{- end }}
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
+data:
+  oauth2_proxy.cfg: {{ tpl .Values.config.configFile $ | quote }}
+{{- end }}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/deployment.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/deployment.yaml
new file mode 100644
index 00000000..aae00df5
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/deployment.yaml
@@ -0,0 +1,425 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+  {{- with .Values.deploymentAnnotations }}
+  annotations:
+{{ tpl ( toYaml . ) $ | indent 4 }}
+  {{- end }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+  {{- with .Values.strategy }}
+  strategy:
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "oauth2-proxy.selectorLabels" . | indent 6 }}
+  template:
+    metadata:
+      annotations:
+        {{- if .Values.config.configFile }}
+        checksum/config: {{ tpl .Values.config.configFile $ | sha256sum }}
+        {{- end }}
+        {{- if .Values.alphaConfig.enabled }}
+        checksum/alpha-config: {{ include "oauth2-proxy.alpha-config" . | sha256sum }}
+        {{- end }}
+        {{- if .Values.authenticatedEmailsFile.enabled }}
+        checksum/config-emails: {{ include (print $.Template.BasePath "/configmap-authenticated-emails-file.yaml") . | sha256sum }}
+        {{- end }}
+        checksum/secret: {{ include "oauth2-proxy.secrets" . | sha256sum }}
+        checksum/google-secret: {{ include (print $.Template.BasePath "/google-secret.yaml") . | sha256sum }}
+        checksum/redis-secret: {{ include (print $.Template.BasePath "/redis-secret.yaml") . | sha256sum }}
+{{- if .Values.htpasswdFile.enabled }}
+        checksum/htpasswd: {{ toYaml .Values.htpasswdFile.entries | sha256sum }}
+{{- end }}
+    {{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | indent 8 }}
+    {{- end }}
+      labels:
+        app: {{ template "oauth2-proxy.name" . }}
+        {{- include "oauth2-proxy.labels" . | indent 8 }}
+      {{- if .Values.podLabels }}
+{{ toYaml .Values.podLabels | indent 8 }}
+      {{- end }}
+    spec:
+    {{- if .Values.priorityClassName }}
+      priorityClassName: "{{ .Values.priorityClassName }}"
+    {{- end }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ template "oauth2-proxy.serviceAccountName" . }}
+      enableServiceLinks: {{ .Values.enableServiceLinks }}
+      automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+      {{- if .Values.hostAliases }}
+      hostAliases:
+        {{ toYaml .Values.hostAliases | nindent 8}}
+      {{- end }}
+      {{- if or (and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled) .Values.extraInitContainers }}
+      initContainers:
+        {{- if .Values.extraInitContainers }}
+        {{- toYaml .Values.extraInitContainers | nindent 6 }}
+        {{- end }}
+      {{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }}
+      - name: wait-for-redis
+        image: "{{ .Values.initContainers.waitForRedis.image.repository }}:{{ .Values.initContainers.waitForRedis.image.tag }}"
+        imagePullPolicy: {{ .Values.initContainers.waitForRedis.image.pullPolicy }}
+        command: ["/bin/sh", "-c", "/scripts/check-redis.sh"]
+        env:
+        - name: TOTAL_RETRY_TIME
+          value: "{{ .Values.initContainers.waitForRedis.timeout }}"
+        {{- if eq (default "" .Values.sessionStorage.redis.clientType) "standalone" }}
+        - name: OAUTH2_PROXY_REDIS_CONNECTION_URL
+          value: {{ include "oauth2-proxy.redis.StandaloneUrl" . }}
+        {{- else if eq (default "" .Values.sessionStorage.redis.clientType) "cluster" }}
+        - name: OAUTH2_PROXY_REDIS_USE_CLUSTER
+          value: "true"
+        - name: OAUTH2_PROXY_REDIS_CLUSTER_CONNECTION_URLS
+          value: {{ join "," .Values.sessionStorage.redis.cluster.connectionUrls }}
+        {{- else if eq (default "" .Values.sessionStorage.redis.clientType) "sentinel" }}
+        - name: OAUTH2_PROXY_REDIS_USE_SENTINEL
+          value: "true"
+        - name: OAUTH2_PROXY_REDIS_SENTINEL_CONNECTION_URLS
+          value: {{ join "," .Values.sessionStorage.redis.sentinel.connectionUrls }}
+        {{- end }}
+      {{- if .Values.initContainers.waitForRedis.securityContext.enabled }}
+      {{- $securityContext := unset .Values.initContainers.waitForRedis.securityContext "enabled" }}
+        securityContext:
+          {{- toYaml $securityContext | nindent 10 }}
+      {{- end }}
+        resources:
+          {{- toYaml .Values.initContainers.waitForRedis.resources | nindent 10 }}
+        volumeMounts:
+        - name: redis-script
+          mountPath: /scripts
+      {{- end }}
+      {{- end }}
+      {{- if .Values.terminationGracePeriodSeconds }}
+      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+      {{- end }}
+      containers:
+      - name: {{ .Chart.Name }}
+        image: "{{ .Values.image.repository }}:{{ include "oauth2-proxy.version" . }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        {{- if .Values.image.command }}
+        command:
+          {{- range .Values.image.command }}
+          - {{ . | quote }}
+          {{- end }}
+        {{- end }}
+        args:
+        {{- if .Values.alphaConfig.enabled }}
+          - --alpha-config=/etc/oauth2_proxy/oauth2_proxy.yml
+        {{- else }}
+          - --http-address=0.0.0.0:4180
+          - --https-address=0.0.0.0:4443
+        {{- if .Values.metrics.enabled }}
+          - --metrics-address=0.0.0.0:44180
+        {{- end }}
+        {{- end }}
+        {{- if .Values.config.cookieName }}
+          - --cookie-name={{ .Values.config.cookieName }}
+        {{- end }}
+        {{- if kindIs "map" .Values.extraArgs }}
+          {{- range $key, $value := .Values.extraArgs }}
+          {{- if not (kindIs "invalid" $value) }}
+          - --{{ $key }}={{ tpl ($value | toString) $ }}
+          {{- else }}
+          - --{{ $key }}
+          {{- end }}
+          {{- end }}
+        {{- end }}
+        {{- if kindIs "slice" .Values.extraArgs }}
+          {{- with .Values.extraArgs }}
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+        {{- end }}
+        {{- if or .Values.config.existingConfig .Values.config.configFile }}
+          - --config=/etc/oauth2_proxy/oauth2_proxy.cfg
+        {{- end }}
+        {{- if .Values.authenticatedEmailsFile.enabled }}
+        {{- if .Values.authenticatedEmailsFile.template }}
+          - --authenticated-emails-file=/etc/oauth2-proxy/{{ .Values.authenticatedEmailsFile.template }}
+        {{- else }}
+          - --authenticated-emails-file=/etc/oauth2-proxy/{{ template "oauth2-proxy.fullname" . }}-accesslist
+        {{- end }}
+        {{- end }}
+        {{- with .Values.config.google }}
+        {{- if and .adminEmail (or .serviceAccountJson .existingSecret .useApplicationDefaultCredentials) }}
+          - --google-admin-email={{ .adminEmail }}
+        {{- if .useApplicationDefaultCredentials }}
+          - --google-use-application-default-credentials=true
+        {{- else }}
+          - --google-service-account-json=/google/service-account.json
+        {{- end }}
+        {{- if .targetPrincipal }}
+          - --google-target-principal={{ .targetPrincipal }}
+        {{- end }}
+        {{- end }}
+        {{- if .groups }}
+        {{- range $group := .groups }}
+          - --google-group={{ $group }}
+        {{- end }}
+        {{- end }}
+        {{- end }}
+        {{- if .Values.htpasswdFile.enabled }}
+          - --htpasswd-file=/etc/oauth2_proxy/htpasswd/users.txt
+        {{- end }}
+{{- if .Values.lifecycle }}
+        lifecycle:
+{{ toYaml .Values.lifecycle | indent 10 }}
+{{- end }}
+        env:
+        {{- if .Values.proxyVarsAsSecrets }}
+        - name: OAUTH2_PROXY_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name:  {{ template "oauth2-proxy.secretName" . }}
+              key: client-id
+        - name: OAUTH2_PROXY_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name:  {{ template "oauth2-proxy.secretName" . }}
+              key: client-secret
+        - name: OAUTH2_PROXY_COOKIE_SECRET
+          valueFrom:
+            secretKeyRef:
+              name:  {{ template "oauth2-proxy.secretName" . }}
+              key: cookie-secret
+        {{- end }}
+        {{- if eq (default "cookie" .Values.sessionStorage.type) "redis" }}
+        - name: OAUTH2_PROXY_SESSION_STORE_TYPE
+          value: "redis"
+         {{- if or .Values.sessionStorage.redis.existingSecret .Values.sessionStorage.redis.password (and .Values.redis.enabled (.Values.redis.auth))}}
+        - name: OAUTH2_PROXY_REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              {{- if .Values.sessionStorage.redis.existingSecret }}
+              name: {{ .Values.sessionStorage.redis.existingSecret }}
+              {{- else if .Values.sessionStorage.redis.password }}
+              name: {{ template "oauth2-proxy.fullname" . }}-redis-access
+              {{- else }}
+              name: {{ include "oauth2-proxy.redis.fullname" . }}
+              {{- end }}
+              key: {{ .Values.sessionStorage.redis.passwordKey }}
+        {{- end }}
+        {{- if eq (default "" .Values.sessionStorage.redis.clientType) "standalone" }}
+        - name: OAUTH2_PROXY_REDIS_CONNECTION_URL
+          value: {{ include "oauth2-proxy.redis.StandaloneUrl" . }}
+        {{- else if eq (default "" .Values.sessionStorage.redis.clientType) "cluster" }}
+        - name: OAUTH2_PROXY_REDIS_USE_CLUSTER
+          value: "true"
+        - name: OAUTH2_PROXY_REDIS_CLUSTER_CONNECTION_URLS
+          value: {{ join "," .Values.sessionStorage.redis.cluster.connectionUrls }}
+        {{- else if eq (default "" .Values.sessionStorage.redis.clientType) "sentinel" }}
+        - name: OAUTH2_PROXY_REDIS_USE_SENTINEL
+          value: "true"
+        - name: OAUTH2_PROXY_REDIS_SENTINEL_MASTER_NAME
+          value: {{ .Values.sessionStorage.redis.sentinel.masterName }}
+        - name: OAUTH2_PROXY_REDIS_SENTINEL_CONNECTION_URLS
+          value: {{ join "," .Values.sessionStorage.redis.sentinel.connectionUrls }}
+        {{- if or .Values.sessionStorage.redis.sentinel.existingSecret .Values.sessionStorage.redis.existingSecret .Values.sessionStorage.redis.sentinel.password }}
+        - name: OAUTH2_PROXY_REDIS_SENTINEL_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              {{- if or .Values.sessionStorage.redis.sentinel.existingSecret .Values.sessionStorage.redis.existingSecret }}
+              name: {{ .Values.sessionStorage.redis.sentinel.existingSecret | default .Values.sessionStorage.redis.existingSecret }}
+              {{- else }}
+              name: {{ template "oauth2-proxy.fullname" . }}-redis-access
+              {{- end }}
+              key: {{ .Values.sessionStorage.redis.sentinel.passwordKey }}
+        {{- end }}
+        {{- end }}
+        {{- end }}
+        {{- if .Values.extraEnv }}
+{{ tpl (toYaml .Values.extraEnv) . | indent 8 }}
+        {{- end }}
+        {{- if .Values.envFrom }}
+        envFrom:
+{{ tpl (toYaml .Values.envFrom) . | indent 8 }}
+        {{- end }}
+        ports:
+        {{- if .Values.containerPort }}
+          - containerPort: {{ .Values.containerPort }}
+        {{- else if (and (eq .Values.httpScheme "http") (empty .Values.containerPort)) }}
+          - containerPort: 4180
+        {{- else if (and (eq .Values.httpScheme "https") (empty .Values.containerPort)) }}
+          - containerPort: 4443
+        {{- else }}
+        {{- end}}
+            name: {{ .Values.httpScheme }}
+            protocol: TCP
+{{- if .Values.metrics.enabled }}
+          - containerPort: 44180
+            protocol: TCP
+            name: metrics
+{{- end }}
+{{- if .Values.livenessProbe.enabled }}
+        livenessProbe:
+          httpGet:
+            path: /ping
+            port: {{ .Values.httpScheme }}
+            scheme: {{ .Values.httpScheme | upper }}
+          initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+          timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+{{- end }}
+{{- if .Values.readinessProbe.enabled }}
+        readinessProbe:
+          httpGet:
+            path: {{ if gt (include "oauth2-proxy.version" .) "7.4.0" }}/ready{{ else }}/ping{{ end }}
+            port: {{ .Values.httpScheme }}
+            scheme: {{ .Values.httpScheme | upper }}
+          initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+          timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+          successThreshold: {{ .Values.readinessProbe.successThreshold }}
+          periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+{{- end }}
+        resources:
+{{ toYaml .Values.resources | indent 10 }}
+{{- with .Values.resizePolicy }}
+        resizePolicy: {{ toYaml . | nindent 10 }}
+{{- end }}
+        volumeMounts:
+{{- with .Values.config.google }}
+{{- if and .adminEmail (or .serviceAccountJson .existingSecret) }}
+        - name: google-secret
+          mountPath: /google
+          readOnly: true
+{{- end }}
+{{- end }}
+{{- if or .Values.config.existingConfig .Values.config.configFile }}
+        - mountPath: /etc/oauth2_proxy/oauth2_proxy.cfg
+          name: configmain
+          subPath: oauth2_proxy.cfg
+{{- end }}
+{{- if .Values.alphaConfig.enabled }}
+        - mountPath: /etc/oauth2_proxy/oauth2_proxy.yml
+          name: configalpha
+          subPath: oauth2_proxy.yml
+{{- end }}
+{{- if .Values.authenticatedEmailsFile.enabled }}
+        - mountPath: /etc/oauth2-proxy
+          name: configaccesslist
+          readOnly: true
+{{- end }}
+{{- if .Values.htpasswdFile.enabled }}
+        - mountPath: /etc/oauth2_proxy/htpasswd
+          name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
+          readOnly: true
+{{- end }}
+{{- if ne (len .Values.extraVolumeMounts) 0 }}
+{{ toYaml .Values.extraVolumeMounts | indent 8 }}
+{{- end }}
+{{- if .Values.securityContext.enabled }}
+{{- $securityContext := unset .Values.securityContext "enabled" }}
+        securityContext:
+          {{- toYaml $securityContext | nindent 10 }}
+{{- end }}
+{{- if .Values.extraContainers }}
+  {{- toYaml .Values.extraContainers | nindent 6 }}
+{{- end }}
+      volumes:
+{{- with .Values.config.google }}
+{{- if and .adminEmail (or .serviceAccountJson .existingSecret) }}
+      - name: google-secret
+        secret:
+          secretName: {{ if .existingSecret }}{{ .existingSecret }}{{ else }} {{ template "oauth2-proxy.secretName" $ }}-google{{ end }}
+{{- end }}
+{{- end }}
+
+{{- if .Values.htpasswdFile.enabled }}
+      - name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
+        secret:
+          secretName: {{ if .Values.htpasswdFile.existingSecret }}{{ .Values.htpasswdFile.existingSecret }}{{ else }} {{ template "oauth2-proxy.fullname" . }}-htpasswd-file {{ end }}
+{{- end }}
+
+{{- if and (.Values.authenticatedEmailsFile.enabled) (eq .Values.authenticatedEmailsFile.persistence "secret") }}
+      - name: configaccesslist
+        secret:
+          items:
+          - key: {{ default "restricted_user_access" .Values.authenticatedEmailsFile.restrictedUserAccessKey }}
+{{- if .Values.authenticatedEmailsFile.template }}
+            path: {{ .Values.authenticatedEmailsFile.template }}
+{{- else }}
+            path: {{ template "oauth2-proxy.fullname" . }}-accesslist
+{{- end }}
+{{- if .Values.authenticatedEmailsFile.template }}
+          secretName: {{ .Values.authenticatedEmailsFile.template }}
+{{- else }}
+          secretName: {{ template "oauth2-proxy.fullname" . }}-accesslist
+{{- end }}
+{{- end }}
+{{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }}
+      - name: redis-script
+        configMap:
+          name: {{ template "oauth2-proxy.fullname" . }}-wait-for-redis
+          defaultMode: 0775
+{{- end }}
+{{- if or .Values.config.existingConfig .Values.config.configFile }}
+      - configMap:
+          defaultMode: 420
+          name: {{ if .Values.config.existingConfig }}{{ .Values.config.existingConfig }}{{ else }}{{ template "oauth2-proxy.fullname" . }}{{ end }}
+        name: configmain
+{{- end }}
+{{- if .Values.alphaConfig.enabled }}
+{{- if .Values.alphaConfig.existingConfig }}
+      - configMap:
+          defaultMode: 420
+          name: {{ .Values.alphaConfig.existingConfig }}
+        name: configalpha
+{{- else }}
+      - secret:
+          defaultMode: 420
+          secretName: {{ if .Values.alphaConfig.existingSecret }}{{ .Values.alphaConfig.existingSecret }}{{ else }}{{ template "oauth2-proxy.fullname" . }}-alpha{{ end }}
+        name: configalpha
+{{- end }}
+{{- end }}
+{{- if ne (len .Values.extraVolumes) 0 }}
+{{ tpl (toYaml .Values.extraVolumes) . | indent 6 }}
+{{- end }}
+{{- if and (.Values.authenticatedEmailsFile.enabled) (eq .Values.authenticatedEmailsFile.persistence "configmap") }}
+      - configMap:
+{{- if .Values.authenticatedEmailsFile.template }}
+          name: {{ .Values.authenticatedEmailsFile.template }}
+{{- else }}
+          name: {{ template "oauth2-proxy.fullname" . }}-accesslist
+{{- end }}
+          items:
+          - key: {{ default "restricted_user_access" .Values.authenticatedEmailsFile.restrictedUserAccessKey }}
+{{- if .Values.authenticatedEmailsFile.template }}
+            path: {{ .Values.authenticatedEmailsFile.template }}
+{{- else }}
+            path: {{ template "oauth2-proxy.fullname" . }}-accesslist
+{{- end }}
+        name: configaccesslist
+{{- end }}
+
+    {{- with (.Values.imagePullSecrets | default .Values.global.imagePullSecrets) }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/deprecation.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/deprecation.yaml
new file mode 100644
index 00000000..126d3e7a
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/deprecation.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.checkDeprecation }}
+    {{- if .Values.service.port }}
+        {{ fail "`service.port` does no longer exist. It has been renamed to `service.portNumber`" }}
+    {{- end }}
+    {{- if eq ( include "capabilities.ingress.apiVersion" . ) "networking.k8s.io/v1" -}}
+        {{- range .Values.ingress.extraPaths }}
+            {{- if or (.backend.serviceName) (.backend.servicePort) }}
+                {{ fail "Please update the format of your `ingress.extraPaths` to the new ingress apiVersion `networking.k8s.io/v1` format" }}
+            {{- end }}
+        {{- end }}
+    {{- end }}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/extra-manifests.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/extra-manifests.yaml
new file mode 100644
index 00000000..a9bb3b6b
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/extra-manifests.yaml
@@ -0,0 +1,4 @@
+{{ range .Values.extraObjects }}
+---
+{{ tpl (toYaml .) $ }}
+{{ end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/google-secret.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/google-secret.yaml
new file mode 100644
index 00000000..30a9ae1b
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/google-secret.yaml
@@ -0,0 +1,13 @@
+{{- if and .Values.config.google (and (not .Values.config.google.existingSecret) (not .Values.config.google.useApplicationDefaultCredentials)) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+  name: {{ template "oauth2-proxy.fullname" . }}-google
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
+type: Opaque
+data:
+  service-account.json: {{ .Values.config.google.serviceAccountJson | b64enc | quote }}
+{{- end -}}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/hpa.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/hpa.yaml
new file mode 100644
index 00000000..7fe67e7b
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/hpa.yaml
@@ -0,0 +1,49 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+  {{- with .Values.autoscaling.annotations }}
+  annotations:
+{{ tpl ( toYaml . ) $ | indent 8 }}
+  {{- end }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ template "oauth2-proxy.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+  {{- if .Values.autoscaling.behavior }}
+  behavior:
+    {{- with .Values.autoscaling.behavior.scaleDown }}
+    scaleDown:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    {{- with .Values.autoscaling.behavior.scaleUp }}
+    scaleUp:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+  {{- end }}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/ingress.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/ingress.yaml
new file mode 100644
index 00000000..8cc7953e
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/ingress.yaml
@@ -0,0 +1,44 @@
+{{- if .Values.ingress.enabled -}}
+{{- $serviceName := include "oauth2-proxy.fullname" . -}}
+{{- $servicePort := .Values.service.portNumber -}}
+{{- $ingressPath := .Values.ingress.path -}}
+{{- $ingressPathType := .Values.ingress.pathType -}}
+{{- $extraPaths := .Values.ingress.extraPaths -}}
+apiVersion: {{ include "capabilities.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    {{- include "oauth2-proxy.labels" . | indent 4 }}
+{{- if .Values.ingress.labels }}
+{{ toYaml .Values.ingress.labels | indent 4 }}
+{{- end }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ tpl ( toYaml . ) $ | indent 4 }}
+{{- end }}
+spec:
+  {{- if and .Values.ingress.className ( eq "true" ( include "ingress.supportsIngressClassName" . ) ) }}
+  ingressClassName: {{ .Values.ingress.className | quote }}
+  {{- end }}
+  rules:
+    {{- range $host := .Values.ingress.hosts }}
+    - host: {{ tpl $host $ | quote }}
+      http:
+        paths:
+{{- if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+          - path: {{ $ingressPath }}
+            {{- if eq "true" ( include "ingress.supportsPathType" $ ) }}
+            pathType: {{ $ingressPathType }}
+            {{- end }}
+            backend: {{- include "ingress.backend" ( dict "serviceName" $serviceName "servicePort" $servicePort "context" $ )  | nindent 14 }}
+    {{- end -}}
+  {{- if .Values.ingress.tls }}
+  tls:
+{{ tpl (toYaml .Values.ingress.tls) $ | indent 4 }}
+  {{- end -}}
+{{- end -}}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/poddisruptionbudget.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/poddisruptionbudget.yaml
new file mode 100644
index 00000000..e358b59d
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/poddisruptionbudget.yaml
@@ -0,0 +1,27 @@
+{{- $replicaCount := .Values.replicaCount | default 1 | int }}
+{{- if .Values.autoscaling.enabled }}
+  {{- $replicaCount = .Values.autoscaling.minReplicas | default 1 | int }}
+{{- end }}
+{{- if and .Values.podDisruptionBudget.enabled (gt $replicaCount 1) }}
+apiVersion: {{ include "capabilities.podDisruptionBudget.apiVersion" . }}
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "oauth2-proxy.selectorLabels" . | indent 6 }}
+  {{- with .Values.podDisruptionBudget.maxUnavailable }}
+  maxUnavailable: {{ . }}
+  {{- end }}
+  {{- with .Values.podDisruptionBudget.minAvailable }}
+  minAvailable: {{ . }}
+  {{- end }}
+  {{- with .Values.podDisruptionBudget.unhealthyPodEvictionPolicy }}
+  unhealthyPodEvictionPolicy: {{ . }}
+  {{- end }}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/redis-secret.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/redis-secret.yaml
new file mode 100644
index 00000000..202e9243
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/redis-secret.yaml
@@ -0,0 +1,23 @@
+{{- $name := include "oauth2-proxy.name" .  -}}
+{{- $fullName := include "oauth2-proxy.fullname" .  -}}
+{{- $labels := include "oauth2-proxy.labels" . -}}
+{{- with .Values.sessionStorage }}
+{{- if and (eq .type "redis") (not .redis.existingSecret) (or .redis.password .redis.sentinel.password) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: {{ $name }}
+    {{- $labels | indent 4 }}
+  name: {{ $fullName }}-redis-access
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
+type: Opaque
+data:
+  {{- if and .redis.password (not .redis.existingSecret) }}
+  {{ .redis.passwordKey }}: {{ .redis.password | b64enc | quote }}
+  {{- end }}
+  {{- if and .redis.sentinel.password (not .redis.sentinel.existingSecret) (ne .redis.sentinel.passwordKey .redis.passwordKey) }}
+  {{ .redis.sentinel.passwordKey }}: {{ .redis.sentinel.password | b64enc | quote }}
+  {{- end }}
+{{- end }}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/secret-alpha.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/secret-alpha.yaml
new file mode 100644
index 00000000..ba2c02d5
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/secret-alpha.yaml
@@ -0,0 +1,21 @@
+{{-
+  if and
+    .Values.alphaConfig.enabled
+    (not .Values.alphaConfig.existingConfig)
+    (not .Values.alphaConfig.existingSecret)
+}}
+apiVersion: v1
+kind: Secret
+metadata:
+{{- with .Values.alphaConfig.annotations }}
+  annotations:
+{{ tpl ( toYaml . ) $ | indent 4 }}
+{{- end }}
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+    {{- include "oauth2-proxy.labels" . | indent 4 }}
+  name: {{ template "oauth2-proxy.fullname" . }}-alpha
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
+data:
+  oauth2_proxy.yml: {{ include "oauth2-proxy.alpha-config" . | b64enc | quote }}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/secret-authenticated-emails-file.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/secret-authenticated-emails-file.yaml
new file mode 100644
index 00000000..9b607dd3
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/secret-authenticated-emails-file.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.authenticatedEmailsFile.enabled }}
+{{- if and (.Values.authenticatedEmailsFile.restricted_access) (eq .Values.authenticatedEmailsFile.persistence "secret")  }}
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+{{- with .Values.authenticatedEmailsFile.annotations }}
+  annotations:
+{{ tpl ( toYaml . ) $ | indent 4 }}
+{{- end }}
+  name: {{ template "oauth2-proxy.fullname" . }}-accesslist
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
+data:
+  {{ default "restricted_user_access" .Values.authenticatedEmailsFile.restrictedUserAccessKey }}: {{ .Values.authenticatedEmailsFile.restricted_access | b64enc }}
+{{- end }}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/secret-htpasswd-file.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/secret-htpasswd-file.yaml
new file mode 100644
index 00000000..c5ea330f
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/secret-htpasswd-file.yaml
@@ -0,0 +1,16 @@
+{{- if and .Values.htpasswdFile.enabled (not .Values.htpasswdFile.existingSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+  name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
+type: Opaque
+stringData:
+  users.txt: |-
+    {{- range $entries := .Values.htpasswdFile.entries }}
+    {{ $entries }}
+    {{- end -}}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/secret.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/secret.yaml
new file mode 100644
index 00000000..a0418434
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{- if and (not .Values.config.existingSecret) (.Values.proxyVarsAsSecrets) }}
+apiVersion: v1
+kind: Secret
+metadata:
+{{- with .Values.config.annotations }}
+  annotations:
+{{ tpl ( toYaml . ) $ | indent 4 }}
+{{- end }}
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
+type: Opaque
+data:
+{{- include "oauth2-proxy.secrets" . | nindent 2 }}
+{{- end -}}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/service.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/service.yaml
new file mode 100644
index 00000000..04d105ca
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/service.yaml
@@ -0,0 +1,68 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
+{{- with .Values.service.annotations }}
+  annotations:
+{{ tpl ( toYaml . ) $ | indent 4 }}
+{{- end }}
+spec:
+{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
+  type: ClusterIP
+  {{- if .Values.service.clusterIP }}
+  clusterIP: {{ .Values.service.clusterIP }}
+  {{end}}
+{{- else if eq .Values.service.type "LoadBalancer" }}
+  type: {{ .Values.service.type }}
+  {{- if .Values.service.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+  {{- end }}
+  {{- if .Values.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
+  {{- end -}}
+{{- else }}
+  type: {{ .Values.service.type }}
+{{- end }}
+{{- if .Values.service.externalTrafficPolicy }}
+  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
+{{- end }}
+{{- if .Values.service.internalTrafficPolicy }}
+  internalTrafficPolicy: {{ .Values.service.internalTrafficPolicy }}
+{{- end }}
+  ports:
+    - port: {{ .Values.service.portNumber }}
+      targetPort: {{ .Values.service.targetPort | default .Values.httpScheme }}
+      {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
+      nodePort: {{ .Values.service.nodePort }}
+      {{- end }}
+      protocol: TCP
+      {{- with .Values.service.appProtocol }}
+      appProtocol: {{ . }}
+      {{- end }}
+      name: {{ .Values.httpScheme }}
+    {{- if and .Values.metrics.enabled .Values.metrics.port }}
+    - port: {{ .Values.metrics.port }}
+      protocol: TCP
+      {{- with .Values.metrics.service.appProtocol }}
+      appProtocol: {{ . }}
+      {{- end }}
+      targetPort: metrics
+      {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.metrics.nodePort))) }}
+      nodePort: {{ .Values.metrics.nodePort }}
+      {{- end }}
+      name: metrics
+    {{- end }}
+  selector:
+    {{- include "oauth2-proxy.selectorLabels" . | indent 4 }}
+{{- if .Values.service.ipDualStack.enabled }}
+  ipFamilies: {{ toYaml .Values.service.ipDualStack.ipFamilies | nindent 4 }}
+  ipFamilyPolicy: {{ .Values.service.ipDualStack.ipFamilyPolicy }}
+{{- end }}
+{{- if .Values.service.trafficDistribution }}
+  trafficDistribution: {{ .Values.service.trafficDistribution }}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/serviceaccount.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/serviceaccount.yaml
new file mode 100644
index 00000000..e38cd7a7
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/serviceaccount.yaml
@@ -0,0 +1,60 @@
+{{- if or .Values.serviceAccount.enabled -}}
+{{- $fullName := include "oauth2-proxy.fullname" .  -}}
+{{- $saName := include "oauth2-proxy.serviceAccountName" . -}}
+{{- $name := include "oauth2-proxy.name" . -}}
+{{- $namespace := include "oauth2-proxy.namespace" $ -}}
+{{- $labels := include "oauth2-proxy.labels" . -}}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+{{ tpl ( toYaml . ) $ | indent 4 }}
+  {{- end }}
+  labels:
+    app: {{ $name }}
+{{- $labels | indent 4 }}
+  name: {{ $saName }}
+  namespace: {{ $namespace }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+{{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }}
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ $fullName }}-watch-redis
+  namespace: {{ $namespace }}
+  labels:
+    app: {{ $name }}
+    {{- $labels | nindent 4 }}
+rules:
+- apiGroups:
+    - ""
+  resources:
+    - pods
+  resourceNames:
+    - "{{ include "oauth2-proxy.redis.fullname" . }}-master-0"
+  verbs:
+    - get
+    - list
+    - watch
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ $saName }}-watch-redis
+  namespace: {{ $namespace }}
+  labels:
+    app: {{ $name }}
+    {{- $labels | nindent 4 }}
+subjects:
+- kind: ServiceAccount
+  name: {{ $saName }}
+  apiGroup: ""
+roleRef:
+  kind: Role
+  name: {{ $fullName }}-watch-redis
+  apiGroup: ""
+{{- end -}}
+{{- end -}}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/servicemonitor.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/servicemonitor.yaml
new file mode 100644
index 00000000..99d62fd4
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/templates/servicemonitor.yaml
@@ -0,0 +1,57 @@
+{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  {{- with .Values.metrics.serviceMonitor.annotations }}
+  annotations:
+{{ tpl ( toYaml . ) $ | indent 4 }}
+  {{- end }}
+  name: {{ template "oauth2-proxy.fullname" . }}
+{{- if .Values.metrics.serviceMonitor.namespace }}
+  namespace: {{ .Values.metrics.serviceMonitor.namespace }}
+{{- else }}
+  namespace: {{ template "oauth2-proxy.namespace" $ }}
+{{- end }}
+  labels:
+    prometheus: {{ .Values.metrics.serviceMonitor.prometheusInstance }}
+    app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+{{- if .Values.metrics.serviceMonitor.labels }}
+{{ toYaml .Values.metrics.serviceMonitor.labels | indent 4}}
+{{- end }}
+spec:
+  jobLabel: {{ template "oauth2-proxy.fullname" . }}
+  selector:
+    matchLabels:
+      {{- include "oauth2-proxy.selectorLabels" . | indent 6 }}
+  namespaceSelector:
+    matchNames:
+      - {{ template "oauth2-proxy.namespace" $ }}
+  endpoints:
+  - port: metrics
+    path: "/metrics"
+    {{- with .Values.metrics.serviceMonitor.interval }}
+    interval: {{ . }}
+    {{- end }}
+    {{- with .Values.metrics.serviceMonitor.scrapeTimeout }}
+    scrapeTimeout: {{ . }}
+    {{- end }}
+    {{- with .Values.metrics.serviceMonitor.scheme }}
+    scheme: {{ . }}
+    {{- end }}
+    {{- with .Values.metrics.serviceMonitor.bearerTokenFile }}
+    bearerTokenFile: {{ . }}
+    {{- end }}
+    {{- with .Values.metrics.serviceMonitor.tlsConfig }}
+    tlsConfig:
+      {{- toYaml .| nindent 6 }}
+    {{- end }}
+    {{- with .Values.metrics.serviceMonitor.metricRelabelings }}
+    metricRelabelings:
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.metrics.serviceMonitor.relabelings }}
+    relabelings:
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+{{- end }}
diff --git a/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/values.yaml b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/values.yaml
new file mode 100644
index 00000000..272b50c9
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/charts/oauth2-proxy/values.yaml
@@ -0,0 +1,569 @@
+global: {}
+# To help compatibility with other charts which use global.imagePullSecrets.
+# global:
+#   imagePullSecrets:
+#   - name: pullSecret1
+#   - name: pullSecret2
+
+## Override the deployment namespace
+##
+namespaceOverride: ""
+
+# Force the target Kubernetes version (it uses Helm `.Capabilities` if not set).
+# This is especially useful for `helm template` as capabilities are always empty
+# due to the fact that it doesn't query an actual cluster
+kubeVersion:
+
+# Oauth client configuration specifics
+config:
+  # Add config annotations
+  annotations: {}
+  # OAuth client ID
+  clientID: "XXXXXXX"
+  # OAuth client secret
+  clientSecret: "XXXXXXXX"
+  # Create a new secret with the following command
+  # openssl rand -base64 32 | head -c 32 | base64
+  # Use an existing secret for OAuth2 credentials (see secret.yaml for required fields)
+  # Example:
+  # existingSecret: secret
+  cookieSecret: "XXXXXXXXXXXXXXXX"
+  # The name of the cookie that oauth2-proxy will create
+  # If left empty, it will default to the release name
+  cookieName: ""
+  google:
+    {}
+    # adminEmail: xxxx
+    # useApplicationDefaultCredentials: true
+    # targetPrincipal: xxxx
+    # serviceAccountJson: xxxx
+    # Alternatively, use an existing secret (see google-secret.yaml for required fields)
+    # Example:
+    # existingSecret: google-secret
+    # groups: []
+    # Example:
+    #  - group1@example.com
+    #  - group2@example.com
+  # Default configuration, to be overridden
+  configFile: |-
+    email_domains = [ "*" ]
+    upstreams = [ "file:///dev/null" ]
+  # Custom configuration file: oauth2_proxy.cfg
+  # configFile: |-
+  #   pass_basic_auth = false
+  #   pass_access_token = true
+  # Use an existing config map (see configmap.yaml for required fields)
+  # Example:
+  # existingConfig: config
+
+alphaConfig:
+  enabled: false
+  # Add config annotations
+  annotations: {}
+  # Arbitrary configuration data to append to the server section
+  serverConfigData: {}
+  # Arbitrary configuration data to append to the metrics section
+  metricsConfigData: {}
+  # Arbitrary configuration data to append
+  configData: {}
+  # Arbitrary configuration to append
+  # This is treated as a Go template and rendered with the root context
+  configFile: ""
+  # Use an existing config map (see secret-alpha.yaml for required fields)
+  existingConfig: ~
+  # Use an existing secret
+  existingSecret: ~
+
+image:
+  repository: "quay.io/oauth2-proxy/oauth2-proxy"
+  # appVersion is used by default
+  tag: ""
+  pullPolicy: "IfNotPresent"
+  command: []
+
+# Optionally specify an array of imagePullSecrets.
+# Secrets must be manually created in the namespace.
+# ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
+imagePullSecrets:
+  []
+  # - name: myRegistryKeySecretName
+
+# Set a custom containerPort if required.
+# This will default to 4180 if this value is not set and the httpScheme set to http
+# This will default to 4443 if this value is not set and the httpScheme set to https
+# containerPort: 4180
+
+extraArgs: {}
+extraEnv: []
+
+envFrom: []
+# Load environment variables from a ConfigMap(s) and/or Secret(s)
+# that already exists (created and managed by you).
+# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables
+#
+# PS: Changes in these ConfigMaps or Secrets will not be automatically
+#     detected and you must manually restart the relevant Pods after changes.
+#
+#  - configMapRef:
+#      name: special-config
+#  - secretRef:
+#      name: special-config-secret
+
+# -- Custom labels to add into metadata
+customLabels: {}
+
+# To authorize individual email addresses
+# That is part of extraArgs but since this needs special treatment we need to do a separate section
+authenticatedEmailsFile:
+  enabled: false
+  # Defines how the email addresses file will be projected, via a configmap or secret
+  persistence: configmap
+  # template is the name of the configmap what contains the email user list but has been configured without this chart.
+  # It's a simpler way to maintain only one configmap (user list) instead changing it for each oauth2-proxy service.
+  # Be aware the value name in the extern config map in data needs to be named to "restricted_user_access" or to the
+  # provided value in restrictedUserAccessKey field.
+  template: ""
+  # The configmap/secret key under which the list of email access is stored
+  # Defaults to "restricted_user_access" if not filled-in, but can be overridden to allow flexibility
+  restrictedUserAccessKey: ""
+  # One email per line
+  # example:
+  # restricted_access: |-
+  #   name1@domain
+  #   name2@domain
+  # If you override the config with restricted_access it will configure a user list within this chart what takes care of the
+  # config map resource.
+  restricted_access: ""
+  annotations: {}
+  # helm.sh/resource-policy: keep
+
+service:
+  type: ClusterIP
+  # when service.type is ClusterIP ...
+  # clusterIP: 192.0.2.20
+  # when service.type is LoadBalancer ...
+  # loadBalancerIP: 198.51.100.40
+  # loadBalancerSourceRanges: 203.0.113.0/24
+  # when service.type is NodePort ...
+  # nodePort: 80
+  portNumber: 80
+  # Protocol set on the service
+  appProtocol: http
+  annotations: {}
+  # foo.io/bar: "true"
+  # configure externalTrafficPolicy
+  externalTrafficPolicy: ""
+  # configure internalTrafficPolicy
+  internalTrafficPolicy: ""
+  # configure service target port
+  targetPort: ""
+  # Configures the service to use IPv4/IPv6 dual-stack.
+  # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/
+  ipDualStack:
+    enabled: false
+    ipFamilies: ["IPv6", "IPv4"]
+    ipFamilyPolicy: "PreferDualStack"
+  # Configure traffic distribution for the service
+  # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution
+  trafficDistribution: ""
+
+## Create or use ServiceAccount
+serviceAccount:
+  ## Specifies whether a ServiceAccount should be created
+  enabled: true
+  ## The name of the ServiceAccount to use.
+  ## If not set and create is true, a name is generated using the fullname template
+  name:
+  automountServiceAccountToken: true
+  annotations: {}
+
+ingress:
+  enabled: false
+  # className: nginx
+  path: /
+  # Only used if API capabilities (networking.k8s.io/v1) allow it
+  pathType: ImplementationSpecific
+  # Used to create an Ingress record.
+  # hosts:
+  # - chart-example.local
+  # Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
+  # Warning! The configuration is dependant on your current k8s API version capabilities (networking.k8s.io/v1)
+  # extraPaths:
+  # - path: /*
+  #   pathType: ImplementationSpecific
+  #   backend:
+  #     service:
+  #       name: ssl-redirect
+  #       port:
+  #         name: use-annotation
+  labels: {}
+  # annotations:
+  #   kubernetes.io/ingress.class: nginx
+  #   kubernetes.io/tls-acme: "true"
+  # tls:
+  # Secrets must be manually created in the namespace.
+  # - secretName: chart-example-tls
+  #   hosts:
+  #     - chart-example.local
+
+resources:
+  {}
+  # limits:
+  #   cpu: 100m
+  #   memory: 300Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 300Mi
+
+# Container resize policy for runtime resource updates
+# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/resize-container-resources/
+resizePolicy: []
+  # - resourceName: cpu
+  #   restartPolicy: NotRequired
+  # - resourceName: memory
+  #   restartPolicy: RestartContainer
+
+extraVolumes:
+  []
+  # - name: ca-bundle-cert
+  #   secret:
+  #     secretName: <secret-name>
+
+extraVolumeMounts:
+  []
+  # - mountPath: /etc/ssl/certs/
+  #   name: ca-bundle-cert
+
+# Additional containers to be added to the pod.
+extraContainers:
+  []
+  #  - name: my-sidecar
+  #    image: nginx:latest
+
+# Additional Init containers to be added to the pod.
+extraInitContainers:
+  []
+  #  - name: wait-for-idp
+  #    image: my-idp-wait:latest
+  #    command:
+  #    - sh
+  #    - -c
+  #    - wait-for-idp.sh
+
+priorityClassName: ""
+
+# hostAliases is a list of aliases to be added to /etc/hosts for network name resolution
+hostAliases: []
+# - ip: "10.xxx.xxx.xxx"
+#   hostnames:
+#     - "auth.example.com"
+# - ip: 127.0.0.1
+#   hostnames:
+#     - chart-example.local
+#     - example.local
+
+# [TopologySpreadConstraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) configuration.
+# Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling
+# topologySpreadConstraints: []
+
+# Affinity for pod assignment
+# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+# affinity: {}
+
+# Tolerations for pod assignment
+# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+tolerations: []
+
+# Node labels for pod assignment
+# Ref: https://kubernetes.io/docs/user-guide/node-selection/
+nodeSelector: {}
+
+# Whether to use secrets instead of environment values for setting up OAUTH2_PROXY variables
+proxyVarsAsSecrets: true
+
+# Configure Kubernetes liveness and readiness probes.
+# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
+# Disable both when deploying with Istio 1.0 mTLS. https://istio.io/help/faq/security/#k8s-health-checks
+livenessProbe:
+  enabled: true
+  initialDelaySeconds: 0
+  timeoutSeconds: 1
+
+readinessProbe:
+  enabled: true
+  initialDelaySeconds: 0
+  timeoutSeconds: 5
+  periodSeconds: 10
+  successThreshold: 1
+
+# Configure Kubernetes security context for container
+# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+securityContext:
+  enabled: true
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 2000
+  runAsGroup: 2000
+  seccompProfile:
+    type: RuntimeDefault
+
+deploymentAnnotations: {}
+podAnnotations: {}
+podLabels: {}
+replicaCount: 1
+revisionHistoryLimit: 10
+strategy: {}
+enableServiceLinks: true
+
+## PodDisruptionBudget settings
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
+## One of maxUnavailable and minAvailable must be set to null.
+podDisruptionBudget:
+  enabled: true
+  maxUnavailable: null
+  minAvailable: 1
+  # Policy for when unhealthy pods should be considered for eviction.
+  # Valid values are "IfHealthyBudget" and "AlwaysAllow".
+  # Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy
+  unhealthyPodEvictionPolicy: ""
+
+## Horizontal Pod Autoscaling
+## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 10
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+  annotations: {}
+  # Configure HPA behavior policies for scaling if needed
+  # Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#configuring-scaling-behavior
+  behavior:
+    {}
+    # scaleDown:
+    #   stabilizationWindowSeconds: 300
+    #   policies:
+    #   - type: Percent
+    #     value: 100
+    #     periodSeconds: 15
+    #   selectPolicy: Min
+    # scaleUp:
+    #   stabilizationWindowSeconds: 0
+    #   policies:
+    #   - type: Percent
+    #     value: 100
+    #     periodSeconds: 15
+    #   - type: Pods
+    #     value: 4
+    #     periodSeconds: 15
+    #   selectPolicy: Max
+
+# Configure Kubernetes security context for pod
+# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+podSecurityContext: {}
+
+# whether to use http or https
+httpScheme: http
+
+initContainers:
+  # if the redis sub-chart is enabled, wait for it to be ready
+  # before starting the proxy
+  # creates a role binding to get, list, watch, the redis master pod
+  # if service account is enabled
+  waitForRedis:
+    enabled: true
+    image:
+      repository: "alpine"
+      tag: "latest"
+      pullPolicy: "IfNotPresent"
+    # uses the kubernetes version of the cluster
+    # the chart is deployed on, if not set
+    kubectlVersion: ""
+    securityContext:
+      enabled: true
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+          - ALL
+      readOnlyRootFilesystem: true
+      runAsNonRoot: true
+      runAsUser: 65534
+      runAsGroup: 65534
+      seccompProfile:
+        type: RuntimeDefault
+    timeout: 180
+    resources:
+      {}
+      # limits:
+      #   cpu: 100m
+      #   memory: 300Mi
+      # requests:
+      #   cpu: 100m
+      #   memory: 300Mi
+
+# Additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -B" for bcrypt encryption.
+# Alternatively supply an existing secret which contains the required information.
+htpasswdFile:
+  enabled: false
+  existingSecret: ""
+  entries: []
+  # One row for each user
+  # example:
+  # entries:
+  #  - testuser:$2y$05$gY6dgXqjuzFhwdhsiFe7seM9q9Tile4Y3E.CBpAZJffkeiLaC21Gy
+
+# Configure the session storage type, between cookie and redis
+sessionStorage:
+  # Can be one of the supported session storage cookie|redis
+  type: cookie
+  redis:
+    # Name of the Kubernetes secret containing the redis & redis sentinel password values (see also `sessionStorage.redis.passwordKey`)
+    existingSecret: ""
+    # Redis password value. Applicable for all Redis configurations. Taken from redis subchart secret if not set. `sessionStorage.redis.existingSecret` takes precedence
+    password: ""
+    # Key of the Kubernetes secret data containing the redis password value. If you use the redis sub chart, make sure
+    # this password matches the one used in redis.global.redis.password (see below).
+    passwordKey: "redis-password"
+    # Can be one of standalone|cluster|sentinel
+    clientType: "standalone"
+    standalone:
+      # URL of redis standalone server for redis session storage (e.g. `redis://HOST[:PORT]`). Automatically generated if not set
+      connectionUrl: ""
+    cluster:
+      # List of Redis cluster connection URLs. Array or single string allowed.
+      connectionUrls: []
+      # - "redis://127.0.0.1:8000"
+      # - "redis://127.0.0.1:8001"
+    sentinel:
+      # Name of the Kubernetes secret containing the redis sentinel password value (see also `sessionStorage.redis.sentinel.passwordKey`). Default: `sessionStorage.redis.existingSecret`
+      existingSecret: ""
+      # Redis sentinel password. Used only for sentinel connection; any redis node passwords need to use `sessionStorage.redis.password`
+      password: ""
+      # Key of the Kubernetes secret data containing the redis sentinel password value
+      passwordKey: "redis-sentinel-password"
+      # Redis sentinel master name
+      masterName: ""
+      # List of Redis cluster connection URLs. Array or single string allowed.
+      connectionUrls: []
+      # - "redis://127.0.0.1:8000"
+      # - "redis://127.0.0.1:8001"
+
+# Enables and configure the automatic deployment of the redis-ha subchart
+redis:
+  # provision an instance of the redis-ha sub-chart
+  enabled: false
+  # Redis specific helm chart settings, please see:
+  # https://artifacthub.io/packages/helm/dandydev-charts/redis-ha#general-parameters
+  #
+  # Recommended:
+  #
+  # redisPassword: xxxxx
+  # replicas: 1
+  # persistentVolume:
+  #   enabled: false
+  #
+  # If you install Redis using this sub chart, make sure that the password of the sub chart matches the password
+  # you set in sessionStorage.redis.password (see above).
+  #
+  # If you want to use redis in sentinel mode see:
+  # https://artifacthub.io/packages/helm/dandydev-charts/redis-ha#redis-sentinel-parameters
+
+# Enables apiVersion deprecation checks
+checkDeprecation: true
+
+# Allows graceful shutdown
+# terminationGracePeriodSeconds: 65
+# lifecycle:
+#   preStop:
+#     exec:
+#       command: [ "sh", "-c", "sleep 60" ]
+
+metrics:
+  # Enable Prometheus metrics endpoint
+  enabled: true
+  # Serve Prometheus metrics on this port
+  port: 44180
+  # when service.type is NodePort ...
+  # nodePort: 44180
+  # Protocol set on the service for the metrics port
+  service:
+    appProtocol: http
+  serviceMonitor:
+    # Enable Prometheus Operator ServiceMonitor
+    enabled: false
+    # Define the namespace where to deploy the ServiceMonitor resource
+    namespace: ""
+    # Prometheus Instance definition
+    prometheusInstance: default
+    # Prometheus scrape interval
+    interval: 60s
+    # Prometheus scrape timeout
+    scrapeTimeout: 30s
+    # Add custom labels to the ServiceMonitor resource
+    labels: {}
+
+    ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
+    scheme: ""
+
+    ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
+    ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig
+    tlsConfig: {}
+
+    ## bearerTokenFile: Path to bearer token file.
+    bearerTokenFile: ""
+
+    ## Used to pass annotations that are used by the Prometheus installed in your cluster to select Service Monitors to work with
+    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+    annotations: {}
+
+    ## Metric relabel configs to apply to samples before ingestion.
+    ## [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs)
+    metricRelabelings: []
+    # - action: keep
+    #   regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+    #   sourceLabels: [__name__]
+
+    ## Relabel configs to apply to samples before ingestion.
+    ## [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config)
+    relabelings: []
+    # - sourceLabels: [__meta_kubernetes_pod_node_name]
+    #   separator: ;
+    #   regex: ^(.*)$
+    #   targetLabel: nodename
+    #   replacement: $1
+    #   action: replace
+
+# Extra K8s manifests to deploy
+extraObjects:
+  []
+  # - apiVersion: secrets-store.csi.x-k8s.io/v1
+  #   kind: SecretProviderClass
+  #   metadata:
+  #     name: oauth2-proxy-secrets-store
+  #   spec:
+  #     provider: aws
+  #     parameters:
+  #       objects: |
+  #         - objectName: "oauth2-proxy"
+  #           objectType: "secretsmanager"
+  #           jmesPath:
+  #               - path: "client_id"
+  #                 objectAlias: "client-id"
+  #               - path: "client_secret"
+  #                 objectAlias: "client-secret"
+  #               - path: "cookie_secret"
+  #                 objectAlias: "cookie-secret"
+  #     secretObjects:
+  #     - data:
+  #       - key: client-id
+  #         objectName: client-id
+  #         - key: client-secret
+  #           objectName: client-secret
+  #         - key: cookie-secret
+  #         objectName: cookie-secret
+  #       secretName: oauth2-proxy-secrets-store
+  #       type: Opaque
diff --git a/packs/oauth2-proxy-8.2.0/logo.png b/packs/oauth2-proxy-8.2.0/logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..f7aee9a8cdaef528ed7fe9845507f06c33ab3f33
GIT binary patch
literal 11087
zcmYLPWn5G5-yYpacTBoFq@)D|>4qQO-3_B*^pH+Lq(i!;aWo<!EiEbC@f`neo)<gY
zXP@mp_qo4)T^CecRRIT+0uuxR;V3D}X#(%?e=l@Y;98?!TL1#FlPJkaYy0IL<p&07
z>2%x_GKeiOeaUQ^wum4pDUweiD*8o7Y9CdvID}tff*K=gi);5?BQ0t2l+80KBl{qM
zB~L_kdUA-bA3y$+UA*zIwsa9nNtU(|<D71Qvhz&0=VIXAQ>11YpMhAW4YPgcx0h4<
zLT`V&Yi`H7<qJHQR!SbS1m8%Q4=4g^^Hqw64EO&pv5I0m^W|k?!yjElhv53dNK)dU
zK@Xxb&?h5$ZSTsc23G-@Ir(Pw$;cn8yst<U(RulG<uh|<D9Fd;kXAF0KnDRG{1b5f
zQVl6bnKu>?G3B(`a^j&@7G$|XU7{DLYT9FzA&cXWI0BB>2S`XD#IA8lDuy;WLDh>O
zddqB+Exz^Hp`|*(`V19Nirh3OlLnaIUjA%XobD<`m&lb3&k?sG$|DdtnBs?7*ex`>
zzA_;}Uhmk!#Ko<7-OPehSbm8aqC^CL%Zcas7EZ6Z&I-KG$7<)puI)=gQToGR`$`o)
zE!EZT*?O}-jtlgdbV`CT5hk(CA4d?~m%h=BY$N$^&R)QLSaSLh+rtAo=(|UMG<A&H
z8!jHVOeHl*27P2n2{zyu@#|Jh{U)ZCw}fX8DaPTz1O2gJl~4camAn@6Ohf3HO=}OK
zlh0AVvxmKTY9=t4SFK?wVxM`IL$Wjk15ZoU{rPO~!I*Oh1m3Bje1|)zXQ&ax4Z5_C
ztlS+_Zpn8DTiL1N!{7>o)ie0kUssJ+Ur~S*c^Y-)TbDyPldDpkxM1f#Pyt5;m_WBK
z!X|HLllU&OOt`YXwX5NOE|Pa{?2fsFqb-Ce4UGj#Uk$;obNEWM4)SNK4q=a;iHg=(
z){;Ct2TBvw-VUUW$%50)BLBHKI3$kc&5bVYMr*!-A}*4CX~<rFUt$o@tgaeWxeDvg
z!dE0!9y*{-yvfumqxl?K@Mh&&{O^e<-Tvjy&g?xRbT<-lP~+@-wR;Z#M73bq(p=C-
zSpB%YwewGz>1ywMfr}`<#iL^i*ugShlQ13G72@kYMs{YkbYRJ3pU&fv0lU#`<&v(C
z3MDkGsU@^C_#^Z-S7ik!io$J6E&|iXtw)~C)nvO4E542lTBe*IZC`Hmv&s?-!~B@m
z0u;77JPu}ESw4LXx0l5o91?dQ?XyrC{zhki|NP^e%jDR}MElr@^`Gg1d+DJqCU^on
z^0jVQoN|<_)aVS9WJ7646n)zAc&LbTX${uIoBOX_Zgh>ne%=&wFo*uLKWPqfCj7Tk
zq0x@OYUkLZ*DDYUlCvzXoL+^~ZliVF5h*eFy8RE&44DpMg}X^sH%!2ZzrOndu_l*E
zyMPmB^VBYvqf<dLD*Lt~$w%Dc$1>&LN)Lf_0iJv;q?$s&ufE9_T#NzEvi#^rM*c2J
zYCJ)wIa}1^+t{Ku!5@S2AUbC?D2HPp%<7!?S)9s%%-Gpr`N)=LWzXTx{u5-%nC?r5
z4D1Gr8s@Y+HE_ziiBjAuT)U=7@hpXqPaq|DNHH?olRj$mwv0a2$j{4F&eEpZedqe)
z7oDV1G^D)mSFWknFQqE5r*OnUj%2R$$ynl8AjB4KX#FcPT>hh$65In;kjxlqG@Xtk
zSOQkicK3&NmE?(DF`#&b_gwKsp3&;EWv<lGr{>;XrAWRjk-EGdUKUD?mei7Z=yW=4
z>k_zY(oN&BnLm~NK&m_<to2=3S0sl9SBhowL&K4225ZBM0D;0sd`3J1<IU#zCF%!b
z(~Mgq+YFY90EO}X5A=6N97{ZW5?jI_nM1m#=FUI$czZz8TG=hnA(i+QqPJIEO$lUS
zvp=Z~s+`bFU9FuBp3~F_*{1YZ&S^MORo?dZ_*#Ah!rHUucv^_iv3;@d+ynfrMw^S3
zMyYTl77s3Ta9KGq3w`+#nso8`O|w$QlQv*p+Bunae(aM(f8cong;S$3B~AUaV@mji
z^ajTvOxU$Jx#cA27+f0x%RkQln=JkQ$XfV1p$=H~PQ)Y|Q_^ObqV?MgoYrxFzVKFS
z?cyL%syV2}kmV%_@;98>0cB=Lvp#D6sZN+DU-^l}Wu0Lxqz$mc9_$T1)rUXFiBXhF
z17pt|on;v5Wxnj0HL<%AAIphiVf)$ocB`g`Q>?Q<2K$~q%IJF-yUpFdMLkSvGo16a
zrRRD_wBrfa)OttCxH`eWLjmUH@t<E8Rzf)zm91Oz#OR&N6b59l{vDt9;l{7!Jxg~v
zQVLk*p4-tVtt4mRLyE1}9-A_PM2PcC(aq(xXKU1y><hFKzhvo0(AdGV?>Z=ytk%N=
z+~GUO(bcM-<IWSbW*%NtaMD&g-2v&5L{orpPj$CyhdiwhY-K~_5&?hk91~9U?qvBS
zG6ZAN4(TvzKT-u87PHVdYs1W@dP{c^_r$?WH1m#SwDzOb+XmV8KT$mGyC2K(V%I`W
zzEi?21B24Xm}jna*)IOlOejn%@H;v;PyO`}dYaK|_f8#W_F*BFprom5gWghYH@ta1
zs9FKMcF*TKmr>LZuSbRUuH<=B&`I~V(POUyh)wq~Tx;VjE;lv_9PrS-ES&QF`krO?
z7sD9WYBAhjM8(D2uXNPhu;bgy9~w-%Ni4%dhHPuGwD^|jsYVF11!9Gd(2HI3@qbf}
z>EWNry8o*;(}6nO=bC%r5TZKdk=oQXbO(ka28jP}Z!arF#+PNM{@1c}bSV^jQIwg>
zxKz7w@{DN3J(}&?NkIL%=|7}qG6q6h3#;bA5jZBjwib4h6)n2lXTw|Z2U2s=*uFWT
zFVh__vb3ab@CC~Z5)vha$s!>YH{ee>GKbHWMAOE7^zemrWr#6DHr2KD(^t&Fas9dY
zn!x1NhL(|XzD$KAqch@P^#j&0s-jTUJ(l^GZwJ?T;_e6SJRKz8bgH>BQfnHht9J=v
zY$r9y8%xmREuCP@s)DrYoKu-dXMzg#SvoBd590~mZ|WxynVb*}9IJvW!uH2^SY)~>
z8m+8hUgt$_cacz<^T7&EH0`m>k+47V>H9v*Ke1|Dslk23Ee!JJ_;8!^TiIr>L(y8k
zp3J?s>KqflXmKGtKcIV86?`@$9w4c;E#CTW;pzji+n~0f&HuoHlUNrmOKLi9=?2Ur
zkKPrJ_p#NQX2tPz`&I*0yviq=1WKH%9YuMfcT#U2H@s6_Y^tFm!JTTpK*lc`t;Q>R
z>DFxCHbIH?zd+(Y|MlyokK4p6?}=Uk|KRg4G207j`s`NxNaRej;1`%)+aT<90>5@;
z#v^h(k|!fE?}aIxdB$Xig^s)FWPN!^GcU#{2Fn$Zm09h%E5k*;;7pAOzVt6X`-MTg
zEP%%?r@T&h09pU_S>~U=p}j*Ye0xfl63`*rIcG8@C@#uwnXyvJNU(JGhn8PdJv3{n
z#@MHo3f-#wQ*bRe?ey{#@%fG{97QHPUf;3miCs@+;RD|)Axf$ev+Sy{&1DfIfgw9l
zyDt*x{DURE!Hoy0GUNFV2pmOIwIFDA@Omw@VUK`y&WPxu0L#0F>=|fLih*J($gk_o
zaL*0<Alamv3hknmLC9|y^>GuU4UX|5t|~am;;VC=Dg%KpY%-C4g!mYrc>^gy%qrjF
zu{i$Apv}DKxA<nY(?=}O2neZ){z^q5e9xBNl3cB0f3^=>+h(5a*k@V7nma%DBa(T0
zP^iF>?Y5#D)FZ%`R=B<!KD$yk%+dZuKSzUbG(?sO$n)Vt>)m%INI$caS^8b{INECD
zgo3qql4F_1TWU+1N!LSQ+G7&00x?l8kwK@-zf8bi0cTkwg$A=nR5^PTdB51tN~Fq#
zRbL&oZH}w&`eH1y>!z<ZMaxp9sFmngxSuLdEbO`PP)W3Otoga%qcmlpx%=V0eK+?M
zTvH=-M4Aow=mg`;xasGkRhPh}cQdDcEDzXFsSf@3^{{H$lZ>&jTN{P(V$;ZCZfuHy
z)(=s?{a@c+I=U4;608V7*#C6qeMsg$S$;sp;Ht%PeO*Rp^NdB_-}Xx6F`xlRg+kg-
zQF7qiku5b3`I##9?YH9!wQl3DDxNE!GyXz&Za|MekzG=IP6xfc9!AN#bz%~{)W9S0
z(Gy8oQLl^xs&10pEPGyCA<#y1;?b}2+m~HD%CZF3vRJzUiRJ~Tl@?ogc&!D4;rMYQ
zIL?INH{AC3$)By7b=`R(*ZQjoLR7tFl{L}!aPhOj3m|#HgIh#PpOV;OD!@d+I7VQg
zwEU#<Z~c#$*Pk+G8Esft&=hh{Ux$i@bGkwL+hv!VGiGnK2go<&Yav_=uf9lXvs|<=
zU|Nx?Uwa%_DZYc5W0Vw}z_;UeyH!)~jHqFcJ8t*Aw+g_aPfIWA3-@O00w;yJA|P3@
z#`<YXDCIk@3zOtI`3)Npi`3CCy2ALpl-yq?`9OA`+_>iF2ussqE|gm&KxuGoW%2Nn
zV2&UUEulsnXf2$&GMHY$F}uy1@`t)rbwA%Vw=C@`x?$WNSfyAP3>RRVuSjYDo0|Q}
z&=!4_fc9TIu&<@P`*W_eZf#M|3;l6n8jOR^Z#nWalL9@MH<z!*l{@Yp?0iIWX$&4$
zbJ05W9jILMu@mS{Fy+^n(z@rIb9JqSYsgh;rLnB|{U4RIp8!9r(B}2rbE6u#RlCx=
z3hRCd+-0N{2<wdM@mE6n>94H1enS7Q6wQD2H4%{_6ZI6MChn)Boog-Y0eeZ7f1SyG
zvlqK&wspf1=Pg;_E!bY+H)VK%|H!_s+kz=bcwkBaXu-L@G?crWz&E}`j5)#f#1TLO
z{W1GGxLVU?!4U*-p@(b*jTX7EqecS%`4cnheq>eo$()HHEsyZdvL~H|UONlls1<Iq
ztgf<Jp!_JhO8Sa%Q)3@}h2$ugfMtJWXfea4s<;tJVzc*^t9@GB5^1K`q{gRADYuAG
zUVH0uJuZGWvRMzQ3s1R3TM4x_@wnx8^EL24OGXs6LGpL{8?X#ZWH`OB1NN5o*@>ye
z*F5neoGZ%*i6nOIhaWA9SC_C+vDCFUR2&P<G#1Z#f%_$JrynhY4PD8oH(i2Wah3G<
zbpnfc{ZIer8^@Yv$d+XkJ1|V~D5phYlYj9Qpc8IvN0$Nb34d||rjV(Pb_FZe4$)<|
z>+dh#5kg!$A4Ay#cj*d5l#n17sX(&)`_Fzc;|YS>?8ep&PTL6Y)p~%Yi_$I^0i$Hp
z#c<`gB``681+8C`Bm01V3N0EU@ZNiQqrXAkpRg9kMc}2u(d;I_?4JeO-;}xDDABJD
z5L@$`VV30F{6v1QZKqibGy%YJVHkt<Y|@Ky4EuGCa`h5nqM;jT%_?({wo|>EG}S3c
z_+bZIs_J2HR|)eeYoerA=dqT@{dEv9dF;lukmF(Ebt;z_a2Fi~C|LH^H$DEdfEMMS
zYa@+oV9rRA68nCt2AI;8-Q&ct2+R;xsDGINrWH67;s)xpp>trX52ZJSzcH)&dn*G-
z`)m`b;cCl%nCko!iDGl(ju56@-Cs8#^$-F>tQyij8R6UaWu#PZjP-@|IJH8E-FEu?
zN3!R`x<5|SLlP>hj9tafO^fVQIMbH(V(X-BMr%BB5D7l7BmNMh&?|D1PrcMb+$SOo
z@j9qV{2niK=yjmfhl1vM0%|S7Siue1WfaTbD>Pndz4`ke$BtluG&oJMF$H0-GXKw(
z#@eYe_+1C{8c>G9d2TWl8{OiX@I&8Kv`}$zjB$4uk{W;e&PCaaPw#q>3iPNaL&1SK
zHp8Ro#v{x?fusF`kyaSks3FCyCzeC{u$*BEG+HeyVGTQRnz+Eh=Rf<zLOC#HFgr8F
zZ)yMeDn$LG?~Di!H}6Fwjip6kqvyR3C3bC#{eXR$Vya10gHESm3ch6BAa~eo+qmSe
zn^k5{zIky>!(pZ#jsE?ZJf@5X@9$9{4oA4TCzNl0aRbdt*_u=Eg<SJz^5E}7X!5Be
z@GVtAt_u%{Fne(H)4oN;FKBmN6Jls9hUmkG6*Wu5iT_+m0tFl&UfsQaNx(p|G4l1u
zTs>IV@OLe@0)ypVU)iJ2{ycB*Vfi@q?8%d^#VPiIrry7?yN<2nt(y2*LY)x0DT;&f
zE>+|kaHgUNo{9y8z|H`ujMR1#*stIS$Q~w0C9lx#UOuaKRpXa;#9NaiK#E9|X4aSX
z-~7EA_5J4q5ai7Z;xVb#*U6ZB_^huJEn@ooB9KMPQ_AEwy|y<sfEj;Jjq)vu=CPAB
zYQ%uZIPZ^yB*kZBVsgM%T(A3fE>=^tz&54aEz8ae0ge9*u@4Lth^M3x80-#3D_;m1
zgA;hLs*X98gPQwTQz-P<&+VW|iZUh{-_44n5bII>sTbhax8gqitU#}`CF=G4<H6(U
zs|Y9yfE2Kd>TWs6JBL7CwMu18%Ci{Jz|L!FpUrvjzew?oAcIU=pA!=p2lVv8CH3)N
zVo^)^k<3r#2{8O_sQBsN^3^SxQffRi87j3MieXs>jwB$zZo^!)l8rg`@mOj0I9HiP
z!04>T-Y~?9GO=3eMFBcuT;@1(ULrh-Z44WFM}uA+Qck>5&({huF-ZU06wurNk<PC>
zIg9g0k7GEe_s2#n!fi~S91*AcKJnOL-lA0NI$S5y5ji`8=gI+kJB8>?5CJ6uLfICY
z+Ex1gQ|PXEIh07Tb@@avQ74+GcJZe<UWf$`zAR^of43A0(uFh5=&lZMq-xLxR%DB3
zIvPtJ@gn+E)gq@WFJ=#g)hhIa1jhK!pMOgK@4ksV8SJ$Ve51dEk<FdUab%{UsYuBQ
zVSREm{4>4RulcWvcfrOm##`mwxW3a!;N)FMD9Ga%jABAVh7P3J-XkFMxznK%*4Ra|
zZF@S}IO~0OGO1fhm7=%3GNhvs(KZhs=4TU&epEs1HEa3c^T)hXE^NF4zcM;$^GUY&
zBahzpt5&2(_Vv&tMNFNw=A!3z1T(wN+Oa1S8TL5l7-WIH%fB9CnYxO^h~e{bo7~L<
zS8fmShAexdCUMyO+dANPOMEms(g<>apC<o<8iEf^m?we`&XeaM&79BA$pnbes-q#N
zML18Pzyeo6v9eA{>?ZU*FVnS;p@K5$vYcsK#w_$`VixzI32xyO(kZ^7&2ot3)xHsS
za`mfX79<i9D?U6~pmuc7$J$56{dX}SnGZAF1)D==@A&Kyt?OFXfrf&(68AlLV3ael
zPmbQ9h>CcFhWrK{3xPjF%2@+hJlu@uGc0s(N*_#yjrLYH*`jN!MEcg57JF4a9U;^Y
zJ|!FDYypPv@jO^b`JKfCzekYb+qT_FVO0L{CH-RT@-kv}_cjayZ!lTH!NkI_$lcO3
ziWtPc(<CuDJK=6$`O7E{F(Tzxzph>UD&or*Np};{%d1OImr@X--s4L%TKfn#<jj0q
z(kJ;lot9z&iA-SqI&5XA*DO+E^3`#JWS6|dFc^xZA*MO_7e-mm66SU+ic6V`MDW%r
zOyTYbDWW}<D?^h`1>TO~fV=74O%_2u($wK>a&yBM>Aqfc;MYThA}3rK4tqyyHE33x
zhp`q?f%nN39zYzM5vx$pN*7i@R^myfQi9>Pfgl(j6j7<J=1Zq`Z^82;E*bALoJC?y
z0Z#*Qq5cm<>?o>FPVC)Mc#unT@tbX8+_cJ+#(<e)0<;4vR6_d$d#gNqb*yc;xUdOI
zF$p|{IDx|uN~S^-kpLOG8V1|}2z#nZ8HrU9cJw`-tXK=1hhg_Dq}+ej6iQ;afFA<C
zZnAJ|rnfZRk1at>!x3o&2C0O#ko8_K)w6Uj<Oryc;wKnP*-MU(uTAh=dI6dO`!h^#
zAHOhIK&B!f6Fzn^bmAQ-gNv+5)ys&Ns2GLK>tIt|fp8z&Cx=b%oE@D*v5n7)`Y&nN
zMV-MJ@=-f*vODpBbrYI)*wPXm!62@%ZK#$}3N;^z)io<N(-IGl^BqgBYT95nHl{>4
z-dSR~RyS$~_2O$(LT57I&e}9QJkqYamGMNeh=Z3L8mS9%B1F>;^s5mGv4G1FdaDG6
zwXTnawUsk&PI=Dl7}w50Q<FY9p>_n@gWdw!q3^fDPZM|ktH7pWzt446>MMw^Q>TiZ
z<|cPnK#z|I7?^Ej^axbQlmlW{Uf(U!YNYafruBj+#rBPH$jHY&gxu~Cf5HA1*afor
z`v%q3xJhRE*sYHTJ1gfKVh--f^;dP45|@18vpcARzZyJ$0D16M|CZ%f$J}Iw^}pvj
z;wMk*J>FFn&T?4v|F-O0xI1yJag<LkN=KgU+efNOAqT0AVB2c_%JxgB?W^I##y~Pf
z@4Om{4y4#{{&F*Vf6SwFh+glK=LZ%Bm%GChyQ!8`U@rI1jL1Tz7`cL*xG8#iluZFE
zf@=rc#)XmO9z}FB8hBKvi%QJIfIV8&dt#(`(w*MOGr0arUeHhL!hoB`E9UjvPsh6{
zVlf-k5sl8cGE_iAc=?UnJya5rl|U^7Yag^45>FfALHD}1dl&Wg_`s=6nd4rMCPDo*
z31Ld$7RR&=a;vwj$l`5Gi!e>V#ze-0>@j7uX=PsNvPO$I-3}6D>68_Z8g|JG^250|
zQfTEqwx}>ile<U}MltE(Msp#K56$H0Fv!*d+n!+KLBqvt+pn&6_2wmf@4uvoMQ<ch
z=sDt#>M|%nmJ5Y~-f~iCIGNV6pm-lemV12Cp<r1sMfpx+g6+9Ud}?35L^V1%d-m1O
z9Jf5J55-30R%tJKx$u7bxK0dqmd>LQ4j?%-z|kK~WU!<N?m?OF(`y#%>VDEG-J7J<
zEG>FuN;==hGa+z^n}D!}tA5+DEK@TG389j3Wg(4>U`WqNnjby=m|<4UyM1&t3IMDe
znc!f1;Q%;G_2OSwu@H<B{hY9bc*E~a>rOWJG96X5Y2iC(i2B9(pk>*`6EFdk?A&EM
zI-#O(LOGzicKnN4-kayi@1zlHSpBDH7+linjTL0p+yrGYx?qQ*F78Z4|5xU^+G0k!
z_sd29EGoniibiS@$Qtbm$43X1+I|RY7dA$t)A+sN!^)hieg3$3V;b_%uXcC(iclQY
z)<_j7l2?!ERIy0_Vl#;pCwmq+Y{;Mrp|)P$ebYF<?t{34OYQVuK8}2ORQQI+oDQMc
zS-;4q6wfcw3Ut8-t{=o`A$N~|711KbJ!3Gq0nlGGtwzz~gAUmFZiR(vaQu?d<Y9F^
z2ch?H=jKMIb!wEb>|XE;Bbr+jY-Eb&dL<T?IcBI@hNT+hK_V&|zWk=JDsj0EVrAoQ
zQO%%Tk-;lHJ*3$H^mY1pi%uKCIvPF&eiq$5$9EFp|BBC@+!8`saPHG3(sK(jwpQxK
z?0~SWY8T?;^At+BtqGr`FlB8%f$?uR;qclH&`j>F|2lOZLkDp9wPXT?94UVxJa?&2
z<fQ<uQdjIGSUcY-@mU3Yj4~RjZx`GJ+EvqySpQfpmF@l?>UjHxC>|yf#PYs$tf2W)
zk6D#QWYwFVd(u3p*jK<sYBBB$Ied>)UJ8*lRW(FX1AGy19fuf@xAx=qqZBnd(HA0k
zjBE6=jSBLb(D6)d4k(^vJSr=z_eKh^%=z@SXIJ$%^R^0)tc;cpX9M)cMr|Qa+fUA@
zT{XsZ6OXiM&bd!V0}O45&U`F1@Q4`9QUnh^A>++W?XPxyRO-yA1uK6PJX8G_2m0I^
zCqj1d(>Mzi13z%486i3IqlZ~NeZY-eh@>Z)whxGV(XdL{;s2c;xYy5Vfsg!1dxKV?
zjVL_PgHYQo^wq8k%a-B%8Z-7xHSwbV3P*+coXrow+*{0+aP+|iBLOgmCvKJpVCZdd
zL(Rzb6r8Q@!SJwPIAx?g#zF@1m#RfM{YQcx74p;yC*QB{;$SeFb}ChU#I(+3d@rgC
z&L*10bX0%k0W5h@K3!7dlG_4IgoG-ceSD1MlaeN&3m~-Km<Ah5uo9DS<{|Nsv%T5|
z@z-kPcd#iXY5j_VIVfC=qm~l-mzB%q+&O)9Mq>n0NYLv{MQInRjAgYaCSy;SG=atM
z%>m(oiH~z%<LlmT4p;o%mG_jcxz0H_A;7X_qRZ^(eN=amY(}wG2Kb0Hc<E==uv>;d
zdPSV)dA6X?Ya2&vXY!rxiWl^jW3%?Iew{8iHt`8P+5-IT(ym3fiMciY9}{g%*M&h>
ziFdx0)DxbRS(D4^*P8p|=NnCbZ&W*kNp6mx6sT8Eu4YT9VqL$*cDi;Ll4UO>-cW2j
zBklc$yz#JnMcLR+tvWB<pVDIvS(ZFM)41i~`+Or90X@D7uoKV#J3i7qe>1?uLwgeC
zuO7K1@t@QxZ%0SD90b6gL64&KRFt~fPJEI$`RO4&T8a;t99{d-f2Z6z^I)NRb^QQF
zUrWY_+jbc=8Eo-pGjs!!K`qZ=oOvdN-H=;!@~y6#udzhl+vtHSd$-4pAs)$hh=mt(
z3Nrm~^qcIs2ETvrPq@^dl!9kX{}|FtO|)9&X9)yYR3)gB=y^w55B4E37V3Fv+3w{r
zuZC1$a5J1y^O`p4KWLBwHk!l}URhnlY7Ggxkd;HBJ~AouU<jo67Y68f%W|XG>h}#P
z#_KVY%>HlqWpaC2-y@T*TIh{@MW-Z_8hU6Ny)*#K`m3;03@09$+x24p<OMvCa+w(G
zga!6NVeLIOnkvOML<E<ZgrF3ucc{tlD|Qa(6a8ycF19bzG<Bh>UoIaQ-^53Tx-t(I
zf6TGyPX==PvCUyFvj#q)Cp7I~pq^dUgIJsaao>V<KW(iiL>l2(aJ-8uwxw|^uFPJJ
z&E&+(Y#5iJ4P54X<4(9NMyfG*2NYz3e+4;K2v4SAtA=EhnmEpQ8y!Gw0X_nLQS=9k
zzXd>_CHi0E`YDQT`4$nNMLHmpTfO`1i1xvWo3H%JXDFPwDC>>+Fw>P+jE~8BK{A5W
z&O`w~HoE&5ySEs!yjskCuQ;Wm!*)T7DCJt@%5eC+Fs|>OVXV@d@|&Q#f%=j1JrxZb
zk^ie`O)5NxFu&-Q4}8=MRr8ToPYON(&y7V#r2O{=u3{a{>CF@G7B8Sp3qWR)re&4J
zKi6utj$2&jk94OkJ_2z5bB}W?`|^jO1e41A3CX1$r+daxU@P9*Ea!gyr7~Q2D6!P(
zqmK{VIArK8ONWJZ?k2swUwGc~&PeFhG*ee@zn{}6f_JJZGn}TDhGzy+iqf^)e^hCO
zR;}x_`1)p(v#V}JO9N!uIlxZ5C?F)}wbtU9UPuOY8RGOW50!Gp`E&0Ah&YQFikD&0
zRZXjs+nG-m9)H6>`U2{xB>bUVyp`St-$Ph}=rrJ>j*khF55V!2f`B;!b=Lc+gYHAg
zvz?fdB@LBZJ>+Y=bceU=bg_22hF@>#fPq2Mw$)=_B2#xC&+i%i&{@H+vnPz)-|4ez
z-HL;xPM^-M{o;zZ|EBgNc5{)`<*b(4*;1dCMxMbDiDA;r`br$z&t5Msyv``oJ*XC?
zpEoMu)$AMY@%F-?7fuk~=YRCYp{Y98?O(TB!kK(8F3g9ufG-&?JEJplu6i8$26VYe
zf3*`dfC1P5AQPL3rs1GS^8PmiXKgydckkD!*!us$?dN%Gs}F#4=zWuP=(OmYAz1VZ
za`sLzFA1!j*k8U-!~BC$&Id&_I5eL-7Pf;%#&4XnJ8k$AflG1AU5xTsQrxW*(p|yH
z-8HR+xwKq8JTQQv&+7Pfzl+c14iEby_Q}u$Pt{%O4GJRC$LkZM%AF_=u&78JD?qKS
z{aBvbNF3x1g`Fq?9E#*WSS~r7H`Ef~c8Nvl7RlZ%aN+BQ_4YDt+7`GXir^Xlz>}c!
z*K?I@Wk{$s?@#EP^I5ex%tfW$3|$}dTp(8Frz4mYJVFc$>pUt0xR6$NYK3-=RHWtd
zpYTw#ELc1cg^d7q{p8Xr5mmLqlzjrzyt}H4nrfsazz_2SVq3BUpzMg*TIQ`wk~O?L
zg+9{0jv%mnM+1<7j{uqWsx2v{w|A%Pdn?QC)9avuCoz0NbnMveULdeKgJb2|=1g8z
z42_N(H<IRKF(h`jM_x|Hd09WfZbZea0sc}4pa11%<6>OQ+-P@41^{Beqn`hA{1)Cd
zLBQA@EY<wz(yV?W*dfjo0B9iqJnp{pze%RT`k8qpK1j1{yPZBhzO1}9Ix?zUgA<bf
zQKB+?096S_y6r!fX%>HEV&ejrp9;V|L(-3b9~$ptpe{1}bY3dXy6HUi+s!S<N5?i!
z7%^}Z+a?eB@uLXsPoSX9Nbt~1La@094j}_TrwLadOI{`e$Fr)SaS!-sVJ52$S{_QA
zTJd`@&)1G3BWp3g-h~5H&{y`sg)aSy(HHBsBx*B6O8^h=bH3)^A)4lW8@B{-l+|bB
zN(0+D>vH*0W@Z<5nnlhp&${zI`E?EUGCLKkqt-Y3u~utpJ{FGy@Jj|Do|hH@cfZjQ
z(g1h18MQkZG|^}${$V4*<b=6xe0A7KY?q6ha!u2n&yWBJsk4b~_n;{W%;{yyOwN<Q
zi#*BA({bik<r!1)y6#d<NnlwZh^dY5PFZ&iiWy|1=>9STkyd+QLPqn)qGAw82+Ie5
zt}P&=dxZ9`+5mT~fwklF+>KRGPKu5l#9p%^Mf1cCx(&!g5y5)`*r0W1=*S&sL2hJ>
z$HBJ5&TIuH=AX0YGzgGp>p6KvrV=BkY~=vEs0OJ5$J_LM(6IKVEC{Goi$KX7wy+--
zdkhp70(2m4F7yVitAmD*qQRVK#mxZCy9Us_mXCp?6z>v%lOofr{wvwxU0Agv4LRH<
zV13amf<Js<Pz_JgO;Azu5b-`}1qdd|9nA0iX$Hk5H$Lo{t5x_FZK@s$)b#Jc5!xau
z%77xF2Y{MGVsH#!tG@gs8CtPzDvs0*>89+?B0p^Nco@MEquzrYJIeZ^2j^NXsyS(F
zJMAq>n2^DM&~fFx8V(syZuY8Lpn{@T1KJw)vF$~gqM)(QfuAw?Ep`4-C%$rSEcBmU
zKo}^pLf?|C*5)!0PF47e&z>R;F#7C5TFfSYe3qF})DsQpv+w`4TC~8h?z+GDPSj>t
zv}h&d+!ojXEkdaK^E^Nc0%Dlw(tkABV*p%|-UQ6UBMdcNhg?>Sd480-_R0FEWYHG7
z_(C^w`qMj+1juNImr27jfU;uF_{VHF3=j!5)7xx79ON;aAN|SR0$LeV-nJ#1THqun
z1`S;>n_P0#7xe*|79hE~dX=a+*OwggLm5yn>58a~T_s&e3fE_JNgXm{T9s1sVhIx|
zG4)I($H2_BF_5|TVC4<MtL@pM&nm6UZ$)C6?k|Sy{}L<nJsUE7ko*MV9f-))kZo@C
zhXGtiX5ZYmR768+yI>JK3G4Ht7d^JZ3cb)bmBLTq=Cc@9K*E(1@jsBfN*ZSFT=nS@
z`r0+!Ba`<H0HvSbh3Q{RsWaO`k^kdh<ehdF)&&Nue=jX5G-4@Z+{iEbqE~AF1WI;5
zdoTcbm#P7rH$Y2P_zGmCX_XbATcHeN1vknm(UL07-0aJZG@}qCvPQa`#{tR^^)0@a
z@?q<5bH5#?uylzs-K$|L!9^+sPYQq(O(N3e9ph&ca74=Q)Qpd1G}B@f!l-SVQN_%r
zdDpe7X)C|U{{y6ccXqc-#}=#=uzD+sKP`*zhWYB27E_Z)-%_CiIh{M13^E<7oiXi4
z`IJB&h7HKiipwbU4ygB(KU7<rpy&DkzA{x6)ldrP_uAf-AI!#W9(r#w(3{#O0VY)f
zmdixeEAE>saJH%82fEn`5FTaaTY&j1)m$7W1&9&|HBMbt7~d{39}&RyUIQaQ;auCe
zucp-ZvtQ{FAIb$BA}gnwi*Nf}*IlMqN(dQ^xD<MB65dA8Mq`4+>7_X^xTX%(5kaxz
z)jH-@91ATCE%rr3VWd=dn@zrPjO1cKrxN3L#C$;h6Op_m{>vs{rsXQC4>vjbWBrN`
zgsd}>qm4tU2|c9BW#5DhuX&@fNZ`a|*#%GlMwtU-Q=KZ+jADk|=}~b4Mdyul?)N7^
zY)b&_%P{b7XR|OjGphh59g!SN9IxenG>2|&9x*)>5bJCJGyVo*y^U+Zo2y3Pw-bP#
z5d(uuqxrM7lEf<Scd1rxXERaTd(SX-%uoE0XJx=sS^|X3E3CmB-{L0{Q-LrP0tTDi
znMnVRFqh5|xPB9A$MG<rTQe+qN<}*J4%7FPqt_NBjTMaf2Qa-WIY??Ur6=Y{!LxL0
zwgwO+Dt^br8+7=%VWXljC!n|#0HMn-9j*b-!QL!&qK#$!K~&?MJW+k_Gk)ddwvr|V
z5!gm{8f}+PA8bAdzZ^_;G2|z+n1kzEmE_W(f!>4ga99ug;Sa=!n_@LAAv_3`TCc%|
z&Bc*xa6d_*KEyt=H)M0lS!CmG|NGqg?~DIkZeI{UpqH0zsPe8^=({RFC<{`OSCy-k
HF$@1cYJ^}@

literal 0
HcmV?d00001

diff --git a/packs/oauth2-proxy-8.2.0/pack.json b/packs/oauth2-proxy-8.2.0/pack.json
new file mode 100644
index 00000000..810d25e6
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/pack.json
@@ -0,0 +1,17 @@
+{
+    "addonType": "authentication",
+    "annotations": {
+      "source": "community",
+      "contributor" : "spectrocloud"
+    },    
+    "cloudTypes": [
+      "all"
+    ],
+    "displayName": "OAauth2 Proxy",
+    "charts": [
+      "charts/oauth2-proxy-8.2.0.tgz"
+    ],
+    "layer":"addon",
+    "name": "oauth2-proxy",
+    "version": "8.2.0"
+  }
diff --git a/packs/oauth2-proxy-8.2.0/values.yaml b/packs/oauth2-proxy-8.2.0/values.yaml
new file mode 100644
index 00000000..c6518a3b
--- /dev/null
+++ b/packs/oauth2-proxy-8.2.0/values.yaml
@@ -0,0 +1,580 @@
+pack:
+  spectrocloud.com/display-name: oauth2-proxy
+  releaseNameOverride:
+      oauth2-proxy: oauth2-proxy
+  namespace: oauth2-proxy
+  content:
+    images:
+      - image: "quay.io/oauth2-proxy/oauth2-proxy:v7.12.0"
+
+charts:
+  oauth2-proxy:
+    global: {}
+    # To help compatibility with other charts which use global.imagePullSecrets.
+    # global:
+    #   imagePullSecrets:
+    #   - name: pullSecret1
+    #   - name: pullSecret2
+    
+    ## Override the deployment namespace
+    ##
+    namespaceOverride: ""
+    
+    # Force the target Kubernetes version (it uses Helm `.Capabilities` if not set).
+    # This is especially useful for `helm template` as capabilities are always empty
+    # due to the fact that it doesn't query an actual cluster
+    kubeVersion:
+    
+    # Oauth client configuration specifics
+    config:
+      # Add config annotations
+      annotations: {}
+      # OAuth client ID
+      clientID: "XXXXXXX"
+      # OAuth client secret
+      clientSecret: "XXXXXXXX"
+      # Create a new secret with the following command
+      # openssl rand -base64 32 | head -c 32 | base64
+      # Use an existing secret for OAuth2 credentials (see secret.yaml for required fields)
+      # Example:
+      # existingSecret: secret
+      cookieSecret: "XXXXXXXXXXXXXXXX"
+      # The name of the cookie that oauth2-proxy will create
+      # If left empty, it will default to the release name
+      cookieName: ""
+      google:
+        {}
+        # adminEmail: xxxx
+        # useApplicationDefaultCredentials: true
+        # targetPrincipal: xxxx
+        # serviceAccountJson: xxxx
+        # Alternatively, use an existing secret (see google-secret.yaml for required fields)
+        # Example:
+        # existingSecret: google-secret
+        # groups: []
+        # Example:
+        #  - group1@example.com
+        #  - group2@example.com
+      # Default configuration, to be overridden
+      configFile: |-
+        email_domains = [ "*" ]
+        upstreams = [ "file:///dev/null" ]
+      # Custom configuration file: oauth2_proxy.cfg
+      # configFile: |-
+      #   pass_basic_auth = false
+      #   pass_access_token = true
+      # Use an existing config map (see configmap.yaml for required fields)
+      # Example:
+      # existingConfig: config
+    
+    alphaConfig:
+      enabled: false
+      # Add config annotations
+      annotations: {}
+      # Arbitrary configuration data to append to the server section
+      serverConfigData: {}
+      # Arbitrary configuration data to append to the metrics section
+      metricsConfigData: {}
+      # Arbitrary configuration data to append
+      configData: {}
+      # Arbitrary configuration to append
+      # This is treated as a Go template and rendered with the root context
+      configFile: ""
+      # Use an existing config map (see secret-alpha.yaml for required fields)
+      existingConfig: ~
+      # Use an existing secret
+      existingSecret: ~
+    
+    image:
+      repository: "quay.io/oauth2-proxy/oauth2-proxy"
+      # appVersion is used by default
+      tag: ""
+      pullPolicy: "IfNotPresent"
+      command: []
+    
+    # Optionally specify an array of imagePullSecrets.
+    # Secrets must be manually created in the namespace.
+    # ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
+    imagePullSecrets:
+      []
+      # - name: myRegistryKeySecretName
+    
+    # Set a custom containerPort if required.
+    # This will default to 4180 if this value is not set and the httpScheme set to http
+    # This will default to 4443 if this value is not set and the httpScheme set to https
+    # containerPort: 4180
+    
+    extraArgs: {}
+    extraEnv: []
+    
+    envFrom: []
+    # Load environment variables from a ConfigMap(s) and/or Secret(s)
+    # that already exists (created and managed by you).
+    # ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables
+    #
+    # PS: Changes in these ConfigMaps or Secrets will not be automatically
+    #     detected and you must manually restart the relevant Pods after changes.
+    #
+    #  - configMapRef:
+    #      name: special-config
+    #  - secretRef:
+    #      name: special-config-secret
+    
+    # -- Custom labels to add into metadata
+    customLabels: {}
+    
+    # To authorize individual email addresses
+    # That is part of extraArgs but since this needs special treatment we need to do a separate section
+    authenticatedEmailsFile:
+      enabled: false
+      # Defines how the email addresses file will be projected, via a configmap or secret
+      persistence: configmap
+      # template is the name of the configmap what contains the email user list but has been configured without this chart.
+      # It's a simpler way to maintain only one configmap (user list) instead changing it for each oauth2-proxy service.
+      # Be aware the value name in the extern config map in data needs to be named to "restricted_user_access" or to the
+      # provided value in restrictedUserAccessKey field.
+      template: ""
+      # The configmap/secret key under which the list of email access is stored
+      # Defaults to "restricted_user_access" if not filled-in, but can be overridden to allow flexibility
+      restrictedUserAccessKey: ""
+      # One email per line
+      # example:
+      # restricted_access: |-
+      #   name1@domain
+      #   name2@domain
+      # If you override the config with restricted_access it will configure a user list within this chart what takes care of the
+      # config map resource.
+      restricted_access: ""
+      annotations: {}
+      # helm.sh/resource-policy: keep
+    
+    service:
+      type: ClusterIP
+      # when service.type is ClusterIP ...
+      # clusterIP: 192.0.2.20
+      # when service.type is LoadBalancer ...
+      # loadBalancerIP: 198.51.100.40
+      # loadBalancerSourceRanges: 203.0.113.0/24
+      # when service.type is NodePort ...
+      # nodePort: 80
+      portNumber: 80
+      # Protocol set on the service
+      appProtocol: http
+      annotations: {}
+      # foo.io/bar: "true"
+      # configure externalTrafficPolicy
+      externalTrafficPolicy: ""
+      # configure internalTrafficPolicy
+      internalTrafficPolicy: ""
+      # configure service target port
+      targetPort: ""
+      # Configures the service to use IPv4/IPv6 dual-stack.
+      # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/
+      ipDualStack:
+        enabled: false
+        ipFamilies: ["IPv6", "IPv4"]
+        ipFamilyPolicy: "PreferDualStack"
+      # Configure traffic distribution for the service
+      # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution
+      trafficDistribution: ""
+    
+    ## Create or use ServiceAccount
+    serviceAccount:
+      ## Specifies whether a ServiceAccount should be created
+      enabled: true
+      ## The name of the ServiceAccount to use.
+      ## If not set and create is true, a name is generated using the fullname template
+      name:
+      automountServiceAccountToken: true
+      annotations: {}
+    
+    ingress:
+      enabled: false
+      # className: nginx
+      path: /
+      # Only used if API capabilities (networking.k8s.io/v1) allow it
+      pathType: ImplementationSpecific
+      # Used to create an Ingress record.
+      # hosts:
+      # - chart-example.local
+      # Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
+      # Warning! The configuration is dependant on your current k8s API version capabilities (networking.k8s.io/v1)
+      # extraPaths:
+      # - path: /*
+      #   pathType: ImplementationSpecific
+      #   backend:
+      #     service:
+      #       name: ssl-redirect
+      #       port:
+      #         name: use-annotation
+      labels: {}
+      # annotations:
+      #   kubernetes.io/ingress.class: nginx
+      #   kubernetes.io/tls-acme: "true"
+      # tls:
+      # Secrets must be manually created in the namespace.
+      # - secretName: chart-example-tls
+      #   hosts:
+      #     - chart-example.local
+    
+    resources:
+      {}
+      # limits:
+      #   cpu: 100m
+      #   memory: 300Mi
+      # requests:
+      #   cpu: 100m
+      #   memory: 300Mi
+    
+    # Container resize policy for runtime resource updates
+    # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/resize-container-resources/
+    resizePolicy: []
+      # - resourceName: cpu
+      #   restartPolicy: NotRequired
+      # - resourceName: memory
+      #   restartPolicy: RestartContainer
+    
+    extraVolumes:
+      []
+      # - name: ca-bundle-cert
+      #   secret:
+      #     secretName: <secret-name>
+    
+    extraVolumeMounts:
+      []
+      # - mountPath: /etc/ssl/certs/
+      #   name: ca-bundle-cert
+    
+    # Additional containers to be added to the pod.
+    extraContainers:
+      []
+      #  - name: my-sidecar
+      #    image: nginx:latest
+    
+    # Additional Init containers to be added to the pod.
+    extraInitContainers:
+      []
+      #  - name: wait-for-idp
+      #    image: my-idp-wait:latest
+      #    command:
+      #    - sh
+      #    - -c
+      #    - wait-for-idp.sh
+    
+    priorityClassName: ""
+    
+    # hostAliases is a list of aliases to be added to /etc/hosts for network name resolution
+    hostAliases: []
+    # - ip: "10.xxx.xxx.xxx"
+    #   hostnames:
+    #     - "auth.example.com"
+    # - ip: 127.0.0.1
+    #   hostnames:
+    #     - chart-example.local
+    #     - example.local
+    
+    # [TopologySpreadConstraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) configuration.
+    # Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling
+    # topologySpreadConstraints: []
+    
+    # Affinity for pod assignment
+    # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+    # affinity: {}
+    
+    # Tolerations for pod assignment
+    # Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+    tolerations: []
+    
+    # Node labels for pod assignment
+    # Ref: https://kubernetes.io/docs/user-guide/node-selection/
+    nodeSelector: {}
+    
+    # Whether to use secrets instead of environment values for setting up OAUTH2_PROXY variables
+    proxyVarsAsSecrets: true
+    
+    # Configure Kubernetes liveness and readiness probes.
+    # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
+    # Disable both when deploying with Istio 1.0 mTLS. https://istio.io/help/faq/security/#k8s-health-checks
+    livenessProbe:
+      enabled: true
+      initialDelaySeconds: 0
+      timeoutSeconds: 1
+    
+    readinessProbe:
+      enabled: true
+      initialDelaySeconds: 0
+      timeoutSeconds: 5
+      periodSeconds: 10
+      successThreshold: 1
+    
+    # Configure Kubernetes security context for container
+    # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+    securityContext:
+      enabled: true
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+          - ALL
+      readOnlyRootFilesystem: true
+      runAsNonRoot: true
+      runAsUser: 2000
+      runAsGroup: 2000
+      seccompProfile:
+        type: RuntimeDefault
+    
+    deploymentAnnotations: {}
+    podAnnotations: {}
+    podLabels: {}
+    replicaCount: 1
+    revisionHistoryLimit: 10
+    strategy: {}
+    enableServiceLinks: true
+    
+    ## PodDisruptionBudget settings
+    ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
+    ## One of maxUnavailable and minAvailable must be set to null.
+    podDisruptionBudget:
+      enabled: true
+      maxUnavailable: null
+      minAvailable: 1
+      # Policy for when unhealthy pods should be considered for eviction.
+      # Valid values are "IfHealthyBudget" and "AlwaysAllow".
+      # Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy
+      unhealthyPodEvictionPolicy: ""
+    
+    ## Horizontal Pod Autoscaling
+    ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
+    autoscaling:
+      enabled: false
+      minReplicas: 1
+      maxReplicas: 10
+      targetCPUUtilizationPercentage: 80
+      # targetMemoryUtilizationPercentage: 80
+      annotations: {}
+      # Configure HPA behavior policies for scaling if needed
+      # Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#configuring-scaling-behavior
+      behavior:
+        {}
+        # scaleDown:
+        #   stabilizationWindowSeconds: 300
+        #   policies:
+        #   - type: Percent
+        #     value: 100
+        #     periodSeconds: 15
+        #   selectPolicy: Min
+        # scaleUp:
+        #   stabilizationWindowSeconds: 0
+        #   policies:
+        #   - type: Percent
+        #     value: 100
+        #     periodSeconds: 15
+        #   - type: Pods
+        #     value: 4
+        #     periodSeconds: 15
+        #   selectPolicy: Max
+    
+    # Configure Kubernetes security context for pod
+    # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+    podSecurityContext: {}
+    
+    # whether to use http or https
+    httpScheme: http
+    
+    initContainers:
+      # if the redis sub-chart is enabled, wait for it to be ready
+      # before starting the proxy
+      # creates a role binding to get, list, watch, the redis master pod
+      # if service account is enabled
+      waitForRedis:
+        enabled: true
+        image:
+          repository: "alpine"
+          tag: "latest"
+          pullPolicy: "IfNotPresent"
+        # uses the kubernetes version of the cluster
+        # the chart is deployed on, if not set
+        kubectlVersion: ""
+        securityContext:
+          enabled: true
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 65534
+          runAsGroup: 65534
+          seccompProfile:
+            type: RuntimeDefault
+        timeout: 180
+        resources:
+          {}
+          # limits:
+          #   cpu: 100m
+          #   memory: 300Mi
+          # requests:
+          #   cpu: 100m
+          #   memory: 300Mi
+    
+    # Additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -B" for bcrypt encryption.
+    # Alternatively supply an existing secret which contains the required information.
+    htpasswdFile:
+      enabled: false
+      existingSecret: ""
+      entries: []
+      # One row for each user
+      # example:
+      # entries:
+      #  - testuser:$2y$05$gY6dgXqjuzFhwdhsiFe7seM9q9Tile4Y3E.CBpAZJffkeiLaC21Gy
+    
+    # Configure the session storage type, between cookie and redis
+    sessionStorage:
+      # Can be one of the supported session storage cookie|redis
+      type: cookie
+      redis:
+        # Name of the Kubernetes secret containing the redis & redis sentinel password values (see also `sessionStorage.redis.passwordKey`)
+        existingSecret: ""
+        # Redis password value. Applicable for all Redis configurations. Taken from redis subchart secret if not set. `sessionStorage.redis.existingSecret` takes precedence
+        password: ""
+        # Key of the Kubernetes secret data containing the redis password value. If you use the redis sub chart, make sure
+        # this password matches the one used in redis.global.redis.password (see below).
+        passwordKey: "redis-password"
+        # Can be one of standalone|cluster|sentinel
+        clientType: "standalone"
+        standalone:
+          # URL of redis standalone server for redis session storage (e.g. `redis://HOST[:PORT]`). Automatically generated if not set
+          connectionUrl: ""
+        cluster:
+          # List of Redis cluster connection URLs. Array or single string allowed.
+          connectionUrls: []
+          # - "redis://127.0.0.1:8000"
+          # - "redis://127.0.0.1:8001"
+        sentinel:
+          # Name of the Kubernetes secret containing the redis sentinel password value (see also `sessionStorage.redis.sentinel.passwordKey`). Default: `sessionStorage.redis.existingSecret`
+          existingSecret: ""
+          # Redis sentinel password. Used only for sentinel connection; any redis node passwords need to use `sessionStorage.redis.password`
+          password: ""
+          # Key of the Kubernetes secret data containing the redis sentinel password value
+          passwordKey: "redis-sentinel-password"
+          # Redis sentinel master name
+          masterName: ""
+          # List of Redis cluster connection URLs. Array or single string allowed.
+          connectionUrls: []
+          # - "redis://127.0.0.1:8000"
+          # - "redis://127.0.0.1:8001"
+    
+    # Enables and configure the automatic deployment of the redis-ha subchart
+    redis:
+      # provision an instance of the redis-ha sub-chart
+      enabled: false
+      # Redis specific helm chart settings, please see:
+      # https://artifacthub.io/packages/helm/dandydev-charts/redis-ha#general-parameters
+      #
+      # Recommended:
+      #
+      # redisPassword: xxxxx
+      # replicas: 1
+      # persistentVolume:
+      #   enabled: false
+      #
+      # If you install Redis using this sub chart, make sure that the password of the sub chart matches the password
+      # you set in sessionStorage.redis.password (see above).
+      #
+      # If you want to use redis in sentinel mode see:
+      # https://artifacthub.io/packages/helm/dandydev-charts/redis-ha#redis-sentinel-parameters
+    
+    # Enables apiVersion deprecation checks
+    checkDeprecation: true
+    
+    # Allows graceful shutdown
+    # terminationGracePeriodSeconds: 65
+    # lifecycle:
+    #   preStop:
+    #     exec:
+    #       command: [ "sh", "-c", "sleep 60" ]
+    
+    metrics:
+      # Enable Prometheus metrics endpoint
+      enabled: true
+      # Serve Prometheus metrics on this port
+      port: 44180
+      # when service.type is NodePort ...
+      # nodePort: 44180
+      # Protocol set on the service for the metrics port
+      service:
+        appProtocol: http
+      serviceMonitor:
+        # Enable Prometheus Operator ServiceMonitor
+        enabled: false
+        # Define the namespace where to deploy the ServiceMonitor resource
+        namespace: ""
+        # Prometheus Instance definition
+        prometheusInstance: default
+        # Prometheus scrape interval
+        interval: 60s
+        # Prometheus scrape timeout
+        scrapeTimeout: 30s
+        # Add custom labels to the ServiceMonitor resource
+        labels: {}
+    
+        ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
+        scheme: ""
+    
+        ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
+        ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig
+        tlsConfig: {}
+    
+        ## bearerTokenFile: Path to bearer token file.
+        bearerTokenFile: ""
+    
+        ## Used to pass annotations that are used by the Prometheus installed in your cluster to select Service Monitors to work with
+        ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+        annotations: {}
+    
+        ## Metric relabel configs to apply to samples before ingestion.
+        ## [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs)
+        metricRelabelings: []
+        # - action: keep
+        #   regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+        #   sourceLabels: [__name__]
+    
+        ## Relabel configs to apply to samples before ingestion.
+        ## [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config)
+        relabelings: []
+        # - sourceLabels: [__meta_kubernetes_pod_node_name]
+        #   separator: ;
+        #   regex: ^(.*)$
+        #   targetLabel: nodename
+        #   replacement: $1
+        #   action: replace
+    
+    # Extra K8s manifests to deploy
+    extraObjects:
+      []
+      # - apiVersion: secrets-store.csi.x-k8s.io/v1
+      #   kind: SecretProviderClass
+      #   metadata:
+      #     name: oauth2-proxy-secrets-store
+      #   spec:
+      #     provider: aws
+      #     parameters:
+      #       objects: |
+      #         - objectName: "oauth2-proxy"
+      #           objectType: "secretsmanager"
+      #           jmesPath:
+      #               - path: "client_id"
+      #                 objectAlias: "client-id"
+      #               - path: "client_secret"
+      #                 objectAlias: "client-secret"
+      #               - path: "cookie_secret"
+      #                 objectAlias: "cookie-secret"
+      #     secretObjects:
+      #     - data:
+      #       - key: client-id
+      #         objectName: client-id
+      #         - key: client-secret
+      #           objectName: client-secret
+      #         - key: cookie-secret
+      #         objectName: cookie-secret
+      #       secretName: oauth2-proxy-secrets-store
+      #       type: Opaque

From ac48810c3ee0401a054f1bf6ede1b28718bcf6e8 Mon Sep 17 00:00:00 2001
From: Kevin Reeuwijk <kevin.reeuwijk@spectrocloud.com>
Date: Fri, 19 Sep 2025 19:51:00 +0200
Subject: [PATCH 2/3] Fix contributor

---
 packs/kubeflow-1.9.1/pack.json      |  4 ++--
 packs/kubeflow-crds-1.9.1/pack.json |  4 ++--
 packs/oauth2-proxy-8.2.0/pack.json  | 32 ++++++++++++++---------------
 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/packs/kubeflow-1.9.1/pack.json b/packs/kubeflow-1.9.1/pack.json
index 77f97429..d9b6a272 100644
--- a/packs/kubeflow-1.9.1/pack.json
+++ b/packs/kubeflow-1.9.1/pack.json
@@ -1,8 +1,8 @@
 {
   "addonType":"ai",
   "annotations": {
-    "docsURL": "",
-    "source": "spectrocloud"
+    "source": "community",
+    "contributor" : "spectrocloud"
   },
   "cloudTypes": [
       "all"
diff --git a/packs/kubeflow-crds-1.9.1/pack.json b/packs/kubeflow-crds-1.9.1/pack.json
index 37a96e71..c5231374 100644
--- a/packs/kubeflow-crds-1.9.1/pack.json
+++ b/packs/kubeflow-crds-1.9.1/pack.json
@@ -1,8 +1,8 @@
 {
   "addonType":"ai",
   "annotations": {
-    "docsURL": "",
-    "source": "spectrocloud"
+    "source": "community",
+    "contributor" : "spectrocloud"
   },
   "cloudTypes": [
       "all"
diff --git a/packs/oauth2-proxy-8.2.0/pack.json b/packs/oauth2-proxy-8.2.0/pack.json
index 810d25e6..1edbef6e 100644
--- a/packs/oauth2-proxy-8.2.0/pack.json
+++ b/packs/oauth2-proxy-8.2.0/pack.json
@@ -1,17 +1,17 @@
 {
-    "addonType": "authentication",
-    "annotations": {
-      "source": "community",
-      "contributor" : "spectrocloud"
-    },    
-    "cloudTypes": [
-      "all"
-    ],
-    "displayName": "OAauth2 Proxy",
-    "charts": [
-      "charts/oauth2-proxy-8.2.0.tgz"
-    ],
-    "layer":"addon",
-    "name": "oauth2-proxy",
-    "version": "8.2.0"
-  }
+  "addonType": "authentication",
+  "annotations": {
+    "source": "community",
+    "contributor" : "spectrocloud"
+  },    
+  "cloudTypes": [
+    "all"
+  ],
+  "displayName": "OAauth2 Proxy",
+  "charts": [
+    "charts/oauth2-proxy-8.2.0.tgz"
+  ],
+  "layer":"addon",
+  "name": "oauth2-proxy",
+  "version": "8.2.0"
+}

From 0a5c481b451bbd4781905c9f0b678848c1b55eb5 Mon Sep 17 00:00:00 2001
From: Kevin Reeuwijk <kevin.reeuwijk@spectrocloud.com>
Date: Fri, 19 Sep 2025 19:51:23 +0200
Subject: [PATCH 3/3] Add documentation

---
 packs/kubeflow-crds-1.9.1/README.md | 41 ++++++++++++++++++++++++-----
 1 file changed, 35 insertions(+), 6 deletions(-)

diff --git a/packs/kubeflow-crds-1.9.1/README.md b/packs/kubeflow-crds-1.9.1/README.md
index 43ddfea8..ea0e4444 100644
--- a/packs/kubeflow-crds-1.9.1/README.md
+++ b/packs/kubeflow-crds-1.9.1/README.md
@@ -1,10 +1,39 @@
-# Description
+# Kubeflow CRDs
 
-# Kubernetes versions supported:
+This pack installs the Custom Resource Definitions for Kubeflow 1.9.1.
 
-# Constraints:
+## Prerequisites
 
-# Cloud types supported:
+None
 
-# References:
-  - 
\ No newline at end of file
+## Parameters
+
+| **Parameter** | **Description** | **Type** | **Default Value** | **Required** |
+|---|---|---|---|---|
+| crds.minimized | Installs the minimum CRD schemas to pass validation. Set to `false` to install the full CRDs | Boolean | true | Yes |
+| notebooks.enabled | Installs the Notebooks CRD | Boolean | true | Yes |
+| notebooks.controller.enabled | Includes the controller in the Notebooks CRD | Boolean | true | Yes |
+| notebooks.controller.certManager.enabled | Includes cert-manager support for the controller in the Notebooks CRD | Boolean | false | Yes |
+| notebooks.controller.webhook.enabled | Includes webhook support for the controller in the Notebooks CRD | Boolean | false | Yes |
+| notebooks.pvcviewerController.enabled | Includes the pvcviewerController in the Notebooks CRD | Boolean | true | Yes |
+| profilesController.enabled | Installs the Profile CRD | Boolean | true | Yes |
+| katib.controller.enabled | Installs the Katib CRDs | Boolean | true | Yes |
+| pipelines.scheduledWorkflow.enabled | Installs the ScheduledWorkflow CRD | Boolean | true | Yes |
+| pipelines.viewerCrd.enabled | Installs the Viewer CRD | Boolean | true | Yes |
+| tensorboard.controller.enabled | Includes the Tensorboard CRD | Boolean | true | Yes |
+| trainingOperator.enabled | Installs the Training Operator v1 CRDs | Boolean | true | Yes |
+
+
+## Upgrade
+
+This is the first version of the Kubeflow CRDs pack. There are no previous versions to upgrade from.
+
+
+## Usage
+
+To deploy this pack, add it to your cluster profile. The defaults should not need adjusting.
+
+
+## References
+
+- [Based on kromanow94/kubeflow-manifests](https://github.com/kromanow94/kubeflow-manifests/tree/helmcharts/charts/kubeflow-crds)
\ No newline at end of file