From 89e23d4eeaf44dc4d8f85bc0ac6a59b4e1322fb1 Mon Sep 17 00:00:00 2001
From: Dixit Sabharwal <dixit.sabharwal@epfl.ch>
Date: Sat, 22 Jul 2023 14:06:32 +0200
Subject: [PATCH] Add helm charts and values for gitlab agentk and runner
installs
---
k8s/gitlab-agent/README.md | 7 +
k8s/gitlab-agent/gitlab-agent-1.17.1.tgz | Bin 0 -> 7347 bytes
k8s/gitlab-agent/values.yaml | 130 +++++
k8s/gitlab-runner/README.md | 7 +
k8s/gitlab-runner/gitlab-runner-0.53.2.tgz | Bin 0 -> 21697 bytes
k8s/gitlab-runner/values.yaml | 575 +++++++++++++++++++++
6 files changed, 719 insertions(+)
create mode 100644 k8s/gitlab-agent/README.md
create mode 100644 k8s/gitlab-agent/gitlab-agent-1.17.1.tgz
create mode 100644 k8s/gitlab-agent/values.yaml
create mode 100644 k8s/gitlab-runner/README.md
create mode 100644 k8s/gitlab-runner/gitlab-runner-0.53.2.tgz
create mode 100644 k8s/gitlab-runner/values.yaml
diff --git a/k8s/gitlab-agent/README.md b/k8s/gitlab-agent/README.md
new file mode 100644
index 00000000..b26b7251
--- /dev/null
+++ b/k8s/gitlab-agent/README.md
@@ -0,0 +1,7 @@
+### Deploy gitlab-agent using Helm chart
+
+---
+
+| Helm repository | Helm chart | Git repository |
+| ------------------------ | ------------------- | ------------------------------------------------- |
+| https://charts.gitlab.io | gitlab/gitlab-agent | https://gitlab.com/gitlab-org/charts/gitlab-agent |
diff --git a/k8s/gitlab-agent/gitlab-agent-1.17.1.tgz b/k8s/gitlab-agent/gitlab-agent-1.17.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..7fdd23cb606a800040e5cf7e796b1732bca70bce
GIT binary patch
literal 7347
zcmb2|<`7{3f&ZEe+KC=P2FV`2W<Hgcrb)(O1}VX&nNh)(X8vJeX1?J$S&4Zml_7!o
zwjQZDxeRY=v&(N=Y)YtqwtmIb-+qsJJU#1F7Z-2(uCZxS#_ee(DwegIckVTGaS}SF
za*)m8=B#(~?(bvgw{wjwdb4Bu_Zjj+Gg-JoSr^1Ha1|@nm~6c$)4u3lq=MQUQLaDo
za-TCzq<SwuPX1cI_@c)D`xUh%Kb$}R`0?b+j>=EFe*S8A`~2d`kFWd}DnfM3Yz)Oa
z{$8jkh)#X<Pl><lg!&nag^AqL+QqsSy*dAE<>it-9sc6!6FpW;m+!D}56(FKk;(Yf
zgXI-nksYkh94r)eIBE-scxZf>qu7|}n#{INzPM5Hj=)9(104n-CZ@i-GZG`uZxk~*
zpc}y<_%Uqny5q|pUpnw-i{|X>v6dc{w)O?OkG$?^y*fJ4f8z1iWpmf>IN)fT^kx1H
z(b6q0OdEe){Ae$=KK}n>`LD01@bF&hJoK~vo`Ap3Jv09M5sH&KL~lJYNz;3#d-@++
z%l2y*|7;RA6Os~R><Dd%Zdi0eeci7d-N|*?R%fsKUB0#UKlkVQ&OZ{L-NhNApZ$Ls
z_;`uQ|9<J-=Rg0e@N-^}*{;LTrhKY%LC)1Csl&yGSfefPn_0bnb^rA&R)M4Y?3dUT
zhU>mK`zwS;@>vlB^P7VSos!CO&lJQYM6?tx$mEGlN&fJG=jgr(Nv?HampP0WpGGKf
zZ(k6$Stqny;`cv^-8|g)n)LUt@SJV3u<LBn{rKuk!!>Gx`3Dz@F1THI=GhKb-=DvY
zT)bUsOuiO!OHDhv>_o2SmE(eCCwmh3%(->MW*mGGyPKIudLu)PWAgoGO}6QYDjU)p
ze_mxen547t%|QunO<h5QSIM2T{%Ajw_@Mi+sipYq!N$!!;+&r+icbi5C{%pM^r(AC
z(y7b_;f85P4Wos`x5rLDw(v&FK9M7<WE5fx)VUVOwuP(^JRqt#PyPSozoAU&j0@J}
zaM%5IzB*sWKx5a-HLIp2wl6;QElnVZQHI-LVR}K};pU@17$&f}Sez;BSo-dx!m~;3
zLIsz;D-;O)^vL+KHD>x^g+=!wvXqp<WTm)jv_<-=4Iax&^ez^YF_YpwdG@Q5(4=l9
z6IDAwmsc!5*$yO|c-7s$U}qn`U()TK!k2JmucOtElGn~GvPmtx@vK(r6w|Y<m6azA
zvmJvKg#z`D*WC0ulA&O2{ETm5={qBpQWsyQ6>DqzCPZvm5XQeD;mA`_Rt;g@6?-%H
zWL~-CSmNlcscgop<TyFb(LnEtM|zu)RLra2H$op*&oJX+6Xj-TFFIAJJ411P^68>X
z3+3XQuS_51o==|fS!~aahe6G8%JU`%>x*Pv@2Ed=;&4y;pY^30d(~!2l?Qg*ShZ{)
zcUA9Uu`7!rGMZiYHn65eh(GXJ_vLFrpnUeS+tv{uGjHr=5I1&A3sOv;A!tAMOw%DD
zW25LswIe526g-&pIPwki%(eAXl4mB@rxhFVZ+w15hr7WqHU7oMZIiA%y^-2BVb+Y9
znF+ruI%{Xl>Gu`hIPK;t?I(9M8hn;5Xi~0OH#_3B@ZTc;i#jL!m)jLSlv*FOV%6Rr
z<*i#znNG7xJ8>e&D63s-*3Yz6OL?UOmt1JHwPbTv=KP|b+54>8<>tIwM*`nZ6$o5w
zEX6SElIpoe^GS;9uf1WKpEa#DpVj$p!OAUX<+j-Rb2%tgcGnzuILSbY?NZRQh!Ypj
z2|ttwJm1L2wX~%7ECa_=mOZhN)jwz5*>WkZIPNY_QgIyT{VRW5{#qOm51RE%aYg=y
z5P8Lbcy3X%sZWCv)wbm;{izWWnCNF}-Zgas*O~i_d{ZJX+SC*~_Hg_$JyvsFD$K*y
z=2%ctz_MFgSiTy1hn$=qufu&dO=XI(Q*EEbLNAZs9iQv89)DL^7UL1Sc|lBpDN~hm
zX1oHU`H}Cb^%DZBIBra~^Eq`^{7%Tk&$lMo-?nqSv%xdz?p{~NC&|8(cvZ3-*H-?x
zm1)7dJkq%3WLHtj)1#Mqf{riO`;>iiw`S7Ma?TxXmrMBOF3!Cm!MEaoYQahGZ2of>
zMSf?k@!2Tj6``5ibBA?BqaNq9U#`==t9Lpm22X2KSLN<C*!(5HlWl4IO{PzOk4$5*
zni}&g%xqHe+Q@2y4jzr0YlCho2_+p{8me*Mqks7i*ZyW(3H=wnuT13&8S|wcOcp3!
zz{4kfJU?OAq)88-o^9H}z2}I}$r}tm?b3c1CAeH+o_}uVoc>FiC9V9onCB%e*f>GT
zsZ+{4GxAneQ}#!pOBeo$r-kfgo?aDHD$S|iI%m~PvqlNF@~6Kh$!?UI#_=Sgy`v~`
zH_t~_pN~C8JQ^$~(^NuNb~|O}alACsc6vD{y7~j>&m-O}b6Ea5MTzS>Oq>;Q(XxE6
z?Hg6IZ;dJEyT70KzWl`Ac^8VUo;PneEs?6P;%(^n_v)FzX>LvKv2o%Z@t=3KFaH?x
zKl}NgOS{@x(-=87o;7%6vPJpTO=FioGal|r@>1YbdDyebVfUt8O}}azEvGNrTd1fN
zc<18P+B&UyO}D4bIJW1Wyw9#=_d8w3Gm@kKy#MiI$CLl_W#*a8|NDP=g&Ma=ocHAL
zvo1nKjWzMNp6>t4*4M}G{g<=;&%=mo>6wzoZ<3Epov&Kjzuc?u%juY#du?Cn1Xvum
zn|pfyx00AuiILliehIz5S8;#A-My@j431i`2zj|4+_-%0=GD)phA4!$hr9J(kakc|
zUHkUp?0^Xj&N62uKP`DJljv6PLTmd+<6cDv?bP=8o7+m{gxmkGWjkdcex)PmRkdbX
z@E!+mr<tGAzhC@bV|M2MdhR#wGYZ{Z`1x7$X8u2}?*8=0{mjpn|Nfht&)<JFKJxBu
zkElb7M7je7&5u`w{(sE>di(vH+^UC*{GXiQGTpFQDeK)6*Y?kz?NdKbH2)F1D{CS5
za`#v2oX0-qxaBQOyMExnp@r)8QCvs;gu*<cW*ptOzbQWX$z;icatkzqPFP<%A8|PB
zX={$7kkZqx?j<4*Of+sdc0G|ixNrGcwWntigpVu9#QBAH$)^9^sH5Gg+`nP>`-r`f
zTD+nH$wEcKtFJs<ab{!3QVZuxx>HX`=e&QGC$#mHg-@EM^XZ3YS_-B2zduy+(r5O4
zdo8A@{POo#d5%vJmGX#m%&_6sf8QB%#6u%3;5UEXfA;lL6JENN%O_v8=T_FgzO-oF
zjH_Zd=dOxAD{*n@l<%9@W`|x}6My>4lgPF8vv-*PStlY<WO(IYT=T8#xBjXN^D;?E
zspoRf+BM-=apT_u54ra)x;m+Ae#<)fYH5$+lE>0qg^w@HpUpPs&I?14?Uxhw|7lxv
zLbFQ#<)rYmHBVOk;oE;K<be?TwS_DiF2!$dUJhNIaC!!V+8X~oo6cvw5cy)v^+$K9
ziBehUb`{0GyH?B2*zcZXA$#oB4bG@-7E>3y=r3)MX^IZ?Y+5|E=+qI@%|WS-TQ?qP
z<6QrE{fAAnmieSv{Z4gTFKDUJVyFH*`NrHgP8J0*2b)70_SO8{<dVJc-9F`-efcl$
zhtHiPU26aAf7_$^m28glT#p7kUA*BG$DvJA1NJ6uE<N((`VzCgIZ1}c*XT~k>5a{}
z%}^k$EquZB^Wts74W|44-aK}f?>yV@`#MHOuO4f1+6tYM-=Lk){r7&3++Mv~|J!>X
zAA7j@?|%{h%tISBiza6-6ZP6=>rv~xF(Sb2-_oYyb6=&`w$Hw1%DGpp<jV%hK>7Wb
z4<F;&;2<ZoB9(E;sTB!pKXPd5-oCYBX;HA`zaNLEF?{+l?b`l_-*f(niJhKm$l|v9
zRjRIQUFz(*tZ9Gv6gh2WxGbhIJeec$aORqRrKD?Z=AVu+MI`$+3g7qP=r3j2n|gCu
zXQ89n)99Nijcd6R-9Kyi{7MZje;RQ5u+Ht-_1`|!)ortx{bc{9ASMypV`&?5Ki*$_
z{cO>n=RbaYiTr1OG&pzF>sa1^AcmPU!k6j=gy`Na7ktD&{jld|y`q@My<x$DZ`uFd
z?D=2+<fg%YTbZ9Fq9^z&b};Oy{%79r-+$`0{qp7O=fB;rUis;>w5#CxoSmCXI7HHZ
z%6(y<oaeo>F8tf3O4b<m*?9u&LR@ZpZ<rRI6DV-G>nf#Ve4BBZo!RVl3FjtsmugH;
zG%q&T{E=OSMZECqte2tcvvj^{Xb1{%FZlGD_u&tQ4aVhXxc)M=77LwIRZ`(dQjESf
zG46QIt3%)K?~dL6y5+OP=U*44_s;aabI<?R(ucd+wxmrz+kV<fF7bNKBh%=}&&!rp
zu3V}o&ckVAZhc%Lban0YiR~<YWmT!O6N&>SO_%D@47(v8tuyEMl#q+n*W7=qsXCoJ
zCg;s8`tFg<@!s7(Hp)4j`BAhg+Sg@P<2>mToEcm5l^yr&SZTCaRJ1%QZR_M2@#~(N
zM{b?7@1p)6rqu6mU&}nny0h6Kd7ntm!6M%CDHfWik{z#p+pwtI@S?QZ=W5350$TZ}
z&PB!CUiVjE-n!j}_n&=U@^|7)=j`7nHcb+ZK2s!|us7)(*G&)i!t_E_|4sY!-iED9
zn>IVQ-|OH_%lDf%9GX9E2lI5^A0K*8nDBQ`_}bWPv;K;-x^;bm6XVhIOlOPj(x3iv
zSlOHS?#V%^9d9C>Ha>ec*WFTJHkYWQqS<rTeK!+cU)XA^Y*!b3{E(@->MN@+r(eJN
z9JMt2NbZvDEc;{4i;I7^a&xTdeP;T2-<`hh9C71~ee>2uUSIYtO1L#JCZlrshV3^a
zVp;<h{$RV)l^W#stA_V_X~*@7Qu&7K6{Y--uJ1mX<GEhze1OIA-Qk{YN1bZ*Y9~3T
z#NNwstvvi%DeYz2lhU4$&ASiyvK_yhytpXBWlHDP$fZXk7gjBF@#EpUy0Fc>*St5V
zvm?+k_SN=;OOjF193M^!wa@shxHvfGh}*2m@&%p=OfN2reO;3DGut#QYrgiU^BelZ
zlHXjq@K`rvp2#Ve8G=i>zg$0T!_qd<eIMufEzg(*_6na*6FmP#Cv~4!>#UP~;kjW3
z7BOM`6COTzlfA$8qAdUIxp|!iTeH8}E_R%$cq`W6<Goe>&PO*M*-&!nz{|NBZ|?kx
zJ)57if78pt@-Hi|zpTqGw`xB9@5%24ioD0UgtKeki68Maj|n^38+3oUt9g0t)0Eg}
z=j}r_9aG4eE$Xv)ap_*6y{Ck(ZMinR<7%YLvR%7(e8_7^TYmqOe-VpLdD8MD3a3t;
za+vS2tN7%eSr(B=)~2tIo%mbuFV4-OwP5@H#${eh|3!$r%Sgx!Dp^>qxPG;b*|zNE
z&1G|2TCHZMC$q}E)=T<W;QmZOtiR0Wh^@)-Y1jVFmtDU1q(sBsMIQ{-onZZ1z%6zB
z`0>{DQ@PHX)z&vIDz#iyILYWp+7zzchpufqxY+z5Z&F<Kjp%j<7QP?9vVZ$MTq|by
zS@7Q~rQO<AhmAr@CTl$rZEP`B_+h5>t06qgSZ1!-sj%ovAs2J2cm#L(*344w{4Oc9
zQ+P>vi~6Qmmvgd$QWZNY_Ri1v>-Qz^j?-4<kI|~{%~tMCbi3z!t2TUB*;1wYKbvB5
zHY+@{cKfPzB>!JRYS@~BJD(I6m9O3VWJ;RehFNoN*IX$pI_|tV=%?}G{##M+Of*uC
zeoA-Qzjo*Hi2pY?{0mnV*;lDraQoN)*J+#g{D1xBN9Eu5o^r~K0Wa=)PkeIp;a{`u
zY1J0m+r=_u3+C6d-VQmToNH|GasR4XHdY>)V1c^!moE+ZVmI?GeLQh@X!+M|t!wth
zS!!F&IP|=K!~Dd<f9fCf=-Wk~uV44H-m0?p*Pj2+J?CXvdr6;q%DaGn#uCx8x5;O{
z_X_N^TWi9*|L`pnDVG=5CG6j`2Ax0lbAErEZ2(`+?EmU#i~b$Iu6}m%^Pm4k&ik?J
zy%S(*l|BAlh(r4NLwOAeEuJqzp)2+rPR=bq&Sq@O{$IcH#^OgitN*cERbKx-_y5_;
zm%sk3|5Wqux97Z1Q8|X^qZJEErnCI`)_b6=@@`rCV)mU=-`;IG8Y_L2OZvr@)`W9e
zU)sVFkKT-n|Gy^6Y+YQRUS4rE!>Vn$;=2~5scCXP@AH;i7L%J4W0rkX&nPzP#Y*<>
zTgzX+TGGDnec3^g#UHDTYp3Wb-`LILD^n$?ns(Jt()#so5f6<g()(H6dG{(UH8%J2
zXvoxwDyaA*(RZ(Hxx)XsD#l8MVf{0hD!TvJ+gWMN|8HSuQ@QQ`yeEdnuKX8EHtYQH
zx%u_Xa`QcPjW=cbOZM4Sdnm2Bv{KZ)E48rk*$nl79T$}C=KX5X*U9dbn3&}v`s0S}
z{vWqq_p87C{CWM}?r-gR-1`*oe_;CEnEOfeW>xUQs?sMW(&rYg6}vR++{2BZkGa*k
zIO*)46EV%-X`z=_%$c+!^4AMDT`^Ia=%Kb}4b!Ggsgk><m<Vw>IA!jfByB98b9;$(
z%fkd4!=O{!(x<ShO?`1&zW#MhPQTjY^^*hNA8vp5;&sZ0;O+n2*G9~Ec=I-cr{9!@
zC4c@dI<R7|?0%00d)FVn_@KVj`d6rA+`4-!s_*6Y?~ZrB`+ZqbdO_jE*(b!0?h^g|
zG|=VM>BlNtt=7x$v&@|{&*XK}#Gf*ot5V#0Sq~)HPhOaEtx4QIE!X#!{DZgq7yhfC
z7BBV9zV7Gmdh4VA<8Ph0y8qk%&&RF)yv_fR+;`~oMaw<4+*_;jU##EzL-?bo*||K2
zGeu_v{;y)c7B2kmNA%TfZQ13|vK13;EfQ{<cW_*Y+;FX|e_!nR<=V?XbthHYCdBW_
z|9@rcZTVe)JJ%k|VqN8V?V8cLUwfU*JU3+g@%ihzJYQ{{kV@KHN4`im=G*E_#!vR&
z?Km2|L4iAMZ|%gxftwD<_!utP_8|YLxMY>*rcJ&t3}uRQUZ?a;Q;p7)?0WL%;C80f
zriIUcb*%TC8$Pw!nc47dowmT|wJxE8`*T+QsMDQM7<lA!;{me=+Kx|-Y`+*$p3R)=
zy8MuL^uGHGc3kP`Wc^tA_gBa5l}c-8hXn1}mt)ng?ss^f-J_FrJWqs=L@&_1uIad6
zOtN87_SD+D+mcH+vE^7V+17oBH7v_R)SEB=XUeJ&Va}_WtLrbVJh{)`LMPsO`_4HF
zr>t61;n|jUIPFd5T{Z6K0v>K#8{;oD8F$vc_I>Ot{BQZ6l}%jBSoTf5X85P%=epaH
zU+#am+w=EhYRTib*S((#RVMOHnR+kn&b*8JGc2B+oWJO=zN_%e_9+jK=OkDE*}msr
z@t0puUfldw-<8ha=D~61%U9lA@4vo0ndwv0-%{K$p;~us_3>NHCz}c$6fRk$bU-{J
zD`LLi)^?vmKN$_)C_7GzkUw+g-r@_JzbPCko?HDd^~i^wJ4ycSS^tmkV{X0>&&V6<
z+bQHSW96H(eNX4~?(btwy>W|q^4>SW={$0YcP4GxzV6@E7t!aw#IITR&o@rzS?N#z
zPwMe)UwJNw?7UvMM5wy>_0+@pO0TCHyI#Mh?angs>#O@(+l`b>o?WnhU3A)T+PbF#
z{EK(#9e-i}zsqQO#sBLI>?Ob6i}kDe%kTHVHcUGD@&4oP+28-${QmF%`OV2p0WP;?
z8&BD|$H)}%WSlbyOW(h?{M9wCSf|)!PLsV4+_RiNhk0s(_)fjPFRfgw(u#Nw_WZKj
z8@SbgJ7iz&>7@(LbswJ^xUh)J{a26zYl7J7BhNI$R;lzaXB1S^PG48Kx_Wh#-<ioQ
z|1F&t>g+whGkHUZr|IDh-bzi*2OG~dT%NhZktced$@7%WR?8ntEfosfc0_Bct@7tq
z3kJuQ{;4&WH`=^>IXU33?uv6WV-$`xZhJrdg)>jH=Znqfc5gn%@Q?5LER(4+bFHU+
zUHakI^y%flXU_9}9X#LfwN*oaeCh3U@mTc_-*mkf6}#Py__kf_+@`~+^((3cC7!+N
zTW0ZP!?RD~Q@_P}#fvJ({{0lB+I0WA=0lF{MeUZH{#Hkg1w!O3S1N4z^Hle>_j2a<
zcDEm!$yoRH2wfK`DYbOJl$h}GS4nDdh<%yV*V^No_Gujz337~?6BBcUHHz_4=KJ)P
zlW~F;9y#|WtqFc~|L3aDVZr{X+h1R}&>fo?={)!G)a1Ey9(b>GXfvF3DdI_O<DWAt
zcV9VdHuvVbbz%3f|53HsdE9rYdVuoG4=ML|ey-i><@j&@cdNVqcKp7Pn=|o$d++2;
zf9!2+Yo`78{}l5@ZDq<vE0ZYAg>3qFYb|nQ<fIrimd{J&HRR?9KfabTd{OBxFO|29
zXO`SqZakH#ypKO*-nRnPTnj(v1;LFTD<%~-crTus>f)+Zx%Jb7IlEl$@;?$~nPhbC
z!O}UkTQ{x@ydB<KA@OtC%qu6=Q-d!>oYXtmp`9o*BUG`|`BUW5s%yF@UUik_z2uq3
z&UK!dV}*O#r}{M~j27NwK4EgSQRJ?hfu?Q1avqCswWpT~9<(_*WoANoLP_%zUx${&
ziAD$V#Y{AUoOYOYM|%8l(zfqsTFyRus_U}2=xL^r3AGz1E^;kjD>%vO;r1!Uk?WUz
z5>_>TxZ)_I|H{oWmOf_ZS-Dsp_eI?Z@>=7vEID#=f2;)mJ^#AA{#_TO4;PsHxMKZ!
zp5t2EwtG9u80^2R$+J%v{;|_mYU}UG=M5_O-~LPgvGTgTb;G-QUiZ5nCD@c#mmAu=
zFFnt<;QISH@$<g^l7DdbDa)^B&N<)pswTga^kGwwHd#=0cOy&LMcGojZNDdf+kLMx
z|I^O{RrhCqQ9bj$S#V3@4LRScxu-vW<7k_{_+i4G*0TRRznbgT|F669y8cC6$!}ry
zs@fO)3x2P>J^#Ru<llc{%u=`NtIM-1cgmNr9X`MKUVFdr4+{(X*L}x6tmA&Z_uKBz
z>+)9pm$Z8R_TEv(Ia~E_$?sZqE#cEf>rE+!y|RD)Y}AfF`R!J1M!DKv$M{JLuY~S4
zwrn_=VB)#@-yP|4{sp$LdR3k8^|OhyPfL0JV6V=l*Qcxgu4_|@<ZYFc?74D(`r|w<
zfpfdwevbQpI3jGCidyUb&2m+B|K==T@IQF*hr-)8w*9NFiHiGgn`PEF|Lgx?o9fQ)
z#o-EeN%j{!-)#M~V6$Z5(h2A7mh7AM+WY&-Y3CSsm~>=lDDJtE9`;>0_rp?#dbgQV
zWA|=2n|ZV9{2G(L_oYjw#2>qM;pa-*d-fi_->1xDS=+O2?TIJiFTPD({K4`5E_GX8
zwGGSH@02t;^I^T=Lze`-ogR~ZD_qHL+nHBV`D9L$*Ec<b;*z`bBDY++KArQWXVKiP
zXLR@?u3f!4m23CPls~Vo#fg5qp0RZGW~rM;gcVJ~qxAVBT0=E%uZz*UTrU#A_kV5k
zJL~oH6KgZ)?3%TC)uzakzioENSZ1l7H`J~S4-cQEIi1Z@<XPU)z0I<rEP2aUZ+S9p
z+r7@63mAWjZ(Cz{?88&7a?fv9_4VieS$gyL(!7vx@t2Daa0Sa6Y<=d^@cQxx=}G53
z*F~)h-_uz$eO<}CJ&zyw+~-}f*ke|?>hkE1>%Zj1pA;`m{}WrNS<AfP<KbTC+#U8;
z#CCl%b*h=nJ8c=Wy?()r;_cB3K3_N(TDI}aRFm@kF)u}eGtJZM-@WcA&Fib{RMwMl
zbG&q=nRWKub!_jfHE->#X<NO=;oPQ0d!B6EePN||xKp9S#7Xa7hfY~i|JM6svG~H@
zlGW3!Ke;7pyBal3*u?OY(>rQH+(YFHGV7-Oe_B)a@4M)o6<hkkpXnESCtjPg@2~dt
zd7Mgj|DXCRvOeYX(fLg`V}IK|k*Q`~ANO_Tfwkf56Jnf9>Q`1MJh$RJxO7UTn&eEm
z=_h+#enkl%lP$d)<;bl+p=;_vrb^L24WeS~2EDD9X2rWi{boIXs_N#GHtEfgIk#7s
zfB3p|;?IO7`_|t+KVx#7_AD-z&Q?t}!Nq#dV&aX=BL$w_6iiBDb@DpEurWI?GJe&W
zo=2R!YDKGzvwzI+{BOmmu(T`Xwk7A|=nDVG7cNKMoxgX%^XES+>;BbO{>x`zVEF%E
M;*32fLl*-B0LDmj!2kdN
literal 0
HcmV?d00001
diff --git a/k8s/gitlab-agent/values.yaml b/k8s/gitlab-agent/values.yaml
new file mode 100644
index 00000000..b5677245
--- /dev/null
+++ b/k8s/gitlab-agent/values.yaml
@@ -0,0 +1,130 @@
+image:
+ repository: "registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk"
+ pullPolicy: IfNotPresent
+ # Overrides the image tag whose default is the chart appVersion.
+ tag: "v16.0.1"
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: "agentk"
+
+replicas: 1
+maxSurge: 1
+maxUnavailable: 0
+
+rbac:
+ # Specifies whether RBAC resources should be created
+ create: false
+ ## Set to a rolename to use existing role. Default is cluster-admin
+ # useExistingRole: somerolename
+
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: "gitlab-agentk"
+
+podSecurityContext: {}
+# fsGroup: 2000
+
+securityContext:
+ {}
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+# runAsUser: 1000
+
+podAnnotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/path: "/metrics"
+ prometheus.io/port: "8080"
+
+serviceMonitor:
+ # Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics
+ enabled: false
+
+config:
+ kasAddress: "wss://gitlab.epfl.ch//-/kubernetes-agent/"
+ # kasHeaders:
+ # - "Cookie: gitlab-canary"
+ # token: "put your token here"
+ secretName: "gitlab-agentk-token"
+ # caCert: "PEM certificate file to use to verify config.kasAddress. Useful if config.kasAddress is self-signed."
+
+ observability:
+ enabled: true
+ # Application-level TLS configuration for the observability service
+ tls:
+ enabled: false
+ # cert: "Public key for the TLS certificate"
+ # key: "Private key for the TLS certificate"
+ secret:
+ {}
+ # create: false # when true, creates a certificate with values cert and key from above
+ # name: "gitlab-agent-observability"
+
+extraEnv: []
+# Add additional environment settings to the pod. Can be useful in proxy
+# environments
+
+extraArgs: []
+# Add additional args settings to the pod.
+
+extraVolumeMounts: []
+# Add extra volume mounts
+
+extraVolumes: []
+# Add extra volumes
+
+resources:
+ {}
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+priorityClassName: ""
+
+## list of hosts and IPs that will be injected into the pod's hosts file
+hostAliases:
+ []
+ # Example:
+ # - ip: "127.0.0.1"
+ # hostnames:
+ # - "foo.local"
+ # - "bar.local"
+ # - ip: "10.1.2.3"
+ # hostnames:
+ # - "foo.remote"
+ # - "bar.remote"
+
+# Labels to be added to each agent pod
+podLabels:
+ {}
+ # Example:
+ # role: developer
+
+# Additional labels to be added to all created objects
+additionalLabels: {}
+
+# Optional initContainers definition
+initContainers: []
+
+# Show the last 80 lines or 2048 bytes (whichever is smaller) of pod logs in kubectl describe output when container exits with non-zero exit code
+# Useful for when pod logs are cycled out of a node post-crash before an operator can capture the logs
+# Valid values are 'File' which is the Kubernetes API default, or 'FallbackToLogsOnError'
+# See https://kubernetes.io/docs/tasks/debug/debug-application/determine-reason-pod-failure/ for more information
+terminationMessagePolicy: FallbackToLogsOnError
diff --git a/k8s/gitlab-runner/README.md b/k8s/gitlab-runner/README.md
new file mode 100644
index 00000000..b4e93afe
--- /dev/null
+++ b/k8s/gitlab-runner/README.md
@@ -0,0 +1,7 @@
+### Deploy gitlab-runner using Helm chart
+
+---
+
+| Helm repository | Helm chart | Git repository |
+| ------------------------ | -------------------- | -------------------------------------------------- |
+| https://charts.gitlab.io | gitlab/gitlab-runner | https://gitlab.com/gitlab-org/charts/gitlab-runner |
diff --git a/k8s/gitlab-runner/gitlab-runner-0.53.2.tgz b/k8s/gitlab-runner/gitlab-runner-0.53.2.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..c725a76a099562c87f8c8caefb3d03623ddf969e
GIT binary patch
literal 21697
zcmb2|<`7{3f&ZEe+KC=P2FV`2W<Hgcrb)(O1}VX&nNh)(X8vJeX1?J$S&4Zml_7!o
zwjQZDxeRaizAn3MvCW|3pPcQ{ZF7RRt@eHOEc(j)-$yovcKTUva}QeOSNl>*+{H=g
zl*mCf56e{{`%JU{o!?*CSUGKG<;2QKkvAATCM>G)40`wOeaqIcqe_ju3CYR#H*7Ra
z^>jGqH>XXpS9-azkovnxXPWDOHu-P9nIre+?Zf?N(>DLf|GePxzv<WR-HY42`F_^6
zS^qEPl=4~6t#5ob{mqeG>Y|*T|Cj!}nLCyJyZ@&N9e*8?4_4f0bzSYYNaOcStAg2i
zyPpL=JgVdM;jZ?yIg<@}Cd6c&nfyM@Q>Zg<@j{Q2Uw`bG=*FnNFT;X&qX_3*^F=fM
zd+lA~D5j!VxOne<n^z@LU9Z+L+da(_@yj+ZsXUz=Uy{w|6B$%|Ala0?MvAp2a<;IT
zT1%_RF{To~hzqO}-30q5i&wrjZJ2N-^V-e27duVAE^~Nmdhqg%#T;vrcy{UZFX#2w
z<G!eIZQuG!yDr&%Z^;h5=)HcMK}G(q-?H0dt7rYxU-zGtGe~Qn3G<HXzwc$=yx;Ei
zx_<rLKfC_Te{%DV&brJO=TA<#W@er}d-jJSPP@4iOgtJ?qnUyZ9@0Ega>_+W|1SH5
z+UYEU+$%T#_~4vx@FqU4W=cVRy2-K$dzsV}6wOUqJkLCzz^(Yz`njh;qREHS=Sfy8
zpV+?Mb?L*7H2LdkEWO`8p9_3`zw*uHA5TC1c=W{gz4XDyPiAnumv;1gbN1ffnw+)?
z`!Cw=c)<DAsh-JuUX!`<!zoTiiw~%9DL(w6EW12$l9La!SBs0zisR28hA|1t`DZGf
zj{3^__0kO0)4_6TUur)+-xFlC*y*siz;eY80ySncFU)A;T;g=@{>*~Z{~H3fv)wEy
zU9Gl`jVtPyRJf)10X3DBTdd9PVW({iW}DtzEuU_3B_wdkqU$CXggLkC%oLSeKe=z_
zV)l)-{LfSSo||90x^BiL*_*m^S^`v5I6Rt4oFfzxd~7Fian)JLTkE8Bs_dDdE+F{6
z&1WUQ&KdO!t=Iod)63Y?{a#4SDAKNL<$^?|LY~Ev!Vf+c99ovSCTdrzBZCUZkGH=J
zPge>RoqPFPBSFr)N%g{n9_CltlLSS6u+&ZT{ny02@W^rV$n*6pmp1i9oY-Zc*toz#
z`fx{8&L);cYz0%<4vO;6*ghqtZNgFx)~kxTq0dcxQtqyu{9u~SQLzo3t8A5mE$^&t
zPzh0q-tEAw=qcP;y4rr{gOgL8j)o;#ZeXeL6OHo}VfBvu7jD;<vyO#Dg?F#y*Tg+7
zE{`VcTOK#-gT%&PVF5o>y_z3b9lGZ&a=`j(_QQKilBL>B7CuVPzG*OLg6Osh;$@QV
zC$&9~Ee=e&*q4!!b*m@o)rq#1>z8Xqdsyl{Z90EE?{Vz9rhS?=OX7Tl6~#3gwe@C-
z)y)5TEJK&cCC>cygfxY=B@f&5iXGlP=QGL=<PGABSaHwFrldo-@Mu!8)}`i`*Hq+-
zwv>e)Ki{G6es#UFnOlxu<*YZSB89I!UZ`I-k%4*J0!2|Kj~C89o##J<i+nZ|owTP@
z@hnIC%6%CH&a5lBb#tDW?r*i^oF2v-6WF!s4wLIX*MBC@H$GYC^2w(&dgrH(M20G>
z73+6QeR-ne{)G#!O(yHvvVsaWK2CpPF0*IGq?SWAyh38ESH5^}SB@<D_WhJZ#e>5R
zwK86_0#{Gvv^YIYqiaUA(4$w~E9V5a>_`aG+n1*F@Z+aBXCp7QPJ48Av81U_rN?8|
z-iL1=$ZRWY2s|VF?qh;`lFCMg(+2~OYJcH4F~x&#i&JU#m5BcH&sDy-Hn-Z<zCSmq
zazkWF%Q8XN<X5+ETLerfcHHnJ^UaT#BAu4`y(i}}9?*1X5xhVBvdpDu-R72w2Ut~h
zbY-3oHeIq&rBx-Z#Ibg1?uoME(~c@CUtYYLrQLsTF>imS%#GxFjaxiHQe4{E8Ed(}
zR`s!)+WWUKzF54)XM^d^Fy@_2(<M&^#Ftwgzxqx0YSg(&Y6i;OKQ9|U@tqVav7GbH
zrJg@a?ks*k)8mQ3hNZI7vX)$Cf}Ht>d*VC=UN{Av@-J9<x#FDDk-5*<@|EXnT#ziy
z=XAKux8)<N&ALg?y>d5*xgHDq`bz%!+d%oBvmdeVi?U;TnzGVSQiMHajmXpsi?bLP
zX+2*!PvX-B#}bb(5+B*~59hFo9uG1sn6bIVcPT^opBB!Eb`3M+_e{CGVaJTm_h&Ke
zo^V9-Y^dwR4;or!)#A%?6j?1)a{4@WsPc#=Cv;Aj)vT1<9QS=?da!p(rjL!4C$kLm
zkuUk0qMg~vzo+UHx+Wj1)m^J%W4X8RmFgj}|7lYg`IkF5&+|*4**DF5%b^{c`B+XL
zKmTA^!sQ7pi^|f=cVDo~(0XV%rRrW!llx;AjgR$?&w^I7ZJCyGT}g?hVx`9qnbW>A
z+Lx%Y2W?@ya%)<_`lNjc`%)}V{cPIR@+i)%E~LA_^54{|&Wop7b+k@*cT|*wYyR@M
zDrA+U{U}gNG)(9IjE|POHyiR!s!TbY-EcnXl_%$~f+JBOS3Q^>a!C2ebf&&qJ$2Gb
z5kB|(GYiygwsl)>DqJ@4nTm^4Q;?>2+LeoYMNVwEdQ0o9i}>=FA>W&`-u|<ly}X#?
z^3NH^CV6|?8uVVYn8N+?a+~{~)+he^f-Ba#b<XAeF=GK=#*Ey1Im>$IT<i?_uCr7i
z?T^?Gm4yp0JziO!e8TNwvq;M0DXjl4e~m6%B(G)?H(>$y+%(RUtgG$`34C}NvS~qs
zUdDq%C!01n%qm>)C&MA>7VG@J%PX(6sn>|-dCI(F>P?n=f2c)8<wk2q%bDs`ig~B}
z=AZsIO*7-}12vm@lT+@#;1TwJ@jFGlPV~m9%e_ym-`uHnmb?^jD=_^q_hGC5KhAOH
zeD-NsRjl3?+}Amy@zaXzr_raD7+y6q_^Q|?+28x>*df;MJz~KnnjX6M7CT)r%f3|f
z_T)FEbB9toF6{oWd&~6|=8psBUsQPTwQ2f;GPlW*f!D>2=dsy!xNrqN?G)1R5LGVv
z>ZF!AVF6F@I(FOpQF_{z>tAK=c9!~aYVXGEKhlO3DlDfquul}@Vp&uoW8nY)^8QI5
zc9<+`TDqk^HTIX?!a@(G7x9dq!hCkZa`6F2cW*3gx|=Fz`_X1zTU0@&V&kP4rb$zu
zf7%>m_Hpi%op!>TR%^uNEnP6lX-eBMV`biAyTGNs`rM1(UOUip?ME7eS!0W$e}SB<
zxLr+1oN4N<vW2Bravn*Gt-2Wd(c<Nyz|WQJ@v|LQUq3&4*Or$Iua10jJ<$1o63e8p
z$BL(}Gjc8uDfzhC<Zg7{?YBFsd;O#{A6m;De(?0<O2dZTTPu8QB4b{zpIOeS@c5yC
z!9)+4Bbf_AW*Sc2);{Tghi~#D$1}`a6GO}eEDwbmR2`X}c=isf(&{@GmcDwbX5pap
zP3u{v%C4EecgD5niv5Z@>~PlQ)h_k$+8L)7Sszeq@NEtDG%Ar(^}fzva;uH^!|h*l
zL&Z$w?6>S#WxU`>cpRJ2vz1Zyl3y28s$5)pvf@y4!~I2X5+3%lK2@A^x#D!o+h2}p
zDL*D(QTEYvU(eRQ;%S1^;eRC$@1FONVO80?THB#msPmWJ73Fv7|IIum3FNEQXRV+3
zOZc|H*ZHO^Gym*e?VqW{?XhU$|9g{MLc>_v0?w`uS@q?|spX8m8Fx$0Ds_~9UDN5*
zzA?M##A@3W8Jf-Om+OUYUUc*I42~^gMeQ-?Opoa#aQ-rx`hSa|`obri)5<6NPubME
zV6Vc|Zxf2OC1v^>+YbsI+-Pt;^=Vb`)4G&>DbXPvk1kcO)}1ydkL#9^lDx_OU@Ozv
zE2f@pNzA;p_iW3jbK1d~(E(c%Vq2HZ?Ge-7k+Ds#WW7;)@wqzz<=UklZ@lhl=c<Ri
zS#wC~YnlVg1?h*AEPwX4KMB(add^ttA#-o1NlIcU@9PWF7X#kCY7;TMJmu$>g?HyZ
z4SjHeZAy3A*#>_v8SD8S9J*?E7BM~*S@+^WY+U5i>v=AB%Fo30FTQ{E0NeW5bEXYk
z3n#5-urzm?TI5xI=V<36MIptam7B`LPr6$=2THN1-e(evGZz<i_U+gqI8)43*78bD
zXT*E&&6jSd?A!lpn%@rRYa2ImnQwiP>Dn4_>S|`svp=C{o(FyOWIdB9WbDsS+dnNT
zW^40?HrDf%CxrBV<|J=kAYxV1BsQn*t%t=l+2!%!8l0?x-bK45c&+aS-t;xj`?)=8
z@~_ox1yi+yZTxz4GZbtE1jD3bEAHLP&wgO()_LVtNo~8ki5h4BS+1(Z8<cl0xy3d4
z)HHwLrSi=4H8NHtRv8A$DVj9IN?h2#RA*UKs!7TU#^-g-hP*#=)#|$6hOHB?Nq>C&
z`^-1IoC*rbQYq(xE>D@4baP2ou(Lr!i0)yjuFdU>gKkV)rjk><^2I%)lQu<L(yL!*
zy?r}HO5;LeoNjdTPwm5ByTZIbUSIa=^46;846WD8Kk2`I#(VxmT4&mAHibQsbAuPW
zyK*-)c1n)xzd)8Xr%D&<*+(u2z9XSBf#vDnVCNM}BX@9{22VQ^wACuzWX9}_xrGOg
z_gXrx-{qmAYog_`?cvdV6aE|jaW(Jw$bR&oN@Kv6_!*xs_8hwHD6cf>Oi6<CmR*~c
zY&ABk2&wy~R1mqB`)k{}36Ec?T;6{F!E#2|L&3I=i_Vrsvd(l5I)0@uK`pd?i_HIk
zT|u_{`a<`c)OJ34@vQ86q{UU6s?-jC`8f}z>)+hyYL3cWZ8ArwIp$$x*3J|k!{pjF
z53wE(iSNeOX8qe4)*~`w&e_Lar?tfwx#op&E?V<6^pNK5ovIs`Z83ayaOI`)-{C=l
zv7bb0`m8tZ5O+Bc-<ERDX5|JOr`IP$bdvil6n*n5Ym}dEsk?sTOWGW7?Q;ip-Rh*R
zbc#COd%Ml&KVmFv;&V~1ZDDxy{7p8(*TnK99pkeEmYKG@hAlsP`(Nm`LtI*pZT}jC
z>(|(_{?+!KS;M4q=6GS=)Sr+3@~>(TmyuvS^W52B#r5n}^{j@!ES~H-Wb4-SZ1SXM
z^$%DkL_cgfc;jMT&nrWbIR-ylL|j%s6FO;RB%>59y}RIGZPn4oDccRCCq1jGnze-Q
z$5Hn7d8&q!yH&K)zvSP%*z@E`f8M=^Umu@#O*~QCwQ6PDkChu{s?OK&X{mZ(8E1TT
zr<dczqf-yfZrf*aBmGRUSaqwxwSU&a4+Mf|2;W~(?$9&;_FnI8HAY!yKXfx);`#13
zX?sZ6Tg%6%3S|ltS%d!uioExJr|zk=`KZpe`K7*nNuhFLQ+I3kT$?%Z$UJsgk!2O?
zs`q%z8|t1WXPUo!oB#C0neDm7H+DyTcPiH86=G{lxvDhLOzNHBC05R$t?K$yeosB8
zd`Cwl#<gJ5g_h*T5S6ob?A)wY`DzlWYzy4xxH$F&N8S-NZapix-*?9~r}e^Oo!LUa
zu21@s=aMYESoNZd&!Ph}mn>W!y5&`2?atgOQW+;=f5@(UH@9=;@1M_Sap|w++H`ro
z!uPO)hF9!s3fQ$4UEOQ&-o9>4dTS`lZNn>}KeD%%J}~>vlls4-`|=O<v+E8^n6uSH
z&sfP6dt!HRlELfm2FFC0-rdz$zD4!N7e^M+85>qlQQN*@rK0@~GwbOAJ_?7q9($e$
zVGwMp*69~JvHS5M&H3k_Hg$Fw?LM0{P4sTNRb8gy9*yGpF|&U<J<r!#p}f$F(>>n%
z3^V)B1)sI$x!Y%~;O%eubiSrz)1;#nTs2qAoM$l1U$cmhWzDLLZ;QUlvFALO-fw-h
zR^Ksn%klL!I?pd35mwfgPEkA&#ip@Bd2`{WOD4hl!soD+96J5-q^FXf^V^5-{X-ti
zU&Q_D{j3PqH`6wrF}3vApcsB2Pj&jqRXZ>6Gxk=0=r~{?#_6y%(J`>(o9puE3o7$3
zx18QT$HeDEiC3+9v4ixnPhs^dRi1o3&2jf?q12+6{<fY69?wviUuHaa#}4@)sqT_T
zOB@fo^aop9Dk^(oEu`^QMMNi&`_+bk+>q?FRc!OV?lO2YQ88yNhlcs$!iSFq*_*FQ
zORXvhwJr;+{`FyXnT$8X)5oq-_M4cbAD>&t8Th%wJb2sd<!`4h=M<N_`0ur^eZHde
z<hxF8AIf-EUfJcse#|9{Pm+blIV|*R-koxtYp2`=6dERI&70Mhm95<vZnDIX^NEvR
zzzwe!UhALvd-dZI%9m@!O_O+%-`N**XZxGV8$s{$UKDZfYt#)5`?ty=Hq$sk=EKU6
zj48@{8*eohJoA=a{YK-&IbPTKyI)>2o?;p&G@~Kz?%tI$%AXH>5&F046thK_3iC7%
z6`6EdyLJDMT#k7Aw8nq>*R7_T99K%6>eS7)2`bmV)X{Wn$83gW^L{+mcyRUQhdiNx
z9T(r+>t5-9xMiZlffm*+yW4!0&GBb`HG$*s(n8s&Q0^nmj?=;pPBpvZAJ_2xNb`$O
zjgKD7=bd13-mr82l2x5&Op`157w_HOzRxMXsO9*kuco3QjN1h#rl>t-uX28u$Gm!n
z#FNjdnVTKBs#1+aJ*1E3I0|Wrzlxgm!A11_fsN7;C+wd{bKkpWFU>fkaNSeYR>j*g
zE9$q+W1PBS(W=;$;{J!*{p!4vUrn(P{JL7=;yc-#=YBt(QlzIUu}PcXJ`|+y5T&^<
zPPuqO#IrNqJ0DDT$uwO!xr^;uUPsIE6t6;Ury22l|B7aWT=;uMTSMpj<p$H9uSOZE
zE|Quv=KlG5WrNW>r@Q)Y{FkJru6Aa3)-2sJ`L+z})ib8IJu81?t9AOOiYgv#+4S4+
z!htlc)~Ss>OI^N+`lh^oyD<08*#)Yf*JM3C7sa0=6+VG4G=65S%)3*2!b*-Rt#exO
z;MAH5<5$ZapQRf=y#8!&t=8$-@=v<fT2r01Cv;U@@ZA39h>LUc#Hjaae8IeH?BcDo
z{#`n`?~1pynOo?WD=Tk5ntAe&VB;G9tFd0Jy|S`3NsFva0&MODTiw&%DV@jRIqfu)
z)l%D)ce3C2bAId4{HT98!SaF4&py_Wr=c76Eq~a#<H5o|>w0A!ZgvW+T_M=-qSetk
zbAq7#vq15CSN+eOfBiIejZu)8N<v-RtlN@oKUZGvo!=>{{pzR_58vyx3kt=ftX>Jm
zCt5^^^L_hnJy+_$l0QkpFLf3K`AtyZmOFg@825TV_AK@Jl9TM#&7C{%-j>}T{`@Si
znQE#YFCsWC_uEThB`<Nl8*@}26-IpeVdEwIDkU+mLrwdIulq!;8)`?2{hr&zl`Y&`
z|Do+=dEAt;g?Dq#U9BiNe#$iJ?c$`~X=@rco}SFf9l5Aa(ESd(63gtiXD>cHxUAC1
z)HKmi@q1?S<QHi&LcjPpg`dqZFM9ASf9vXw%g=+Wqd$L?-8@0J`T>WOhApq5ZanWt
z-hShh@An>?m5A4JczK(g@ndC5n>Tra`m>gO9Tk&gKMQT!9r-of@?l!ZJk|@BGNmR+
z<W<%<C*P3~c+pjuownKG=z3B1rCsF<^``Gn%71?AcE@k!NzIw^>iiixTf5)hXt^Ds
z^GpBug(ChkyX3r$s&m}$PIAopXUuPVw!mtI)VDc0U-!*>^<PhAbBGAf#T=7Uil;*g
zW)!KND&jgF){<U%Dj@IHXWpQFQmd{{Zn_&N{Gefr+k(39E?2%L8O{C?yW;yj<B1)c
zo-BOWbX4Y~n3zghN>Ag}ZIeUNWdo8gsZ5&RboKe3CmUR*O?Pm=$~|Mr#-aeN`34_a
z3%}kp_>#z!60Wr`s_eY)51W8l-HCDgMfep{(hX$O-I`xa*RT8IEW3Qc!$<5w)B6_i
z-;0a+!ghV{|2K2@$;R?!Y5B4heR;I(;Ip)6<?{;<Px&3Ls<Qb*_|r!ziFFDI-Y>K|
zSbjeDJkYUV^_SJ2&91R4w%=;cyPUgA*O_HgQpO>Zs}iq-&)sdPR$1}<{V|no_azH_
z#g)ImZx*|3>7T(lr?PX+ovw!(uJ2|aUC{sE{f@r-fpt97CRV!M$P@o}yQWh2|1Pz{
zAL2*bHwo<CJ=^B|;efEH$J-Tq@3u_ZnRW27&5mjIp~CCe`}GucesY+<{p7aZv%4;A
z+rc+SaAvUC!wHsQTf=+W8)nbDB%<r!e059y+*Y67sywqV9tS2p)r-jxTPnpI)YQx_
z5mKVj^O1#ncJ^A=tgoe^w@laGlkxl(bls|c-WG+K8*j9C962e};jbimdY19EE)UDn
zCm;XLX<1wL_?gEnr^qXTe2cbOc6*pf7mM+&kzuQHK2~*AC+~_jQ<x%C_#N?CI!i+n
zUWk>v<kq&Geve^?S+#`LXWq8<c{(dh7S;!7*PPeTu+%=fIXI}5r$azI?enQc#^P;L
z4xOEN;{2l387~SBJ*_$aLpMu^O@K?;)pouD`_iIh1<OF6mo`C*3YN~ld9hBocdoAJ
z-t}@ijQ!eAkLP?+X7}h*cU;hGxiCq}=VfHi^X{bv#<yLU-DzTfDHCbE>lV|ahu<us
zq<4IE7RpF)4L+Q5f-^G6q)VlNGg$U(#gQ-PvN?20rgW{0ZVr;4z-l}tdfDksp?`0#
z<<wrayXmf$=Y*eMz4P^#K9PPF&k*7CT<m9NV4d^y>sHr%-Y2YX@cCK)r$OS}WBn^8
zi+v8PJTy=GNkqD11jl}pPlrwR&$#?Ld`G$7RF_o(4r_vU&v@Uek?iz|P4<@KTORI7
zUGnp{ta~_PLxh-_&!6TK)+-jpnVWy*j43XQIOVr}nb%&$i6=@5xRtYt?mwvHpHpdX
z&%dqe%)T`7{pDGvGqb8)ukAc^GxNdy7YEn9J2z{dNRa%?bvB#C1$$esR3Cc6UQ;V2
zV0QlGsmb>GK4&u?+6G$fcei)_bi(t|qoOO)yH5Uo!o8)?|KIt&&+07yKmQk({y+QQ
z{^b>RH3bGw!(Xtj^j{dafZhD`xnOp2ySg=hQ<k<#iZHP{)vXRXnesBB<dK3kqwlm=
zD$9<{*6h`Id8nPAKR5oH*yjnB^7hxv{-0p?7oN|f_e*^Jt{usbjqi6!M0%Z^_SJ7w
z<(=F+hjtjwt;*xJ5n|C>W5e;c|4lWo=-oM|BgOiTtLA%aEJ-|crEZ;N-P{MBZN;kn
zPYSZ0W+pGPDAp1YK0e3o@{AuL=Ta4oc<kzqtY!OZ(YL^}Z~J5GV7s^LPBxYFJPmU;
zTvH};AV|qsW!?q%TPrhnO*ek^Z^5Q{vvvsU-kv}2kU{vQ1*iC19u_?N5nOokC12Xd
zZr0g{&uZudcduS3u{YpoqEv*%(Vq)bl}bu3bN!um?(GW|b;+eaO}bXPPchA1-kh`3
z_qv_-+>mvBzxS|Lb*`0Z2)j7-sBmRk&b!HLY@JivPRv^=mmWCjg6*`JN&Eiywc1_z
z|111su2`gIz0B_VN&l}TT6Z>;ZuyzRUblUr%<lSChu=>)l2a#onX{VzYw~BNm$8$r
z!z!JH^24qc{q0*Ca5-eMdt=>?4OZLw<sVM-Sgpldc+b0F(@cZEn%l*rCS>{V`E%i<
zM#;U!dz4o%K5%!7LxIj2r`cDyRo0|N@O5dOzUTV9kTWAr>+#jg6OLbrpDOR~dFa~w
z`h4G~uRpuny#De(TS{-8xQbYwP;H*xhw3l?uQ`5Ru;jn|o9$8YU;i(!c)}EJcW%?W
zwRcTSVk{={y_&=>k^N&!z3m&`x);3b?(?0?o_YH3!>&J8{QG#dPVb$>{WFwv>RhEC
zvj3)iYH`wg^WuI&wQu<h3(v`tS(8f($`|zQe%z|aSGE4v;lTWY+PcbLweQ!kS?uEc
zAhB)fwH>y~kE(a+lykg#b-<xEJ$>o=Uk*)Ej^DKS8aKBkZ>HJL^s9!SV+$V%eR5M@
zzwZ3+!-1xs!UEe8->8;EzKKhI7kJ~orr2pk#btKBuWxK@|MmCw^t}gN^RGz9#n0LE
zl6SqIUv=xpb#m@IlRJ)Hob~Lh*yL-|uWURtwLffr%Ibwig<Y`+?d7lixgWc2-P8ZZ
zQZ8S*H~jzo<Nv{b_v&W;FSlxs|M@@IM&8b3Un}eE@~f6IVi!^*FFxMs!rk_~_O?S%
zZcX&-z5QpNZII<@t4rIy?DX2nYKm;KR+W+|dh2$*W|U=3TY7TRbZ)8RXO?FiTC$Lx
zT{ibD&t=Y8=6-x<HocU-e{ItN|I2L4d|LM}RXHGR?XZaB_xo#gOSr72`KL%1>HM^1
zY&ySER(v6!v!T?FQ?~sR&C~4LIB#6b`?a}yp-y*oiQw0=cdmVJk^~(SjMY9{9`=gk
zx+Y%5@k&A5lI@<cOzQU^4~tW-rwPvxT$mfcy6OerCT{1Kw+~mvTukpN;hxNS<-f1R
zf3>F}jO$(<Z(f*Pbm_;&x=^86UW=!;M$Wo&*yVZfC6$F<iCZr1z0#2S)@~|$x_`&7
z+jsguS*y*QerWx_<yKeLzn;ILp=46?D~}lKBB{l>OSn|uNl)A-myr5%een5DUmvW?
z3f!gaw#P0{KvuMLjeGHXpA(z3_lBFqE&RRmlbZfL*F?u~vC_|zvX5`J+7|fi`(wio
zCY_gb_{)~1-8VP#me>Do@IA|3;;4k~&eeaX&QkIJ6kYwnB;erp6@Bc&i5oLRX1#lD
zcJ1_+)9KgFI^0b@P{Z+2=+)zfp!uzrt#Te;YW%fm->tQ>H<s0}evunjt1i9sYS8_d
zzDu^}#Fp)obl3CS?H`$&cGd9lTBgip4tMP*Psn6bN@wh?7rtA+IixVuY`6B3A5jl2
z^Z)Pbys}V3?QM3_x=#Vdx2>|w>=Q4E1h_Monq0^cQ*3VgaF&6~Gc>li=f^~5gP$RW
z@lBG)K0li-;Wn+owP~FM&$b|23G2D9lijDJrf+mFxl(iQ=O01Il(o`=+k$MBtn+if
zcC0xq)wA@BbI%q*&i;3=U!FS3#G0q$TXZtnOU?31`0A&RQl8%KV+%^W6Yiwty=-c&
z)=@hqvxWCA1%G4-^l9hpFKOEK{mScCy4tb_Z?=|yWjiZmnH+RwP3q6ng&qPk9;bet
z|9+y#tezVwrgwth&Um@jUVht67LOfwRvI#@uuM`jmQs86V9CC(%F~|x*{gG_Z0!>n
zgL>_m3RR|`)*CB@ZBXx?nx4qJi2FzYuTJ<fu2{=sGtHvaE-U!W*<_t`cFQ!uc!p@b
z58ur`y{ou(^Z(Ha3(jXh&ilQ;v|vZk|JMf(-n;%=e*P29yZ@^Ws|Z_}PK?`X>D%Ei
zbm^>KXzcsPTep-w6*~Q=hX2Eb#*+^1JQH0mE{<YKO}HEC9vvFVTC12W{z_DlyHxgu
zz-AVGcbzGQH+xeJn`h5SpZ&&awsfx{w{)^n+K=c9EHZQ3O6neOmYDNGF?`AjsW_G}
ziNwQv=jsi3&ME|+xG8sU+H7sDXMLMwf0iwey0!jt))(G3sr~idk(>51%WrAeo#@DL
zZiRUT^VjryJ*@i<ZS-3*^N7kJtq=S6yzO_G7A${cjX{CqWS{tpue#6OVZWbYmC#uK
zCx^NIfvk1wvp07uOaB#m2zx9xO*b&;i;2oIeS4?kJKr2nu{pO+Y_dIIeqY2c#Z&gd
z^ZEaEmgcYcxFG1wp_eCLzP|T$Lvd|U)h%hh_50udE%}pkdoxpf@eS+jReaUUoA0ey
zm33{`Dyzh;rhm6zW)6}08h`m``1I-P&sASn4-bF-_wwYx|DPWHD!E|&I=1JR`t!q&
ze>opqt-0{v-M_0&Iet*J4r9Il#pn6Wxb9tV911gkd8c=uzN>ro>FUc17dHQktkmOv
z`zD3K?CMcDzO#Jy&z<Boy(#2i*2SLlamNQU?yrW)dls@@wbn@zPY+UF9wB$$`LF4n
z$oqF!JN|E<9Oy4R|D~7fbzPk|5*5N_{E=ZYiF%3^Pfb40ef{Ri{{6CFRJ!!<$MqC2
zXQpmkyCq`htFDGsV!1oxzpp*8wX^jak4LUIpGaZ9-v0NoQ+96<d&IoEDE#%$eeYv^
z!?&cJmNVJ#;aAV3Rco)jmc218%yl*2?VoBXtK$?G)wQ?q8y>uWu20Z<(?ZTf#w%C1
z&c8W#QC5V<&7YwQ)@~JV+*K-_6qxeIf$7=m&uy1txLDYm+HF6wS&OX-Nx122ZmbmW
zE4{sb(`2qRF|z|dd0(CPy0O-K(fa7>oohv9JY-p9de?oL^6;qr{O;DAf00e@b)Piv
zUNJ8e`_wkmF?R~<cEhB(Hnv`!2UbZPIFfwj<W_C>yK|<PH(%Gh$s0Ot|NfPUWzQ#?
z3S=&9PVIl(7<YW)=BgMQ)=VdVS@-2<OEy_Q?b8<75;d(yu+(C)an$v#vWrixS$?}}
z{>t4~cJDm*>9n}_?d>yWaxu=2du*DzDreh<2#be5ZyA+0i<*AU`5ATe%F$@ElBsoT
zZ%o~j!0NDfh1P@FpYv3w8XaI3zwY+Xx^3;d&)@2*Uo#49zP;m2`PWCc#20#{M@AO8
zrq@)N{+j!*YVDTT$$gjinATl<Y^^iD^xyR}BC8JM?Cm@rKKm|vvu-7S?1{^bLiLW1
zTR5}K4c_p!2eoDPUEg0-5v+QBb+l=4<eqcCCS0rGoV6ijtC)RFg9=xI^+WrKKX(b-
zk*#3c&&<8_7Dq1YyTk0OzjC#0KW9=?{AvF6$Q>6?W?ZQ*HkFbqpJh2;)Fg9BqS%~M
z!ZyGCYG<&_m@Ks3c6Hfp#h!z=yI*e?UpzT{eO3DLNw+rd6<R*Q{FB7ui66GD<!aB8
zdz_*=WzG6`7b4@!H|@O0^{(=L`@PDY+)?{o|CPvGK3O_#`$xvwlc(2xQ~AB@*Tl{k
z<-+i-E3N+M9DQfK!v6P$U!}saE%L876z*A9=6FTqW8O7qLD6SxXWhTL!T9xUuRY;<
z2S4nKSy^p!TkK2zg-L(cFInCHb*_E$d2TPKhhDjpPJEqkU^D+4<qw=|S{FNtJXw5^
z<I`dZv)wV~tuIbT&fROX;}l2unbcIn*G`_<yEk3gcXY4(t))rJZg!m$<rdk!a=&C)
z^wq~fUypzLdvIfK07srlz`WWGnx8voZ8`Zb(f8ib-Ms5~KVNIN)4H2tR=<CD;&IMi
z9p$(~Vz(02Z&q$nIQVgM{rX5b#)@x_d;fDBztFO2qJ5v{PD5_p3!*c0cIWx7ZP-w9
zwPr1IN5dtKZ=t``Z05}obz9k}wLo|SYpi<l4Hl`D9UoIodNWmg9lzgZU-|Ovo&4aY
zh5WB-s^ia|S-)vfxBb$xt@ma|w3<f$yuIywuV}Qv^rAGemnTExUs@a&{mK00L(Ikx
zMu+}9lb#^@Yq{;)42wJ+51roEXD;ZaDO|YuW9#*UZIh3l%JTkuvt8*)fA1Oh{mIui
zul;@1>eRmNr{~X`^Nnrs<ExA03is}~uvAjjuDAd7q~s4X{x17GXYUe~WrjAt8+@fB
z*B;y}J4fFB_XNdH$;~cnHfB7XE8d$fziDILnRSL4HYMB(UD$rbC=0qJ+MauVXZPHV
z4O)K>Xnokomlpmx-Fwfgf8W=u=v}sG`2W8Cx4rB^rYzsdDOPeHGjsyi3Pjo%tu$!k
zeH1VM`rGsWE#Z3u?L70@pUW@&JH5?cyw`v?r|i4+1F5^KHm|sMx9R>tZ{dQP73HrV
z_}uzny+{3H$Quc@#hV%KaFu4SKWWMA^Q1iGfQ4^>yzbqz(K7#EpMH3v;_ko14GG6S
zE5yv1GncpO@WVpe>_a^(U)!8cyE$R)G`<x{br(YIuN{=gcjfDsnsGDOYP(+l$#oTt
z!ntOiF8Z017TfPHSU4-<^rl4zs=KF_oN|b5|MkG2K;w#Q^3kB|C(T(tulaYS+kY<=
zsXegIYgeLd{fRf9t*ZkJZmhncU-Re6zRa}=R~N1RqT}hASi0<yT;7knc0Chs_Ei6B
z$td$$^g{6L<XjI&rL#*Hna--$pS7^EUw+&F-Fg4*?QQ=3WMugM=70G&zSAH7x1ViZ
z|9t<vCmX;2_Y~=L6JsfurtbMuinX9zq@g23CEPWrG16tjN{iEzO6NQ84@+@0j5V;d
zT|d*KVvkLF@idXf8(kl>A{W1U<uc7;iKXYBn>$-y9)EnRfQ$EnlE6<E)*JJUCeJsS
z%|GWN`?*z`TItTRY}IAX(|3RHnfv~g-1C_GD(kdwZMgJm??Ue%KLpu7<~)s=ao6df
zz}Ec0Ef*a3N>4mj%)PxqTK4syGo~LOzVlXkA?leHpx;`2wfsQqeaAB%)&Cuqd{(+t
zsvUW6ZTq%Fqq4i#4;`NKw}D;$4Y$qJrz>M`Oj>p7+AOD6r;@ytq(AJa|0!_CzTnVX
zpRV|nYrMiM9Rd|+m+~!|^5oXF&Q;oLdbZB#k_r>;y}IYj2kVxo#}=m?RZZq?77+ZT
zr6#v`k>TN0HeXy97MD-cDZ6&)U{>1xH7Tw}dz-w%*6lD77p;ig`)l8pxf9}NuHUkb
zeWTgRxtgli?-e;ktoD5s)Y|uS<x`%O7X8ytyb9D@_kP84{^&JfyS$nm?)&V2wxV!l
zgy>iMhA&5=c4eD}OL%>i&|*4%H|tld;*O9Dg4~gf=23ySR(43wSRrcb!pS|e>-@C;
z=jXWnI9%irweYUJ_|JyaUm;sn7=OL2d9z`H>inw#6R%z@xVW|Qx|GSfCrky!s~0yM
zZqUu}Xx-8EbH=j?-3Q;Tc8)RcxznG?%WUvlMfsp4?+K&F2JF78TfXhN{U$y1Wmk&2
zd+Vfc5e6scpFJE^#;tVJclAY`Wl6`F_s`y$`P5iZ$0Iqb_HBd|*T<Xc3M(IEt$ly3
z``oqPf>(Z}I||(6pZNHoU4FdcmDQ0}H_m)|<+n89?70i_`?u%wuY1z4CtG0t9{GI#
zIr~oT=U#ky^==6lMgQks>%ZpCx?+AaX06&Ao4HTdFSGNtSuP<F9Q!{`{~XtoIh|`5
zBLf$xFxW_`C(W3DVa*KF+T|S6w%jtDUYa6aSaWHH6vwv0`OC7t?wHUVnz~V=^NLev
zmRQ_HpSqVWtS8<i^PLwvueLkOGgecL@!ZpkHeS=xb++w%Fz1)f-13G0*e-Ki&*opc
z(4S%3yak)}&9?C9CfM?Km0nSAC@;H~w@Qp(ez)~eR-N5z*3Z@1!@A?XYj9HxTZ|*a
z{Ok8_O*?SzcuZYM+Ow?>*NBGtTzhu>il*6ThZC!Aa9!)tO!jGdy|rS?wMkpc_}<O!
zZ~wH?dgql_DYwiWZ$4~!ePI2U*L?S8?_B+s&HiM;%9P6TBI|BL*)?x#Idjqu@SL6;
z@h|A8P<Yn*qFcLXpMNKJ($?wOui0JCHeKq^T~_ea^IFKmN3*-0acz~my`+?}=c)CE
zyw;T&7uJ2g@of#a^`~!dqHVNpZGL^{=Dqv3EB~|3EB$T1xud3W^88mj)&B>7E?B>L
z(*NJDf1Y1ndFnLlc5SZNPQUy_#QdbYzs*oPk|VJ9nc;8WDD{J)-~G>A)%<w*t(auL
z<~Hj?+)ivIN#FXyzHenXuQ=`7HakxN(LAS>CUc+u+UWH%>szko>(x(}mY5bV^kQ8-
z>FL*4qoV~+YWQEC`x(FeU$R_4`WdJBt(VWIvV4E~|4#n2^Y!xEtl8tQ{|~l#>fwEQ
z?b|69jCIOoH>T~IpmE=L-KUA{D?Kv)D1TnL@9EFS$A7J?vV6c;yE0=<-p*sE*H7K>
zS7+NN|D9`d`V2%ST?v1D<!8&<GVh5KSI2Jl6Edvb`SjM$b&_VkI4{S}dwz)TxbpJQ
zCCQnSy7SInl$8=Q3$zRVx8}^;lRk0((>>pPY<RBs@BdPf1Jyt3cVD&Ad0o#wcl}3u
z|4)DJ{`@b?^HBTve`d=%DUHYFrN7q7)^DxNejjZyvq2!XV!LQ!<J$Sz+a^og|DE<-
ztlL0q!-b|}$roLf|J)7J%2@cUb=SpBhmOYFUF)<r>#O*hCD&Z_*RXVYM97Bjjgvax
z&cC7ed;7KhYgZ>f|F5{i&TEzXmVF+E!67HzE8NXhj_3p~V~V}cXs#Xj&ST~NrK>iD
z?_B+_&oSic;qzA)|9XD1<m=a!Ro70|ThDl1e0#_Ff7zz9wSVrv9sjxB{^aE40ejTn
z#)huz6BShqX8AI8cK^f&OJf)PXG%Q$D(%kcjz79fBh@x;tqw1bf4#vfe*fVg3H@zx
zf`Q-IuH6;5?)>xAhyTwjuYImx5<L0Ti_K3C)c)Cj`JVRg|9t!B{jZqyT=3icqj$LD
z#AcriZ`5|%w(f}U`XjsU%h&xC*uc+sRPT-aEp`2U^GYH`BSSw&Zw=qK%R5d~apSfs
z!x#B$1%F@V`1$6!-M{!A?>{Dn1@r%}zpHom|Fyi*sQB;o^PW`h>bSn!<z)JfU#Hx^
z+aFaA^AJfZpKs$4u~sHJf?dhJV#D@Br~i4fI&EW*w@CQ$<K6w+(y2N(pFe&-+vc^#
zjw9<rH`j;S=$5)~6@8nKTU^HMT(X&W$p+!oXK%;Ld$?vd-uDfPRM{IW_)*qYZ^0g=
z*HTTM1|J@AyDa~IUNqvX|ED|3|K}h2fBoj`DR1{T`#sP8bA7VSv_I!9`)5@t@4ha3
zW$$^rKPe02CY<+A3YqG2sQvV%prbxrYdJOs9gNu&#(8b`=Jm6Fa&oz!({}Y(_@HaW
z4*y*%Z_Qu9yf$o~cgR#DjVT9Ty!BU}vU$F$VVvHcb9phh`z99t)wT_LeROZ~R_*(`
z)2{nwIJ#Cg+zN_(d$IXn$<d>qu2h`q&lNv=xWW7Alf&$>zu)z(e`UgdQuzaCI{W96
z_NN;?L`7bS-&r31tW8H)e}B=T3s(%+&UDINbnU%gbimq7+Z+e}s7L$GKamO*uZZ;Y
zxVH9H(9b!yZj1KTZOZ(Rc_vhnOEkFga=L1=m1)hQeb3fC+rK@huIstn-~4mV(?0lr
z`8@-~USGN6)&Kjqf3Ny)do+0Af62N<o)3D}8h>9oSo&&lsrl?`FD0WiMsEqxcPB&R
zU-uoV^<}wYx^ZK{t16piF+1eun~Sae)wOEpx|Bf1tG54Fwf{4$dLd=S={0kL){_%=
zP2XP&?p@~LEdM!L;`_13OCCA1ANIPgG2{MJ-@C!z6U*hMG;rj*eRiJy>bkSk^{;j>
zZ?y`oP!U+(dgS!Y?stoqTeMF-|LI`*SHHb-0V;B0e#WPwe+InBb#403Zk|wDtNy*Y
zHt4<bq%%gc0{#;B?YEZA_0KYia}C?W=F5L5Af|VAyTr_Fg@31x&j|3nYPesnX-?8v
zr^}M;^6S(NUtYL8>&Yp#o&87aPfn@Qe(7yD^Rs=^cl)N_;qQ0;+gmz){rTtiQ#n1P
z9?xjGcjoGnCwlhh*=yqeoIkkg|Mv}-|E&6Nf7E%;nTgLm)(QJ%9$0>ThW!}>qlbl=
zLG53z%?y~dq;T3^dGCX_Ir5#g<38@cF#UnLjF?&Z#=KkMnNwwV^hQp4dT`c;hBC*y
zr}WqQ9TupZ5wP;@%QJtT8t?12**PWX<Lcl;IzE-Vy~FB@E?ndfb?x43zO;7LB*)~B
zOj4Vaz}ph`PjJpWCG>jw@ip>Ve~ad=Sv)8G7-R9whI346Z{=-M<ou;I<Xn<t`<Cq1
zz8`-2`MiR)tDa4Z44zae#4nn=B=A6|zLcM{j;qsi-nk*mk+wgW?0Mbbzf-#PGS9m?
z8;ZUizH@l_#e4j=*S!p#p0}{Z7B9Tpy+^<6la1Z{%}3O1FSeFjew;Zct5}QWl&9~j
zh$P+4=ORsIrg0a3YIZ-?yjE}e|GdP(=bP$k-aY=`{<i4P|9=l3UjOl5y>g5Bm#EJb
z^Uh?%aQB+!Z2Y4ab0PYIy^F5@gO@%xs(F4Kk2gqs|Iv6~?M%PT;ybD`J)HW>9{T=M
z=J)zO(<8~uPy2_)jr&;)cHb{q@(R~hpP2bKxZCii8sBp6>7VAmG3~FFD$n+FTwvMy
z@rq2q|Ls<>#jAcr7I)RIw3KSk5Q<$K+3@Go#u}%q6O0_A@AkyrJ>z-3;!*b0pj{Cs
zc?|TUr8dP%?0s>!(CV!BdTkT^GfVYiTw+r1XIf02Un<sDy*vN1zxgs@rQY@JCJ`$n
zHgdeT5bIx8dHV5e&jb1LK^r}UB3mD2mre;g6H$`;%BtYh^UoraEj@eHXV(=TUi3P~
z_Vnq~{C?jSe#@8{c=rEulX;i)m;Sqd`u}&n(?9L`zVY7%4|lWv{V(q#xc|r&zIUv(
z^Y<hw_Q#f<{LH$)>t)N{_I~-fhQ1z4H`(!Ne4V+}r0(k3|Epg=<6mIl9K?U&x-rx5
z>h*W@KZmF<_<BP;@Xyy`^Z)r<Z?mWV+rRyL>HqJU^UfX$zTFZmr!_U`K-$_bTc2&}
zY~Ix<e0l%U5S6}*%XfV^dn@0R!R+Os&6odu4gJ5W{NDZ-vHbe?`TVL2YIsW5l&sZ`
zz0Arxc~_Q~w0d8W`zp1r_a-lNIe&lobawW?7r&l9c=G7W))t-kd0+QgS61iU%hTMU
zr1;q3oA690#+s+<*$lfTI=<iix_h#@t;Ik23qM|;+`a7cpXc_LzvNjTuitMPlFb(8
zv}_gcYggC*?&|9WUj5${@ZjGovHy3=lKlT}{rvvC)Q7X?TpOED|9>&J4>TVlxUyf|
zv9wtxS!B(Z-LFpH&tzDpo$a19`3uA6?1(Edt5?pEj`j6<b*I!}tJIhK|DwhB?d_iR
zSxNiKjQS{d&&p0EskO60E6ifeZd=>MUTAQ?G$-Qn->Lf;<3#jwbxH%CF)EveK2!1W
z+;E9g(^&pm)y`#y&du7@@9fjr82j?x^c&%8(|ot>`|TpXDSlV^tEk6QSobxDx?Jb*
zP_h1-sk7T?@xePUceI-}wD^2&C`#CRtLcbOpQQcXSN-e!&+F?~T@P1Ze7$Syo|@bC
z_R?|lzp|_9u2&Pv+5ODH$u+3>j9mQL#*XeI3l@iQ&sfCv%WmPq_11w)N;7*`+1j_L
z<_7OMF3^3-v4MptZ>?JI?UnmPVy5ktFG%cQNT0s^{&%+P>-F0g>s=An*Sb@CJGY$g
zyL9R9CogI$YHvyRocq<RcZGZYIkvy@Rn2-ISbLc_<via0@92u}UibH}(|13vZF%t3
zF6G_tBHm>F_*JCvzkU<bqtf?(&VIf6^yb$E<@c;5zpXp(ANTFtZnoRU&tKcJy(_5p
zf6nzThp#)!oge4zez|Q{-s=M&BVVlku%JQkVyldyW$m=r8jDrt8#MU7SiRcrM!v|t
z_wjRP-pI(A>0<6sBcH#u%;2^4hmJNUmWJ;e`Z{MkjPLUo_j);P{oG={rN47i-tSR4
z!NWfB!wjF5)=z7s0)z}j8>jLgx{z}C&+d$!Z<p<EzrZB6?7ei#JNY-M6ZZdP+jDcy
z?+?qrXG`th-K_Iv^SzVu>k@(!g{J&;OukqWt-HPTzRa73X4xH^6HVQ<b}PI{{wQ_u
z!3*i*{qu9(xBv5V_U#Vfec|o8_3j!*pUkGqYwZ5@h0h7PA=JC9`+ww%Y@h89^ur#?
z2-Ws09=yN5_NMjTJwMj{KeZ)3^oBzCZT;5rDj7a*bs2jFQwzB(>NaiJY&tFczSnIt
z>i!u2uvz`QC6Z&UOu)-enV(NS^!WZk{Dl6)-2YE!PjfN9*ZnWO)-d<=`3laQzlO0B
z-nQLY{;0gP_@^$9#>eUXSw8DzCQeYe;M0F%>ukv?9T84dyAPakzfXk(zGCKI`R3|l
z)%K{%mb}tYy(ibQ7<nIGxnSeBbqY2&^}pI@#-x8SUD_#T_QCqa?>kHT7SGtS;lmF(
zAK7mCT@j5wLQ?U!*ZdDGDP{kYt-nCUNBOGXRE-jm=+#$EvKuC81*;}&ZJ9UcwbaLO
z#nVcU?oQBT4ezt`yU|kdOm23Eit*p&!6iYpuhlN!|G-=;zi~#~<_+BKlY}QIJlKBy
z*E^-!-QH$Ai+S!|t$({c>Scvz5ubGs|GTCaCDOg=@@;cpPtW(?|GwAm(fy#*fZ6Ap
z?_FK0m3iW%-kYvI?`KcU<t9ZxIp2EAY@HU1>y{~13%b^(2)+<ycoJ5@c=&pBk-_yz
zwKDd%=WTM?ee0NrjQWFzB6Z>0Esh6>^KN1N_eyMQ{ql<|-sfZ{6s?U>&++S@pSxK3
zx&ME)Gsk7ll|8dCVYpbh`SOqK)0N*8**^vTGy41c#){^{I`PlAB5t?7sJp%5lg2&n
z<fnOi{yk|@4>uGw@d?{Mk7av`rpT4nuFTU1&*j&MH48Ud_1+2CT%zqza-f?*{nOhA
zf099)hWbT)17DwgzkfD&hs=#{HL;J*FJ1c3tn3r3@a2wVrK8_>nOK~%TEXz%V$ww0
z-w7)|EWYc#k;j%<>9w8(-$x(+xif@R<F;Q>eW5&W;><T~37q}Y1(qjXe>Gd>@}aEI
zKI_%ulU_f68vKRJYx0FPm+ySpk-c<PP-u3jcDhPOgvV~#?OV(LXHC+%e<@z(q|=<}
zX=mmbelLzUvN*=ky!!OR6Lt0vKgztCvHf*K*5?0(KR;EK{H%SyXkU=lvdNDvFGeMB
zIvmTmH+P?%WKTf--=8<k4m_P5IwQ<=u`GYp{gty+=XZqeJk+5sn62}zr##Z+mOJ~|
z=D%Ueoi|Io9=oO0T>By|%B}gu#jflY*SCxINAA>CT$P_Yf6pGbKm6<6oByp2zw~Wl
z@z0OJ>Yvw?o1U4IZT~p+U;pg3bAi8CeEySAD#hUB_17oh->Ks_qb_K#3@a1%y2{lY
zrXAB^H7E4F{A}+fn?E!jlkClSarr{Dm2-cKBKLCF<zN1*)P1j?vi!;a={1vmo#ig;
z-#BLbd;i(Le?|Y-XTQ(>w_Ux`>|vJ*XRk9OC%fs_7oVB0ERC=*?P@B>o^3G8FtO|n
zONS&c(+swnHIME`THHOln1wSsAY{YZ?<!xiXA4|f`AH+!eaB4i+6ik!%*tYR@HDGR
zMNE7p<YK~hvgOXKYO_6ZYBtMuI2+FYEKp}5+jKrDaPpspjsL^%uHX6i{v)=3_xH^3
zmHt%!Y<WaWugrxR73P^s$|SPy?|Njms`ho?N#D28<}=;5=Kpuk6|Pe-e7v&ZU!?z)
zn6swYdY?5jR}>lk-x{{sK)I*$3;(I@U9bOt`Fir`>U%$*YL~yO-)Z(P?*H7sX`5^Q
z2R~o%)%4$c&v|EkBTVl8?YrIfwrum=!ddKopEKA~s|+8le|AUy#a+-g+UU@8$^WzX
zcwRIe<J4&Nx}b9Ku+vGMXD>_G?x)x3*K#Uu2)OOiFzwi}xX%lo9q72T;QLXF*>6;K
zHoOw`NwPC{F#9&^w<&vDSL{oc4_Y^O`K#+J*~c>N%!=IllTlSHWfPS863>Z;Xr-7e
zTj>6@BlO?5H*6t7zg~%^`AlD6B{apY@brR;`<d_S#k!)!t}J8S`ZqFQ_SD06A3dii
zOpEhg?A02sa>s-5kI<#>oGV%ms&6z;=KPv+d&9-bx+%$e)(x!{L0cYN)>tOzxq@HV
zjX8dWq>kxw$#pH|GY(H~dzAGz#Z6^ltHH7v!uAmolF3(mC$O!Zk|RC$`P^B|_cwlj
zW|!qD@U)g+@wBON&-UV;_qBY-zTXWyy<pFVu&RmzsVj~zm+H*n;^O3<`F7fwyyo`a
za}!lQ*X>YX{Cu^^k+Y94+tTmt;<MLyla!y7sflwgWxf4>uHFLuCqcCzrDF|#UiVWC
zwc$yhR8<r3k2%>yBVMWPQox>%Hd80J^Lge5G~6<t@>(-&a;vuKLl3dyLr$?yWxp=?
zoVhn~-i&RRv#i%1_MbE3+P>-+X`A<!&tT52{gt!*+g)bv7mj>eUT%q=&sTDvY1e$l
zT)Y1|3#!-6v?y*~YqWQ%m09|sDKdL(ELnfeJF~dq6zi@8yRV6hH-DGe=AOg1{%3{G
zgQGqD!q-ght`y?>YVILl<+Z&eUpjNe4eMT6xuCTRb2P1POmf)}+TMH4(RBT^Cz_o{
zXKXZBR;1X&{O)dm{4wv_FXv2r=9V76X}a;dPMtYt#CYZApZ>H$>v__HW7FbVTh$Ic
zpBKZmwr1A1PnlLlQRnSzXIa%hFsZf7QQGn9!ykL8%X4KexBKn>`Eo{{wAtP=86n4}
z^Ghw1_nAcIrNn>ZPx!6M`%v|JrbW7=Lvn?o-1GfqoAzz{yicwsEIwK?)Wz^|h0<Z}
z4uKt#+b`bCf0kfWsAFRMtwQ5T6SuHJ+?mz}OU|1vn?LX6%jsu+bXVof@()VCi`}=I
zcWUxZo3(ejp;3|WhQd>aT~={$Ucb26LqmG*U)#%(dMu||<>D_$G*8_8*QMl6>g~Ku
zS=`&!dkAfo{?VxZ=l@Up7rc8Sj&SZQ+;cx={ymS>z~{4Brq&rPm-7A~YPIL$OPK@T
zq$jBuyRqz1$>h<0_HM?K!mpPm%niTpvp6XE?)v%K9x?M@X!O<kXSvCpJ|TZqHl)t#
z-MrhAu3EiYczc>Fe`2*u-X+yWZad$-lFj0tCmzkMF*;x1?;Ca~gYm&?qev#J9pV!l
zE81SQOy@W^t7Y%sJ&W91Qn+f8x}ID8@mJ43cX8je&~NWzMP@ds-(EZ^)^n~@(mJ(_
z|LZspUA=ND{PMr_k2lh`%~JWj*>sbS1*3T!x9v&kx!;O!*xCP_*WJQdk@#=ZvDU2F
z$4d{G2=!fj)3YqQ;+Na<t8Q+Rc_%G9SA^sRsvi?Qt0uYo=>1DGd|SfG)3505y7+EO
z;_nnQbvsT8p7fMM8m;0kdpRRa8~2OOGO^zF?Pggt`@3S#R7P%L;U|pyKN)W7`etQh
zY<%TRdd7R>A9v^7*76JN?4Pk!ck8k5IrGjbCKjK%>=MbjU57*Ev9L)aXMgDTz*4`7
z(^QY-gnf_NQ2Xe3PuqvC&k=sQ2j{;NsbBY;f5`@J#^tp)C%l<=^P$2d<Bpg;n*wgy
zI^`zjmROxP)wpxrXm*My_nz7Wi~F~ZRM#*$pA{{A_0EX>&hGri(s|D>U)Ov!>%MK?
zuX*874(UD#@n_B+Q@h@O$wZ|7){7Fp)tq5lS54;h{Hx$*o_5H0g1ghb&lAq8GQXBd
zO}4u9&9ZOh&3|7EWi|Ob*k&oNnyb9ZX|LB~2mNT*f@v{cAr7Znju(IZ?zVg@`|b4N
zX-9H654Y%ho)G`wwBJx)<?v2Rp%XT{cdRshZg}>6=j4=SUv<RItj;>$u$#K&f3Vd;
zp16wBo&I~D9yw8Ne|sk5!t%6${UI7FOs-kaoWH1eg{)8R@|#7sszaYOxH#|oxNc(R
z&7`@9YuchLFKZl-NOGApce>p}&}MbjTba=Tvn{VQZK!y%NB$Yt&S`%pEl&{Bc(l;{
z&$K?piMJ{}n07{dUMShUp>^Bq<-hJnRUbRE#vxbav!!pEiRiRn%$XgYaW$%|QkPq;
z`X_rlU$^^!M#W5#uFDKR!wWC_9h$o8UU>`as(D6VbayJIa^`KwTHiE9`EAX#Z+H7z
z7o7Xm`ej98)`eW|EsENkm47<ydB3|XKHBoYnPpWb2d1$aEbhCOKI2>UvG@&57Hi{{
zB&s#HT*_8q-7mR7swib;)w4aCKA9fLlRoS?vd+wEt@Bn1FRpEe>P0>q%4!DMERo}{
zz3K9qVcY(AHj%m|C-YZ`-@CJFf7H$wH;ZTcy-DTBvs!!pKs#GludtfIozpv3C!SF)
zH#7gdc=h#N8o7&Wzu3G^QJ=lxS@H6}C%In8N&PJ6*csD)Bt*x{Bdh(P{>=6d;y=4|
zEIvOpx05$MvfsV+fa|ragWt4IJ=UBv*<@i*)R_lIL-uiQ61V(!`{#u|yTgjx+QYtT
z?e2NmbkYev8F#?#_s`-Ras?%S_jYA^2v-O`_Al?U*Ja9lD*H!fbN%_X-_AW!TPm{5
zBxb{m_KdTsjS@kM*WLO<w9Idv@7?N@|Il6NyeEhLvwOP#rheZ!^ZU;S#yr#Z-sy}l
z+Okmk&WlZ1(ji*YU!9nG+*!XjS>&zs+vn_4MbiE5lz)A7zU8IGG?vMhnHOd@2yeaU
z_PoBb&DF)$EOJr&t=WP0ycs<&PgZ0|pAh_>>KU%5v-0f+OYWKM`Y)R*>b*Jld^rB=
zJWuc2=ay36?UP?w=dGT*TK4T?nODzmXvv<wAAjhrsNkU&wd+3izus%8sk^zCTgq=~
z?S_kW_s)nO5Em~ws6Kh|bGKk;=bH=W_&2oLMH|?wHtu>M{vj*gQrvF#gDtAl!ggG=
z%R2NeThFqRYj25{^AAM@yFD{>nI65*m>qCAXy5YY)#2NE<^=vToW|Q8yi+ZL$>+t&
z^egSX-~KV?%xC#x%cI%Jx<}xXd{OqX1IkkqcBzDaxiu-*_0IXL{QlN6>N+ofaM>ej
z@{jfR$8Hzr21_-M1@C<Sv6|hw<ghonrQG^=O-YoOn82r&%8=WWI)r?5PC7Ts+D?~#
z`&`#nZ*9Ti`ehP=T7vT<mERto^TKMr;wS5wjWGhL*Q`#n+;aQ<BH?cl>(p(Zc{@eE
zaThYP9uJc)UmQ|BNpyjJ&ynP5M^xh0z5AMUdZyX6bEb)zhP9h&UM|R7nVY!v^pVrk
z@_uh9-oAeQ4D)5r4rE9co(xN!ew)Aa-L~SdXSYS4ayGhsg-u)NwEF&~hF7hZO20jP
zxV`sJ2Jh^NuQonyIl$o=vVEdT(47lz)_&Q~)AB_{cYS+!(d+f{nQ{@A{@rT-{ar^X
zdFkd4Y<mygnH+X_L3z=)WzWy4He1-75XkuEGb?D}zd1)2_?RSpp1$_e-{$C4{nFnL
zc5dlORugh_lBhC1r#>lprTw1LBTY-vm(IW7(G~1l`}X<wpOLrb);yTM_(%B#9g}V&
z(Nj8R+Ou0uEA5|jc}1F`vE!|`d(_XK7i#+blg(9%MRM!ue^bg<1}@0xW!?K<`t9Cp
ze`|KTd~u$&B3U}zFnU9SU#5SBih-f>Ez1q3E-k6Jneo2V&N*Ppk6J6g!zx#kf2O78
zr!20W@LFaq&)sind0Pbw#J63ITNm@=b*@>-lu1WsCpxrFz2edODe(S}OJ=uz|IW^k
zUE0=Ha@z0ZIS-j2#V_oUw$t;^)-<@!clFPb4ms`vJ``Z0--Ts4@7Hr@eSA1QN#e8q
zi&lq;)1MkW{@B}cao_DPQ?E^Zeo>=w!o6oFZk>K}@Y?5^E#)^<jy_%KH043p?_<RY
zUs|SxbgVz2`?vmo`Hy)lC3b2bly(KyzqR4X<-dK|B>dJ3-Luit&TNX6mDRm^&pN0}
zhV$=?L-iAGq$}=Gc-H${d*8{5sMi|DTT@@#%-dp|TGc9XasI6Q3pe;`O|JS@MC`si
z$;gJUw!$&V$gi+pZSvurbAy&<c^zKzwPx<=D?HbB=oD^vz3sZZL4@{`)ul6(Kk#WU
z|8Do_P}kPUExB*!OV`RXWhQ2qw{2o~-S=1P<c_;%o=rbi;3}+@dtD%o<;&mS-%W0;
z43gS9ukv6mm$KZ28!nPt`}z`o@4uYNWgl2!IA<wi^rffi502itV5UCn%DD)QtHpP|
z-I}Z>#{Kme_o-QbOp>1E-_Lmd?$|ZQzQ@*0d!B6Y-Ii0!zx8d2iNwu}?NJ+Q-Neqc
zGm1C0e>gOKf6|}8m&dP#+R7c@AuDlF!Ql4l<%j3AL|1R96;j`9(k3q{8|-=V)AfUO
zrhZ@fmOMT4T=>V*k_B3+jrzJ8o4;Sp+x}$}S44-fwt8fd``&a%9dDtH^Uruhctyrd
z-)now!E|fw)a5}JWJ2F(OUiC4-H}#%-&;J_MnArIOH<c3J>I4F#Jwx06nIK)`Y+e|
z@9HB5vullS-~W66Kl_Zu9!1VbkCMaPoRY?N=KDXV?wvo`T|K_3U-kaBZGm#{LUSLd
zeQ0oN+_K{{mx)i3TkFb>Bk3)9pMT2cTuOV|X_9AlYpq(&{+^}Fs;wS-R~W`s?Tyoy
zuU^+9&HUEU+4hvJ*4mi0rfd^CnLdVc)n3?Gw@vDvQ~o5bwE;!<K4#2$k*l-$eDtlT
z`x)k+UDuZ0xK?bUd@FMEev!}D7w*1t`dsCyY2VMvML0&N$>fJFop)s-TU+lIgJmJ^
z^F>1UEc$t~>ffKl6`P&dqu18(NWQ8&v8TT%^3@TM>G|&A`R>=B|26+BD7Wvx;=9e=
z_g0wi*|*Eae!tw;`(O0#_a!9nza_Z(X!=!w{%@Q4OsBR?md&zyyZGyq1;;j}b8bqr
z6O(1jTs7_U`kA|Y-`04QYHq&T;qGe?;*(jj!*^YhyjfKHv|rP9@AO;uE2BgsI9w@4
zZ^N~N5AW)E@4R)zZ%s?iujYkfm%PeNlh4_dd3asf&1hyQon{y+e#zjia-OWr6&Z`}
z$`<#x8(d`?k^-z&`S0WXxz=T0;;~bc47NN9w)Fj^A325HD#D?D+UBwum67w(XH0+A
zx@eLAVQsB@LWah2o9{o_#T^i<lzB)tGvnboPQe*g2VXo-i?3gN)$YvBEjmk&w`l%&
zV$gHqUdCJbCzoEov2Wl|=vx1KmvbeXQ|BeMY3KN#rDr@+T=95Hlxoe&{&MH@^JhIX
zkNW+)wL{}%=!Q=$+ul6>7ahjV|E*_fYYb=L@_um%WrO~Xpo0OrJ&do<Z*AYS<KLwV
zo`+j}mS3sRPGNN}%*ZTwJLjavvCWI!qS%X?_C3C|s^AjGSrPg6sD`<jnroYLLgk-+
zDNHH$nwa)?_OT<2Cz~)#{NRzK^Ej}*@~Lxh<fBxX#ov6L@{c7y{psj1&mf)Apk?#b
zoAITg7gYKgC#MGR?elp)QE6(H?15abp46}#j`!9xi#8?f)-*gAx*_EFy%3#=Vd@tH
z^Nwy$yZBOi?Y236@`l&qHkWnA$@qq^`!V70hU6)xN-kE*FW6TucD@<4cG_Lm+z+8|
zPrZnJE%qw$JJ0UU!{?ZzzkN=8Kl|klVHa=DnZ04wpAWoE^@&?`xSGF7k@c|K>Z>Oc
zO>`yrU%Lx`Prtq4VwT)Y4#B0%r<}bIwt1?y;4!xINxRGf$`$tU8|zJ)+#s0vR!Knd
zMo8|HTp8QrDrct6*;X>)P-W*{+trT0yRW`_*nC{0@ama!MkPftr9A6Qric71u`>*5
z{q=prWcQ4K;w{HudrOZszRdl)Emdyuu8rj>D`y-&_Z7U7xAcF~4eMI#7c0MA*`26f
zzxU&vODWt@OQ*<Ly$X~KxX7c>Zzr^&v6}6B!YfOm)OF{dzKU7bF>8m2)bXHdHICdp
zEhbZRQoLE$<j?$C(lL4MC9ApL{j0?f&wF;JJx%+`mrqG1FZS11zlz^e^nBmHnkj<O
z4iOyrzmy$V`T5l)Jc6E2QYkOAd^P`D!s8P=9z|rFvC`%L8X~s!bg%Pej+qM>qTVH4
zQZB9*J>;)*dso+-z^rdqSH``a&piJqM?$2<^XLh0-RJ&Z{`ka&w-*=6U7s{5;<#Sc
z?jwxTayS(ndw$M*l5+6a#kggRyQ+VuaYd(bxm#&mI&o8n&-L``n1zn4PpmVIl>G%#
zmra;_-SOg?Ajg}@N7pc~YdzzWU)y5W`8THd_KnvsDm4<~fBPv5O}3o+%4OZU2luvK
zd7sS}bJRr1u=P#K+9@U}tDgKl_Rx-RMuoY<q7$d=QlHLj>^;2KfAO1YwSZGEdl!GR
ze{t~1`ty@*mVUnPn)ki+)(-Rk|4;pmuYS9C{r7s?lbd&Prh9E)YB=YTMWXOC&uz!m
z3nVvdazFGhIA<fp6}5Wrmi0>mKJLF2Q2+AZgLjAgZA_yTHU2I$TzYJ}v7<9f_Qi@m
zx#zQ{tIwYH=Ck^|V*)E%A~_N!Ju-Y0{922LQAzfEq|(<pNuRggtIm;3J=){6ph{PF
zYQVI47iVnR5aMaQ&sNM(L^NpQqsdRE9odq$I^^-wS01VE$+dizX_q56adUbz?ON?$
zqGGa)X|0{=s%(pWhZ15|{+oVG{b;L)q4Qs@cjx@{*K#`g?Am&3_o3JGx4-wB_ojM}
zA>WT33wa*8ZF{{hc=gG5Q?|8)csYqa6$(CBqor{4EW^#M<(IOupLiWTf4hSHVBe7x
zqvS<tOFtzY^66TyxZu-Kv5@DF1n%D2eL1+|=VW7>M%(Q(`;S~^wGBNt_3?!bF3EdJ
zSTf)2JbSD!dUb5_Bq7<^%4s&dHJaC^JG3~dbw6FBQj+)PvzF@lz5nzTCA$B_uU;3w
zqqq7;ef8IW-~Bdk{Xg};{ZZptfhO@LuN&T)|Gnt9w(Qhm)lDWhzLhPxSNCMWr@YO#
zZ-v%fn8BH{{_)a>+jdvTg%~le%=dq(w`=|(RhLtjPaWq>tY~X#IKDX5cXM~oZ!Jb8
zmhTd~RJxA|s=aQ^-C6P4Id<{B&8zQdsH}L|nrpZ4>Z#x-@t$Wc`0iT0{@T=9gZYKV
zA=cm1Lkvp;gBh>xzHvTwM)7>#C;LU(TX*st&AD!Lpj`F$wKJTlj?CL#nio9#*s)SM
zqU?Ry)|vqI?ZUlECa3b#tt8#dgw(PooAAw?p~?87SfHkS?|~DpIordeA8NW~_Eg_w
z$#(0EogkbbD}TO1Bk=i?l22xux3fM?mGsk@J$+j6p$mVdwH?ExmPN1bjr*QZ@$>GB
z<C7ive>v}viurfJ{`FkPzbPDl6Klom-t@=C?~^^)uikv{<k1)EJO1$b>D3*&b8Yv9
z-{)65=3BI!c3k`a*{ePGt#7yfJNokH?alv=YFGR$Q|Zk;VB3FBvPaL+Y=z_3YG=+j
zzWEBd8!w(b{jakA%jLYcyZ^m#I`rpV5rcX`sgcB2|NHai^E`O<_Q9*78_koujd$$W
z^CG^+{6+kpS9@Q^_Qbr1KX6p_OWljuo`fI2p8Sb13$?DauBx@1@VEK$>DBYu{)Vr2
z|M2V6pEc$Zhfd4Q`R*S#?|VqFxc$MGKRy4S)tfVSk7ec6!%@>0U*GHKD;B)BSw8;z
z6YZP#PO{FK)Awt-c#(w0CO<#--3Gg4dN!@H|JJ@Y)<W`2yO832UcLKouBlk*@1N}Y
zOMKHkSAWNeE7}hA#PEIiemha0nInDg<j?<(u2%e_&vp5^-M@7k*Ppk)7d+*E{t4cx
zYrdY|RyhA}`GtG>r~mK$yZ-0@c~4GGo~ZTx%2)oq2Lp=Q>+P@oPT5){Xu)Pa)4jLo
zPuu65YS}Gwqt5QFs;&GOe7!~E!XLB4w_dGY=jlGr`BG$h>i(KtE7okj_0R8Zy!pea
zd|e#NcVur9G7bEFU0l@k;KkVs_&z^eaJjCo;D^k=sNdJ?&z>u^za97TZl6};@(+;~
zr5_xoE!Jmj-L*^LdGz)V{;^jB|GBXLJw5gMhgV6G+cqwlyJ3CUY6&-Sz4q&i=dTke
zJijgU*fEjh5*fz*&O(Q;?aq^OHF@`MkLrKEAG-hc2J^mq^XYi^=hKsoO9TDu{Ljyl
zR_vPS%K5x8LUGP9*_L3})G8P2S4{0ysrFBgymnBw{CIxb+q(B2!5bz;#iev^=UrDL
zro2t7>+~lr^$iy7RVzEKEMoS>tPGvL^-QbqRn~b0f5m_9zqRVerQAE||KFBIss6if
zms9)nzyGH{9h&SfM7G;ZdAlIjX7RS{%@0>k{BhOePnJrZsgQiOidA3m>e}PUUnZ#=
zi~SauDDn8kb3y)#FZ-k)3HBHArgzGD*JOxKk`&*Pc6IWSxFU_yT{7QwKU`^g6drkN
z_s1a79lV)qG}pT+*)Vh-cjtNW-|ARy;J<Wh#`rD0zd!9Sx6=MO|2F&F^`HK0&MR6p
z-KM`^gvIAY0jDU7YQvPS<P&u-0=H&Ox9MHWyw9}u=nU?nzsa8zwR<n>xmcz0#2Qp_
zzfXDE#Bjd6{?zuU*U|Re)9b~2du6}xKgIR$S556cyZHJ3)&Kr8Ffjc8FLdY1Ookdp
F1_0sc51s%3
literal 0
HcmV?d00001
diff --git a/k8s/gitlab-runner/values.yaml b/k8s/gitlab-runner/values.yaml
new file mode 100644
index 00000000..0baa6067
--- /dev/null
+++ b/k8s/gitlab-runner/values.yaml
@@ -0,0 +1,575 @@
+## GitLab Runner Image
+##
+## By default it's using registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v{VERSION}
+## where {VERSION} is taken from Chart.yaml from appVersion field
+##
+## ref: https://gitlab.com/gitlab-org/gitlab-runner/container_registry/29383?orderBy=NAME&sort=asc&search[]=alpine-v&search[]=
+##
+## Note: If you change the image to the ubuntu release
+## don't forget to change the securityContext;
+## these images run on different user IDs.
+##
+image:
+ registry: registry.gitlab.com
+ image: gitlab-org/gitlab-runner
+ # tag: alpine-v11.6.0
+
+## When using GitLab Runner Helm Chart with gitlab-runner-ubi-images (https://gitlab.com/gitlab-org/ci-cd/gitlab-runner-ubi-images/container_registry)
+## the installation fails because dumb-init is not packaged in the image. However, the tini is present.
+## This configuration will allow gitlab-runner-ubi-images users to explicitly enabled the use of `tini` instead of `dumb-init`
+useTini: false
+
+## Specify a imagePullPolicy for the main runner deployment
+## 'Always' if imageTag is 'latest', else set to 'IfNotPresent'
+##
+## Note: it does not apply to job containers launched by this executor.
+## Use `pull_policy` in [runners.kubernetes] to change it.
+##
+## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
+##
+imagePullPolicy: IfNotPresent
+
+## Specifying ImagePullSecrets on a Pod
+## Kubernetes supports specifying container image registry keys on a Pod.
+## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
+##
+# imagePullSecrets:
+# - name: "image-pull-secret"
+
+## Timeout, in seconds, for liveness and readiness probes of a runner pod.
+# probeTimeoutSeconds: 1
+
+# How many runner pods to launch.
+#
+replicas: 1
+
+# How many old ReplicaSets for this Deployment you want to retain
+revisionHistoryLimit: 3
+
+# The GitLab Server URL (with protocol) that want to register the runner against
+# ref: https://docs.gitlab.com/runner/commands/index.html#gitlab-runner-register
+#
+gitlabUrl: https://gitlab.epfl.ch/
+
+## DEPRECATED: The Registration Token for adding new Runners to the GitLab Server.
+##
+## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html
+##
+# runnerRegistrationToken: ""
+
+## The Runner Token for adding new Runners to the GitLab Server. This must
+## be retrieved from your GitLab Instance. It is token of already registered runner.
+## ref: (we don't yet have docs for that, but we want to use existing token)
+##
+# runnerToken: ""
+#
+
+## Unregister all runners before termination
+##
+## Updating the runner's chart version or configuration will cause the runner container
+## to be terminated and created again. This may cause your Gitlab instance to reference
+## non-existant runners. Un-registering the runner before termination mitigates this issue.
+## ref: https://docs.gitlab.com/runner/commands/index.html#gitlab-runner-unregister
+##
+# unregisterRunners: true
+
+## When stopping the runner, give it time to wait for its jobs to terminate.
+##
+## Updating the runner's chart version or configuration will cause the runner container
+## to be terminated with a graceful stop request. terminationGracePeriodSeconds
+## instructs Kubernetes to wait long enough for the runner pod to terminate gracefully.
+## ref: https://docs.gitlab.com/runner/commands/#signals
+terminationGracePeriodSeconds: 3600
+
+## Set the certsSecretName in order to pass custom certficates for GitLab Runner to use
+## Provide resource name for a Kubernetes Secret Object in the same namespace,
+## this is used to populate the /home/gitlab-runner/.gitlab-runner/certs/ directory
+## ref: https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates-targeting-the-gitlab-server
+##
+# certsSecretName:
+
+## Configure the maximum number of concurrent jobs
+## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
+##
+concurrent: 2
+
+## Defines in seconds how often to check GitLab for a new builds
+## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
+##
+checkInterval: 60
+
+## Configure GitLab Runner's logging level. Available values are: debug, info, warn, error, fatal, panic
+## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
+##
+# logLevel:
+
+## Configure GitLab Runner's logging format. Available values are: runner, text, json
+## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
+##
+# logFormat:
+
+## Configure GitLab Runner's Sentry DSN.
+## ref https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section
+##
+# sentryDsn:
+
+## A custom bash script that will be executed prior to the invocation
+## gitlab-runner process
+#
+#preEntrypointScript: |
+# echo "hello"
+
+## Specify whether the runner should start the session server.
+## Defaults to false
+## ref:
+##
+## When sessionServer is enabled, the user can either provide a public publicIP
+## or rely on the external IP auto discovery
+## When a serviceAccountName is used with the automounting to the pod disable,
+## we recommend the usage of the publicIP
+sessionServer:
+ enabled: false
+ # annotations: {}
+ # timeout: 1800
+ # internalPort: 8093
+ # externalPort: 9000
+ # publicIP: ""
+ # loadBalancerSourceRanges:
+ # - 1.2.3.4/32
+
+## For RBAC support:
+rbac:
+ create: true
+
+ ## Define list of rules to be added to the rbac role permissions.
+ ## Each rule supports the keys:
+ ## - apiGroups: default "" (indicates the core API group) if missing or empty.
+ ## - resources: default "*" if missing or empty.
+ ## - verbs: default "*" if missing or empty.
+ ##
+ ## Read more about the recommended rules on the following link
+ ##
+ ## ref: https://docs.gitlab.com/runner/executors/kubernetes.html#configuring-executor-service-account
+ ##
+ rules:
+ - apiGroups: [""]
+ resources: ["configmaps", "pods", "pods/attach", "secrets", "services"]
+ verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
+ - apiGroups: [""]
+ resources: ["pods/exec"]
+ verbs: ["create", "patch", "delete"]
+
+ ## Run the gitlab-bastion container with the ability to deploy/manage containers of jobs
+ ## cluster-wide or only within namespace
+ clusterWideAccess: false
+
+ ## Use the following Kubernetes Service Account name if RBAC is disabled in this Helm chart (see rbac.create)
+ ##
+ # serviceAccountName: default
+
+ ## Specify annotations for Service Accounts, useful for annotations such as eks.amazonaws.com/role-arn
+ ##
+ ## ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html
+ ##
+ # serviceAccountAnnotations: {}
+
+ ## Use podSecurity Policy
+ ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
+ podSecurityPolicy:
+ enabled: false
+ resourceNames:
+ - gitlab-runner
+
+ ## Specify one or more imagePullSecrets used for pulling the runner image
+ ##
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
+ ##
+ # imagePullSecrets: []
+
+## Configure integrated Prometheus metrics exporter
+##
+## ref: https://docs.gitlab.com/runner/monitoring/#configuration-of-the-metrics-http-server
+##
+metrics:
+ enabled: false
+
+ ## Define a name for the metrics port
+ ##
+ portName: metrics
+
+ ## Provide a port number for the integrated Prometheus metrics exporter
+ ##
+ port: 9252
+
+ ## Configure a prometheus-operator serviceMonitor to allow autodetection of
+ ## the scraping target. Requires enabling the service resource below.
+ ##
+ serviceMonitor:
+ enabled: false
+
+ ## Provide additional labels to the service monitor ressource
+ ##
+ ## labels: {}
+
+ ## Define a scrape interval (otherwise prometheus default is used)
+ ##
+ ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config
+ ##
+ # interval: ""
+
+ ## Specify the scrape protocol scheme e.g., https or http
+ ##
+ # scheme: "http"
+
+ ## Supply a tls configuration for the service monitor
+ ##
+ ## ref: https://github.com/helm/charts/blob/master/stable/prometheus-operator/crds/crd-servicemonitor.yaml
+ ##
+ # tlsConfig: {}
+
+ ## The URI path where prometheus metrics can be scraped from
+ ##
+ # path: "/metrics"
+
+ ## A list of MetricRelabelConfigs to apply to samples before ingestion
+ ##
+ ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+ ##
+ # metricRelabelings: []
+
+ ## A list of RelabelConfigs to apply to samples before scraping
+ ##
+ ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
+ ##
+ ## relabelings: []
+
+## Configure a service resource e.g., to allow scraping metrics via
+## prometheus-operator serviceMonitor
+service:
+ enabled: false
+
+ ## Provide additonal labels for the service
+ ##
+ # labels: {}
+
+ ## Provide additonal annotations for the service
+ ##
+ # annotations: {}
+
+ ## Define a specific ClusterIP if you do not want a dynamic one
+ ##
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
+ ##
+ # clusterIP: ""
+
+ ## Define a list of one or more external IPs for this service
+ ##
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
+ ##
+ # externalIPs: []
+
+ ## Provide a specific loadbalancerIP e.g., of an external Loadbalancer
+ ##
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
+ ##
+ # loadBalancerIP: ""
+
+ ## Provide a list of source IP ranges to have access to this service
+ ##
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#aws-nlb-support
+ ##
+ # loadBalancerSourceRanges: []
+
+ ## Specify the service type e.g., ClusterIP, NodePort, Loadbalancer or ExternalName
+ ##
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+ ##
+ type: ClusterIP
+
+ ## Specify the services metrics nodeport if you use a service of type nodePort
+ ##
+ # metrics:
+
+ ## Specify the node port under which the prometheus metrics of the runner are made
+ ## available.
+ ##
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport
+ ##
+ # nodePort: ""
+
+ ## Provide a list of additional ports to be exposed by this service
+ ##
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
+ ##
+ # additionalPorts: []
+
+## Configuration for the Pods that the runner launches for each new job
+##
+runners:
+ # runner configuration, where the multi line strings is evaluated as
+ # template so you can specify helm values inside of it.
+ #
+ # tpl: https://helm.sh/docs/howto/charts_tips_and_tricks/#using-the-tpl-function
+ # runner configuration: https://docs.gitlab.com/runner/configuration/advanced-configuration.html
+ config: |
+ [[runners]]
+ [runners.kubernetes]
+ namespace = "{{.Release.Namespace}}"
+ image = "ubuntu:16.04"
+ [runners.kubernetes.dns_config]
+ nameservers = ["8.8.8.8"]
+
+ ## Which executor should be used
+ ##
+ # executor: kubernetes
+
+ ## DEPRECATED: Specify whether the runner should be locked to a specific project: true, false.
+ ##
+ ## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html
+ ##
+ # locked: true
+
+ ## DEPRECATED: Specify the tags associated with the runner. Comma-separated list of tags.
+ ##
+ ## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html
+ ##
+ # tags: ""
+
+ ## Specify the name for the runner.
+ ##
+ # name: ""
+
+ ## DEPRECATED:Specify the maximum timeout (in seconds) that will be set for job when using this Runner
+ ##
+ ## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html
+ ##
+ # maximumTimeout: ""
+
+ ## DEPRECATED: Specify if jobs without tags should be run.
+ ##
+ ## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html
+ ##
+ # runUntagged: true
+
+ ## DEPRECATED: Specify whether the runner should only run protected branches.
+ ##
+ ## ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html
+ ##
+ # protected: true
+
+ ## The name of the secret containing runner-token and runner-registration-token
+ # secret: gitlab-runner
+
+ ## Distributed runners caching
+ ## ref: https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching
+ ##
+ ## If you want to use s3 based distributing caching:
+ ## First of all you need to uncomment General settings and S3 settings sections.
+ ##
+ ## Create a secret 's3access' containing 'accesskey' & 'secretkey'
+ ## ref: https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/
+ ##
+ ## $ kubectl create secret generic s3access \
+ ## --from-literal=accesskey="YourAccessKey" \
+ ## --from-literal=secretkey="YourSecretKey"
+ ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
+ ##
+ ## If you want to use gcs based distributing caching:
+ ## First of all you need to uncomment General settings and GCS settings sections.
+ ##
+ ## Access using credentials file:
+ ## Create a secret 'google-application-credentials' containing your application credentials file.
+ ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section
+ ## You could configure
+ ## $ kubectl create secret generic google-application-credentials \
+ ## --from-file=gcs-application-credentials-file=./path-to-your-google-application-credentials-file.json
+ ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
+ ##
+ ## Access using access-id and private-key:
+ ## Create a secret 'gcsaccess' containing 'gcs-access-id' & 'gcs-private-key'.
+ ## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section
+ ## You could configure
+ ## $ kubectl create secret generic gcsaccess \
+ ## --from-literal=gcs-access-id="YourAccessID" \
+ ## --from-literal=gcs-private-key="YourPrivateKey"
+ ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
+ ##
+ ## If you want to use Azure-based distributed caching:
+ ## First, uncomment General settings.
+ ##
+ ## Create a secret 'azureaccess' containing 'azure-account-name' & 'azure-account-key'
+ ## ref: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction
+ ##
+ ## $ kubectl create secret generic azureaccess \
+ ## --from-literal=azure-account-name="YourAccountName" \
+ ## --from-literal=azure-account-key="YourAccountKey"
+ ## ref: https://kubernetes.io/docs/concepts/configuration/secret/
+
+ cache:
+ {}
+ ## S3 the name of the secret.
+ # secretName: s3access
+ ## Use this line for access using gcs-access-id and gcs-private-key
+ # secretName: gcsaccess
+ ## Use this line for access using google-application-credentials file
+ # secretName: google-application-credentials
+ ## Use this line for access using Azure with azure-account-name and azure-account-key
+ # secretName: azureaccess
+
+## Specify the name of the scheduler which used to schedule runner pods.
+## Kubernetes supports multiple scheduler configurations.
+## ref: https://kubernetes.io/docs/reference/scheduling
+# schedulerName: "my-custom-scheduler"
+
+## Configure securitycontext for the main container
+## ref: http://kubernetes.io/docs/user-guide/security-context/
+##
+securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: false
+ runAsNonRoot: true
+ privileged: false
+ capabilities:
+ drop: ["ALL"]
+
+## Configure securitycontext valid for the whole pod
+## ref: http://kubernetes.io/docs/user-guide/security-context/
+##
+podSecurityContext:
+ runAsUser: 100
+ # runAsGroup: 65533
+ fsGroup: 65533
+ # supplementalGroups: [65533]
+
+ ## Note: values for the ubuntu image:
+ # runAsUser: 999
+ # fsGroup: 999
+
+## Configure resource requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+ {}
+ # limits:
+ # memory: 256Mi
+ # cpu: 200m
+ # requests:
+ # memory: 128Mi
+ # cpu: 100m
+
+## Affinity for pod assignment
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector:
+ {}
+ # Example: The gitlab runner manager should not run on spot instances so you can assign
+ # them to the regular worker nodes only.
+ # node-role.kubernetes.io/worker: "true"
+
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations:
+ []
+ # Example: Regular worker nodes may have a taint, thus you need to tolerate the taint
+ # when you assign the gitlab runner manager with nodeSelector or affinity to the nodes.
+ # - key: "node-role.kubernetes.io/worker"
+ # operator: "Exists"
+
+## Configure environment variables that will be present when the registration command runs
+## This provides further control over the registration process and the config.toml file
+## ref: `gitlab-runner register --help`
+## ref: https://docs.gitlab.com/runner/configuration/advanced-configuration.html
+##
+# envVars:
+# - name: RUNNER_EXECUTOR
+# value: kubernetes
+
+## list of hosts and IPs that will be injected into the pod's hosts file
+hostAliases:
+ []
+ # Example:
+ # - ip: "127.0.0.1"
+ # hostnames:
+ # - "foo.local"
+ # - "bar.local"
+ # - ip: "10.1.2.3"
+ # hostnames:
+ # - "foo.remote"
+ # - "bar.remote"
+
+## Annotations to be added to manager pod
+##
+podAnnotations:
+ {}
+ # Example:
+ # iam.amazonaws.com/role: <my_role_arn>
+
+## Labels to be added to manager pod
+##
+podLabels:
+ {}
+ # Example:
+ # owner.team: <my_cool_team>
+
+## HPA support for custom metrics:
+## This section enables runners to autoscale based on defined custom metrics.
+## In order to use this functionality, Need to enable a custom metrics API server by
+## implementing "custom.metrics.k8s.io" using supported third party adapter
+## Example: https://github.com/directxman12/k8s-prometheus-adapter
+##
+#hpa: {}
+# minReplicas: 1
+# maxReplicas: 10
+# metrics:
+# - type: Pods
+# pods:
+# metricName: gitlab_runner_jobs
+# targetAverageValue: 400m
+
+## Configure priorityClassName for manager pod. See k8s docs for more info on how pod priority works:
+## https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+priorityClassName: ""
+
+## Secrets to be additionally mounted to the containers.
+## All secrets are mounted through init-runner-secrets volume
+## and placed as readonly at /init-secrets in the init container
+## and finally copied to an in-memory volume runner-secrets that is
+## mounted at /secrets.
+secrets:
+ []
+ # Example:
+ # - name: my-secret
+ # - name: myOtherSecret
+ # items:
+ # - key: key_one
+ # path: path_one
+
+## Additional config files to mount in the containers in `/configmaps`.
+##
+## Please note that a number of keys are reserved by the runner.
+## See https://gitlab.com/gitlab-org/charts/gitlab-runner/-/blob/main/templates/configmap.yaml
+## for a current list.
+configMaps: {}
+
+## Additional volumeMounts to add to the runner container
+##
+volumeMounts:
+ []
+ # Example:
+ # - name: my-volume
+ # mountPath: /mount/path
+
+## Additional volumes to add to the runner deployment
+##
+volumes:
+ []
+ # Example:
+ # - name: my-volume
+ # persistentVolumeClaim:
+ # claimName: my-pvc
--
GitLab