aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitmodules18
-rw-r--r--docs/index.rst1
-rw-r--r--docs/oom_hardcoded_certificates.rst6
-rw-r--r--docs/oom_quickstart_guide.rst4
-rw-r--r--docs/oom_setup_ingress_controller.rst159
-rw-r--r--kubernetes/Makefile4
-rw-r--r--kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml75
-rw-r--r--kubernetes/aaf/charts/aaf-cass/templates/pv.yaml26
-rw-r--r--kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml25
-rw-r--r--kubernetes/aaf/charts/aaf-cass/templates/service.yaml37
-rw-r--r--kubernetes/aaf/charts/aaf-cass/values.yaml64
-rw-r--r--kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml129
-rw-r--r--kubernetes/aaf/charts/aaf-cm/templates/service.yaml23
-rw-r--r--kubernetes/aaf/charts/aaf-cm/values.yaml50
-rw-r--r--kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml129
-rw-r--r--kubernetes/aaf/charts/aaf-fs/templates/service.yaml23
-rw-r--r--kubernetes/aaf/charts/aaf-fs/values.yaml50
-rw-r--r--kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml129
-rw-r--r--kubernetes/aaf/charts/aaf-gui/templates/service.yaml23
-rw-r--r--kubernetes/aaf/charts/aaf-gui/values.yaml52
-rw-r--r--kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pv.yaml46
-rw-r--r--kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pvc.yaml44
-rw-r--r--kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml106
-rw-r--r--kubernetes/aaf/charts/aaf-hello/templates/secret.yaml15
-rw-r--r--kubernetes/aaf/charts/aaf-hello/templates/service.yaml21
-rw-r--r--kubernetes/aaf/charts/aaf-hello/values.yaml83
-rw-r--r--kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml129
-rw-r--r--kubernetes/aaf/charts/aaf-locate/templates/service.yaml23
-rw-r--r--kubernetes/aaf/charts/aaf-locate/values.yaml49
-rw-r--r--kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml129
-rw-r--r--kubernetes/aaf/charts/aaf-oauth/templates/service.yaml23
-rw-r--r--kubernetes/aaf/charts/aaf-oauth/values.yaml52
-rw-r--r--kubernetes/aaf/charts/aaf-service/templates/deployment.yaml136
-rw-r--r--kubernetes/aaf/charts/aaf-service/templates/service.yaml23
-rw-r--r--kubernetes/aaf/charts/aaf-service/values.yaml52
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml11
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml26
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml30
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml11
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml39
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml25
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml24
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml37
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml25
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml25
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml24
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml28
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/values.yaml20
-rw-r--r--kubernetes/aaf/templates/_deployment.tpl67
-rw-r--r--kubernetes/aaf/templates/_initContainers.tpl122
-rw-r--r--kubernetes/aaf/templates/pv-config.yaml40
-rw-r--r--kubernetes/aaf/templates/pv-status.yaml40
-rw-r--r--kubernetes/aaf/templates/pvc-config.yaml43
-rw-r--r--kubernetes/aaf/templates/pvc-status.yaml43
-rw-r--r--kubernetes/aaf/values.yaml68
m---------kubernetes/aai0
-rw-r--r--kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties2
-rwxr-xr-xkubernetes/cds/charts/cds-blueprints-processor/values.yaml2
-rwxr-xr-xkubernetes/cds/charts/cds-command-executor/values.yaml2
-rwxr-xr-xkubernetes/cds/charts/cds-py-executor/Chart.yaml18
-rwxr-xr-xkubernetes/cds/charts/cds-py-executor/requirements.yaml18
-rwxr-xr-xkubernetes/cds/charts/cds-py-executor/templates/deployment.yaml90
-rw-r--r--kubernetes/cds/charts/cds-py-executor/templates/secret.yaml15
-rwxr-xr-xkubernetes/cds/charts/cds-py-executor/templates/service.yaml15
-rwxr-xr-xkubernetes/cds/charts/cds-py-executor/values.yaml120
-rw-r--r--kubernetes/cds/charts/cds-sdc-listener/values.yaml2
-rw-r--r--kubernetes/cds/charts/cds-ui/values.yaml2
-rw-r--r--kubernetes/common/Makefile4
-rw-r--r--kubernetes/common/cassandra/requirements.yaml2
-rw-r--r--kubernetes/common/certInitializer/Chart.yaml18
-rw-r--r--kubernetes/common/certInitializer/requirements.yaml18
-rw-r--r--kubernetes/common/certInitializer/resources/truststoreONAP.p12.b6430
-rw-r--r--kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b642186
-rw-r--r--kubernetes/common/certInitializer/templates/_certInitializer.yaml163
-rw-r--r--kubernetes/common/certInitializer/templates/configmap.yaml (renamed from kubernetes/nbi/templates/configmap-aaf-add-config.yaml)22
-rw-r--r--kubernetes/common/certInitializer/templates/secret.yaml17
-rw-r--r--kubernetes/common/certInitializer/values.yaml42
-rw-r--r--kubernetes/common/common/templates/_aafconfig.tpl14
-rw-r--r--kubernetes/common/dgbuilder/requirements.yaml2
-rw-r--r--kubernetes/common/elasticsearch/components/curator/requirements.yaml2
-rw-r--r--kubernetes/common/elasticsearch/components/data/requirements.yaml2
-rw-r--r--kubernetes/common/elasticsearch/components/master/requirements.yaml2
-rw-r--r--kubernetes/common/elasticsearch/requirements.yaml3
-rw-r--r--kubernetes/common/etcd/requirements.yaml2
-rw-r--r--kubernetes/common/mongo/requirements.yaml2
-rw-r--r--kubernetes/common/music/charts/music-cassandra/requirements.yaml2
-rw-r--r--kubernetes/common/music/requirements.yaml2
-rw-r--r--kubernetes/common/network-name-gen/requirements.yaml6
-rw-r--r--kubernetes/common/network-name-gen/values.yaml2
-rw-r--r--kubernetes/common/postgres/requirements.yaml2
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml2
-rw-r--r--kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties4
-rw-r--r--kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml24
-rw-r--r--kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml2
-rw-r--r--kubernetes/dmaap/components/dmaap-bc/values.yaml21
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/values.yaml1
-rw-r--r--kubernetes/multicloud/charts/multicloud-k8s/values.yaml2
-rw-r--r--kubernetes/nbi/requirements.yaml3
-rw-r--r--kubernetes/nbi/templates/deployment.yaml12
-rw-r--r--kubernetes/nbi/values.yaml20
-rw-r--r--kubernetes/policy/charts/drools/values.yaml2
-rw-r--r--kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties2
-rw-r--r--kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml11
-rw-r--r--kubernetes/portal/charts/portal-app/values.yaml2
-rw-r--r--kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql2
m---------kubernetes/robot0
-rw-r--r--kubernetes/sdc/charts/sdc-be/values.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-cs/values.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-fe/values.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-onboarding-be/values.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-be/values.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-fe/values.yaml2
-rw-r--r--kubernetes/sdnc/Makefile6
-rw-r--r--kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties4
-rw-r--r--kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties4
-rw-r--r--kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties6
-rw-r--r--kubernetes/sdnc/charts/dmaap-listener/values.yaml2
-rw-r--r--kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml2
-rw-r--r--kubernetes/sdnc/charts/sdnc-portal/values.yaml2
-rw-r--r--kubernetes/sdnc/charts/ueb-listener/values.yaml2
-rw-r--r--kubernetes/sdnc/components/Makefile51
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/Chart.yaml (renamed from kubernetes/sdnc/sdnc-prom/Chart.yaml)0
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/requirements.yaml (renamed from kubernetes/sdnc/sdnc-prom/requirements.yaml)0
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh (renamed from kubernetes/sdnc/sdnc-prom/resources/bin/ensureSdncActive.sh)0
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh (renamed from kubernetes/sdnc/sdnc-prom/resources/bin/ensureSdncStandby.sh)0
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh (renamed from kubernetes/sdnc/sdnc-prom/resources/bin/prom.sh)0
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.cluster (renamed from kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.cluster)0
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.dnsswitch (renamed from kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.dnsswitch)0
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover (renamed from kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.failover)0
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor (renamed from kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.monitor)0
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh (renamed from kubernetes/sdnc/sdnc-prom/resources/bin/switchVoting.sh)0
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/resources/config/config.json (renamed from kubernetes/sdnc/sdnc-prom/resources/config/config.json)0
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/resources/config/healthchecks.json (renamed from kubernetes/sdnc/sdnc-prom/resources/config/healthchecks.json)0
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/templates/configmap.yaml (renamed from kubernetes/sdnc/sdnc-prom/templates/configmap.yaml)0
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml (renamed from kubernetes/sdnc/sdnc-prom/templates/deployment.yaml)0
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/templates/pv.yaml (renamed from kubernetes/sdnc/sdnc-prom/templates/pv.yaml)0
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/templates/pvc.yaml (renamed from kubernetes/sdnc/sdnc-prom/templates/pvc.yaml)0
-rw-r--r--kubernetes/sdnc/components/sdnc-prom/values.yaml (renamed from kubernetes/sdnc/sdnc-prom/values.yaml)0
-rw-r--r--kubernetes/sdnc/templates/configmap.yaml13
-rw-r--r--kubernetes/sdnc/templates/statefulset.yaml69
-rw-r--r--kubernetes/sdnc/values.yaml19
-rw-r--r--kubernetes/vnfsdk/resources/config/configuration.xml35
-rw-r--r--kubernetes/vnfsdk/templates/configmap.yaml2
-rw-r--r--kubernetes/vnfsdk/templates/deployment.yaml33
-rw-r--r--kubernetes/vnfsdk/templates/job.yaml6
-rw-r--r--kubernetes/vnfsdk/templates/secrets.yaml16
-rw-r--r--kubernetes/vnfsdk/values.yaml21
147 files changed, 3914 insertions, 2046 deletions
diff --git a/.gitmodules b/.gitmodules
index 08d7aea901..ddad6f6c9a 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,11 +1,11 @@
[submodule "kubernetes/aai"]
- path = kubernetes/aai
- url = ../aai/oom
- branch = master
- ignore = dirty
+ path = kubernetes/aai
+ url = ../aai/oom
+ branch = frankfurt
+ ignore = dirty
[submodule "kubernetes/robot"]
- path = kubernetes/robot
- url = ../testsuite/oom
- branch = .
- ignore = dirty
- \ No newline at end of file
+ path = kubernetes/robot
+ url = ../testsuite/oom
+ branch = frankfurt
+ ignore = dirty
+
diff --git a/docs/index.rst b/docs/index.rst
index c8048d142e..c933a726fb 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -16,3 +16,4 @@ OOM Documentation Repository
oom_cloud_setup_guide.rst
release-notes.rst
oom_setup_kubernetes_rancher.rst
+ oom_setup_ingress_controller.rst
diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst
index 552950b225..9cf11c5b26 100644
--- a/docs/oom_hardcoded_certificates.rst
+++ b/docs/oom_hardcoded_certificates.rst
@@ -30,9 +30,11 @@ Here's the list of these certificates:
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| APPC | Yes | No | No | kubernetes/appc/resources/config/certs/org.onap.appc.p12 |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | certInitializer | Yes | No | No | kubernetes/common/certInitializer/resources |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| MSB | Yes | No? | Yes | kubernetes/msb/resources/config/certificates |
- +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- | MUSIC | Yes | No? | No? | kubernetes/common/music/charts/music/resources/keys/ |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | MUSIC | Yes | No? | No? | kubernetes/common/music/charts/music/resources/keys/ |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| SDC | Yes | No? | No? | kubernetes/sdc/resources/cert |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst
index 565c43f467..364f14e923 100644
--- a/docs/oom_quickstart_guide.rst
+++ b/docs/oom_quickstart_guide.rst
@@ -193,6 +193,10 @@ All override files may be customized (or replaced by other overrides) as per nee
`onap-all.yaml`
Enables the modules in the ONAP deployment. As ONAP is very modular, it is possible to customize ONAP and disable some components through this configuration file.
+`onap-all-ingress-nginx-vhost.yaml`
+ Alternative version of the `onap-all.yaml` but with global ingress controller enabled. It requires the cluster configured with the nginx ingress controller and load balancer.
+ Please use this file instad `onap-all.yaml` if you want to use experimental ingress controller feature.
+
`environment.yaml`
Includes configuration values specific to the deployment environment.
diff --git a/docs/oom_setup_ingress_controller.rst b/docs/oom_setup_ingress_controller.rst
new file mode 100644
index 0000000000..a4abc2b390
--- /dev/null
+++ b/docs/oom_setup_ingress_controller.rst
@@ -0,0 +1,159 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright 2020, Samsung Electronics
+
+.. Links
+.. _HELM Best Practices Guide: https://docs.helm.sh/chart_best_practices/#requirements
+.. _kubectl Cheat Sheet: https://kubernetes.io/docs/reference/kubectl/cheatsheet/
+.. _Kubernetes documentation for emptyDir: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
+.. _metallb Metal Load Balancer installation: https://metallb.universe.tf/installation/
+.. _http://cd.onap.info:30223/mso/logging/debug: http://cd.onap.info:30223/mso/logging/debug
+.. _Onboarding and Distributing a Vendor Software Product: https://wiki.onap.org/pages/viewpage.action?pageId=1018474
+.. _README.md: https://gerrit.onap.org/r/gitweb?p=oom.git;a=blob;f=kubernetes/README.md
+
+.. figure:: oomLogoV2-medium.png
+ :align: right
+
+.. _onap-on-kubernetes-with-rancher:
+
+
+Ingress controller setup on HA Kubernetes Cluster
+#################################################
+
+This guide provides instruction how to setup experimental ingress controller feature.
+For this, we are hosting our cluster on OpenStack VMs and using the Rancher Kubernetes Engine (RKE)
+to deploy and manage our Kubernetes Cluster and ingress controller
+
+.. contents::
+ :depth: 1
+ :local:
+..
+
+The result at the end of this tutorial will be:
+
+#. Customization of the cluster.yaml file for ingress controller support
+
+#. Installation and configuration test DNS server for ingress host resolution on testing machines
+
+#. Instalation and configuration MLB (Metal Load Balancer) required for exposing ingress service
+
+#. Instalation and configuration NGINX ingress controller
+
+#. Additional info howto deploy onap with services exposed via Ingress controller
+
+Customize cluster.yml file
+===========================
+Before setup cluster for ingress purposes DNS cluster IP and ingress provider should be configured and follwing:
+
+.. code-block:: yaml
+ <...>
+ restore:
+ restore: false
+ snapshot_name: ""
+ ingress:
+ provider: none
+ dns:
+ provider: coredns
+ upstreamnameservers:
+ - <custer_dns_ip>:31555
+
+Where the <cluster_dns_ip> should be set to the same IP as the CONTROLPANE node.
+
+For external load balacer purposes minimum one of the worker node should be configured with external IP
+address accessible outside the cluster. It can be done using the following example node configuration:
+
+.. code-block:: yaml
+ <...>
+ - address: <external_ip>
+ internal_address: <internal_ip>
+ port: "22"
+ role:
+ - worker
+ hostname_override: "onap-worker-0"
+ user: ubuntu
+ ssh_key_path: "~/.ssh/id_rsa"
+ <...>
+
+Where the <external_ip> is external worker node IP address, and <internal_ip> is internal node IP address if it is required
+
+
+
+DNS server configuration and instalation
+========================
+DNS server deployed on the Kubernetes cluster makes it easy to use services exposed through ingress controller because it
+resolves all subdomain related to the onap cluster to the load balancer IP.
+Testing ONAP cluster requires a lot of entries on the target machines in the /etc/hosts.
+Adding many entries into the configuration files on testing machines is quite problematic and error prone.
+The better wait is to create central DNS server with entries for all virtual host pointed to simpledemo.onap.org and add custom DNS server as a target DNS server for testing machines and/or as external DNS for kubernetes cluster.
+
+DNS server has automatic instalation and configuration script, so instalation is quite easy::
+
+ > cd kubernetes/contrib/dns-server-for-vhost-ingress-testing
+
+ > ./deploy\_dns.sh
+
+After DNS deploy you need to setup DNS entry on the target testing machine.
+Because DNS listen on non standard port configuration require iptables rules
+on the target machine. Please follow the configuation proposed by the deploy scripts
+Example output depends on the IP address and example output looks like bellow::
+
+
+ DNS server already deployed:
+ 1. You can add the DNS server to the target machine using following commands:
+ sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
+ sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
+ sudo sysctl -w net.ipv4.conf.all.route_localnet=1
+ sudo sysctl -w net.ipv4.ip_forward=1
+ 2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine
+
+
+MetalLB Load Balancer instalation and configuration
+====================================================
+
+By default pure Kubernetes cluster requires external load balancer if we want to expose
+external port using LoadBalancer settings. For this purpose MetalLB can be used.
+Before installing the MetalLB you need to ensure that at least one worker has assigned IP acessible outside the cluster.
+
+MetalLB Load balanancer can be easily installed using automatic install script::
+
+ > cd kubernetes/contrib/metallb-loadbalancer-inst
+
+ > ./install-metallb-on-cluster.sh
+
+
+Configuration NGINX ingress controller
+=======================================
+
+After installation DNS server and ingress controller we can install and configure ingress controller.
+It can be done using the following commands::
+
+ > cd kubernetes/contrib/ingress-nginx-post-inst
+
+ > kubectl apply -f nginx_ingress_cluster_config.yaml
+
+ > kubectl apply -f nginx_ingress_enable_optional_load_balacer_service.yaml
+
+After deploy NGINX ingress controller you can ensure that the ingress port is exposed as load balancer service
+with external IP address::
+
+ > kubectl get svc -n ingress-nginx
+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+ default-http-backend ClusterIP 10.10.10.10 <none> 80/TCP 25h
+ ingress-nginx LoadBalancer 10.10.10.11 10.12.13.14 80:31308/TCP,443:30314/TCP 24h
+
+
+ONAP with ingress exposed services
+=====================================
+If you want to deploy onap with services exposed through ingress controller you can use full onap deploy script::
+ > onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
+
+Ingress also can be enabled on any onap setup override using following code:
+
+.. code-block:: yaml
+ <...>
+ #ingress virtualhost based configuration
+ global:
+ <...>
+ ingress:
+ enabled: true
+
diff --git a/kubernetes/Makefile b/kubernetes/Makefile
index 7150f10c1f..faa96df811 100644
--- a/kubernetes/Makefile
+++ b/kubernetes/Makefile
@@ -28,9 +28,9 @@ endif
SUBMODS := robot aai
EXCLUDES := config oneclick readiness test dist helm $(PARENT_CHART) dcae $(SUBMODS)
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) $(PARENT_CHART)
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(SUBMODS) $(PARENT_CHART)
-.PHONY: $(EXCLUDES) $(HELM_CHARTS) $(SUBMODS)
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
all: $(COMMON_CHARTS_DIR) $(SUBMODS) $(HELM_CHARTS) plugins
diff --git a/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml
index eb785e2d9b..309a9f38c6 100644
--- a/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml
@@ -1,4 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,23 +13,14 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- replicas: {{ .Values.global.aaf.cass.replicas }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- name: fix-permission
@@ -37,47 +29,38 @@ spec:
args:
- -c
- |
- chmod -R 775 /opt/app/aaf/status
chown -R 1000:1000 /opt/app/aaf/status
- chmod -R 775 /var/lib/cassandra
chown -R 1000:1000 /var/lib/cassandra
image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- mountPath: /var/lib/cassandra
name: aaf-cass-vol
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 30m
+ memory: 100Mi
containers:
- name: {{ include "common.name" . }}
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.cass.image}}
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# installing with cmd "onap" will not only initialize the DB, but add ONAP bootstrap data as well
command: ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh","onap"]
- lifecycle:
- preStop:
- exec:
- command: ["/bin/sh","-c","rm /opt/app/aaf/status/aaf-cass"]
- ports:
- - name: storage
- containerPort: {{.Values.global.aaf.cass.storage_port}}
- - name: ssl-storage
- containerPort: {{.Values.global.aaf.cass.ssl_storage_port}}
- - name: native-trans
- containerPort: {{.Values.global.aaf.cass.native_trans_port}}
- - name: rpc
- containerPort: {{.Values.global.aaf.cass.rpc_port}}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
env:
- name: CASSANDRA_CLUSTER_NAME
- value: {{.Values.global.aaf.cass.cluster_name}}
+ value: {{ .Values.config.cluster_name }}
- name: CASSANDRA_DC
- value: {{.Values.global.aaf.cass.dc}}
+ value: {{ .Values.config.dc }}
- name: CQLSH
value: "/opt/cassandra/bin/cqlsh"
- name: HEAP_NEWSIZE
- value: {{.Values.global.aaf.cass.heap_new_size}}
+ value: {{ .Values.config.heap_new_size }}
- name: MAX_HEAP_SIZE
- value: {{.Values.global.aaf.cass.max_heap_size}}
+ value: {{ .Values.config.max_heap_size }}
- name: MY_POD_NAME
valueFrom:
fieldRef:
@@ -93,44 +76,36 @@ spec:
volumeMounts:
- mountPath: /var/lib/cassandra
name: aaf-cass-vol
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- mountPath: /etc/localtime
name: localtime
readOnly: true
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{.Values.global.aaf.cass.native_trans_port}}
+ port: tcp-cql
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{.Values.global.aaf.cass.native_trans_port}}
+ port: tcp-cql
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- - name: aaf-status-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-status
- name: aaf-cass-vol
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-data
+ claimName: {{ include "common.fullname" . }}
{{- else }}
emptyDir: {}
{{- end }}
diff --git a/kubernetes/aaf/charts/aaf-cass/templates/pv.yaml b/kubernetes/aaf/charts/aaf-cass/templates/pv.yaml
index 0f0a30585b..187e9b75de 100644
--- a/kubernetes/aaf/charts/aaf-cass/templates/pv.yaml
+++ b/kubernetes/aaf/charts/aaf-cass/templates/pv.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,27 +15,4 @@
# limitations under the License.
*/}}
-{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) }}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: {{ include "common.release" . }}
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
- storageClassName: "{{ include "common.fullname" . }}-data"
-{{- end -}}
-{{- end -}}
+{{ include "common.PV" . }}
diff --git a/kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml b/kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml
index 3cc43560e4..e56c98751c 100644
--- a/kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml
+++ b/kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,26 +15,4 @@
# limitations under the License.
*/}}
-{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" .}}-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end -}}
+{{ include "common.PVC" . }}
diff --git a/kubernetes/aaf/charts/aaf-cass/templates/service.yaml b/kubernetes/aaf/charts/aaf-cass/templates/service.yaml
index d5c615f55d..8f80ee12a2 100644
--- a/kubernetes/aaf/charts/aaf-cass/templates/service.yaml
+++ b/kubernetes/aaf/charts/aaf-cass/templates/service.yaml
@@ -1,4 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,38 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-# annotations:
-# service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
-spec:
- type: {{ .Values.service.type }}
- ports:
- - name: storage
- protocol: TCP
- port: {{.Values.global.aaf.cass.storage_port}}
- containerPort: {{.Values.global.aaf.cass.storage_port}}
- - name: ssl-storage
- protocol: TCP
- port: {{.Values.global.aaf.cass.ssl_storage_port}}
- containerPort: {{.Values.global.aaf.cass.ssl_storage_port}}
- - name: native-trans
- protocol: TCP
- port: {{.Values.global.aaf.cass.native_trans_port}}
- containerPort: {{.Values.global.aaf.cass.native_trans_port}}
- - name: rpc
- protocol: TCP
- port: {{.Values.global.aaf.cass.rpc_port}}
- containerPort: {{.Values.global.aaf.cass.rpc_port}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- clusterIP: None
+{{ include "common.service" . }}
diff --git a/kubernetes/aaf/charts/aaf-cass/values.yaml b/kubernetes/aaf/charts/aaf-cass/values.yaml
index 9f6ec565f4..3d9f21e297 100644
--- a/kubernetes/aaf/charts/aaf-cass/values.yaml
+++ b/kubernetes/aaf/charts/aaf-cass/values.yaml
@@ -1,5 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications © 2020 AT&T
+# Modifications © 2020 AT&T, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -19,7 +19,7 @@ flavor: small
# Application configuration defaults.
#################################################################
# application configuration
-config: {}
+replicaCount: 1
nodeSelector: {}
@@ -32,6 +32,15 @@ liveness:
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: tcp-cql
+
+image: onap/aaf/aaf_cass:2.1.20
+
+config:
+ cluster_name: osaaf
+ heap_new_size: 512M
+ max_heap_size: 1024M
+ dc: dc1
readiness:
initialDelaySeconds: 5
@@ -40,39 +49,36 @@ readiness:
service:
name: aaf-cass
type: ClusterIP
- portName: aaf-cass
- #targetPort
- internalPort: 7000
- #port
- externalPort: 7000
-
- internalPort2: 7001
- externalPort2: 7001
- internalPort3: 9042
- externalPort3: 9042
- internalPort4: 9160
- externalPort4: 9160
+ ports:
+ - name: tcp-intra
+ port: 7000
+ - name: tls
+ port: 7001
+ - name: tcp-cql
+ port: 9042
+ - name: tcp-thrift
+ port: 9160
ingress:
enabled: false
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 2100m
- memory: 1792Mi
- requests:
- cpu: 30m
- memory: 1280Mi
- large:
- limits:
- cpu: 4
- memory: 12000Mi
- requests:
- cpu: 40m
- memory: 9000Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 2100m
+ memory: 1792Mi
+ requests:
+ cpu: 30m
+ memory: 1280Mi
+ large:
+ limits:
+ cpu: 4
+ memory: 12000Mi
+ requests:
+ cpu: 40m
+ memory: 9000Mi
+ unlimited: {}
persistence:
enabled: true
diff --git a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml
index b823acd3d5..5074c8bc08 100644
--- a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,128 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-spec:
- replicas: {{ .Values.global.aaf.cm.replicas }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chmod -R 775 /opt/app/aaf/status
- chown -R 1000:1000 /opt/app/aaf/status
- chmod -R 775 /opt/app/osaaf
- chown -R 1000:1000 /opt/app/osaaf
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- - mountPath: /opt/app/osaaf
- name: aaf-config-vol
- - name: {{ include "common.name" . }}-config-container
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service aaf-locate remove && bin/agent.sh"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- env:
- - name: aaf_env
- value: "{{ .Values.global.aaf.aaf_env }}"
- - name: cadi_latitude
- value: "{{ .Values.global.aaf.cadi_latitude }}"
- - name: cadi_longitude
- value: "{{ .Values.global.aaf.cadi_longitude }}"
- - name: cadi_x509_issuers
- value: "{{ .Values.global.aaf.cadi_x509_issuers }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_release
- value: "{{ .Values.global.aaf.aaf_release }}"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_public_fqdn
- value: "{{.Values.global.aaf.public_fqdn}}"
- - name: aaf_locator_name
- value: "{{.Values.global.aaf.aaf_locator_name}}"
- - name: aaf_locator_name_oom
- value: "{{.Values.global.aaf.aaf_locator_name_oom}}"
- - name: cm_always_ignore_ips
- value: "true"
- - name: CASSANDRA_CLUSTER
- value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}"
-# - name: CASSANDRA_USER
-# value: ""
-# - name: CASSANDRA_PASSWORD
-# value: ""
-# - name: CASSANDRA_PORT
-# value: ""
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-cm aaf-locate && exec bin/cm"]
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.cm.internal_port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.cm.internal_port }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-status-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-status
- - name: aaf-config-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-config
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ include "aaf.deployment" . }}
diff --git a/kubernetes/aaf/charts/aaf-cm/templates/service.yaml b/kubernetes/aaf/charts/aaf-cm/templates/service.yaml
index 28462f2edf..e54c4f3057 100644
--- a/kubernetes/aaf/charts/aaf-cm/templates/service.yaml
+++ b/kubernetes/aaf/charts/aaf-cm/templates/service.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,22 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.global.aaf.cm.internal_port }}
- nodePort: {{ .Values.global.aaf.cm.public_port }}
- name: aaf-cm
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: "NodePort"
+{{ include "common.service" . }}
diff --git a/kubernetes/aaf/charts/aaf-cm/values.yaml b/kubernetes/aaf/charts/aaf-cm/values.yaml
index 37d6c5e2c5..c391369db6 100644
--- a/kubernetes/aaf/charts/aaf-cm/values.yaml
+++ b/kubernetes/aaf/charts/aaf-cm/values.yaml
@@ -19,6 +19,13 @@ flavor: small
# Application configuration defaults.
#################################################################
# application image
+replicaCount: 1
+
+binary: cm
+
+sequence_order:
+ - service
+ - locate
nodeSelector: {}
@@ -26,24 +33,25 @@ affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 120
+ initialDelaySeconds: 30
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: api
readiness:
initialDelaySeconds: 5
periodSeconds: 10
+ port: api
service:
name: aaf-cm
type: ClusterIP
- portName: aaf-cm
- #targetPort
- internalPort: 8150
- #port
- externalPort: 8150
+ ports:
+ - name: api
+ protocol: http
+ port: 8150
ingress:
enabled: false
@@ -56,18 +64,18 @@ ingress:
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 400m
- memory: 300Mi
- requests:
- cpu: 1m
- memory: 200Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 40m
- memory: 600Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 400m
+ memory: 300Mi
+ requests:
+ cpu: 1m
+ memory: 200Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1Gi
+ requests:
+ cpu: 40m
+ memory: 600Mi
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml
index 2e8e41e637..c36750809c 100644
--- a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,128 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-spec:
- replicas: {{ .Values.global.aaf.fs.replicas }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chmod -R 775 /opt/app/aaf/status
- chown -R 1000:1000 /opt/app/aaf/status
- chmod -R 775 /opt/app/osaaf
- chown -R 1000:1000 /opt/app/osaaf
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /opt/app/osaaf
- name: aaf-config-vol
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- - name: {{ include "common.name" . }}-config-container
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service aaf-locate remove && bin/agent.sh"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- env:
- - name: aaf_env
- value: "{{ .Values.global.aaf.aaf_env }}"
- - name: cadi_latitude
- value: "{{ .Values.global.aaf.cadi_latitude }}"
- - name: cadi_longitude
- value: "{{ .Values.global.aaf.cadi_longitude }}"
- - name: cadi_x509_issuers
- value: "{{ .Values.global.aaf.cadi_x509_issuers }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_release
- value: "{{ .Values.global.aaf.aaf_release }}"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_public_fqdn
- value: "{{.Values.global.aaf.public_fqdn}}"
- - name: aaf_locator_name
- value: "{{.Values.global.aaf.aaf_locator_name}}"
- - name: aaf_locator_name_oom
- value: "{{.Values.global.aaf.aaf_locator_name_oom}}"
- - name: cm_always_ignore_ips
- value: "true"
- - name: CASSANDRA_CLUSTER
- value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}"
-# - name: CASSANDRA_USER
-# value: ""
-# - name: CASSANDRA_PASSWORD
-# value: ""
-# - name: CASSANDRA_PORT
-# value: ""
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-fs aaf-locate && exec bin/fs"]
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-status-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-status
- - name: aaf-config-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-config
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ include "aaf.deployment" . }}
diff --git a/kubernetes/aaf/charts/aaf-fs/templates/service.yaml b/kubernetes/aaf/charts/aaf-fs/templates/service.yaml
index b81635f74d..e54c4f3057 100644
--- a/kubernetes/aaf/charts/aaf-fs/templates/service.yaml
+++ b/kubernetes/aaf/charts/aaf-fs/templates/service.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,22 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.global.aaf.fs.internal_port }}
- nodePort: {{ .Values.global.aaf.fs.public_port }}
- name: aaf-hello
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: "NodePort"
+{{ include "common.service" . }}
diff --git a/kubernetes/aaf/charts/aaf-fs/values.yaml b/kubernetes/aaf/charts/aaf-fs/values.yaml
index 4b12bd0deb..6ddc07278b 100644
--- a/kubernetes/aaf/charts/aaf-fs/values.yaml
+++ b/kubernetes/aaf/charts/aaf-fs/values.yaml
@@ -1,5 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications © 2020 AT&T
+# Modifications © 2020 AT&T, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -21,6 +21,13 @@ flavor: small
# application image
pullPolicy: Always
+replicaCount: 1
+
+binary: fs
+
+sequence_order:
+ - service
+ - locate
nodeSelector: {}
@@ -33,19 +40,20 @@ liveness:
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: api
readiness:
initialDelaySeconds: 5
periodSeconds: 10
+ port: api
service:
name: aaf-fs
type: ClusterIP
- portName: aaf-fs
- #targetPort
- internalPort: 8096
- #port
- externalPort: 8096
+ ports:
+ - name: api
+ port: 8096
+ protocol: http
ingress:
enabled: false
@@ -58,18 +66,18 @@ ingress:
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 200m
- memory: 110Mi
- requests:
- cpu: 1m
- memory: 80Mi
- large:
- limits:
- cpu: 500m
- memory: 700Mi
- requests:
- cpu: 100m
- memory: 400Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 200m
+ memory: 110Mi
+ requests:
+ cpu: 1m
+ memory: 80Mi
+ large:
+ limits:
+ cpu: 500m
+ memory: 700Mi
+ requests:
+ cpu: 100m
+ memory: 400Mi
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml
index cbf68aad37..c36750809c 100644
--- a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,128 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-spec:
- replicas: {{ .Values.global.aaf.gui.replicas }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chmod -R 775 /opt/app/aaf/status
- chown -R 1000:1000 /opt/app/aaf/status
- chmod -R 775 /opt/app/osaaf
- chown -R 1000:1000 /opt/app/osaaf
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /opt/app/osaaf
- name: aaf-config-vol
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- - name: {{ include "common.name" . }}-config-container
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service aaf-locate remove && bin/agent.sh"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- env:
- - name: aaf_env
- value: "{{ .Values.global.aaf.aaf_env }}"
- - name: cadi_latitude
- value: "{{ .Values.global.aaf.cadi_latitude }}"
- - name: cadi_longitude
- value: "{{ .Values.global.aaf.cadi_longitude }}"
- - name: cadi_x509_issuers
- value: "{{ .Values.global.aaf.cadi_x509_issuers }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_release
- value: "{{ .Values.global.aaf.aaf_release }}"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_public_fqdn
- value: "{{.Values.global.aaf.public_fqdn}}"
- - name: aaf_locator_name
- value: "{{.Values.global.aaf.aaf_locator_name}}"
- - name: aaf_locator_name_oom
- value: "{{.Values.global.aaf.aaf_locator_name_oom}}"
- - name: cm_always_ignore_ips
- value: "true"
- - name: CASSANDRA_CLUSTER
- value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}"
-# - name: CASSANDRA_USER
-# value: ""
-# - name: CASSANDRA_PASSWORD
-# value: ""
-# - name: CASSANDRA_PORT
-# value: ""
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-gui aaf-locate && exec bin/gui"]
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.gui.internal_port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.gui.internal_port }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-status-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-status
- - name: aaf-config-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-config
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ include "aaf.deployment" . }}
diff --git a/kubernetes/aaf/charts/aaf-gui/templates/service.yaml b/kubernetes/aaf/charts/aaf-gui/templates/service.yaml
index 7dc4468598..e54c4f3057 100644
--- a/kubernetes/aaf/charts/aaf-gui/templates/service.yaml
+++ b/kubernetes/aaf/charts/aaf-gui/templates/service.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,22 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.global.aaf.gui.internal_port }}
- nodePort: {{ .Values.global.aaf.gui.public_port }}
- name: aaf-gui
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: "NodePort"
+{{ include "common.service" . }}
diff --git a/kubernetes/aaf/charts/aaf-gui/values.yaml b/kubernetes/aaf/charts/aaf-gui/values.yaml
index 8811b3300a..f418fd5b41 100644
--- a/kubernetes/aaf/charts/aaf-gui/values.yaml
+++ b/kubernetes/aaf/charts/aaf-gui/values.yaml
@@ -20,6 +20,13 @@ flavor: small
# application image
pullPolicy: Always
+replicaCount: 1
+
+binary: gui
+
+sequence_order:
+ - service
+ - locate
nodeSelector: {}
@@ -27,25 +34,26 @@ affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 120
+ initialDelaySeconds: 30
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: gui
readiness:
initialDelaySeconds: 5
periodSeconds: 10
+ port: gui
service:
name: aaf-gui
type: NodePort
- portName: aaf-gui
- #targetPort
- internalPort: 8200
- #port
- externalPort: 8200
- nodePort: 51
+ ports:
+ - name: gui
+ protocol: http
+ port: 8200
+ nodePort: 51
ingress:
enabled: false
@@ -58,18 +66,18 @@ ingress:
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 200m
- memory: 280Mi
- requests:
- cpu: 1m
- memory: 170Mi
- large:
- limits:
- cpu: 200m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 500Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 200m
+ memory: 280Mi
+ requests:
+ cpu: 1m
+ memory: 170Mi
+ large:
+ limits:
+ cpu: 200m
+ memory: 1Gi
+ requests:
+ cpu: 100m
+ memory: 500Mi
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pv.yaml b/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pv.yaml
deleted file mode 100644
index d2b4f0c76f..0000000000
--- a/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pv.yaml
+++ /dev/null
@@ -1,46 +0,0 @@
-{{- if ne 0 (int .Values.global.aaf.hello.replicas) }}
-{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-#########
-## ============LICENSE_START====================================================
-## org.onap.aaf
-## ===========================================================================
-## Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
-## ===========================================================================
-## Licensed under the Apache License, Version 2.0 (the "License");
-## you may not use this file except in compliance with the License.
-## You may obtain a copy of the License at
-##
-## http://www.apache.org/licenses/LICENSE-2.0
-##
-## Unless required by applicable law or agreed to in writing, software
-## distributed under the License is distributed on an "AS IS" BASIS,
-## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-## See the License for the specific language governing permissions and
-## limitations under the License.
-## ============LICENSE_END====================================================
-##
-
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.release" . }}-aaf-hello-pv
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ .Chart.Name }}-hello
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: {{ include "common.release" . }}
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
- storageClassName: "{{ include "common.fullname" . }}-data"
-{{- end -}}
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pvc.yaml b/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pvc.yaml
deleted file mode 100644
index fc148f63d6..0000000000
--- a/kubernetes/aaf/charts/aaf-hello/templates/aaf-hello-pvc.yaml
+++ /dev/null
@@ -1,44 +0,0 @@
-{{- if ne 0 (int .Values.global.aaf.hello.replicas) }}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-#########
-## ============LICENSE_START====================================================
-## org.onap.aaf
-## ===========================================================================
-## Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
-## ===========================================================================
-## Licensed under the Apache License, Version 2.0 (the "License");
-## you may not use this file except in compliance with the License.
-## You may obtain a copy of the License at
-##
-## http://www.apache.org/licenses/LICENSE-2.0
-##
-## Unless required by applicable law or agreed to in writing, software
-## distributed under the License is distributed on an "AS IS" BASIS,
-## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-## See the License for the specific language governing permissions and
-## limitations under the License.
-## ============LICENSE_END====================================================
-##
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.release" . }}-aaf-hello-pvc
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.config.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.config.size }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml
index 1e120bd0ad..891b829f43 100644
--- a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml
@@ -1,4 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -11,112 +12,49 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
-metadata:
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- replicas: {{ .Values.global.aaf.hello.replicas }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-hello-vol
- {{- if and .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-hello-pvc
- {{- else }}
- emptyDir: {}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- initContainers:
- - name: fix-permission
- command: ["/bin/sh","-c","chmod -R 775 /opt/app/osaaf/local && chown -R 1000:1000 /opt/app/osaaf"]
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: "/opt/app/osaaf/local"
- name: aaf-hello-vol
- - name: {{ include "common.name" . }}-config-container
- image: {{ .Values.global.repository }}/{{.Values.aaf_init.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/agent.sh"]
-# command: ["bash","-c","cd /opt/app/aaf_config && echo Sleeping && sleep 480"]
-# command: ["bash","-c","chown 1000:1000 /opt/app/osaaf && cd /opt/app/aaf_config && sleep 480"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf/local"
- name: aaf-hello-vol
- env:
- - name: APP_FQI
- value: "{{ .Values.aaf_init.fqi }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
-# This should the APP's FQDN to be put in Locator
-# This MUST match what is entered for AAF Certificate Artifacts
- - name: aaf_locator_fqdn
- value: "{{.Values.aaf_init.fqdn}}"
-# Hello specific. Clients don't don't need this, unless Registering with AAF Locator
-# This should be the APP's PUBLIC FQDN, if applicable
- - name: aaf_locator_public_fqdn
- value: "{{.Values.aaf_init.locator_public_fqdn}}"
- - name: LATITUDE
- value: "{{ .Values.aaf_init.cadi_latitude }}"
- - name: LONGITUDE
- value: "{{ .Values.aaf_init.cadi_longitude }}"
-# Note: We want to put this in Secrets or at LEAST ConfigMaps
- - name: "DEPLOY_FQI"
- value: "deployer@people.osaaf.org"
-# Note: want to put this on Nodes, evenutally
- - name: "DEPLOY_PASSWORD"
- value: "demo123456!"
+ initContainers: {{ include "common.aaf-config" (dict "aafRoot" .Values.aaf_init "dot" .) | nindent 6 }}
# CONTAINER Definition
containers:
- name: {{ include "common.name" . }}
command: ["bash","-c","cd /opt/app/aaf && if [ ! -d /opt/app/osaaf/etc ]; then cp -Rf etc logs /opt/app/osaaf; fi && exec bin/hello"]
- image: {{ .Values.global.repository }}/{{.Values.service.image }}
+ image: {{ .Values.global.repository }}/{{.Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: "/opt/app/osaaf/local"
- name: aaf-hello-vol
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ volumeMounts: {{ include "common.aaf-config-volume-mountpath" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.port }}
+ port: {{ .Values.liveness.port }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
+ {{- end }}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.port }}
+ port: {{ .Values.readiness.port }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
+ volumes: {{ include "common.aaf-config-volumes" (dict "aafRoot" .Values.aaf_init "dot" .) | nindent 6 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aaf/charts/aaf-hello/templates/secret.yaml b/kubernetes/aaf/charts/aaf-hello/templates/secret.yaml
new file mode 100644
index 0000000000..f8c32e0670
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-hello/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/aaf/charts/aaf-hello/templates/service.yaml b/kubernetes/aaf/charts/aaf-hello/templates/service.yaml
index 5ba4f68be9..8f80ee12a2 100644
--- a/kubernetes/aaf/charts/aaf-hello/templates/service.yaml
+++ b/kubernetes/aaf/charts/aaf-hello/templates/service.yaml
@@ -1,4 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,22 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.service.port }}
- nodePort: {{ .Values.service.public_port }}
- name: aaf-hello
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: "NodePort"
+{{ include "common.service" . }}
diff --git a/kubernetes/aaf/charts/aaf-hello/values.yaml b/kubernetes/aaf/charts/aaf-hello/values.yaml
index 0400dcc1fd..aeb659082d 100644
--- a/kubernetes/aaf/charts/aaf-hello/values.yaml
+++ b/kubernetes/aaf/charts/aaf-hello/values.yaml
@@ -12,6 +12,8 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+global:
+ aafEnabled: true
flavor: small
@@ -22,47 +24,58 @@ flavor: small
aaf_init:
# You might want this in your own app. For AAF, we store in global
# replicas: 1
- image: onap/aaf/aaf_agent:2.1.20
- fqi: "aaf@aaf.osaaf.org"
+ fqi: aaf@aaf.osaaf.org
# This MUST match what is put in AAF's "Artifact" for Certificates
- fqdn: "aaf-hello"
+ fqdn: aaf-hello
# What is put in Locator for External Access
- locator_public_fqdn: "aaf.osaaf.org"
- app_ns: "org.osaaf.aaf"
- deploy_fqi: "deployer@people.osaaf.org"
+ public_fqdn: aaf.osaaf.org
cadi_latitude: "38.0"
cadi_longitude: "-72.0"
+ credsPath: /opt/app/osaaf/local
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ secret_uid: &aaf_secret_uid nbi-aaf-deploy-creds
+ permission_user: 1000
+ permission_group: 999
-service:
- image: onap/aaf/aaf_hello:2.1.20
- port: "8130"
- public_port: "31119"
+replicaCount: 0
-persistence:
- enabled: false
- #existingClaim:
- # You will want "Reatan" in non-Hello Example.
- volumeReclaimPolicy: Delete
- accessMode: ReadWriteMany
- size: 40M
- mountPath: /dockerdata-nfs
- mountSubPath: aaf/hello
+image: onap/aaf/aaf_hello:2.1.20
+
+service:
+ name: aaf-hello
+ type: ClusterIP
+ ports:
+ - name: api
+ protocol: http
+ port: 8130
nodeSelector: {}
affinity: {}
+secrets:
+ - uid: *aaf_secret_uid
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aaf_init.aafDeployFqi }}'
+ password: '{{ .Values.aaf_init.aafDeployPass }}'
+ passwordPolicy: required
+
# probe configuration parameters
liveness:
- initialDelaySeconds: 120
+ initialDelaySeconds: 30
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: api
readiness:
initialDelaySeconds: 5
periodSeconds: 10
+ port: api
ingress:
enabled: false
@@ -75,18 +88,18 @@ ingress:
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 200m
- memory: 500Mi
- requests:
- cpu: 10m
- memory: 200Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 20m
- memory: 500Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 200m
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 200Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1Gi
+ requests:
+ cpu: 20m
+ memory: 500Mi
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml
index cc7f19176f..5074c8bc08 100644
--- a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,128 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-spec:
- replicas: {{ .Values.global.aaf.locate.replicas }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chmod -R 775 /opt/app/aaf/status
- chown -R 1000:1000 /opt/app/aaf/status
- chmod -R 775 /opt/app/osaaf
- chown -R 1000:1000 /opt/app/osaaf
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- - mountPath: /opt/app/osaaf
- name: aaf-config-vol
- - name: {{ include "common.name" . }}-config-container
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- env:
- - name: aaf_env
- value: "{{ .Values.global.aaf.aaf_env }}"
- - name: cadi_latitude
- value: "{{ .Values.global.aaf.cadi_latitude }}"
- - name: cadi_longitude
- value: "{{ .Values.global.aaf.cadi_longitude }}"
- - name: cadi_x509_issuers
- value: "{{ .Values.global.aaf.cadi_x509_issuers }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_release
- value: "{{ .Values.global.aaf.aaf_release }}"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_public_fqdn
- value: "{{.Values.global.aaf.public_fqdn}}"
- - name: aaf_locator_name
- value: "{{.Values.global.aaf.aaf_locator_name}}"
- - name: aaf_locator_name_oom
- value: "{{.Values.global.aaf.aaf_locator_name_oom}}"
- - name: cm_always_ignore_ips
- value: "true"
- - name: CASSANDRA_CLUSTER
- value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}"
-# - name: CASSANDRA_USER
-# value: ""
-# - name: CASSANDRA_PASSWORD
-# value: ""
-# - name: CASSANDRA_PORT
-# value: ""
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-locate aaf-service && exec bin/locate"]
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.locate.internal_port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.locate.internal_port }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-status-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-status
- - name: aaf-config-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-config
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ include "aaf.deployment" . }}
diff --git a/kubernetes/aaf/charts/aaf-locate/templates/service.yaml b/kubernetes/aaf/charts/aaf-locate/templates/service.yaml
index 8aead90d29..e54c4f3057 100644
--- a/kubernetes/aaf/charts/aaf-locate/templates/service.yaml
+++ b/kubernetes/aaf/charts/aaf-locate/templates/service.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,22 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.global.aaf.locate.internal_port }}
- nodePort: {{ .Values.global.aaf.locate.public_port }}
- name: aaf-locate
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: "NodePort"
+{{ include "common.service" . }}
diff --git a/kubernetes/aaf/charts/aaf-locate/values.yaml b/kubernetes/aaf/charts/aaf-locate/values.yaml
index 9209b9d027..47b2f205e5 100644
--- a/kubernetes/aaf/charts/aaf-locate/values.yaml
+++ b/kubernetes/aaf/charts/aaf-locate/values.yaml
@@ -18,6 +18,12 @@ flavor: small
# Application configuration defaults.
#################################################################
# application image
+replicaCount: 1
+
+binary: locate
+
+sequence_order:
+ - service
nodeSelector: {}
@@ -25,24 +31,25 @@ affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 120
+ initialDelaySeconds: 30
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: api
readiness:
initialDelaySeconds: 5
periodSeconds: 10
+ port: api
service:
name: aaf-locate
type: ClusterIP
- portName: aaf-locate
- #targetPort
- internalPort: 8095
- #port
- externalPort: 31111
+ ports:
+ - name: api
+ protocol: http
+ port: 8095
ingress:
enabled: false
@@ -55,18 +62,18 @@ ingress:
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 100m
- memory: 320Mi
- requests:
- cpu: 1m
- memory: 210Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 40m
- memory: 500Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 100m
+ memory: 320Mi
+ requests:
+ cpu: 1m
+ memory: 210Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1Gi
+ requests:
+ cpu: 40m
+ memory: 500Mi
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml
index 6ce3abd241..5074c8bc08 100644
--- a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,128 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-spec:
- replicas: {{ .Values.global.aaf.oauth.replicas }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chmod -R 775 /opt/app/aaf/status
- chown -R 1000:1000 /opt/app/aaf/status
- chmod -R 775 /opt/app/osaaf
- chown -R 1000:1000 /opt/app/osaaf
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- - mountPath: /opt/app/osaaf
- name: aaf-config-vol
- - name: {{ include "common.name" . }}-config-container
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config aaf-service remove && bin/agent.sh"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- env:
- - name: aaf_env
- value: "{{ .Values.global.aaf.aaf_env }}"
- - name: cadi_latitude
- value: "{{ .Values.global.aaf.cadi_latitude }}"
- - name: cadi_longitude
- value: "{{ .Values.global.aaf.cadi_longitude }}"
- - name: cadi_x509_issuers
- value: "{{ .Values.global.aaf.cadi_x509_issuers }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_release
- value: "{{ .Values.global.aaf.aaf_release }}"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_public_fqdn
- value: "{{.Values.global.aaf.public_fqdn}}"
- - name: aaf_locator_name
- value: "{{.Values.global.aaf.aaf_locator_name}}"
- - name: aaf_locator_name_oom
- value: "{{.Values.global.aaf.aaf_locator_name_oom}}"
- - name: cm_always_ignore_ips
- value: "true"
- - name: CASSANDRA_CLUSTER
- value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}"
-# - name: CASSANDRA_USER
-# value: ""
-# - name: CASSANDRA_PASSWORD
-# value: ""
-# - name: CASSANDRA_PORT
-# value: ""
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash","-c","cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-oauth aaf-service && exec bin/oauth"]
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.oauth.internal_port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.oauth.internal_port }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-status-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-status
- - name: aaf-config-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-config
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ include "aaf.deployment" . }}
diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml b/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml
index 52c2d10568..e54c4f3057 100644
--- a/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml
+++ b/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,22 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.global.aaf.oauth.internal_port }}
- nodePort: {{ .Values.global.aaf.oauth.public_port }}
- name: aaf-oauth
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: "NodePort"
+{{ include "common.service" . }}
diff --git a/kubernetes/aaf/charts/aaf-oauth/values.yaml b/kubernetes/aaf/charts/aaf-oauth/values.yaml
index c25327ce03..7604b86393 100644
--- a/kubernetes/aaf/charts/aaf-oauth/values.yaml
+++ b/kubernetes/aaf/charts/aaf-oauth/values.yaml
@@ -19,30 +19,40 @@ flavor: small
# Application configuration defaults.
#################################################################
# application image
+
+replicaCount: 1
+
+binary: oauth
+
+sequence_order:
+ - service
+ - locate
+
nodeSelector: {}
affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 120
+ initialDelaySeconds: 30
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: api
readiness:
initialDelaySeconds: 5
periodSeconds: 10
+ port: api
service:
name: aaf-oauth
type: ClusterIP
- portName: aaf-oauth
- #targetPort
- internalPort: 8140
- #port
- externalPort: 8140
+ ports:
+ - name: api
+ protocol: http
+ port: 8140
ingress:
enabled: false
@@ -55,18 +65,18 @@ ingress:
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 40m
- memory: 320Mi
- requests:
- cpu: 1m
- memory: 210Mi
- large:
- limits:
- cpu: 400m
- memory: 600Mi
- requests:
- cpu: 40m
- memory: 200Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 40m
+ memory: 320Mi
+ requests:
+ cpu: 1m
+ memory: 210Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 600Mi
+ requests:
+ cpu: 40m
+ memory: 200Mi
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml
index 555f4ac815..5074c8bc08 100644
--- a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,135 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-spec:
- replicas: {{ .Values.global.aaf.service.replicas }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chmod -R 775 /opt/app/aaf/status
- chown -R 1000:1000 /opt/app/aaf/status
- chmod -R 775 /opt/app/osaaf
- chown -R 1000:1000 /opt/app/osaaf
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /opt/app/aaf/status
- name: aaf-status-vol
- - mountPath: /opt/app/osaaf
- name: aaf-config-vol
- - name: {{ include "common.name" . }}-config-container
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","cd /opt/app/aaf_config && bin/pod_wait.sh config nc aaf-cass.{{ .Release.Namespace }} 9042 sleep 15 remove && bin/agent.sh"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- env:
- - name: aaf_env
- value: "{{ .Values.global.aaf.aaf_env }}"
- - name: cadi_latitude
- value: "{{ .Values.global.aaf.cadi_latitude }}"
- - name: cadi_longitude
- value: "{{ .Values.global.aaf.cadi_longitude }}"
- - name: cadi_x509_issuers
- value: "{{ .Values.global.aaf.cadi_x509_issuers }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:{{.Values.global.aaf.locate.internal_port}}"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_release
- value: "{{ .Values.global.aaf.aaf_release }}"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_public_fqdn
- value: "{{.Values.global.aaf.public_fqdn}}"
- - name: aaf_locator_name
- value: "{{.Values.global.aaf.aaf_locator_name}}"
- - name: aaf_locator_name_oom
- value: "{{.Values.global.aaf.aaf_locator_name_oom}}"
- - name: cm_always_ignore_ips
- value: "true"
- - name: CASSANDRA_CLUSTER
- value: "{{.Values.global.aaf.cass.fqdn}}.{{ .Release.Namespace }}"
-# - name: CASSANDRA_USER
-# value: ""
-# - name: CASSANDRA_PASSWORD
-# value: ""
-# - name: CASSANDRA_PORT
-# value: ""
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash","-c","cd /opt/app/aaf && bin/pod_wait.sh aaf-service aaf-cass && exec bin/service"]
- image: {{.Values.global.repository}}/{{.Values.global.aaf.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: cm_always_ignore_ips
- value: "true"
- lifecycle:
- preStop:
- exec:
- command: ["/bin/sh","-c","rm /opt/app/aaf/status/aaf-service* && echo $HOSTNAME >> aaf-service.hosts"]
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: "/opt/app/aaf/status"
- name: aaf-status-vol
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.service.internal_port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.global.aaf.service.internal_port }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-status-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-status
- - name: aaf-config-vol
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-config
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ include "aaf.deployment" . }}
diff --git a/kubernetes/aaf/charts/aaf-service/templates/service.yaml b/kubernetes/aaf/charts/aaf-service/templates/service.yaml
index e02c685549..e54c4f3057 100644
--- a/kubernetes/aaf/charts/aaf-service/templates/service.yaml
+++ b/kubernetes/aaf/charts/aaf-service/templates/service.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Orange
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,22 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.global.aaf.service.internal_port }}
- nodePort: {{ .Values.global.aaf.service.public_port }}
- name: aaf-service
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: "NodePort"
+{{ include "common.service" . }}
diff --git a/kubernetes/aaf/charts/aaf-service/values.yaml b/kubernetes/aaf/charts/aaf-service/values.yaml
index 1eb5bb2523..c2d96032cc 100644
--- a/kubernetes/aaf/charts/aaf-service/values.yaml
+++ b/kubernetes/aaf/charts/aaf-service/values.yaml
@@ -20,30 +20,38 @@ flavor: small
#################################################################
# application image
+replicaCount: 1
+
+binary: service
+
+sequence_order:
+ - cass
+
nodeSelector: {}
affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 120
+ initialDelaySeconds: 30
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: api
readiness:
initialDelaySeconds: 5
periodSeconds: 10
+ port: api
service:
name: aaf-service
- type: NodePort
- portName: aaf-service
- #targetPort
- internalPort: 8100
- #port
- externalPort: 31110
+ type: ClusterIP
+ ports:
+ - name: api
+ port: 8100
+ protocol: http
ingress:
enabled: false
@@ -56,18 +64,18 @@ ingress:
# Configure resource requests and limits
resources:
- small:
- limits:
- cpu: 250m
- memory: 360Mi
- requests:
- cpu: 10m
- memory: 250Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 40m
- memory: 300Mi
- unlimited: {}
+ small:
+ limits:
+ cpu: 250m
+ memory: 360Mi
+ requests:
+ cpu: 10m
+ memory: 250Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1Gi
+ requests:
+ cpu: 40m
+ memory: 300Mi
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml
index 5ade9a81d6..8d1faf7e32 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml
@@ -18,15 +18,8 @@
apiVersion: v1
kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-{{- end -}} \ No newline at end of file
+{{- end -}}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml
index c816b16914..23fe79d716 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml
@@ -18,21 +18,11 @@
apiVersion: batch/v1
kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-init
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
backoffLimit: 2
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
restartPolicy: Never
containers:
@@ -58,19 +48,17 @@ spec:
- name: {{ include "common.fullname" . }}-tpmconfig
mountPath: "/abrmd/cred/"
readOnly: true
- resources:
-{{ toYaml .Values.resources | indent 10 }}
- nodeSelector:
- {{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
+ resources: {{ toYaml .Values.resources | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end -}}
{{- if .Values.global.tpm.enabled }}
{{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
+ resources: {{ include "common.resources" . | nindent 10 }}
volumes:
- name: {{ include "common.fullname" . }}-data
persistentVolumeClaim:
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml
index 0beda0fefc..c624ccfc4d 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml
@@ -16,24 +16,15 @@
{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}}
-apiVersion: apps/v1beta1
+apiVersion: apps/v1
kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
serviceName:
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
@@ -50,6 +41,13 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
containers:
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
name: {{ include "common.name" . }}
@@ -66,8 +64,7 @@ spec:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- resources:
-{{ toYaml .Values.resources | indent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
nodeSelector:
{{- if .Values.nodeSelector }}
{{ toYaml .Values.nodeSelector | indent 8 }}
@@ -76,8 +73,7 @@ spec:
{{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
volumes:
- name: localtime
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml
index dc5176127a..99176fcdf6 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml
@@ -18,15 +18,8 @@
apiVersion: v1
kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-{{- end -}} \ No newline at end of file
+{{- end -}}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml
index 3d248eef51..fb48c7df4a 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml
@@ -18,22 +18,12 @@
apiVersion: batch/v1
kind: Job
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
replicas: {{ .Values.replicaCount }}
serviceName:
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
restartPolicy: Never
initContainers:
@@ -52,6 +42,13 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{ else }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -69,6 +66,13 @@ spec:
readOnly: true
- name: {{ include "common.fullname" . }}-data
mountPath: /distcenter/data
+ resources:
+ limits:
+ cpu: 1
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{- end }}
containers:
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -82,15 +86,12 @@ spec:
readOnly: true
- name: {{ include "common.fullname" . }}-data
mountPath: /distcenter/data
- resources:
-{{ toYaml .Values.resources | indent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
volumes:
- name: localtime
@@ -98,7 +99,7 @@ spec:
path: /etc/localtime
- name: {{ include "common.fullname" . }}-data
persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-sshsm-data
+ claimName: {{ include "common.release" . }}-aaf-sshsm
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml
index 00005a58b1..bf0ef74be2 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml
@@ -15,28 +15,5 @@
*/}}
{{- if .Values.global.distcenter.enabled -}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) }}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
+{{ include "common.PV" . }}
{{- end -}}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml
index ede08205b5..a13b7f353b 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml
@@ -15,27 +15,5 @@
*/}}
{{- if .Values.global.distcenter.enabled -}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end -}}
+{{ include "common.PVC" . }}
{{- end -}}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml
index a67760c368..a64f483d74 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml
@@ -18,22 +18,11 @@
apiVersion: batch/v1
kind: Job
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
replicas: {{ .Values.replicaCount }}
- serviceName:
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
restartPolicy: Never
initContainers:
@@ -51,6 +40,13 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{- if .Values.global.tpm.enabled }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -66,6 +62,13 @@ spec:
volumeMounts:
- name: {{ include "common.fullname" . }}-dbus
mountPath: /var/run/dbus
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{- end }}
containers:
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -98,8 +101,7 @@ spec:
- name: {{ include "common.fullname" . }}-secrets
mountPath: /testca/secrets
readOnly: true
- resources:
-{{ toYaml .Values.resources | indent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
nodeSelector:
{{- if .Values.nodeSelector }}
{{ toYaml .Values.nodeSelector | indent 8 }}
@@ -108,8 +110,7 @@ spec:
{{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
volumes:
- name: localtime
@@ -117,7 +118,7 @@ spec:
path: /etc/localtime
- name: {{ include "common.fullname" . }}-data
persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-sshsm-data
+ claimName: {{ include "common.release" . }}-aaf-sshsm
- name: {{ include "common.fullname" . }}-dbus
persistentVolumeClaim:
claimName: {{ include "common.release" . }}-aaf-sshsm-dbus
diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml
index 3b50792473..b566b11458 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml
@@ -14,27 +14,4 @@
# limitations under the License.
*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) }}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}-data
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.dataMountSubPath }}
-{{- end -}}
-{{- end -}}
+{{ include "common.PV" (dict "dot" . "persistenceInfos" .Values.persistence.data) }}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml
index e76baa2d36..b3e7f9fabd 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml
@@ -14,27 +14,4 @@
# limitations under the License.
*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) }}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-dbus
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}-dbus
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-dbus"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.dbusMountSubPath }}
-{{- end -}}
-{{- end -}}
+{{ include "common.PV" (dict "dot" . "suffix" "dbus" "persistenceInfos" .Values.persistence.dbus) }}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml
index 2a5fc98bfa..b8971cc03c 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml
@@ -14,26 +14,4 @@
# limitations under the License.
*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end -}}
+{{ include "common.PVC" (dict "dot" . "persistenceInfos" .Values.persistence.data) }}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml
index cf223670b5..7297d6f81d 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml
@@ -14,30 +14,4 @@
# limitations under the License.
*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-dbus
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
-{{- if eq "True" (include "common.needPV" .) }}
- storageClassName: "{{ include "common.fullname" . }}-dbus"
-{{- else }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end }}
-{{- end -}}
+{{ include "common.PVC" (dict "dot" . "suffix" "dbus" "persistenceInfos" .Values.persistence.dbus) }}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/values.yaml b/kubernetes/aaf/charts/aaf-sshsm/values.yaml
index 55d38a094c..5600213e11 100644
--- a/kubernetes/aaf/charts/aaf-sshsm/values.yaml
+++ b/kubernetes/aaf/charts/aaf-sshsm/values.yaml
@@ -32,12 +32,20 @@ global:
persistence:
enabled: true
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- size: 10Mi
- mountPath: /dockerdata-nfs
- dataMountSubPath: sshsm/data
- dbusMountSubPath: sshsm/dbus
+ data:
+ enabled: true
+ size: 10Mi
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ mountSubPath: sshsm/data
+ dbus:
+ enabled: true
+ size: 10Mi
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ mountSubPath: sshsm/dbus
+
+
# Configure resource requests and limits
resources:
diff --git a/kubernetes/aaf/templates/_deployment.tpl b/kubernetes/aaf/templates/_deployment.tpl
new file mode 100644
index 0000000000..bf6931a8e3
--- /dev/null
+++ b/kubernetes/aaf/templates/_deployment.tpl
@@ -0,0 +1,67 @@
+{*/
+# Copyright © 2020 AT&T, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}
+
+{{- define "aaf.deployment" -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec: {{ include "aaf.initContainers" . | nindent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ workingDir: /opt/app/aaf
+ command: ["bin/{{ .Values.binary }}"]
+ image: {{ include "common.repository" . }}/{{.Values.global.aaf.image}}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ volumeMounts:
+ - mountPath: "/opt/app/osaaf"
+ name: aaf-config-vol
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{.Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: aaf-config-vol
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{- end -}}
diff --git a/kubernetes/aaf/templates/_initContainers.tpl b/kubernetes/aaf/templates/_initContainers.tpl
new file mode 100644
index 0000000000..43c511fd6d
--- /dev/null
+++ b/kubernetes/aaf/templates/_initContainers.tpl
@@ -0,0 +1,122 @@
+{*/
+# Copyright © 2020 AT&T, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}
+
+{{- define "aaf.permissionFixer" -}}
+- name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chown -R 1000:1000 /opt/app/aaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+{{- end -}}
+
+{{- define "aaf.podConfiguration" }}
+- name: {{ include "common.name" . }}-config-container
+ image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/bash
+ args:
+ - -c
+ - |
+ cd /opt/app/aaf_config
+ bin/agent.sh
+ volumeMounts:
+ - mountPath: "/opt/app/osaaf"
+ name: aaf-config-vol
+ env:
+ - name: aaf_env
+ value: "{{ .Values.global.aaf.aaf_env }}"
+ - name: cadi_latitude
+ value: "{{ .Values.global.aaf.cadi_latitude }}"
+ - name: cadi_longitude
+ value: "{{ .Values.global.aaf.cadi_longitude }}"
+ - name: cadi_x509_issuers
+ value: "{{ .Values.global.aaf.cadi_x509_issuers }}"
+ - name: aaf_locate_url
+ value: "https://aaf-locate.{{ .Release.Namespace}}:8095"
+ - name: aaf_locator_container
+ value: "oom"
+ - name: aaf_release
+ value: "{{ .Values.global.aaf.aaf_release }}"
+ - name: aaf_locator_container_ns
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - name: aaf_locator_public_fqdn
+ value: "{{.Values.global.aaf.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.global.aaf.aaf_locator_name}}"
+ - name: aaf_locator_name_oom
+ value: "{{.Values.global.aaf.aaf_locator_name_oom}}"
+ - name: cm_always_ignore_ips
+ value: "true"
+ - name: CASSANDRA_CLUSTER
+ value: "aaf-cass.{{ .Release.Namespace }}"
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+{{- end -}}
+
+{{- define "aaf.initContainers" -}}
+initContainers:
+{{ include "aaf.permissionFixer" . }}
+{{- if .Values.sequence_order }}
+- name: {{ include "common.name" . }}-aaf-readiness
+ command:
+ - /root/ready.py
+ args:
+ {{- range $container := .Values.sequence_order }}
+ - --container-name
+ - aaf-{{ $container}}
+ {{- end }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+{{- end }}
+{{ include "aaf.podConfiguration" . }}
+{{- end }}
diff --git a/kubernetes/aaf/templates/pv-config.yaml b/kubernetes/aaf/templates/pv-config.yaml
deleted file mode 100644
index 5ed3e62aeb..0000000000
--- a/kubernetes/aaf/templates/pv-config.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-{{/*
-# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) }}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}-config
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.config.size}}
- accessModes:
- - {{ .Values.persistence.config.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.config.volumeReclaimPolicy }}
- hostPath:
- path: {{ .Values.persistence.config.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.config.mountSubPath }}
- storageClassName: "{{ include "common.fullname" . }}-config"
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/aaf/templates/pv-status.yaml b/kubernetes/aaf/templates/pv-status.yaml
deleted file mode 100644
index d8f5980b9b..0000000000
--- a/kubernetes/aaf/templates/pv-status.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-{{/*
-# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) }}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-status
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}-status
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.status.size}}
- accessModes:
- - {{ .Values.persistence.status.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.status.volumeReclaimPolicy }}
- hostPath:
- path: {{ .Values.persistence.status.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.status.mountSubPath }}
- storageClassName: "{{ include "common.fullname" . }}-status"
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/aaf/templates/pvc-config.yaml b/kubernetes/aaf/templates/pvc-config.yaml
deleted file mode 100644
index dc71dceff1..0000000000
--- a/kubernetes/aaf/templates/pvc-config.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-{{/*
-# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.release" . }}-aaf-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.config.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.config.size }}
-{{- if eq "True" (include "common.needPV" .) }}
- storageClassName: "{{ include "common.fullname" . }}-config"
-{{- else }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end }}
-{{- end -}}
diff --git a/kubernetes/aaf/templates/pvc-status.yaml b/kubernetes/aaf/templates/pvc-status.yaml
deleted file mode 100644
index 3cda088fba..0000000000
--- a/kubernetes/aaf/templates/pvc-status.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-{{/*
-# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.release" . }}-aaf-status
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.status.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.status.size }}
-{{- if eq "True" (include "common.needPV" .) }}
- storageClassName: "{{ include "common.fullname" . }}-status"
-{{- else }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end }}
-{{- end -}}
diff --git a/kubernetes/aaf/values.yaml b/kubernetes/aaf/values.yaml
index 5a1c5f2709..bedf243639 100644
--- a/kubernetes/aaf/values.yaml
+++ b/kubernetes/aaf/values.yaml
@@ -29,7 +29,7 @@ global:
loggingImage: beats/filebeat:5.5.0
# BusyBox image
busyboxRepository: registry.hub.docker.com
- busyboxImage: library/busybox:latest
+ busyboxImage: library/busybox:1.31
persistence:
enabled: true
# Standard OOM
@@ -58,50 +58,19 @@ global:
config:
image: onap/aaf/aaf_config:2.1.20
- cass:
- replicas: 1
- image: onap/aaf/aaf_cass:2.1.20
- fqdn: "aaf-cass"
- cluster_name: "osaaf"
- heap_new_size: "512M"
- max_heap_size: "1024M"
- storage_port: 7000
- ssl_storage_port: 7001
- native_trans_port: 9042
- rpc_port: 9160
- dc: "dc1"
+
service:
- replicas: 1
fqdn: "aaf-service"
internal_port: 8100
public_port: 31110
locate:
- replicas: 1
fqdn: "aaf-locate"
internal_port: 8095
public_port: 31111
oauth:
- replicas: 1
- fqdn: "aaf0oauth"
+ fqdn: "aaf-oauth"
internal_port: 8140
public_port: 31112
- gui:
- replicas: 1
- fqdn: "aaf-gui"
- internal_port: 8200
- public_port: 31113
- cm:
- replicas: 1
- fqdn: "aaf-cm"
- internal_port: 8150
- public_port: 31114
- fs:
- replicas: 1
- fqdn: "aaf-fs"
- internal_port: 8096
- public_port: 31115
- hello:
- replicas: 0
# Note: as hello is a sample app, find values in charts/aaf-hello/values.yaml
@@ -138,35 +107,6 @@ ingress:
config:
ssl: "none"
-## Persist data to a persitent volume
-persistence:
- enabled: true
- config:
- #existingClaim:
- volumeReclaimPolicy: Delete
- accessMode: ReadWriteMany
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: "config"
- logs:
- #existingClaim:
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteMany
- size: 2Gi
- mountPath: "/mnt/data/aaf/logs"
- status:
- volumeReclaimPolicy: Delete
- accessMode: ReadWriteMany
- size: 2M
- mountPath: /dockerdata-nfs
- mountSubPath: "status"
- cass:
- #existingClaim:
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- size: 10Gi
- mountPath: /dockerdata-nfs
- mountSubPath: "cass"
-
+persistence: {}
resources: {}
diff --git a/kubernetes/aai b/kubernetes/aai
-Subproject 2d6141ab8bd7bfe58f5da0483e578032226e7eb
+Subproject d687fd0c9efe31e93287da11e3e390984a5fb6c
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties
index 978dead538..542645683e 100644
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties
@@ -34,7 +34,7 @@ appc.demo.threads.poolsize.max=2
appc.demo.provider.user={{.Values.config.odlUser}}
appc.demo.provider.pass={{.Values.config.odlPassword}}
appc.demo.provider.url=http://localhost:8181/restconf/operations/appc-provider
-appc.provider.vfodl.url=http://{{.Values.config.odlUser|urlquery}}:{{.Values.config.odlPassword|urlquery}}@{{.Values.service.name}}:{{.Values.service.externalPort}}/restconf/config/network-topology:network-topology/topology/topology-netconf/node/NODE_NAME/yang-ext:mount/stream-count:stream-count/streams/
+appc.provider.vfodl.url=http://{{.Values.config.odlUser|urlquery}}:{{.Values.config.odlPassword|urlquery}}@localhost:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/NODE_NAME/yang-ext:mount/stream-count:stream-count/streams/
# The properties right below are needed to properly call the Master DG to serve demo purposes
appc.service.logic.module.name=APPC
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml
index 6cd3c2b554..f120f12072 100755
--- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml
+++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml
@@ -62,7 +62,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-blueprintsprocessor:0.7.1
+image: onap/ccsdk-blueprintsprocessor:0.7.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/cds/charts/cds-command-executor/values.yaml b/kubernetes/cds/charts/cds-command-executor/values.yaml
index 3f9fb87e13..2bc84bd299 100755
--- a/kubernetes/cds/charts/cds-command-executor/values.yaml
+++ b/kubernetes/cds/charts/cds-command-executor/values.yaml
@@ -40,7 +40,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-commandexecutor:0.7.1
+image: onap/ccsdk-commandexecutor:0.7.2
pullPolicy: Always
# application configuration
diff --git a/kubernetes/cds/charts/cds-py-executor/Chart.yaml b/kubernetes/cds/charts/cds-py-executor/Chart.yaml
new file mode 100755
index 0000000000..41b43c34a3
--- /dev/null
+++ b/kubernetes/cds/charts/cds-py-executor/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP CDS Py Executor
+name: cds-py-executor
+version: 6.0.0 \ No newline at end of file
diff --git a/kubernetes/cds/charts/cds-py-executor/requirements.yaml b/kubernetes/cds/charts/cds-py-executor/requirements.yaml
new file mode 100755
index 0000000000..676fe8f6b2
--- /dev/null
+++ b/kubernetes/cds/charts/cds-py-executor/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml b/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml
new file mode 100755
index 0000000000..f9c3377dd8
--- /dev/null
+++ b/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml
@@ -0,0 +1,90 @@
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ command:
+ - bash
+ args:
+ - '-c'
+ - 'AUTH_TOKEN=`echo -n $API_USERNAME:$API_PASSWORD | base64` /opt/app/onap/python/start.sh'
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{- include "common.containerPorts" . | nindent 12 }}
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ env:
+ - name: APP_PORT
+ value: {{ .Values.config.appPort }}
+ - name: AUTH_TYPE
+ value: {{ .Values.config.authType }}
+ - name: API_USERNAME
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }}
+ - name: API_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }}
+ - name: LOG_FILE
+ value: {{ .Values.config.logFile }}
+ - name: ARTIFACT_MANAGER_PORT
+ value: {{ .Values.config.artifactManagerPort }}
+ - name: ARTIFACT_MANAGER_SERVER_LOG_FILE
+ value: {{ .Values.config.artifactManagerLogFile }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: {{ .Values.persistence.deployedBlueprint }}
+ name: {{ include "common.fullname" . }}-blueprints
+ resources:
+{{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | nindent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ # Py executor shares the blueprintsprocessor storage (for now) to
+ # share uploaded CBA files. In the future it will be deprecated
+ # when all parts of the CDS will make use of Artifact Manager
+ - name: {{ include "common.fullname" . }}-blueprints
+ persistentVolumeClaim:
+ claimName: {{ include "common.release" . }}-cds-blueprints
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml b/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml
new file mode 100644
index 0000000000..c36607b172
--- /dev/null
+++ b/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright (c) 2020 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }} \ No newline at end of file
diff --git a/kubernetes/cds/charts/cds-py-executor/templates/service.yaml b/kubernetes/cds/charts/cds-py-executor/templates/service.yaml
new file mode 100755
index 0000000000..1267791b6c
--- /dev/null
+++ b/kubernetes/cds/charts/cds-py-executor/templates/service.yaml
@@ -0,0 +1,15 @@
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }} \ No newline at end of file
diff --git a/kubernetes/cds/charts/cds-py-executor/values.yaml b/kubernetes/cds/charts/cds-py-executor/values.yaml
new file mode 100755
index 0000000000..206ae10a75
--- /dev/null
+++ b/kubernetes/cds/charts/cds-py-executor/values.yaml
@@ -0,0 +1,120 @@
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific lan`guage governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ # Change to an unused port prefix range to prevent port conflicts
+ # with other instances running within the same k8s cluster
+ nodePortPrefix: 302
+
+ # image repositories
+ repository: nexus3.onap.org:10001
+
+ # readiness check
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+
+ # image pull policy
+ pullPolicy: Always
+
+ persistence:
+ mountPath: /dockerdata-nfs
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/ccsdk-py-executor:0.7.2
+pullPolicy: Always
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ port: 50052
+ initialDelaySeconds: 20
+ periodSeconds: 20
+ timeoutSeconds: 20
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ port: 50052
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 20
+
+service:
+ type: ClusterIP
+ ports:
+ - port: 50052
+ name: executor-grpc
+ - port: 50053
+ name: manager-grpc
+
+secrets:
+ - uid: api-credentials
+ externalSecret: '{{ tpl (default "" .Values.config.authCredentialsExternalSecret) . }}'
+ type: basicAuth
+ login: '{{ .Values.config.apiUsername }}'
+ password: '{{ .Values.config.apiPassword }}'
+ passwordPolicy: required
+
+config:
+ # the api credentials below are used to authenticate communication with blueprint
+ # processor API. Py executor in this context is a client of the blueprint processor
+ apiUsername: ccsdkapps
+ apiPassword: ccsdkapps
+ env:
+ appPort: 50052
+ authType: tls-auth
+ logFile: /dev/stdout
+ artifactManagerPort: 50053
+ artifactManagerLogFile: /dev/stdout
+
+persistence:
+ enabled: true
+ mountSubPath: cds/blueprints/deploy
+ deployedBlueprint: /opt/app/onap/blueprints/deploy
+
+ingress:
+ enabled: false
+
+flavor: small
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
diff --git a/kubernetes/cds/charts/cds-sdc-listener/values.yaml b/kubernetes/cds/charts/cds-sdc-listener/values.yaml
index b9c329a124..c784a82ba1 100644
--- a/kubernetes/cds/charts/cds-sdc-listener/values.yaml
+++ b/kubernetes/cds/charts/cds-sdc-listener/values.yaml
@@ -37,7 +37,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-sdclistener:0.7.1
+image: onap/ccsdk-sdclistener:0.7.2
name: sdc-listener
pullPolicy: Always
diff --git a/kubernetes/cds/charts/cds-ui/values.yaml b/kubernetes/cds/charts/cds-ui/values.yaml
index 0dcf7feefd..d084307bbb 100644
--- a/kubernetes/cds/charts/cds-ui/values.yaml
+++ b/kubernetes/cds/charts/cds-ui/values.yaml
@@ -28,7 +28,7 @@ subChartsOnly:
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-cds-ui-server:0.7.1
+image: onap/ccsdk-cds-ui-server:0.7.2
pullPolicy: Always
# application configuration
diff --git a/kubernetes/common/Makefile b/kubernetes/common/Makefile
index 5bd503e0ff..941c2f84df 100644
--- a/kubernetes/common/Makefile
+++ b/kubernetes/common/Makefile
@@ -20,7 +20,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
COMMON_CHARTS_DIR := common
EXCLUDES :=
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@@ -49,4 +49,4 @@ clean:
@rm -f *tgz */charts/*tgz
@rm -rf $(PACKAGE_DIR)
%:
- @: \ No newline at end of file
+ @:
diff --git a/kubernetes/common/cassandra/requirements.yaml b/kubernetes/common/cassandra/requirements.yaml
index bab2c4befc..90e6621aa3 100644
--- a/kubernetes/common/cassandra/requirements.yaml
+++ b/kubernetes/common/cassandra/requirements.yaml
@@ -16,4 +16,4 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
diff --git a/kubernetes/common/certInitializer/Chart.yaml b/kubernetes/common/certInitializer/Chart.yaml
new file mode 100644
index 0000000000..3b20045b1f
--- /dev/null
+++ b/kubernetes/common/certInitializer/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Template used to obtain certificates in onap
+name: certInitializer
+version: 6.0.0
diff --git a/kubernetes/common/certInitializer/requirements.yaml b/kubernetes/common/certInitializer/requirements.yaml
new file mode 100644
index 0000000000..237f1d1354
--- /dev/null
+++ b/kubernetes/common/certInitializer/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: 'file://../common'
diff --git a/kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64 b/kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64
new file mode 100644
index 0000000000..71b6782c58
--- /dev/null
+++ b/kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64
@@ -0,0 +1,30 @@
+MIIGFAIBAzCCBdoGCSqGSIb3DQEHAaCCBcsEggXHMIIFwzCCBb8GCSqGSIb3DQEHBqCCBbAw
+ggWsAgEAMIIFpQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIIYleh/TibnoCAggAgIIF
+eGle/QhuHZkU5OjTo1L4MUbBFMGEu2hFNjqzYC3fuvfSIdMUxVZ1vQspIPNiPs1+WZ/lB9vZ
+vBkQZ6AyBNTqZlHk5vv1tNyLksZCMRWlPLB/GF8becTuawuC2+IJajmuN5aLG9Fsx9G+bKQ6
+fO/VUq4urhuOEhKtft2wVUrQON0GnDcUemj/OLE6jMWrNlrxVdCqqII8xs5yGr/qfIRtpIVx
+NZOAJdlKGZcc47wIG+lXHDeibH4rtObOLSk6mY9bjQ7Omp6HsshOaFDsx/ZWiG1+H7ZRDSSK
+v5qWpr5xEhBM66TufMi0Tn8XNUsjkKCar25acH1odQQIQLhpFcqDyKaqFQM/60fvH4CTQ1SA
+7vhpfUx9y7t2cEIg8lDEhhOUSRIVr+iw0zhoknPxJLfPuhRDzVKm8KxADCVjVR29K9nBgIrF
+IVQ4gW0RRmCcHqBPVoakWs0BdTzhMwWtnxTLkpSLZoMkoi/8wfw7SDhaV4G6qXXqvDVaWbwR
+nqpZWeQBRDSqOEmsPuLzq2J1Ls/v9J5ZQpeqyyYinGCjUUlC+fE6nhCrNsHeWTOlmBUyh/kA
+WDAx1LgctqTwgIpPrJzkjPCfIuJyO7lhHFyBK8j/8NwMUgA5zBismhtQ3kQ3GBmTCm1cFkdz
+AR4cV30244Oe3GmJG8ZUWiTjIuq2Eo4ISUR1h50uXlCja9n9n964wPJkNJyHyUa5cqz/EAkM
+vzeL0VNW7Jpym3gRxNLqYILFBjZnhC7R9RhHciHYwIEEMj9WywDE6hDZqFReI6N3ZQNIWnHt
+Je6e1YFwduGWnQFnL33XZi7ZqVY9Pr7mwu9c/LaCUuwDwy2rtAY50cnpp9CfbIp3oD33sfNe
+LMmCcEkRvl/BNMtifnWnsaiCCoUZxLe6d8JWudu4r8M+bdoIkqoIUSyhuIsjjKnYAE/wmZvy
+nphgC9tN1g5rY5CxqEQXyGvaD/lRgxpchKqwFFF89dEU27llLPneRSiIpth/pnip104N7H/+
+I5RaHNfaiNTUGLJSqmewCPCKritGJogqaBCj8oiI8uGovQZEYd8kgaDao8FCrpOFaHFhlUxd
+fltyOZImAQ4cLEywj9VZFz/AriV+FZWe0VS1A6pBCknwZJBBJPKSQ4fAoDwAWmQsiHRE6h/N
+OcD9zh4XqnCgy2f07SOPBf8AnLoe9XJXVm5T6xG8ZwfrmtDYk9Ze2VTxFJsolcaz/58JqSe3
+2mc3nuQqhZEzP7bWoD68ekykfbm2qJcC82fxYKkooNJ1T/Aagh+Vxsc8t/ubAEAKzz4fXZY5
+hO2zuk3AIn6WkwKZwoHfuCXXH1o3vlGsQx59N2kvifNUZf5ZzSbHIB8Hefckh0W9FMYE99de
+lKdv5H4BSIiZ4v7r/0AkiV0M6WJOdogkEBIBcE81URAI6uwBuq2vUMyhIlekvmGlfV1+70jR
+T22rjPiaswc8+GqDoI1kRrEwHHYT8O2JLBkSBv9A6LkCJPNt2bepPnJM7OyShQ0srmwdZOpY
+0YcDZwbWVQNPZqtvZJl860mMisXO9MRIBS1udkL2SgzWYNpgGJN/vaRgjQiDyN9B4x8a+5sx
+7fCLzmcxHeP7eYBkmH4guPCRr8VZboQanShKje3iS6ukKI15aD9FnzGn3TwrMyLTqzvBZSct
+yM5Ew7cwUe67OKAXATaLc3AK5OBAqyLGMsi5Q1C8Hd/zqu6tQ/aRUpqfocRIIVrO+zEVfPfA
+DOTtA7y6FHY00J2WwOkmZ9CkUWURFadA1+w3oIvlAxMDTfvEstOfvIs5TJalPRjsQYFW2875
+9IQ01SN7jFYKGWzGfsdtDrEJC3157J9Kjy56QUNgYKVaYe0V26Olwir3mAGH4dSaQMVsMDEw
+ITAJBgUrDgMCGgUABBTxE9oEHuqG7KvR83sl8JdO+A6MxAQIwdEAxeLiamcCAggA
+
diff --git a/kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64 b/kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64
new file mode 100644
index 0000000000..17b051268f
--- /dev/null
+++ b/kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64
@@ -0,0 +1,2186 @@
+/u3+7QAAAAIAAABrAAAAAgAYdmVyaXNpZ25jbGFzczJnMmNhIFtqZGtdAAABVsJJxYQABVgu
+NTA5AAADBzCCAwMwggJsAhEAuS9gzIifoXpGCbhbcGyKrzANBgkqhkiG9w0BAQUFADCBwTEL
+MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTwwOgYDVQQLEzNDbGFzcyAy
+IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIxOjA4BgNVBAsT
+MShjKSAxOTk4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAd
+BgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmswHhcNOTgwNTE4MDAwMDAwWhcNMjgwODAx
+MjM1OTU5WjCBwTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTwwOgYD
+VQQLEzNDbGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g
+RzIxOjA4BgNVBAsTMShjKSAxOTk4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQg
+dXNlIG9ubHkxHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmswgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAKeIASF0LOcaA/CY4Zc8DyEI8Zzbl+ma/MIEBhO+X1LIzB4sElYs
+uAFpLMyZH62wlq55BPITOcF7mLoILOjChBMsqmnpCfTHqQKkQsIjT0rY8A6i+zFsyeZvmScH
+9eb0THiebetGhvq5hslU8rLEr9RGHFrJFTD/DWz1LQ5tzn93AgMBAAEwDQYJKoZIhvcNAQEF
+BQADgYEAci75f9HxcfvEnvbFXlGKQJi4aPibHIPY4p29/+2h5mbqLwn0ytfqpSuV9iRghk1E
+LoOlxC2g0654aW9y2myuCPBjkjfmu8QwF613zEk1qs/Yj9G+txiWR3NqVCI0ZC22FptZW7RR
+WTqzCxT0Et9noPStMmResUZyJ4wSe8VEtK4AAAACABlkaWdpY2VydGFzc3VyZWRpZGczIFtq
+ZGtdAAABVsJI3zgABVguNTA5AAACSjCCAkYwggHNoAMCAQICEAuhWvod36C1SUSvzSSgbOww
+CgYIKoZIzj0EAwMwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcG
+A1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBS
+b290IEczMB4XDTEzMDgwMTEyMDAwMFoXDTM4MDExNTEyMDAwMFowZTELMAkGA1UEBhMCVVMx
+FTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIG
+A1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IEczMHYwEAYHKoZIzj0CAQYFK4EEACID
+YgAEGee8rERl7c24P1j7jbFXqUQtBRXy7wv/EHSftWJSX2Z+H+XcG0V5C8zGUwqdjV0C2alZ
+3gJa9pUqDo04SopJxrzGAzgHX1Xafglu4n9e0EUgD1l2ENagJPAt3jbybCk5o0IwQDAPBgNV
+HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUy9C9qeGYBVGhTTeig3nO
+jR0q5IQwCgYIKoZIzj0EAwMDZwAwZAIwJaSBRQJrEkt1dE/II+Nw8nVy3nyJ8M+RcmGeXhCS
+WVa5g8cQ5zjpWCY2fdXkNIY5AjB8NlPwMOViYzqZ4rajO5s0+h7aEJJxXpETp92kbpLMMtb1
+IWbHL+qWY2plRZKVAbQAAAACAB12ZXJpc2lnbnVuaXZlcnNhbHJvb3RjYSBbamRrXQAAAVbC
+SX1uAAVYLjUwOQAABL0wggS5MIIDoaADAgECAhBAGsRkIbMTIQMOu+QSGsUdMA0GCSqGSIb3
+DQEBCwUAMIG9MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNV
+BAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVu
+aXZlcnNhbCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQwMjAwMDAwMFoX
+DTM3MTIwMTIzNTk1OVowgb0xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5j
+LjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDgg
+VmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE4MDYGA1UEAxMvVmVy
+aVNpZ24gVW5pdmVyc2FsIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHYTdesQE022LXFZv/WFqMIyPWYI6R15CYg3rmWBk4
+jMX25WSFtKJx++29udrNTQC0yC1zpcdpcZUfOTyyRAec6A76TUrEId8pYY8yImGCxYcfbox8
+XxYgUUTRcE9X6uMc48x57ljYDsKzRZPALOeaFyt7ADd6QTN44TPi8xAaf4csvvb190Li5b+H
+YolfAEvfxd3kdUQyQToecW5pywt1RgjRytIrldDP+7lAa2SMV038ExF5hO1eVPY0nwgB8xAl
+BhdK2vEdemZrmGBmpNnv0i6C8fDvCepEyRVq4gNuM9Osn1UAx/YIapS5X9zgM/GEYPlbJxG0
+/Bbyu1ZqgCWNAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+bQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XT
+GoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5n
+aWYwHQYDVR0OBBYEFLZ3+mlIR59TEtXC6gcydgfRlwcZMA0GCSqGSIb3DQEBCwUAA4IBAQBK
++PiwA+YsZ3vklHdjzG5M+X0ODdzIuTW5cE9j+iT6bIOMR507Y/Oa+XYylZGxd7ysmr6x5DEh
+xoGVVloOscLUsaZZrPFjy7hMHVmQSu+QFigfWq4Q+4FQOAxszPE9w/Vj47PjIckkOen9FWZG
+9BsR0E1zo31G+T3tqF9i1PE/+OB0VysYnYG0xCjalJelcOusHb4HEfDV293ljPDVMrCD5lfi
+j7++oaq/PR211Djq17BcOk9qP4/AZmxjqunZpBb0gdGVFA59zZU02dKPcHOBe5x+vZhh2EWH
+mJDF64YwxjW/8P/DVYiDS+8FkgZx8riYk7fszYJh8TjmT5eYKlqNAAAAAgAbZGlnaWNlcnR0
+cnVzdGVkcm9vdGc0IFtqZGtdAAABVsJJT9kABVguNTA5AAAFlDCCBZAwggN4oAMCAQICEAWb
+G1eejiEy4jkHvad3dVwwDQYJKoZIhvcNAQEMBQAwYjELMAkGA1UEBhMCVVMxFTATBgNVBAoT
+DERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGln
+aUNlcnQgVHJ1c3RlZCBSb290IEc0MB4XDTEzMDgwMTEyMDAwMFoXDTM4MDExNTEyMDAwMFow
+YjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRp
+Z2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQgVHJ1c3RlZCBSb290IEc0MIICIjANBgkq
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv+aQc2jeu+RdSjwwIjBpM+zCpyUuySE98orYWcLh
+Kac9WKt2ms2uexuEDcQwH/MbpDgW61bGl20dq7J58soR0uRf1gU8Ug9SH8aeFaV+vp+pVxZZ
+VXKvaJNwwrK6dZlqczKU0RBEEC7fgvMHhOZ0O21x4i0MG+4g1ckgHWMpLc7sXk7Ik/ghYZs0
+6wXGXuxbGrzryc/NrDRAX7F6Zu53yEioZldXn1RYjgwrt0+nMNlW7sp7XeOtyU9e5TXnMcva
+k17cjo+A2raRmECQecN4x7axxLVqGDgDEI3Y1DekLgV9iPWCPhCRcKtVgkEy19sEcypukQF8
+IUzUvK4bA3VdeGbZOjFEmjNAvwjXWkmkwuapoGfdpCe8oU85tRFYF/ckXEaPZPfBaYh2mHY9
+WV1CdoeJl2l6SPDgohIbZpp0yt5LHucOY67m1O+SkjqePdwA5EUlibaaRBkrfsCUtNJhbesz
+2cXfSwQAzH0clcOP9yGyshG3u3/y1YxwLEFgqrFjGESVGnZifvaAsPvoZKYz0YkH4b235kOk
+GLimdwHhD5QMIR2yVCkliWzlDlJRR3S+Jqy2QXXeeqxfjT/JvNNBERJb5RBQ6zHFynIWIgnf
+fEx1P2PsIV/EIFFrb7GrhotPwtZFX50g/KEexcCPorF+CiaZ9eRpL5gdLfXZqbId5RsCAwEA
+AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFOzX44LS
+cV1kTN8uZz/nupiuHA9PMA0GCSqGSIb3DQEBDAUAA4ICAQC7Ydl9qWy+F8SRG8OhogCN42Ro
+D1bPd65w+f2aSpm5yXhcDAxf5OYUKVYLNkldRGPgrZyWGGYbIw09eelta9ZU+NI8wUNArh1Q
+9VL8kDu7mJlpa8fBp6hopCfcnfknrjCFufZnTTo+j1k5IlNE68hdA8rtUHp9YiEKgMhzZtGg
+BWBf6KW0p6+o9201nHxaitaiOJnzeIv0TdIgC94E7oybR4FyDcAUMu8wWS6u4HHyVuRql2+S
+UG2WjWh6mrI2FHoG8iS5CRFQ1wixuIl6hCNhQinlo82iIEHX0Zxk2eomoYsU10wZslBBcT0/
+TXAjhgxK3IHSzDKUhA0ICZccT8DuayB0MNLgOTQQhSEVAQjoVTLecUnZKBdQTea+TdF1rNDK
++0G4Q6Wq08MFRE8sNpvi+uJFuCNTbAZvZ1V/RrVMP24oWnkm0qSoYpfSHuLtSou8G/1HSg3f
+Z2Z+sltB0Dvk9Dv0BGPp78JUAFGgiirJznjM1eqHBBizzq9JiK/zkpm2s+ZhD9KFAOdQGuQb
+lZ0ZobmcsZuxAB7v0A9PQmzJCrzuQ/o6caXITSalNf2JXbyFYh0y0qArVO2aV8Hb+hDPGbeL
+ShuPAbYnlVPotoltW7xo1CPoi1GiVvnwpoCg1h6zvA8PU3UpquoTd+TejIEhrQcQRxGthz0H
+0XW8z/NmfgAAAAIAGHZlcmlzaWduY2xhc3MxZzNjYSBbamRrXQAAAVbCSfnFAAVYLjUwOQAA
+BB4wggQaMIIDAgIRAItbdVaEVIULAM+vOEjOsaQwDQYJKoZIhvcNAQEFBQAwgcoxCzAJBgNV
+BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1
+c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0
+aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMSBQdWJsaWMgUHJp
+bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2
+MDcxNjIzNTk1OVowgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEf
+MB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVy
+aVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp
+Z24gQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcz
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3YTUubT5p9jzBHic3j3cbBMW2Xrd
+JFFmwMcmWQ2sBgjClNEzH/CDNR9uG8jeqm4VTlQn78RtGuwL4w7wRKVXx0BYHqNHH3HsYPZt
+lMgYOe3+QhhW3+RMSRB4TgF2NWMSNt1mvAEENqNVaNWiNgmsqyEmVAatP8oU4KzKrQYdleL4
+nfHgYP/Cf3UrTMza/oeZIeq6/j5U19JZeNs8bs+gEwAauCeh5L5nlsqgxbOc3cl1nuswml+j
+zdmueBk/I+lc2ym9rVXIG1SMY/bopurHNxJcoykeAtnbHzu01w9WR4EVBEqvgyfRxViIwd32
+qqejGNpoqm0RUeG/ZWuflnbRPQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCrZo3Xs7rHmrbm
+VdAF8Z8xjVqq2apGJg9x7aWtU1ZiAUcqROn+P3QLE5u59E0bstFfsrbSiFyzn83L1KfZYJWE
+OvjBNx1hyuewxeWR2lSmrDGBrpfezQisuMCXgH9ucqTnaROVZR/Ekzz9eY8E1D5P6veezs1n
+fE9lAv+RhVRzx/8294Yt7NBeT/8Rn3IG1rga8UwNJmXiRIAex5/j3egK2uylIIBpaKFPfuFr
+zwdB+oOOvDjdsC4RsWuyQsyavPlIInlKGQ+yHD4gdNlqw77yKHgTVnlPbVDqG7C1V7E3Zlgj
+89wP3wqHxO+GBdU4FGCZo0veBpZxLPLbth+k7z/uAAAAAgAXaWRlbnRydXN0cHVibGljY2Eg
+W2pka10AAAFWwkjoQQAFWC41MDkAAAVqMIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAA
+AjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSow
+KAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1
+MzMyWhcNMzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0
+MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7ekosMSqMjbCpwzFr
+qHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGyRBb06tD6Hi9e28tzQa68ALBK
+K0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlSbdsHyo+1W/CD80/HLaXIrcuVIKQxKFdY
+WuSNG5qrng0M8gozOSI5Cpcu81N3uURF/YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3Lv
+dYDaBjMbXcjaY8ZNzaxmMc3R3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZ
+ZoY+rfGwyj4GD3vwEUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFn
+ol57plzy9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9V
+GxyhLrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ2fjXctsc
+vG29ZV/viDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsVWaFHVCkugyhfHMKi
+q3IXAAaOReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gDW/3FKqD2cyOEEBsB5wIDAQAB
+o0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU43Hgntin
+QtnbcZFrlJPrw6PRFKMwDQYJKoZIhvcNAQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiH
+VIyqZJnYWv6IAcVYpZmxI1Qjt2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4J
+aj0z8yGa5hV+rVHVDRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0f
+b7iAaJg9TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8G
+lwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwWmhlQBJqy
+mm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4DfWN88uieW4oA0beOY
+02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5+bl53B/N66+rDt0b20XkeucC
+4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJtshquDDIajjDbp7hNxbqBWJMWxJH7ae0
+s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhAGaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dx
+VJCO2SCdUyt/q4/i6jC8UDfv8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLat
+t8o+Ae+cAAAAAgAadXRudXNlcmZpcnN0b2JqZWN0Y2EgW2pka10AAAFWwkkumAAFWC41MDkA
+AARqMIIEZjCCA06gAwIBAgIQRL4Mi1AAJLQR0zYt4LNfGzANBgkqhkiG9w0BAQUFADCBlTEL
+MAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEeMBwG
+A1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0
+cnVzdC5jb20xHTAbBgNVBAMTFFVUTi1VU0VSRmlyc3QtT2JqZWN0MB4XDTk5MDcwOTE4MzEy
+MFoXDTE5MDcwOTE4NDAzNlowgZUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UE
+BxMOU2FsdCBMYWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8G
+A1UECxMYaHR0cDovL3d3dy51c2VydHJ1c3QuY29tMR0wGwYDVQQDExRVVE4tVVNFUkZpcnN0
+LU9iamVjdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6qgT+jo2F4qjEAVZUR
+nicPHxzfOpuCaDDASmEd8S8O+r5596Uj71VRloTN2+O5bj4x2AogZ8f02b+U60cEPgLOKqJd
+hwQJ9jCdGIqXsqoc/EHSoTbL+z2RuufZcDX65OeQw5ujm9M89RKZd7G3CeBo5hy485RjiGpq
+/gt2yb70IuRnuasaXnfBhQfdDWy/7gbHd2pBnqcP1/vulBe3/IW+pKvEHDHd17bR5PDv3xaP
+slKT16HUiaEHLr/hARJCHhrh2JU022R5KP+6LhHC5ehbkkj7RwvCbNqtMoNB86XlQXD9ZZBt
++vpRxPm9lisZBCzTbafc8H9vg2XiaquHhnUCAwEAAaOBrzCBrDALBgNVHQ8EBAMCAcYwDwYD
+VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU2u1kdBScFDyr3ZmpvVsoTYs8ydgwQgYDVR0fBDsw
+OTA3oDWgM4YxaHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VUTi1VU0VSRmlyc3QtT2JqZWN0
+LmNybDApBgNVHSUEIjAgBggrBgEFBQcDAwYIKwYBBQUHAwgGCisGAQQBgjcKAwQwDQYJKoZI
+hvcNAQEFBQADggEBAAgfUrE3RHjb/c652pWWmKpVZIC1WkDdIaXFwfNfLEzIR1pp6ujwNTX0
+0CXzyKakh0q9G7FzCL3Uw8q2NbtZhncxzaeAFK4T7/yxSPlrJSUtUbYsbUXBmMiKVl0+7kNO
+PmsnjtA6S4ULX9Ptaqd1y9Fahy85dRNacrACgZ++8A+EVCBibGnU4U3GDZlDAQ0Slox4nb9Q
+orFEqmrPF3rPbw/U+CRVX/A0FklmPlBGyWNxODFiuGK581OtbLUrohKqGU8J2l7nk8aOFAj+
+8DCAGKCGhU3IfdeLA/5u1fedFqySLKAj5ZyRUh+U3xeUc8OzwcFxBSAAeL0TUh2oPs0AH8gA
+AAACABlnZW90cnVzdHVuaXZlcnNhbGNhIFtqZGtdAAABVsJJG3gABVguNTA5AAAFbDCCBWgw
+ggNQoAMCAQICAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdl
+b1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0IFVuaXZlcnNhbCBDQTAeFw0wNDAzMDQw
+NTAwMDBaFw0yOTAzMDQwNTAwMDBaMEUxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVz
+dCBJbmMuMR4wHAYDVQQDExVHZW9UcnVzdCBVbml2ZXJzYWwgQ0EwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCmFVWgo8bgH4ydIVDXwb4rW7WknqHZcli9ABtMv2HJFB1FgqvG
+HYDWPesQnDqvbST4vHEBngb1fF8ewQ5VyoOaWTCuGcswSJXtIjeN9EqacmY+rZXA4BYA4BAf
+KzEO15RU00IzoDQdHkV23U/KGDfshRV6GQj81cec8PKpLhCpkuY9WD2pFmg8L3UhGH8od6Xh
+YRe3pun4Hpnbc270CqIhbO7aqoWSZq/2emuC2roiCDUPz0LxNfpq7n4rJcw6EeRtr3Oydh2t
+0LJ4ZxqkORxRC2dWg/04XQ3O3fC7K5Yf3nsyUv0du7UGobIhXqXWlWh/8Jme3EUIPufSCQ01
+lN2ATlOX17UJRCBkFhcDAkxTDWje1apyTZNtgg7bnL3PtPNcXVR6aQmW1tsRwY11qLTPOcjO
+PLwkfOZiyuG9fae9V2UL5P4l7bZpENwoGka9AR3Ql7XhmDvAN2TWPZTuC+H1KK4LVr9xiyMp
+QY6GxUtSe9hxqx+KFaY7g1rXWAFRxkxB2X/YQWdyoijfYIOpnsh7/FNzcln1k3oXdg7O9+Vc
+2QtVNKKqW7VqVOcTylfsl230XgYvRYtY1CMWkuQWbihjWTDfUAGcY4kan9sXlIJwN8MknppH
+1lrKTqhpiXIfkWzbfp4brccfc90sTxll/X+TQBAu0vDtPJ4uKD5pJjPFewIDAQABo2MwYTAP
+BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTauy6qsAy4iCZRdFxtA9PA2I961jAfBgNVHSME
+GDAWgBTauy6qsAy4iCZRdFxtA9PA2I961jAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEF
+BQADggIBADF45se137iUQMlxxKg17EYdwoXzKFiGsAv8jrI5j0RVq2SEXGmp0Jo4PPrlHzXl
+ROOAeZRopLvEnz3hNM0wRotUK5Wl7/c/mYT9NebPMcbcar+n1yMI4Zhew1oIdqmmr3cvt2C9
+REZq75f/c5XBjuiT+/0xt+xXERFFmzDxGog5wU88pwDVx/yrbYAicKUM4F0EKQL7y6CR0XzW
+w35Q1Z1YvkE467l1PBXZm8lKg1nA2lP9M7s2GJuFDxXd7i2sdpO52QGNSBCo+/U4hvHbCsa9
+hKMjQd7Wd2+F1IUcUOCuUYq6jT524rnKJ/Jfn+9uWQ0G2CsXpNJ8a7tfFBpIjxpM57NHHI5M
+RSsg7kjf590Jjhio2kCNkiYRU2FzXeu958RNKTdh66w5LWcuFtb1AIOFocx/dsR95LdLZu8D
+RWBptgxSlpKEXqajtaQ+K9nM2BtHqvJE2k/5A+jwFMs/84Pe0MFU47foCjdNiyBZAzAZoSzI
+vREf367JSsXzJ2Zmhqxokf/Z5lMcD4tcaWUKJsgeNMNdUXvXqZwGoTbd1YmUvNnkLQxeCWwI
+l3yjPXyT/z+hFKfPtV3r29scxHbfiLm9RQWVG678RmpMr0jjzq4P0n7r5mycT4FqemSsuz7V
+58t2LsWnSMFckA/LyD/65jLhjRtvpOaO2PkpSIrOc/4sAAAAAgAaZGlnaWNlcnRnbG9iYWxy
+b290ZzMgW2pka10AAAFWwkkPcwAFWC41MDkAAAJDMIICPzCCAcWgAwIBAgIQBVVWvPJepDU1
+w6QP1atFcjAKBggqhkjOPQQDAzBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
+SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9i
+YWwgUm9vdCBHMzAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYT
+AlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x
+IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYFK4EEACID
+YgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FGfp4tn+6OYwwX7Adw
+9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPOZ9wj/wMco+I+o0IwQDAPBgNV
+HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNp
+Yim8S8YwCgYIKoZIzj0EAwMDaAAwZQIxAK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj
++Z4y3maTD/HMsQmP3Wyr+mt/oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqp
+isXRAL34VOKa5Vt8sycXAAAAAgAcZGV1dHNjaGV0ZWxla29tcm9vdGNhMiBbamRrXQAAAVbC
+SSebAAVYLjUwOQAAA6MwggOfMIICh6ADAgECAgEmMA0GCSqGSIb3DQEBBQUAMHExCzAJBgNV
+BAYTAkRFMRwwGgYDVQQKExNEZXV0c2NoZSBUZWxla29tIEFHMR8wHQYDVQQLExZULVRlbGVT
+ZWMgVHJ1c3QgQ2VudGVyMSMwIQYDVQQDExpEZXV0c2NoZSBUZWxla29tIFJvb3QgQ0EgMjAe
+Fw05OTA3MDkxMjExMDBaFw0xOTA3MDkyMzU5MDBaMHExCzAJBgNVBAYTAkRFMRwwGgYDVQQK
+ExNEZXV0c2NoZSBUZWxla29tIEFHMR8wHQYDVQQLExZULVRlbGVTZWMgVHJ1c3QgQ2VudGVy
+MSMwIQYDVQQDExpEZXV0c2NoZSBUZWxla29tIFJvb3QgQ0EgMjCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAKsLozXgiykUsRSFrzwQ5DlvNV1Krt3qYY2VSfRvZKMaYGakqUAi
+hNnUpeV4kw5oAa25TVw6ztO4qEJA38+juoJZapIbrBya2ggrJSf5aSNH8eDrLHqb9RMC0H40
+fMKePABZq/XaDPUyPCusUNrWw96DlMqoDJkyDghIVltq+9rhWFgBSV9yQTwVBgGOXa2quJO0
+zZ7rp+hqLVI02zrvXHVR2tvzMfnucZgyxFQVRAz5m1Xtrd8YCKCjhopJ7lMFjxlM1d5YeZvS
+ahxCq8XVp89oD5bk4WGYdmHIkXzWPgDikVCH4Z0K5q2X0h3GOn3LvNoDNNWOWwH1age3FrZu
+Sn8CAwEAAaNCMEAwHQYDVR0OBBYEFDHDeRu69VPXF+CJei0XbAqzK50zMA8GA1UdEwQIMAYB
+Af8CAQUwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCUZFmtOWTnKesT/lrD
+ixNXyAQk8HR3wGDjZ/vpiaaDv5aCfG7Uwz3vnoBuuym0mHqxO1TrORdHfhqOC/wfMVkxBLLO
+F/Msx2I2VeIi2IlVtJhIqmT61hw22ER4WlojOleX9XowT66fakxLK46gA+M+4KnU0nvSs6ji
+cjytnv+AWeSbRbT2O7DNORmYMuXqIWGQ5DEhjjSx9y81SoUQ2ueKNyG+WWPg8oWIMVPUVBSF
+cHn0LgZ3J3UvH7iK+f7Futg25IPs52W3v2Na80avgZQ31EGM1iPWHs/1aBtEY6Jauqc1WaHl
+cAWbDiNXmZQKbbo5YyiGkvMYhNj70c8FVmRXAAAAAgAWZW50cnVzdHJvb3RjYWVjMSBbamRr
+XQAAAVbCSWH7AAVYLjUwOQAAAv0wggL5MIICgKADAgECAg0Apot5KQAAAABQ0JH5MAoGCCqG
+SM49BAMDMIG/MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UE
+CxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIg
+RW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTMwMQYDVQQDEypFbnRy
+dXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBFQzEwHhcNMTIxMjE4MTUyNTM2
+WhcNMzcxMjE4MTU1NTM2WjCBvzELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIElu
+Yy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsT
+MChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEG
+A1UEAxMqRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMHYwEAYH
+KoZIzj0CAQYFK4EEACIDYgAEhBPJ0LptQXvibNDrVV9mAhok9FuJaUfjuMJ98fICxZ+g9lvV
+iwYZhk9TEG0HJCehoPjVRxlhTH3KkyfqdAzvb5YJ/mPscF02rWd3rsmdfFVEOqJjUR/142LU
+qUcHPswgo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
+t2PnGt2N6QimVYOk4GpQQWURQkkwCgYIKoZIzj0EAwMDZwAwZAIwYXnY5UJH3xyuU5kXtm8c
+feG/EZTRA4h15I2JpIp3Rt5tYe8C9fu138z+Tv/+qeanAjBbmdeFNwa1ewj96yeLSpT54fqn
+jiYI6HySaG1z2G8mrCECuJm3JkFbJWCu0Ega7gYAAAACABRzZWNvbXNjcm9vdGNhMSBbamRr
+XQAAAVbCSXcNAAVYLjUwOQAAA14wggNaMIICQqADAgECAgEAMA0GCSqGSIb3DQEBBQUAMFAx
+CzAJBgNVBAYTAkpQMRgwFgYDVQQKEw9TRUNPTSBUcnVzdC5uZXQxJzAlBgNVBAsTHlNlY3Vy
+aXR5IENvbW11bmljYXRpb24gUm9vdENBMTAeFw0wMzA5MzAwNDIwNDlaFw0yMzA5MzAwNDIw
+NDlaMFAxCzAJBgNVBAYTAkpQMRgwFgYDVQQKEw9TRUNPTSBUcnVzdC5uZXQxJzAlBgNVBAsT
+HlNlY3VyaXR5IENvbW11bmljYXRpb24gUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALOz/n/TbbHvFnxXpQxtdoovS79k+0zuivDzKXz1/+4q4OnpultkIpqabyw6
+JmlRBZkm3NUcanHGmn0end18bMaMZ2dKPvhxsBknqQkMppW/S4wM+lWYO9joIqFLcTh5rJeS
+abOJfuohaAaYFJaH0mE2vG0nVp5X7sDAVv0yz6TZjsIj142o89glrJfkcDj0tjq0nTuXJkOj
+obxJWXJMIzCHAVj2Tr4caFZmr81BXcizTSpVRqsf2h7iQD3bzX25koCcN90MlmSd3CL3ZIvf
+Yd4VlFIVoH1SyUuoIcnGse3Lw5Vg0Q/wq3D438tNfuzW+qvZvX9U8qXpefrZ1nYkKHMCAwEA
+AaM/MD0wHQYDVR0OBBYEFKBzSZlo3IVbZeObKC9Xn70zvAdIMAsGA1UdDwQEAwIBBjAPBgNV
+HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQBoQKmou+RPXXmzBbUXs2AT68aSXeDR
+02r++76bbb/HBW1ZIMQc8LfahFgCY/pIFu9PpQv3SpjyP54brUdrY84IR+tSP3icr02u+NVP
+z5qYKhBBOVLE3dmbDu+TAa6yLspoQiRCbLCzOj7N6dpIxBXL6fkHD5JQSYrdMZdfyek3qjtZ
+ZZeUMsmznz46YljFSa1iDnGlMqovxol2Q0ATE2c9olQlEMvxOvLZ+ttJVrum/qdBNcPgiGHJ
+iMffNhAimFnqsEr7VhZzbqxN9yKhT60dei1FJ+UwwV7y2hPLJUJRlUcDjGwhzHRC7VP/M4uP
+D1cBFi/Ppu7JcCIUvf2+bAsDAAAAAgAUZ2xvYmFsc2lnbnIyY2EgW2pka10AAAFWwkmAowAF
+WC41MDkAAAO+MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEg
+MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24x
+EzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1MDgwMDAwWjBM
+MSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2ln
+bjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPLv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe
++3t+c4isUoh7SqbKSaZeqKeMWhG8eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTos
+vNYSuetZfeLQBoZfXklqtTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnT
+lEnLJGKRILzdC9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpR
+l4pazq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCBmTAO
+BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IHV2ccHsBqBt5Z
+tJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9iYWxzaWduLm5ldC9y
+b290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjANBgkqhkiG9w0B
+AQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4GsJ0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbB
+uOmDAGJFtqkIk7mpM0sYmsL4h4hO291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yi
+PqFbQfXf5WRDLenVOavSot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG7
+9G+dwfCMNYxdAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRu
+JQ/7TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLgAAAAIA
+FGlkZW50cnVzdGRzdHgzIFtqZGtdAAABVsJI1HsABVguNTA5AAADTjCCA0owggIyoAMCAQIC
+EESvsIDWoye6iTA5hi74QGswDQYJKoZIhvcNAQEFBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBT
+aWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0wMDA5MzAy
+MTEyMTlaFw0yMTA5MzAxNDAxMTVaMD8xJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRy
+dXN0IENvLjEXMBUGA1UEAxMORFNUIFJvb3QgQ0EgWDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDfr+mXUAiDV7TMYmX2kILsx9MsazDKW+zZw33HQMEYFIvg6DN2SSrjPyFJ
+k6xODq8+SMtl7vzTIQ9l0irZMo+M5fd3sBJ7tZXAiaOpuu1zLnoMBjKDon6KFDDNEaDhKji5
+eQox/VC9gGXft1Fjg8jiiGHqS2GB7FJruaLiSxoon0ijngzaCY4+Fy4e3SDfW8YqiqsuvXCt
+xQsaJZB0csV7aqs01jCJ/+VoE3tUC8jWruxanJIePWSzjMbfv8lBcOwWctUm7DhVOUPQ/P0Y
+XEDxl+vVmpuNHbraJbnG2N/BFQI6q9pu8T4u9VwInDzWg2nkEJsZKrYpV+PlPZuf8AJdAgMB
+AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTEp7Gk
+eyxx+tvhS5B1/8QVYIWJEDANBgkqhkiG9w0BAQUFAAOCAQEAoxosmxcAXKke7ihmNzq/g8c/
+S8MJoJUgXePZWUTSPg0+vYpLoHQfzhCCnHQaHX6YGt3LE0uzIETkkenM/H2l22rl/ub94E7d
+twA6tXBJr/Ll6wLx0QKLGcuUOl5IxBgeWBlfHgJa8Azxsa2p3FmGi27pkfWGyvq5ZjOqWVvO
+4qcWc0fLK8yZsDdIz+NWS/XPDwxyMofG8ES7U3JtQ/UmSJpSZ7dYq/5ndnF42w2iVhQTOSQx
+haKoAlowR+HdUAe8AgmQAOtkY2CbFryIyRLm0n2Ri/k9Mo1ltOl8sVd26sW2KDm/FWUcyPZ3
+lmoKjXcL2JELBI4H2ym2Cu6dgjU1EAAAAAIAEWNvbW9kb2VjY2NhIFtqZGtdAAABVsJKBzwA
+BVguNTA5AAACjTCCAokwggIPoAMCAQICEB9Hr6piAHBQVEwBnptjmSowCgYIKoZIzj0EAwMw
+gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcT
+B1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8g
+RUNDIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDMwNjAwMDAwMFoXDTM4MDExODIz
+NTk1OVowgYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
+BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJD
+T01PRE8gRUNDIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MHYwEAYHKoZIzj0CAQYFK4EEACID
+YgAEA0d7L3XJghWF+3XkkRbUq2KZ9T5SCwbOQQB/l+EKJDwdAQTuPdKNCZcM4HXk+vt3iir1
+A2BLNosWIxatCXH0SvQoULT+iBxuP2wvLwlZW6VbCzOZ4sM9iflqLO+y0wbpo0IwQDAdBgNV
+HQ4EFgQUdXGnGUgZvJ2d6kFH35TESHeZ03kwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
+MAMBAf8wCgYIKoZIzj0EAwMDaAAwZQIxAO8DW3qst3gKcreI3/+1RhQJCvqg5n0IxhqHvRio
+c70mymAMnc6Zn89cDzDhvhQx6gIwFPSTPEmnM3qQRkezY30Tm063bxg3gFP+3SDgNZo20ccB
+uebc3fP/HSw6FlfZkjnWAAAAAgAcYmFsdGltb3JlY29kZXNpZ25pbmdjYSBbamRrXQAAAVbC
+STqyAAVYLjUwOQAAA6owggOmMIICjqADAgECAgQCAAC/MA0GCSqGSIb3DQEBBQUAMGcxCzAJ
+BgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxLzAt
+BgNVBAMTJkJhbHRpbW9yZSBDeWJlclRydXN0IENvZGUgU2lnbmluZyBSb290MB4XDTAwMDUx
+NzE0MDEwMFoXDTI1MDUxNzIzNTkwMFowZzELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRp
+bW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEvMC0GA1UEAxMmQmFsdGltb3JlIEN5YmVyVHJ1
+c3QgQ29kZSBTaWduaW5nIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI
+cZoYEo562/ma/EGv2PL0CY6tP/5nNzzaySZQsbE+y+hOcwDystzzxUb7Ce8Yls6n4JyEXSAO
+eqCqNov6KLZ4LrPs6EfzBPCQI7Tqr+VTuAX3R10rhvGnpMY7NbbSDVJB1/SSdeGiClBWh76X
+C3szhRC5KBjuM+pIEddbkUd2ItTuz13nqE4cnZaR3Zy9dAmocmGqsCE68T0sA1YJ0sHcw7XH
+VDer5iaiskZxc8oRiO6852T30BEac0BayEksD7fvkH9ogAQ4CxsPO9T1oLPCjuE0tICZbZ52
+1JIpQLGV0jekZxJ/4GK7rjXFmTaCRLjmeBgzYXGTWy2Nn3iVguttAgMBAAGjWjBYMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMDMB0GA1UdDgQWBBTIQTRcFRUE5UDy0auabySSeodCWjASBgNVHRMB
+Af8ECDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAUnSqlUsi
+jMc9lqT+Xfovtbzr8AvpVjgd0W0Nobxoi/DFgKUkNP3ylhgRhqE29TfnVEDVZB/DX3BCay05
+x55SBc7nanLSjXI/R1CDq8eNJcmw46dTFpWmalPqGJ2PeKl3dxr5tJdHWYgnKLXK4S7XPg6i
+DbgiRAPj0WOwQTqh9aQt93YeBFSZeDJA1yt8TbqmnLB5bge+jOzu1zhpW8EMVmif/uvR4ciI
++fLNf76FtERnAFA+9CYDZOp3fehePhw3R8jW6qTzNjyXwjlyBZQZJcPXN0EPwR+Hiv2qvumx
+ZFfk25Khz+FJ6DsfkRNaw4/ZJVhJgEcPxgOurOO/t8CqKgAAAAIAE2VudHJ1c3QyMDQ4Y2Eg
+W2pka10AAAFWwknWHgAFWC41MDkAAAQuMIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0B
+AQUFADCBtDEUMBIGA1UEChMLRW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5l
+dC9DUFNfMjA0OCBpbmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChj
+KSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3MjQxNDE1
+MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3LmVudHJ1c3QubmV0
+L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMcKGMp
+IDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQgQ2VydGlm
+aWNhdGlvbiBBdXRob3JpdHkgKDIwNDgpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEArU1LqRKGsuqjIAcVFmQqK0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18
+EzoOH1u3Hs/lJBQesYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSr
+hRSGlVuXMlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT
+XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/HoZdenoV
+ve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH4QIDAQABo0IwQDAO
+BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVeSB0RGAvtiJuQij
+MfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADubj1abMOdTmXx6eadNl9cZlZD7Bh/KM3xG
+Y4+WZiT6QBshJ8rmcnPyT/4xmf3IDExoU8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv
+3h8Dj1csHsm7mhpElesYT6YfzX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89
+vqbllRrDtRnDvV5bu/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBC
+bJPKVt7+bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er
+fF6adulZkMV8gzURZVEAAAACABhhZGR0cnVzdGV4dGVybmFsY2EgW2pka10AAAFWwkm7JgAF
+WC41MDkAAAQ6MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJT
+RTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRU
+UCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTAwMDUz
+MDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRy
+dXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UE
+AxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALf3GjPm8gAELTngTlvtH7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+Vt
+UFrWlymUWoCwSXrbLpX9uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYape
+FI+eh6FqUNzXmk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+7
+10LXa0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzNE0S3
+ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0WicCAwEAAaOB
+3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYDVR0PBAQDAgEGMA8GA1Ud
+EwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0Jvf6xCZU7wO94CTLVBqhc6RxMG8x
+CzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3Qg
+RXh0ZXJuYWwgVFRQIE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJv
+b3SCAQEwDQYJKoZIhvcNAQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZl
+j7DYd7usQWxHYINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w
+/Rw56wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvCNr4T
+Dea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEXc4g/VhsxOBi0
+cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5amnkPIAou1Z5jJh5VkpTY
+ghdae9C8x49OhgQAAAACABtnbG9iYWxzaWduZWNjcm9vdGNhcjQgW2pka10AAAFWwkj3UwAF
+WC41MDkAAAHlMIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIw
+UDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpHbG9i
+YWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAz
+MTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQK
+EwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMFkwEwYHKoZIzj0CAQYIKoZIzj0D
+AQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJFspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO
+/8ch5RikqtlxP6jUuc6MHaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
+HQYDVR0OBBYEFFSwe61FuOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGg
+E6bPA7DmxCGXkPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe
++pTsewv4n4QAAAACABR1c2VydHJ1c3Ryc2FjYSBbamRrXQAAAVbCSfZpAAVYLjUwOQAABeIw
+ggXeMIIDxqADAgECAhAB/W0w/KPKUagbvGQONQMtMA0GCSqGSIb3DQEBDAUAMIGIMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAc
+BgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IFJTQSBD
+ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDAyMDEwMDAwMDBaFw0zODAxMTgyMzU5NTla
+MIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5
+IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRy
+dXN0IFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBAIASZRc2DsPbCLPQrFcNdu3NJ9NMrVCDYeKqIE0JLWQJ3M6Jn8w9qez2z8Hc
+8dOx1ns3KBErR9o5xrw6GbRfpr19naNjQrZ28qk7K5H44m/Q7BYgkAk+4uh0yRi0kdRiZNt/
+owbxiBhqkCI8vP4T8IcUe/bkH47U5FHGEWdGCFHLhhRUP7wz/n5snP8WnRi9UY41pqdmyHJn
+2yFmsdSbeAPAUDrozPDcvJ5M/q8FljUfV1q3/875PbcstvZU3cjnEjpNrkyKt1yatLcgPcp/
+IjSufjtoZgFE5wFORlObM2D3lL5TN5BzQ/Myw1Pv26r+dE5px2uMYJPexMcM3+EyrsyTO1F4
+lWeL7j1W/gzQaQ8bD/MlJmszbfduR/pzQ+V+DqVmsSl8MoRjVYnEDcGTVDAZE6zTfTen6106
+bDVc20HXEtqpSQvf2ICKCZNijrVmzyWIzYS4sT+kOQ/ZAp7rEkyVfPNrBaleFoPMuGfi6BOd
+zFuC00yz7Vv/3uVzrCM7LQC/NVV0CUnYSVgaf5I25lGSDvMmfRxNF7zJ7EMm0L9BX0CpRET0
+medXh55QH1dUqD79dGMvsVBlCeZYQi5DGky08CVHWfoEHpPUJkZKUIGy3r54t/xnFeHJV4Qe
+D2PW6WK61l9VLupcxigIBCU5uA4rqfJMlxwHPw1S9e3vL4IPAgMBAAGjQjBAMB0GA1UdDgQW
+BBRTeb9aqitKz1SA4dibwJ3ysgNmyzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQwFAAOCAgEAXNR8Dc/3AX1BmWUMc8VSn8v4z5kGfxvaQxWfngJVV5YU
+8VI8J4eUKO0fOgE3onb8U1DAhJvGa066jCFPoo5VYpHzaRXYvIjjxKoL/e+o6UtVKgYgbVV4
+KRnuXzBcSyQRVf8kmm5eKivuC02ff/cBOJQUlUMHCftgqe4cqxKMoJpep5hqWW2LPwj7yNFF
+rxgVZJASD3MoLsXiJE78WOzw9EX+IrPrL47S2UVhBcGXb6h2co+LjDavvw0FznGN5qZvH2ym
+cWLF2NCDcgzxZxGJDJwTTHI037zVcd+qcd3huWyMPBJdZdq9VxK2Q2v/5d5NZhFRz5mu7Be2
+6HGRjN5J/t01caIVJ5Qcz2HjJrtvo2clIV3m3R0LLmgbO4Kv7INnhdSYUXSxuZmAif9/eBlc
+eUpgLpJArkw3KizJx2LIDl33NlvK4CUlAbTdGgecdwA/0NzV7D3U+rs/zIXWb3+pLd+5Avf1
+l5q1NdrDZ7CHSqkoniOO/1wna+GwT/MH7gAu1FmHy1JBler0R9fuZEFVfI1ZApXdYp3Cue5a
+KHSEpZu3kMcMB9/1iTZ0MtYowbCwC+CcTMMc1vzjabVHRoEvooKr02NEcMSN/y0zuq2Pe7Vw
+iK4+Gc9AKNj8yJC7XZki9VLmWMUfiDFD7ogd18aOPENqHacY3n09FvFi+cqQqP0AAAACAB1k
+aWdpY2VydGFzc3VyZWRpZHJvb3RjYSBbamRrXQAAAVbCSMVlAAVYLjUwOQAAA7swggO3MIIC
+n6ADAgECAhAM5+DlF9hG/o/lYPwb8DA5MA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAi
+BgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0z
+MTExMTAwMDAwMDBaMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAX
+BgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQg
+Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0OFc7kQ4BcsYfzt2D5
+cRKlrtwmlIiq9M71IDkoWGAM+IDaqRWVMmE8tbEohIqK3J8KDIMXeo+QrIrneVNcMYQq9g+Y
+MjZ2zN7dPKii72r7IfJSYd+fINcf4rHZ/hhk0hJbX/lYGDW8R82hNvlrf9SwOD7BG8OMM9nY
+Lxj+KA+zp4PWw25EwGE1lhb+WZyLdm3X8aJLDSv/C3LanmDQjpA1xnhVhyChz+VtCshJfDGY
+M2wi6YfQMlqiuhOCEe05F52ZOnKh5vqk2dUXMXWuhX0irj8BRob2KHnIsdrkVxfEfhwOsLSS
+plazvbKX7aqn8LfFqD+VFtD/oZbrCF8Yd08CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8G
+A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEXroq/0ksuCMS1Ri6enIZ3zbcgPMB8GA1UdIwQY
+MBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqGSIb3DQEBBQUAA4IBAQCiDrzf4u3w43Jz
+emSUv/dyZtgy5EJ1Yq6H6/LV2d5Ws5/MzhQouQ2XYFwSTFjk0z2DSUVYlzVpGqhH6lbGeasS
+2GeBhN9/CTyU5rgmLCC9PbMoifdf/yLil4Qf6WXvh+DfwWdJs13rsgkq6ybteL59PyvztyY1
+bV+JAbZJW58BBZurPSXBzLZ/wvFvhsb6ZGjrgS2U60K3+owe3WLxvlBnt2y98/Efaww2BxZ/
+N3ypW2168RJGYIPXJwS+S86XvsNnKmgR34DnDDNmvxMNFG7zfx9jEB76jRslbWyPpbdhAbHS
+oyahEHGdreLD+cOZUbcrBwjOLuZQsqf6CkUvovDyAAAAAgAaZGlnaWNlcnRnbG9iYWxyb290
+ZzIgW2pka10AAAFWwkkSawAFWC41MDkAAAOSMIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSx
+HQn65TANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
+SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9i
+YWwgUm9vdCBHMjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYT
+AlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x
+IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI2/Ou8jqJkTx65qsGGmvP
+rC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx1x7e/dfgy5SDN67sH0NO3Xss0r0u
+pS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQq2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ
+8zUtluNJbd134/tJS7SsVQepj5WztCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyM
+UNGPHgm+F6HmIcr9g+UQvIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQID
+AQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJU
+IBiV5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY1Yl9
+PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4NeF22d+mQrvH
+RAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NGFdtom/DzMNU+MeKNhJ7j
+itralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ918rGOmaFvE7FBcf6IKshPECBV1/MU
+ReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTepLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0D
+khvld1927jyNxF1WW6LZZm6zNTflMrYAAAACACFhY3RhbGlzYXV0aGVudGljYXRpb25yb290
+Y2EgW2pka10AAAFWwklGyAAFWC41MDkAAAW/MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJ
+KoZIhvcNAQELBQAwazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpB
+Y3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNh
+dGlvbiBSb290IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UE
+BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUy
+MDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMIICIjANBgkq
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNvUTufClrJwkg4CsIcoBh/
+kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX4ay8IMKx4INRimlNAJZaby/ARH6j
+DuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9
+E1fAXdKDa0hMxKufgFpbOr3JpyI/gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1f
+YVEiVRvjRuPjPdA1YprbrxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+loce
+PGX2oxgkg4YQ51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8
+Pu2Fbe8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxeKF+w
+6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4Fv6MGn8i1zeQf
+1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbnfpb2U8WANFAoWPASUHEX
+MLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7jPKxwV2dpAtMK9myGPW1n0sCAwEA
+AaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7YnzezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8w
+HwYDVR0jBBgwFoAUUtiIOsifeGbtifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqG
+SIb3DQEBCwUAA4ICAQALe3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07
+GjLukD0R0i70jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a
+2fDzWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4VSM0R
+FbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9jpwlCCRT8AKnC
+gHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyXX04fkZT6/iyj2HYauE2y
+OE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+OkfcvHlXHo2qN8xcL4dJIEG4aspCJT
+QLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7RK4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+
+tguLHPPAUJ4lueAI3jZm/zel0btUZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZv
+Beyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZ
+VEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlgAAAAIAGWRpZ2ljZXJ0
+YXNzdXJlZGlkZzIgW2pka10AAAFWwkjlOQAFWC41MDkAAAOaMIIDljCCAn6gAwIBAgIQC5Mc
+OtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
+RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdp
+Q2VydCBBc3N1cmVkIElEIFJvb3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAw
+WjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu
+ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSAn61UQbVH
+35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4HteccbiJVMWWXvdMX0h5i
+89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9HpEgjAALAcKxHad3A2m67OeYfc
+gnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lAbx3RvpO704gqu52/clpWcTs/1PPRCv4o
+76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6YuYjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3s
+LPr4/m3wOnyqi+RnlTGNAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
+AgGGMB0GA1UdDgQWBBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEA
+yqVVjOPIQW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I
+0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4GnilmwORGYQ
+RI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9B5yiutkBclzzTcHd
+DrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCvON9vvKO+KSAnq3T/EyJ43pdS
+VR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwoIhNzbM8m9Yop5wAAAAIAF3N3aXNzY29t
+cm9vdGV2Y2EyIFtqZGtdAAABVsJJmWYABVguNTA5AAAF5DCCBeAwggPIoAMCAQICEQDy+mTi
+dGPTjf0QHQQfdspYMA0GCSqGSIb3DQEBCwUAMGcxCzAJBgNVBAYTAmNoMREwDwYDVQQKEwhT
+d2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEeMBwGA1UE
+AxMVU3dpc3Njb20gUm9vdCBFViBDQSAyMB4XDTExMDYyNDA5NDUwOFoXDTMxMDYyNTA4NDUw
+OFowZzELMAkGA1UEBhMCY2gxETAPBgNVBAoTCFN3aXNzY29tMSUwIwYDVQQLExxEaWdpdGFs
+IENlcnRpZmljYXRlIFNlcnZpY2VzMR4wHAYDVQQDExVTd2lzc2NvbSBSb290IEVWIENBIDIw
+ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDE9x0vV+pXbPdwXWOwcVIJYEQoM6N6
+Tgr62Opsi1EWGlWuVCbEzEUHQU8QeX9x0npOPzhOswDGlcpbzcEqg9cnHzEOIxa3JcsctLmA
+Ml4anZPx6DxgLKdeVxlYUV68LFYLuNjvi4K0PLjCJKgTx6AhNht6Vykopy6/cSWQ80SDaVCk
+5OEbYhmUCaPzw7zv9L3s2xOdz51ICVJnwDcpER770hGnhRh0eeRPhRTrUjfisUXYzA1Df64T
+0msrP6fC4qhtdltDn760nbMmhjsff+Xy6GYoFiXQS5c4p+TPCdE2wwu+2jtEWI2+8Z4Jaz7z
+Mscrh8bsXpz2h2WtMynEL4nZucvJA537bJRRlxAbhgsaGz/2An571MVRZCid9dOsg4GI03S0
+WZ3B62EzWkXRyznQBmpTYB2v9vtpvGrcAc+9+Y/ZvVvBOl+O2g9LqZudKihrGgp8PKsiC+V3
+LXH2gjWBrvh7gebq/qz0Gpt0XOiPJPZdnUbELNIeKyFqgydnVUqk48gyl2aQctrj1GQuX+Oh
+avZg1Oc1zcrEaI3XccjTJDNzsWz5auEo21/GPei+VeY3G+0k2Q8Zj19jGFhQgVFlb/KffmoE
+5zQkcbp2S1geGb0VYEWqDBJAAZ0Q4sc4B3IKZcC2uyUp2haeizWLYe3lcVeDtTxxn+NPv34e
+gZ9BlwIDAQABo4GGMIGDMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSEEFjAUMBIGB2CFdAFTAgIG
+B2CFdAFTAgIwEgYDVR0TAQH/BAgwBgEB/wIBAzAdBgNVHQ4EFgQURdmlgW49iE2NcdJGwW5F
+HvPEgJ0wHwYDVR0jBBgwFoAURdmlgW49iE2NcdJGwW5FHvPEgJ0wDQYJKoZIhvcNAQELBQAD
+ggIBAJQ6cwafUkswXNT+sVwl+deOb/WHZJ/tFI64BI4oS4+qe445tNlY9nuhNQqhnYr3Y+Xr
+vTmC1ON6LW/fEzy6/n5WmAvzVJ/NRE5uPOE+Fb8GJp3k8JC21MKeMC4f78d6xFDH6nvaUMt6
+JssAtFqrtZMfgImEBJWNjX8Jk7/UqKjkY23ZZOS4KVoIv1DhhA9Ve18IIhv1vZkeFPbO9FgQ
+grMKPRnBv1urqpnY8jG95Thm3FgFx+1jGi4Kl3yHkyuyiuPx7BjldbYph+fcixp+tNjJ04oX
+bH0pRL6KqvV+Oi5oMZO5atqa4NvpLqWEzRwKuEoI+ZzxYSaYk7d7ZuyRXt1RP9tzD60EWAnd
+BAKVCj7Tdt+mEB6APejNpGTRM8eSx+JOROMJyU7CXYcOEp6/D8kFEN56o7E88j+lqid5rTF9
+H/38GWnF3bk/fM3GtMIwHn5uktd/YXZaj+uVTbwRbiF8WTeZ0Aa8+QZtMhal2Wmo4dw8gB5g
+UdzXVCEeymJ3T/rYj7MrOg14csloQVpHSsKj6xrXCqs8MlXIChGc33TW8EAVHci5j7U2xa/4
+IrjKHfPWthkPn2Flaup0yHyPw09dZYIf2Q2J2nVy++/xR2cTs8jRGYgnJpqZeX8e5Cw/e+7x
+3k2LlpfD1T98GyPtpLMdFnJDSyDhWX7C6K0mv6L3AAAAAgAXc3dpc3NzaWduZ29sZGcyY2Eg
+W2pka10AAAFWwknSxwAFWC41MDkAAAW+MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqG
+SIb3DQEBBQUAMEUxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNV
+BAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgz
+MDM1WjBFMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT
+d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
+r+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/876LQwB8CJEoTlo8j
+E+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+bbqBHH5CjCA12UNNhPqE21Is
+8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCW
+s2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqEemA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIr
+fKjuvqblCqoOpd8FUrdVxyJdMmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTy
+sybUa9oEVeXBCsdtMDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuend
+jIj3o02yMszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y
+FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPiaG59je88
+3WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxMgI93e2CaHt+28kge
+DrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYw
+DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0j
+BBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAs
+BggrBgEFBQcCARYgaHR0cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcN
+AQEFBQADggIBACe645R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5
++OlgzczOUYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5
+O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCCbwq7EsiH
+SycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yvGPUqUfA5hJeVbG4b
+wyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a77KwPJ+HbBIrZXAVUjEaJM9v
+MSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCChdiDyyJkvC24JdVUorgG6q2SpCSgwYa1
+ShNqR88uC1aVVMvOmttqtKay20EIhid392qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/G
+lHXQRf0wl0OPkKsKx4ZzYEppLd6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8j
+s1WtciVORvnSFu+wZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+AC
+OzB2+httQc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJAAAAAgAVZW50cnVzdHJvb3Rj
+YWcyIFtqZGtdAAABVsJJAHAABVguNTA5AAAEQjCCBD4wggMmoAMCAQICBEpTjCgwDQYJKoZI
+hvcNAQELBQAwgb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYD
+VQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAw
+OSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVu
+dHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMB4XDTA5MDcwNzE3MjU1
+NFoXDTMwMTIwNzE3NTU1NFowgb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJ
+bmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQL
+EzAoYykgMjAwOSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAw
+BgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoS2ctueDGvimekwAad26jK4lUEaydphTlhy
+z/72gnm/c2EGCqUn2LNf00VOHHLWTjLycooP94MZ0GqAgABFHrDH55q/ElcnHKNoLwqHvWpr
+Dl5l8xx31dSFjXAhtLMy54ui1YY5ArG40kfO5MlJxDun3vtUfVe+8OhuwnmyOgtV4lCYFjIT
+XC94VsHClLPyWuQnmp8k18bs0JslguPMwsRFxYyXegZrKhGfqQpuSDtv29QRGUL3jwe/9VNf
+nD70FyzmaaxOMkxid+q36OW7NLwZi66cUee3frVTsTMi5W3PcDwa+uKbZ7aD9I2lr2JMTeBY
+rGQ0EgP4to2UYySkcQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
+/zAdBgNVHQ4EFgQUanImetAe733nO2lR1GyNn5ASZqswDQYJKoZIhvcNAQELBQADggEBAHmf
+HZbGtnk/Io2H04cDBGBqa5ouWYlzEaxD0fUT/405K8DyvU9wjKkv6hfEC1Se1BuWmDM8qK1i
+ogB2q1lpbgYdfsS5RI2YrxLUYdsKGUZH8+v3Y8FABUCl0rf0tZo2v6mIdogEVQQrnId/Gjc8
+fi2lGtjUiV7Kvaw9bNhtr9Xzdg/NO4g4Ip1sk5rEPb+CG2U/pg9dqvzlshXKta3GvD3QhOjq
+BnKwTTkyeL8+EZwLpJ2aIfPwmwsweNvB3IdD/rxjmsrFwhzJx43/OxJYCOa2Pex6LE77g5bO
+DDxph1RzpHPCk/9REKwVVAHY/AWxiaF/dIOaSdfcTnuKSG+LRfYAAAACABdxdW92YWRpc3Jv
+b3RjYTJnMyBbamRrXQAAAVbCSdyOAAVYLjUwOQAABWQwggVgMIIDSKADAgECAhREVzQkW4GJ
+mzXyzrgrO1unJvB1KDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQ
+UXVvVmFkaXMgTGltaXRlZDEeMBwGA1UEAxMVUXVvVmFkaXMgUm9vdCBDQSAyIEczMB4XDTEy
+MDExMjE4NTkzMloXDTQyMDExMjE4NTkzMlowSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1
+b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBAKGuJbIBGNxXiD9G6/mv4usjceKa0WFmIV+qrydR
+5W4bFtQtfVCwU3e9eDpg4mQCm3yGm9Yajq3/HxV/1ZUeEsvmFIQEwd82sxafiuPJ25g0ztgz
+FyhG/KfJ8NK01U0Jckn58ofjqdp9oX1rsjolqW1SRKz4vm773KZzkZBhpgMUIPLnh6OIra2g
+jP+mCyVSJecWAdXLuDWBDKM78OHh/FpdzoBxbfhJqz47urjXgAH7petbs8VeYCoxoK836CA6
+n6gyLAzMCR3Tno5dvEyY7sUaaHvsU6bpFDWj382AnwxI+xz08b9KuPrVjHFKxx+t/kGas4Nd
+8oRW76VXQ84prYyrVb/E+1sB3SMhoVgAjsPQahPtE+MSK4DcZ+aVss0eIm4q+EHU8soUB42K
+VRLGafW4hmgvU16w0qohwZjmMONnVcebbqwZqFWmRQbQIzrb62VdKhER8DtPym30NMRx5P8A
+WvZcriNghXPx5BCxJa7VkrsTwQzgOdq0OVe1qzWqciE7gzXnMd96IW64Mgh9HTKRFUpics/j
+d6G81REbdgFnCOBBC8PrFW74pBnZoquv4idSVisCiiwUJPm/QgK/JsjGj+BuOH1TLeXtmLOV
+Y2h/+TX034jFYDWSwHxpHGGVFtDr3guvPgQQRWVYUDivSPJZthbyPA2QAsZwLgGtPBXXAgMB
+AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTt5292
+Wr9g7ElbxqV3u3IWcZvEPTANBgkqhkiG9w0BAQsFAAOCAgEAkd+AP0MJfnHC9+uziI/hUbK8
+PXX5KF3IvJmbe12q5crhCvfostOf3WcxfroBqsdqQTuQ1AhcsmBqkPDIzgNi+Yvt+24q3AZN
+PCkPiRaKWExID+iEYeo8cqZ35EKuiKNDWHl+rsqlUw2pPXC9IBlhpGw4/EMy4cFH//js8REi
+MpacwvZbaZZ7IAxDQZpb9lkZiN5ViDdRC3hcCh6jQv3HnYgPwPJ4AiRUk6+Jh4jJSoAd6tBu
+PmEuNrs1DieW/WY0O2Fyc/EWXEcGVEkAelgSsArvhf2xuDN1apMcEuZgXm8df8kfI8uEYZ8e
+gkT5X61iVSSaUpjtUeehfpc65i8fEdpTgCyFnqs1ENsiX2rFXpdT8jICCTCjWPANAdVyxrF8
+aXvD9TZFzGFuXkyUxV6u6A5ei7/3zeDtoQ4bM+5UGP4Pvu9+hGtD43CY2111sg1ZB4UVIznW
+8d+pJg/WSMezpiL1MzdalUefe7oYFW//1hRkg0nSCmch2w81Y2AoIuOxlYPNhabdLw/nZ1Ju
+uy+FfPVKc+fFPsC9IRIFP/y3A0kCW8gl5uJUOPV5h4wdU7JOhXsGOMcs+Piwco0l5XdS9AMc
+SKZQX4ggMG7ygkOrPZeE51P7IcFPDyKahrhZKvZHPRmILeiF4Z7shQhqsWw0yR3sSCs7eO1m
+xI55aYPef4wAAAACACN1dG51c2VyZmlyc3RjbGllbnRhdXRoZW1haWxjYSBbamRrXQAAAVbC
+SOI3AAVYLjUwOQAABKYwggSiMIIDiqADAgECAhBEvgyLUAAktBHTNiUlZ8mJMA0GCSqGSIb3
+DQEBBQUAMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFr
+ZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6
+Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0
+aGVudGljYXRpb24gYW5kIEVtYWlsMB4XDTk5MDcwOTE3Mjg1MFoXDTE5MDcwOTE3MzY1OFow
+ga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkx
+HjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMYaHR0cDovL3d3dy51
+c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNFUkZpcnN0LUNsaWVudCBBdXRoZW50aWNh
+dGlvbiBhbmQgRW1haWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyOYWk8n2r
+QTtiRjeuzcFgdbw5ZflKGkeiucxIzGqY1U01GbmkQuXOSeKKLx580jEHx060g2SdLinVomTE
+hb2FUTV5pE5okHsceqSSqBfymBXyk8zJpDKVuwxPML2YoAuL5W4bokb6eLyib6tZXqUvz8ra
+baov66yhs2qqty5nNYt54R5piOLmRs2gpeq+C852OnoOm+r82idbPXMfIuZIYcZM82mxqC4b
+ttQxICy8goqOpA6l14lD/BZarx1x1xFZ2rqHDa/68+HC8KTFZ4zW1lQ63gqkugN3s2XI/R7T
+dGKqGMpokx6hhX71R2XL+E1XKHTSNP8wtu72YjAUjCzrAgMBAAGjgbkwgbYwCwYDVR0PBAQD
+AgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFImCZ33EnSZwAEu0UEh83j2uBG59MFgG
+A1UdHwRRME8wTaBLoEmGR2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0
+LUNsaWVudEF1dGhlbnRpY2F0aW9uYW5kRW1haWwuY3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMC
+BggrBgEFBQcDBDANBgkqhkiG9w0BAQUFAAOCAQEAsW1hXaYaf3yrSuQw/FNvJSTGyu3iMVwr
+Du7uYVVvBD7POd7FG0mU5OsgTLTmnlAuctmN9aqjs0raVhxgl4DcgqKtSr2KK/8LCbTG1yAE
+ReTNgAG6uituzqrXkv7kr+v0Jh0WKn9sMJU3LzMSrH/dx9ERjFGYstCjkdCt9p+eg5MeHUK4
+Rq9rZvCbf+rjAwLlAlHBqtU1nXJAA4m6MR3FEGhSnt+ihcVcCKZ45lNPsei30xSek6bDZOOs
+fnHNvJ/pAxvM++msMcGvfBV0ApnDskemwjJh18dvSCRRJ6HVh1Xye4+YPRae7nW2+NCO8vPG
+rihbp/DzNhf8wwXTygNKVAAAAAIAE3NlY3VyZXRydXN0Y2EgW2pka10AAAFWwkjajAAFWC41
+MDkAAAO8MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI
+MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xFzAVBgNV
+BAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIzMTE5NDA1NVowSDEL
+MAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQD
+Ew5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWV
+zfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6
+pkjGnx29vo6pQT64lO0pGtSO0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgU
+XPLIXgGZbf2IzIaowW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPe
+Zqx2pHGj7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS
+8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjATBgkrBgEE
+AYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
+QjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2NybC5zZWN1
+cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQAD
+ggEBADDtT0rhWDpSclu1pqNlGKa7UTt36Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+
+DCMh/bwQf2AQWnL1mA6s7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr
+5Fiiu1cprp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUF
+dAvnZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR
+3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jEAAAACABpjYW1l
+cmZpcm1hY2hhbWJlcnNjYSBbamRrXQAAAVbCSeX0AAVYLjUwOQAAB1MwggdPMIIFN6ADAgEC
+AgkAo9pCfqSxrtowDQYJKoZIhvcNAQEFBQAwga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpN
+YWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJl
+c3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEp
+MCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwHhcNMDgwODAxMTIy
+OTUwWhcNMzgwNzMxMTIyOTUwWjCBrjELMAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJpZCAo
+c2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRkcmVzcykxEjAQ
+BgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJtYSBTLkEuMSkwJwYDVQQD
+EyBDaGFtYmVycyBvZiBDb21tZXJjZSBSb290IC0gMjAwODCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBAK8Ay3A3K4BaSjpseJR9o38aH/Y11b3byw1Ecj4mspBSumM7KFhvpbNt
+lKbz3WQMVfb25/IiIoBe4WLGtinhgWzyv+V9MmpUoDIZWf4fi9c9YIaFJG/jEbN3PiCWNSFr
+swjZcC5k94SSU9YOsJCKiuOHjQbTvZAO4pmhG4YO2poKuwthUAZS8Z5/duzLD9AeDc+ZMD0c
+xEUQWKzW0+jX5erFAQd31lHmA3+KSKVNaHW56byeThlx9TJLnG1gGQv7zJ113L8mzY+TeDl5
+c14lDspc63cSB8tkQUdyk6tQw+sJdmQ00jm3dhEJDXZFxKmuPWqvtX1lL5RYEOxcfK9+4rYY
+2dCbTlpJ36lmC8w8xnh8p5wd486OU74F3mAPa+Ua2z/j4SHJKcHx6wecUhsBRFE8eyXXxOVS
+VF0lB8oWILit5EHuegj+mW+DppECsGw2VWrnffWW5sqB1pfxlIPp7bCxaxJpHqz7XanFmOm0
+W1h6vj2iRDpjWdQLJd4bT73lAZ7N0inVnxcZCm+/DJDTCV/Z44o1zHlaTRk3krfEwa2v9Hkk
+mrIBC7GvXJbzgDL7XD2Y8aA/St6+r5Qu2VWaF25gnWNsuGPJroFcGDXgkLu+PE83Irl+68+e
+dyGmPTiB+0jaMT0r44n10LW9fuBQxBKJsyOaEDGF265v7zgzGHYRAgMBAAGjggFsMIIBaDAS
+BgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQWBBT5JKwPsrX4ecD6YIgbxNlNAp4XGTCB4wYD
+VR0jBIHbMIHYgBT5JKwPsrX4ecD6YIgbxNlNAp4XGaGBtKSBsTCBrjELMAkGA1UEBhMCRVUx
+QzBBBgNVBAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJt
+YS5jb20vYWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJm
+aXJtYSBTLkEuMSkwJwYDVQQDEyBDaGFtYmVycyBvZiBDb21tZXJjZSBSb290IC0gMjAwOIIJ
+AKPaQn6ksa7aMA4GA1UdDwEB/wQEAwIBBjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEF
+BQcCARYcaHR0cDovL3BvbGljeS5jYW1lcmZpcm1hLmNvbTANBgkqhkiG9w0BAQUFAAOCAgEA
+kBKvIjXCoznwLt7ptel4fEi+P31Fkl7p2rEZ/BY8n7RbZp5q58O5XYjoD63PIw/eJTpezE+l
+wbUtrCTSWAfeos9phGAz6BANE6kj0IXljnumnj1yE3Iz9ap9xmMfCPT+AX8kzyssVAne4itt
+ksY5TxbqPH56RtRFakao63WCVqeroHxoEzP2nTDwbyc5JCMqkP2QKTXyk980pcb3+O+MD2JK
+fK7T9VT4jbaaVocWgjozq1oiCPeCuuou4EeatLVFowU72dwuRUA76tx/6Dvr0ewm2DWkMMU6
+rFees3alIHv5HkoFYgGmKHVgl5INbj5NN0MNkhWcGCLNUZmgKRo8X4oyM1swx4kvR5gPowPG
+9vGs3zLw2YEa5Jy99oAU8NEsuYX12KOxyKUh5RwTl+4Ovd8pqe80U1vT5GoThAa2MgLEUq4i
+0tyyIUIa2kDwKcnsCgxc4tC6zEjTNwrMEgqKebA9A39pS/Q0IH2zNOqOS2T1Pv2zI2cVDQS4
+8C3BCVE8smwV8KUj14N05OUuyf6YJ0LGq8aesNBbOKWbUN5+GJi1RTv2ebTo9xp7BoP70Iva
+u8e9GKsIbzyAa0A/GRm6ZYrmvtVc0zbX70BSJGA4ZwQx7I/zgsbeuVXzOzGRWty1CBWtdiUK
+DXsuh+IMpga8JhBtN53s3XiMfIDF8Nl3SNAAAAACABdnZW90cnVzdHByaW1hcnljYSBbamRr
+XQAAAVbCSTGaAAVYLjUwOQAAA4AwggN8MIICZKADAgECAhAYrLVq/Wm2FTpjbK/a+sShMA0G
+CSqGSIb3DQEBBQUAMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTEw
+LwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2
+MTEyNzAwMDAwMFoXDTM2MDcxNjIzNTk1OVowWDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdl
+b1RydXN0IEluYy4xMTAvBgNVBAMTKEdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+uBV7/9R8fWetg2R7
+yEJTLd/2hAggYdYBWWqcRBGv73b9lX7OYTC7eoNfAr0BZsruFY1voTCcvaGFnpQ681aIADHP
+2O5qlgLZ7QOM+3Vt5+q4VRYFFpr04F6xiMBkhVwVTYjHt7rgdemtBT2dx4lI4LsoyAPhMJNk
+XlLAWXAiNVeIivGVCoPXvDFzATTt70Zx4GsCqDVya5ebZuDLHHlf2BoEaB5HAuadYOI2lwHf
+zjWS375nx213WTuPndaQFZS8QjQQwTn5sSc+ftaKdcWyr5bTot6b5Ji+feHpga22b/zXDtrg
+NLANGnfn4wiY71j6nIS3Nq/C36zS9BAGcHE1AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8w
+DgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQs1VBBlxWL8I82YVtK+2vZmckzkjANBgkqhkiG
+9w0BAQUFAAOCAQEAWnB/LN23NE/1hlGpJr5LuKrxcQ3cYceg6jQeencPBDXoJ49skL+RFiRG
+PkpOzisW1QtSHfwfZ6ICRTFPzvP6A6d5nVNq2dpjOviA19OZ4aXhvtRVcZg1Or6T6q6tQrKQ
+b+D8IU01YzOJSdabTsrH504JAPfax++ZYpl3tpUiXoqgq/S4eJjKOBmZyXKeeM1LrK8ZoHMS
+LfzCQbqBkdoWWjG3+bRxgBJImXJzWllTwWNSM+2nydI5AnD64LFCZimqm1HtMFQiFF/Zqx3B
+5JTw+PUr9+rKeEbWuJH9pg0rGhQBPoDwQqCVB15tzcxLpEWNqxLos95a5aB86A8iHVrpWQAA
+AAIAGWlkZW50cnVzdGNvbW1lcmNpYWwgW2pka10AAAFWwknvngAFWC41MDkAAAVkMIIFYDCC
+A0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJV
+UzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBS
+b290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQwMTE2MTgxMjIzWjBKMQswCQYDVQQGEwJV
+UzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBS
+b290IENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9R
+YYKyqU+PZ4ldhNlT3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYof
+WjK9ouuU+ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp
+S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1bVoE/c40
+yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORiT0/Br4sOdBeo0XKI
+anoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCLvYf5jysjCiN2O/cz4ckA82n5
+S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjKVsk9+w8YfYs7wRPCTY/JTw436R+hDmrf
+Yi7LNQZReSzIJTj0+kuniVyc0uMNOYZKdHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT
+7uje/5kdX7rL6B7yuVBgwDHTc+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNk
+K2PXMl6f+cB7D3hvl7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqx
+C0EOoP5NiGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
+/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQADggIBAA2u
+kDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH6oi6mYtQlNeCgN9h
+CQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwtLRvM7Kqas6pgghstO8OEPVeK
+lh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93nAbowacYXVKV7cndJZ5t+qntozo00Fl7
+2u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzl
+VYA211QC//G5Xc7UI2/YRYRKW2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUX
+feu+h1sXIFRRk0pTAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU4
+7/rokTLql1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG
+4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZmUlO+KWA
+2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A7/qxXDgGpRtK4dw4
+LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6HAAAAAgAbdGhhd3RlcHJpbWFyeXJvb3RjYWczIFtq
+ZGtdAAABVsJJIX8ABVguNTA5AAAELjCCBCowggMSoAMCAQICEGABl7dGp+q0tJrWSy/3kPsw
+DQYJKoZIhvcNAQELBQAwga4xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4x
+KDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xODA2BgNVBAsTLyhj
+KSAyMDA4IHRoYXd0ZSwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MSQwIgYDVQQD
+Ext0aGF3dGUgUHJpbWFyeSBSb290IENBIC0gRzMwHhcNMDgwNDAyMDAwMDAwWhcNMzcxMjAx
+MjM1OTU5WjCBrjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UE
+CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDgg
+dGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0
+ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALK/Jyz729hb3Xh7G553ZoHLPrx8rvOmJ5o0o2gxcTgzYuTzcWZ5sallo6WL1Y9gLT9CzKpr
+MsAjyyxB3eTf/GGc4nOyIpURQxhfxLYfV2wKBVgiyDZMOnyl0c+Gr4inRAITdHFzCkJZAvgb
+FGtC329fumuCop1b50q9HgFy20t06Dt/f30fBLQmm+C0WqxHPVW417AmUigBMUBm2NkkvfYq
+2OwhSVyb9nrpf1U1fpZrjZOTJ8uSu+qsQMCfwviAz130WtzOdIamPmwLU8q9ks4ZBnLmDFw4
+accE1rxszlv292ic3CUVSIih6an4mJzg89UxKGERbGeWjTmZy8JFJDkCAwEAAaNCMEAwDwYD
+VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFK1sqpRgnO3k//o+CnQr
+YwP3tlm/MA0GCSqGSIb3DQEBCwUAA4IBAQAaQNiVZawJkonGOfQQ5akOZlNdeN76JJG750RR
+38YWNArvakRR6isHigN6w+s/CixSFqArQ7klkD9wqTMlbUUaKDsnz6rDKUIb3ztMwDM0W0GI
+v2srZa8o77L1w6pmzntW7rfIy2fByZwaGLjEw0kD8WAOUM1GxfN3efe2FeA428cvKKAMP3cm
+dNklEtox2hoe3ClBkSI8aae7AvK2XCcDifQG6pvkcoLjoQnB6QAZ0z7UcGu6caaqWK70u+ls
+tu+HzJu7/znmVmHTCqfEXExgewV3Jnq/2AdSLGL3cGPZObxvHMJ53HYpr87FLGQEXog2bjHU
+QBpiNDY/NQGurGOgAAAAAgAVYnV5cGFzc2NsYXNzM2NhIFtqZGtdAAABVsJJKpsABVguNTA5
+AAAFXTCCBVkwggNBoAMCAQICAQIwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UEBhMCTk8xHTAb
+BgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMg
+Um9vdCBDQTAeFw0xMDEwMjYwODI4NThaFw00MDEwMjYwODI4NThaME4xCzAJBgNVBAYTAk5P
+MR0wGwYDVQQKDBRCdXlwYXNzIEFTLTk4MzE2MzMyNzEgMB4GA1UEAwwXQnV5cGFzcyBDbGFz
+cyAzIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCl2gqVFlDjlfJe
+nXYxBjJ6m/EQdrgAmrVSNs0kR7CfGGS8mvb61XnYkGJMIi/eOD3W4KjpHCzbeBHpjmhRFXLH
+8zOH5KBdC1zgVwcqMPXNxDd3KE0Ykea/1VL9cS1wPufGxIrj8CgL9HaYoYuHVbI6E/y3Pic3
+jiLjqE8q72C7Pbc5ww4BR5ldEk/bQ/pXoe35nb4RRyZbE5irXRaKsDccV51F/4iWNr+7ygd7
+b4dj19AyatZdbAzxs2454msxLjkAJxTeOMDsGWaGEuidchYTZFLHqTcc/YIw7YQYHfSuXP9w
+EwDrsfUzekvWVfgFjUtpsPWzKDZcFMRRc01rC/E0B9sXOdfcKHtr9Z/zLsFPFyoQ88zK6Ov9
+a6sump8tgm4E1FIBky09hvx+/N/vQh2ma++5IMb3vaCnlf2n5okk2MyMNGziIy/ZEhohuVWR
+bwuReRkMrUCIC3DietIO2GhIu4ITORBY6dgqB8YS21jb0jtVEEcFFWdifhhjpkY/CQ5UMl6/
+DWJ6J++A6NvZSwZaN1ol0AgSd9RvCVCXPcgdw9+MRTBWxtNkq2bzwF6WnMPE78N8a4s6eX+z
+Sc894omfoDBLhbmclCR5j31rqUVoDyvQ8docy2m4yklibcjQY2LdYA9Yqo+hvAWlZqLPG3ay
+hGSxTDlSwDC68IxLArC2twIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRH
+uM3/5W/u+LLsL04O+SWwjjxrwzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIB
+AAAgI0E1BJDCQGJg7+I1TNc/rOI0kLihb3b6FhakSDcs6ZDC8jz4Cp/YgeW7W9olLKSnVXEk
+MvbIC/K8aviTrLIHwl+f28zIiqq+am/hSRDMMdeAu7vI2KIOZFfqovXCqTEV0iBq7PwiASjP
+hriAHqnMEaU88hazR5380oAhxMvQR3BBocqDGQgsbfJdd5yKFBPUNhyS8OUGN9ym5pCbOI9c
+axtGhkNCXz4BB1NUXWV994pzoZpUWh8pQxQnwoUPtYh7GjuUtx1gp7Wc5ylpV1qbk3pDMBsD
+12LIQKaq/GTkSteRUwGoIIhunF9EuctggTTsb9N92khf67SQvC2pHAusHNWiaCCABNb8sY8v
+u0oxDUqGHOviNikm9drYxPJ1Yc9+rnZjSnpAZZOH+B6AjIblhtaPDvxTLGDoFmEaoj5De805
+YFRq9fKJJgFog0iiM+jJBJGyETQRPurQQxkfA5OQDP9RPVf0QW7hy6C+68ljzW3M5Pg2qmid
+7b1dl3BEDbYONdzhDF27oFGUy34W6xEvo5JFyExx2bzJmVJXRi9Qz701afQ9Fc4GpSwPPvaB
+upS7w7u/ZXjShnn/STsagwzw3njsyPJNTBregin4wVra7e7mJ17oRdCdHFGoaKtE49CLauP4
+O7vcTddk8lG+5qqrWukx7ga8c78TYgqfx7mXAAAAAgATdmVyaXNpZ250c2FjYSBbamRrXQAA
+AVbCSZyAAAVYLjUwOQAAArQwggKwMIICGaADAgECAhBnyOHo474cvfyRO46mI4dJMA0GCSqG
+SIb3DQEBBQUAMIGLMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRQwEgYD
+VQQHEwtEdXJiYW52aWxsZTEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRUaGF3dGUgQ2Vy
+dGlmaWNhdGlvbjEfMB0GA1UEAxMWVGhhd3RlIFRpbWVzdGFtcGluZyBDQTAeFw05NzAxMDEw
+MDAwMDBaFw0yMTAxMDEyMzU5NTlaMIGLMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVy
+biBDYXBlMRQwEgYDVQQHEwtEdXJiYW52aWxsZTEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQL
+ExRUaGF3dGUgQ2VydGlmaWNhdGlvbjEfMB0GA1UEAxMWVGhhd3RlIFRpbWVzdGFtcGluZyBD
+QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1itYeGFFhlPqNHtRnO2w5i4YDv7gX6gn
+07TJ4HxZThYOc1RgwX/2ny7pOoUkFTzbRwRjw57ElBpa30x689lDHTwQenkl25D+8FHnMNZB
+AP2fKN95vpS7nbYU4yOF16lB4EykebArGovy+DuKPkWscZIAtJBBmPtf7fq3Lor4iDcCAwEA
+AaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBL6aoXgQX7eQoxn8VB
+9FZUq+nC5ZeOGP6RyQw+JmTJoUwnZKe9AZNVcW4XTzncG9xJNRA5I//Km8jPZj/cTBrUgQZC
+Uh/hJrEWF7rmcHIxROhOjVvk0/nQ448lZDHnKvgYiDYaUsUNQTUbabcm9RfMwRleS3xc4oOA
+kfov+5q3FgAAAAIAGHZlcmlzaWduY2xhc3MzZzRjYSBbamRrXQAAAVbCSVjwAAVYLjUwOQAA
+A4gwggOEMIIDCqADAgECAhAvgP4jjA4iD0hnEiiRh6yzMAoGCCqGSM49BAMDMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy
+dXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA3IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1
+dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFBy
+aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNDAeFw0wNzExMDUwMDAwMDBaFw0z
+ODAxMTgyMzU5NTlaMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4x
+HzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA3IFZl
+cmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH
+NDB2MBAGByqGSM49AgEGBSuBBAAiA2IABKdWenxS2mSbDi1c2F6skj3+AeYZSj0UA0v6YCcg
+2YOJafpUxpoYXlUqZN4G9o1KO60QPGU9kIgEieAwYbOuXQGne958sr7KZWEAhq7aj3vQia1N
+HVmaQbG8R4DcnmLD+aOBsjCBrzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjBt
+BggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMa
+hqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdp
+ZjAdBgNVHQ4EFgQUsxaR/e6mbuS1LkmPh3iBgOzlsbUwCgYIKoZIzj0EAwMDaAAwZQIwZiEM
+GCZgWjh7VkLgp/w2hFGRICx2TUM9xB2EI9Cs1nw1Bs7Nab2QDdtsSEIdDqpCAjEAnD1IOSM5
+WBoVEllqnu/VWbIdUiyZcc3HKd8bKmF7cdHe88DlDTpKqi2n2IYq3S4QAAAAAgAbYmFsdGlt
+b3JlY3liZXJ0cnVzdGNhIFtqZGtdAAABVsJJQLYABVguNTA5AAADezCCA3cwggJfoAMCAQIC
+BAIAALkwDQYJKoZIhvcNAQEFBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
+ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3Qg
+Um9vdDAeFw0wMDA1MTIxODQ2MDBaFw0yNTA1MTIyMzU5MDBaMFoxCzAJBgNVBAYTAklFMRIw
+EAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRp
+bW9yZSBDeWJlclRydXN0IFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj
+BLsiq5g9V+gmcpq1edQp4uHolYCxsONbjispmmTfoV3tsAkFbdsoLs5iomL+tIjaEus46yGd
+wEErAVJ7iHfTHI/HurmItWoJ53PoEUCn0czKYo0t5Y8LplDSqFDDKOr1qyWHipqWHKlnuD8M
+1ff5UhMvwhvVcHDwj8ASygbLmuHZyjN6d9b47LnxaERCSBPSwMKkrl5g/ramBfy03QdZAtRZ
+GJhj9aVj4JAMfV2yBnrzherr1AOuXoQ+X/8V7Wm8+Tk2cnXPd1JN88mQLLk95ckjUz8fJJgh
+XAeZKb3GOuznboY6a5d0YzO9aBgx8HiNdr/8no5dKoanTZDcJxo5AgMBAAGjRTBDMB0GA1Ud
+DgQWBBTlnVkwgkdYzKz6CFQ2hns6tQRN8DASBgNVHRMBAf8ECDAGAQH/AgEDMA4GA1UdDwEB
+/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAhQxdjuRvUWhCBaDdu08nJYQDvfdk/S3XMOOk
+EBfr2ikptnk/dvYZEyO4EAr5WKTUYXC9BGFqEooX1Qq9xbwwfNbpDCWNhkBP7MyjfjjGNxFP
+7d1oMY5M0rMBdO6+dV4HSBp/cP8WXITAeYW4Bf1/vmURow/AArT4Ujc5BNWpMXoYv6Aq9BKZ
+96NFguM8XvWdnrXInnwuyKSeTggUS239cG1rGmO9ZOYft87w8p8uuxu38lCIc5LC4uMWjZoy
+AquOGN3pEBHufjWrkK8+MJR60DM9p2UP9fyOnmLPR0QsAV27HbUy0kfSOC7Q/oHcMmoete48
+1fzngR0ZwyRC6mM5qQAAAAIAG2d0ZWN5YmVydHJ1c3RnbG9iYWxjYSBbamRrXQAAAVbCSXQD
+AAVYLjUwOQAAAl4wggJaMIIBwwICAaUwDQYJKoZIhvcNAQEEBQAwdTELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3QgU29s
+dXRpb25zLCBJbmMuMSMwIQYDVQQDExpHVEUgQ3liZXJUcnVzdCBHbG9iYWwgUm9vdDAeFw05
+ODA4MTMwMDI5MDBaFw0xODA4MTMyMzU5MDBaMHUxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9H
+VEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNvbHV0aW9ucywgSW5j
+LjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJvb3QwgZ8wDQYJKoZIhvcNAQEB
+BQADgY0AMIGJAoGBAJUPoLbwUJzoeseIzd0XDi6wlNAbPQ72lMCKlMcGyJCXyLhkGnp+bDxT
+4Tcoc2B/spdTB59T+W1YlNKvjW2IZ4Dm7bKVz3IxyqUccrpcAudkQuf5qSzWOg2sjUKqJAE5
+5pw/AYVXDViHRfjThaqTaSaFcEiAPxIVx3m0HwUvO2KZAgMBAAEwDQYJKoZIhvcNAQEEBQAD
+gYEAbesbCele2VHbZyJhpCo8SHfjoHym3nOiFAOFPfurDjDFgxYzgRMInns0Tt9AyHTXuX3c
+9HZVfZtjVBjp8OrzXLHZi0IeucCVTrr61eJ89Whhv47sBZdfW7DXo4U0xCSnDQ+Vk+/LlNie
+H51chW3Hqq5PHyK1zZWtuqfM+asLen8AAAACABpsdXh0cnVzdGdsb2JhbHJvb3RjYSBbamRr
+XQAAAVbCScIfAAVYLjUwOQAAA2gwggNkMIICTKADAgECAgILuDANBgkqhkiG9w0BAQsFADBE
+MQswCQYDVQQGEwJMVTEWMBQGA1UEChMNTHV4VHJ1c3Qgcy5hLjEdMBsGA1UEAxMUTHV4VHJ1
+c3QgR2xvYmFsIFJvb3QwHhcNMTEwMzE3MDk1MTM3WhcNMjEwMzE3MDk1MTM3WjBEMQswCQYD
+VQQGEwJMVTEWMBQGA1UEChMNTHV4VHJ1c3Qgcy5hLjEdMBsGA1UEAxMUTHV4VHJ1c3QgR2xv
+YmFsIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyf6dA8CLKDPbrsfHL
+DpVXQHWvoD8+zuyqMlfmGbFnQ5haa3yzuPp4nKqmhLJgG4BBzmPNHxcImaT17z4Sx0ywV5pc
+eEB4/EWN2pFn3DpRuW1z5rc5jnY6tB8F9WlV+ZPPeIhKvqqb13tHW0YETIIWpjX2/HTf1rSv
+2OK1JxF0WaLCZixoCuGYiIg8igV1FOO4rvMIhJtqwT8xGK8npUubpP15Md6YPQ5hyoeYwfiK
+MJz6PjPVpcQDB+H3lnQYACc4J9ErqqrhQUWLb/Elwtyil5XHQhQzXXmEI2rnZcBXoNhdqWMB
+57Dki+j4xWO45Wx0kD3Hd/wrunnppMYSeKf/AgMBAAGjYDBeMAwGA1UdEwQFMAMBAf8wDgYD
+VR0PAQH/BAQDAgEGMB8GA1UdIwQYMBaAFBcVhYkJLySHbz8dG+TylnmDSBPOMB0GA1UdDgQW
+BBQXFYWJCS8kh28/HRvk8pZ5g0gTzjANBgkqhkiG9w0BAQsFAAOCAQEAWvAc0NRQz0F+5rid
+fcNw0F42/26Oei/eSBHVNC48t0XCVCWn4cEeN4O2lK62RUgD6pW+65xqtDdcHy7Ta4KBQ1sK
+PxFVY6z6fAgCN6A8OQQz/pcyyFLl2SVNsMbuaB9wqnPOVwPcfQoNM/LSWt8KbDvMEVGXGqQh
+ooU1AteAItKEsvjAqmi/1euqwwuroXwr9/U7h+FUV+wFJO95Qk7zi2if5G7LgpnJzCrcU8If
+cIOrIQ9WtEj/3wcis4z5HaYE3y0DNrndb/4xiGb/bG1ENK8Idz4m0nL0u0dWkzyYY+Ezu5kj
+krWDeegdn2etYtaJ1vb8J94yJ8uE2neFIaESIQAAAAIACm9uYXB0ZXN0Y2EAAAFi1TGi6wAF
+WC41MDkAAAVCMIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAM
+BgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUxNDE1
+MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQsw
+CQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMA5pkgRs7NhGG4e
+w5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7XGie7RYDQK9NmAFF3gruE+6X7wvJ
+iChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUnH8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRC
+XijMt5e9h8XoZY/fKkKcZZUsWNCMpTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWi
+YPqT6o8EvGcgjNqjlZx7NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6
+jIfBkv8PZbXg2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPz
+DIZYwYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDdApcU
+itz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqMP3UWYQyqDXSx
+lUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6aFXftS/G4ZVIVZ/LfT1i
+s4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DYPdAQOCoajfSvFjqslQ/cPRi/MRCu
+079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0GA1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rt
+STAfBgNVHSMEGDAWgBRTVTPyS+vQUbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq
+/kawNd6IbiMzL87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsg
+bmi97j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBxc94Z
+c3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvfjySF5FCNET94
+oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2RtOXDt93ifY1uhoEtEyk
+n4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25hPsBTkZA5hpa/rA+mKv6Af4VBViYr
+8cz4dZCsFChuioVebe9ighrfjB//qKepFjPFCyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyi
+mUcTtTMv42bfYD88RKakqSFXE9G+Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHw
+dmC36BhoghzR1jpX751AcZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4
+mr8WIcSE3mtRZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LX
+aRwXdYYAAAACABh2ZXJpc2lnbmNsYXNzM2cyY2EgW2pka10AAAFWwklq1AAFWC41MDkAAAMG
+MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJBgNVBAYT
+AlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5
+OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZW
+ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4XDTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVow
+gcExCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
+c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYD
+VQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
+MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4pO0M8RcPO/mn+SXX
+wc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg013gfqLptQ5GVj0VXXn7F+8qk
+BOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFFN
+zb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSkU01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzo
+KQm5EWR0zLVznxxIqbxhAe7iF6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcm
+eQD2+A2iMzAo1KpYoJ2daZH9AAAAAgAiY2FtZXJmaXJtYWNoYW1iZXJzY29tbWVyY2VjYSBb
+amRrXQAAAVbCSUnSAAVYLjUwOQAABMEwggS9MIIDpaADAgECAgEAMA0GCSqGSIb3DQEBBQUA
+MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBBODI3NDMy
+ODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIwIAYDVQQDExlDaGFt
+YmVycyBvZiBDb21tZXJjZSBSb290MB4XDTAzMDkzMDE2MTM0M1oXDTM3MDkzMDE2MTM0NFow
+fzELMAkGA1UEBhMCRVUxJzAlBgNVBAoTHkFDIENhbWVyZmlybWEgU0EgQ0lGIEE4Mjc0MzI4
+NzEjMCEGA1UECxMaaHR0cDovL3d3dy5jaGFtYmVyc2lnbi5vcmcxIjAgBgNVBAMTGUNoYW1i
+ZXJzIG9mIENvbW1lcmNlIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3
+NlXlpV0YMODaiVSR/MjHUvgvUNnvsXVzZUd9G1u6dcX8oYgk+i/tyghKOVTEUXq12mDqODyB
+ssvxu9mRIz9IAXB1qQUqrR9x88lUPR0GakA+swyF7lwbecJixLg2jjVdAQwjBEc1qptgTqBm
+PcsmCpxAofRdmL9xq6UAaCrtg3oPohS11CKzgLA8DFpRaS1YGI/tmZ7xruKV5vZHqNYMD7BY
+WNvDZjeem5FUMzfSlBxqSMnJ8qXapQwj9yMOnDJVXnGchAVRmi395k4qNFreykA3ZwxUIVV3
+2goMzJeugNyUNkr0Ps42Ex5T5KxOOgXs265ynDiL0Dk7iQo+d/51AgEDo4IBRDCCAUAwEgYD
+VR0TAQH/BAgwBgEB/wIBDDA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmNoYW1iZXJz
+aWduLm9yZy9jaGFtYmVyc3Jvb3QuY3JsMB0GA1UdDgQWBBTjlPWxTenboSlbV4tNdgZ24dGi
+ijAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMCcGA1UdEQQgMB6BHGNoYW1i
+ZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwJwYDVR0SBCAwHoEcY2hhbWJlcnNyb290QGNoYW1i
+ZXJzaWduLm9yZzBYBgNVHSAEUTBPME0GCysGAQQBgYcuCgMBMD4wPAYIKwYBBQUHAgEWMGh0
+dHA6Ly9jcHMuY2hhbWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc3Jvb3QuaHRtbDANBgkqhkiG
+9w0BAQUFAAOCAQEADEGXwhqGwCJ8n/uQ8xrRA7HvE/khXwSc2smljSdsloeRvkGQAXKT5x59
+X/aJxl2nQAk9rElFRdwujTBosgm6+8MvzLoL3z93e0Z9OhIkjpaPPAUKb9KUKB1tDMAuiCLV
+2M8dE8fwSNfXBafPx0eeOzw0yIBP1BS7/A1Q9/qz7EJfqd1tyPR1z3vBciaxARxcLP16TrQB
+xQVXuec8qgXZiOkHRkHO70GBrljfg6Kuytd3H+cAPJ1vjuQyCR1NeDR4NDyUmybtT3HGGXq9
+ICJIWv5LfQO351i+xjJOdB5o3ahoW7M+7mJ92YDoCnV6t+60ZZohkOCq0Ji8OLVzPIv43AAA
+AAIAFHNvbmVyYWNsYXNzMmNhIFtqZGtdAAABVsJJllIABVguNTA5AAADJDCCAyAwggIIoAMC
+AQICAR0wDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVyYTEZ
+MBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTAeFw0wMTA0MDYwNzI5NDBaFw0yMTA0MDYwNzI5
+NDBaMDkxCzAJBgNVBAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBD
+bGFzczIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQF0o1ncrwDZbHRPoW
+N/xIvb1/gC01O+FvqGepvwMcTYxvMkfVQWikEwTBNQyahEP8XB3/ibPoFxjNkV/7iePqv05d
+fBsm03V57eaE41flrSnE9Doo56V7hDZps/1edr2jLZnTkE4jKH0YY/FUOyaddluXQrL/rvBO
+7N05lU6DBn/nSUDIxQGyVFpmHT38+ek8Cp6BuHDwAYvkI1R8yK74kB4AlnLUVM9hI7zq+50C
+ldG2uXE6aQg/D7ThQseI9T+YqKe6HOBxce9YV4FQelxrdEYOgwOYw46obvJ2Mm4ng8Jz89wY
+6LST6nVEawRgIHFXh53zvqCQIz2KJOHaIdvDAgMBAAGjMzAxMA8GA1UdEwEB/wQFMAMBAf8w
+EQYDVR0OBAoECEqgqliE0148MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAWs6H
++RZyFVdLHdmb56ImMOyTZ9/WLdI0r/c4pc6rFrmrL3w1y6zQD7RMK/yA72uMkV82dvfbsxsZ
+6vSyEf1hcUS/KLM6Hb+zQ+ifv9wxCHGwnY3WNEcykMZlJPegSnwEc485bxeMcrW9S8h6+HuD
+wyhOnAnqZz+yZwQbwxTa+OdJJJHQHWr6YTnva+chdQYH2BK0ISBwQnGB2jyaNr6mWw1qbJof
+kXv5+e9Cuk5OnswMjZTc2UWcXuxCUGOu9F3EsRLcyjuoLp0UWgV1t+zXY+K6NbYECJHo2p2c
+9ma1GKwKplQmNDPSG8HUfxo6jguqMm7b/E8ln9kyx5ZacKzfTAAAAAIAHWFmZmlybXRydXN0
+bmV0d29ya2luZ2NhIFtqZGtdAAABVsJI60QABVguNTA5AAADUDCCA0wwggI0oAMCAQICCHxP
+BDkc1JktMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1U
+cnVzdDEfMB0GA1UEAwwWQWZmaXJtVHJ1c3QgTmV0d29ya2luZzAeFw0xMDAxMjkxNDA4MjRa
+Fw0zMDEyMzExNDA4MjRaMEQxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEf
+MB0GA1UEAwwWQWZmaXJtVHJ1c3QgTmV0d29ya2luZzCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALSEzDMXLmuUbGthUqDro895lEzllICZy1VkRGWPZ2TiBuNcN0n2L5uEhB4t
+8mCdME7MhIXiLM8env42qzN3NUTYNZYaPTboeg7Y1UehammL2fy7Oq55WtX01nG7mpAja5q3
+iHSHDB5fuZ4t+qtTK9y7dj6TTAgIjB6iIxzUaq0iupkBLm1ly74kZlUkS0BEsRvX4cKFwN4Q
+Pz3tuPzx8SNT3L9ll2/Z+UBxjX29ldTOvqBeJyPe/abQJg4AKes8RvA9YL8/UNLcJkFRnhQ3
+QgSjcFeoG4ftLfp77owK46lmiRnLQfndRDZhz+J3Rsh99vSSgTb92zTxcn7zDBa9tBUCAwEA
+AaNCMEAwHQYDVR0OBBYEFAcf0uec2sJuokC0sHpQEFB0xMi9MA8GA1UdEwEB/wQFMAMBAf8w
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCJV7IWeqjC/dbZm5s0wpy0MhRN
+p6Tf7L6nvvhD25E3zrQyLlBVGjVOdkNxIO+Td04VcC6Hw8EdbdzLtSfULFbRUlM6RNJzyMQb
+BWVaYpKc7kGNMdvnNOpZIdUBetdkuGQ5zcntr+1LA0inoJkBgNxlozauZVlIT4JLyGXxVx3l
+WS4KP2zY0fXlCbRsVAAK4BVNh3Vtt1iWWt1t0gCg9JtIvsM3pLo24HyHhZcaFaLeLqJbva8Y
++ZBQzXBZ+CdnR8vHoAc6fdEsXWwZOma1ff2Rb4KxvgiT2xRH8aI3x0WePMd3r2Sok9/2aYOC
+YPJJQjTtWgBUhRwWNpIMXPqmrb/bAAAAAgAgdHRlbGVzZWNnbG9iYWxyb290Y2xhc3MzY2Eg
+W2pka10AAAFWwklM0gAFWC41MDkAAAPHMIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsF
+ADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZp
+Y2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQt
+VGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1
+OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNl
+cnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMM
+HFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN8ELg63iIVl6bmlQdTQyK9tPPcPRStdiT
+BONGhnFBSivwKixVA9ZIw+A5OO3yXDw/RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuh
+dfsaa3Ox+M6pCSzyU9XDFES4hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Z
+f3WHHx+xGwpzJFu5ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W
+0eDrXltMEnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj
+QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1A/d2O2GC
+ahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOyWL6ukK2YJ5f+AbGw
+UgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ1GSFS5mvJQQeyUapl96Cshtw
+n5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqm
+JQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMi
+vgkeGj5asuRrDFR6fUNOuImle9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7
+PHi4b6HQDWSieB4pTpPDpFQUWwAAAAIAE3hyYW1wZ2xvYmFsY2EgW2pka10AAAFWwkle/wAF
+WC41MDkAAAQ0MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUF
+ADCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIG
+A1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9i
+YWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcxNDA0WhcNMzUwMTAxMDUz
+NzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk
+MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBH
+bG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCYJB69FbS638eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbi
+m1vZZ3RrXYCPKZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt
+2W7QDxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4qEHM
+PJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRaJSKNNCyy9mgd
+Em3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNViPvryxS3T/dRlAgMBAAGj
+gZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMB
+Af8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASsjVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0
+dHA6Ly9jcmwueHJhbXBzZWN1cml0eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEw
+DQYJKoZIhvcNAQEFBQADggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc
+/Kh4ZzXxHfARvbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYg
+oyxtqZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLaIR9N
+mXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSyi6mx5O+aGtA9
+aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQO+7ETPTsJ3xCwnR8gooJ
+ybQDJbwAAAACABlnZW90cnVzdHByaW1hcnljYWczIFtqZGtdAAABVsJJzGIABVguNTA5AAAE
+AjCCA/4wggLmoAMCAQICEBWsbpQZsnlLQfYnqcMYDx8wDQYJKoZIhvcNAQELBQAwgZgxCzAJ
+BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAwOCBH
+ZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMTLUdlb1Ry
+dXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzAeFw0wODA0MDIwMDAw
+MDBaFw0zNzEyMDEyMzU5NTlaMIGYMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3Qg
+SW5jLjE5MDcGA1UECxMwKGMpIDIwMDggR2VvVHJ1c3QgSW5jLiAtIEZvciBhdXRob3JpemVk
+IHVzZSBvbmx5MTYwNAYDVQQDEy1HZW9UcnVzdCBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5IC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc4l5iWB0zVzky
+M/rry4eMp9RK3QaI6mSOMZilOJAemM8uYyvwRrxEsomhwCgMSXAhlZ9kwKaTEgJlJobGpYnw
++teEoHCvTxqXPwZE1cnrchB95DEo+xxh5igHRHOSImmnA4hsnWPIUtqYJ+cITHA+tMkSwcVn
+g10z8wMR7GrQU+LRujZglIC7YWNsWxd+30CUHqsNwiEocIj/1iZsbGAEJU5Vfn3vv5RI3rcd
+3XCNBV+IpZvywu7q0UBBbWI4HVYGxQNHUSAZ/HsQCw5irnZVv193vj5JAVM9mCUDdiRaHbTb
+iep55bazOz+6TChBfwasao7B0PYFHX3mQobjpdVHAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB
+Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTEecqOoU4DHRzca9sxW5Q+PzB/LTANBgkq
+hkiG9w0BAQsFAAOCAQEALcUTz1aAe3p4vZ+uLJnn79rflF4JaafnbmiMvXK+R6kOlxK4SvFk
+0znfJTTUwc1OgfAPBMQkszSWxqaqMN9oYXPX+Y6Fie8OXpUoSionjxCOLnyGxAKe2gx3ZQ5E
+DZL9/bMWNvoRDR2MDgeJailW93L03RWcdzVmV6sTU9iOwUDF1xMWWnLHt2kBxHqxgwFofY1B
+oZQYwSVc/PD+gwKHfA0Nzy4IXEpADT7sgWHmJNvK4A4tB7I+VtyN9UGFB0ibDAvLST997Lf9
+y41niRqr7bseowAICBcqglwxXUaKLQ+Gm3TZRfvUQLF6qmgthrKZIuHBK8ec+PNfqIIS6xkR
+LQAAAAIAHWNhbWVyZmlybWFjaGFtYmVyc2lnbmNhIFtqZGtdAAABVsJJ36oABVguNTA5AAAH
+TTCCB0kwggUxoAMCAQICCQDJzdPp1X0jzjANBgkqhkiG9w0BAQUFADCBrDELMAkGA1UEBhMC
+RVUxQzBBBgNVBAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJm
+aXJtYS5jb20vYWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2Ft
+ZXJmaXJtYSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDgw
+HhcNMDgwODAxMTIzMTQwWhcNMzgwNzMxMTIzMTQwWjCBrDELMAkGA1UEBhMCRVUxQzBBBgNV
+BAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20v
+YWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJtYSBT
+LkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDgwggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQDA31bT5DqbdkW0E9v/wbYZizdBGJVSR+sXnSmIjjVs
+BjIuR2LzSQS/fUQ2sXHMvVoJc9XZhUT/kVcl3142jnDRXHFDHdna71zS+xu9OrXLraPMRKcN
+riEVP7l6W5J12KQSOIkZireA0uIyb1ackdaIEAuzdGSSdGDz9s8YT2CyI9DHO85hS5mPwgzQ
+QLKY3A2oTqO5Cq5goK1FUmO6Zr1o4Pm+GqiBux5BeHXTwf4AVbCHVOgnkDUdTDOtl/yXLpiE
+vyzJo7/RmBEU7WP4ypiIWBeZ7UUDl348hh6IjL7ykYSPZTTYAEx9tzEXWil6ChgkMKM3tXqp
+AX0m1vkOjlnx/RsztSk7FztBtiHd1MA9pZ+fH0NQybu8bHqXmO7NjB/7nFGui3C9J59xwGus
+fZBm6NddOg2w1cKN1cidncFt0NC/UeTj+MM4Nq7Wp3Xmr4RDXZOSDGoH3jsdmCLWrME126Og
+Jf9ytXYd3m3pLGYsUoTQRZLOHOXlMx3cB1NUo6qCO5o3L9zdoGTp5t29rvxkhR08p8kG3oT/
+a+hrGjzForNC+4sJPl8IUsdixNQFcb/EZOT4oYPoPhKbqB7UNk0vcfaNKPaDqRPSYcGRu0jA
+NI9BjEtM22kS/1CUnCCDWXPtfKHy8f3d90nTQ1igVmPKPT3lNVZZ6Q7KIMwrS5MpDwIDAQAB
+o4IBajCCAWYwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNVHQ4EFgQUuQnKnB7b02w6a67tVPFb
+kwY1Ll4wgeEGA1UdIwSB2TCB1oAUuQnKnB7b02w6a67tVPFbkwY1Ll6hgbKkga8wgawxCzAJ
+BgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3
+LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoT
+EkFDIENhbWVyZmlybWEgUy5BLjEnMCUGA1UEAxMeR2xvYmFsIENoYW1iZXJzaWduIFJvb3Qg
+LSAyMDA4ggkAyc3T6dV9I84wDgYDVR0PAQH/BAQDAgEGMD0GA1UdIAQ2MDQwMgYEVR0gADAq
+MCgGCCsGAQUFBwIBFhxodHRwOi8vcG9saWN5LmNhbWVyZmlybWEuY29tMA0GCSqGSIb3DQEB
+BQUAA4ICAQCAiH9w3pIo2QWURv+QV6nxL98aDWv6fA4cSSR5J9hGqm8pWVKIcBLq3T31m1NU
+b+FgoqgJuezrWXzGNfHcGOnxZ+WvukXgCd7KRA/CFw53kUV6M19flixoi8FHj5ibPcDsy/XV
+gpKENdG+NjhWcjFbRy2qF6RjUesKAa1/7HWey6Ef8X8SsbnkZH9n1iMq9Lg5XZjoIafhvT1C
+GnSacK9obFBdSc//+w5d5ixH14E6WQC1c2tjIPYxRQg5DvRwfkBwWj/Qa0KpdD0oLwJtdXKV
+CY1IY8bGI1eSk141wY35CvcsnWIc9q183aYxHraxx36FJvqkarXaYzDR75M3smYvfQX357dL
+mJQ1wNk6KcGdslAzHUqpWqbJA+/t9Oeoboq0V4TrpD/Q7qqqh1tj6JPia6jUuHJ4axvtOeRd
+y5uqh9VPTgD+2WqfPDEPKAIBfZjop7CiZJ55+EjyFanM5shE6z94mfJ7cT488ZinxRgSP+a7
+KDNC6UUKfG3yhnkvxYIZfQmJfLJUdoiu3sHzzOFu2zHWk66ZoO8lanOYiVs6LhOIHr/AkpQ0
+G+Mnt4seb0L/5+k3m1AdLaL5Au7LWFg6cbxo46rBrxwoH6LcI2U/gequmdPYMM8TDU8VyYS8
+p0gt+DAjd9hGS3lt9oztOn9gEXj06Zuu1VTAdIDRC0KfwQAAAAIAG3RoYXd0ZXByaW1hcnly
+b290Y2FnMiBbamRrXQAAAVbCSSSHAAVYLjUwOQAAAowwggKIMIICDaADAgECAhA1/CZc2YRP
+yT0mPVebrtdWMAoGCCqGSM49BAMDMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl
+LCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl
+ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcyMB4XDTA3
+MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgYQxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0
+aGF3dGUsIEluYy4xODA2BgNVBAsTLyhjKSAyMDA3IHRoYXd0ZSwgSW5jLiAtIEZvciBhdXRo
+b3JpemVkIHVzZSBvbmx5MSQwIgYDVQQDExt0aGF3dGUgUHJpbWFyeSBSb290IENBIC0gRzIw
+djAQBgcqhkjOPQIBBgUrgQQAIgNiAASi1ZyCe5Wd8VJ4h/6KFr8F5t+jAk8NB8YAUboMAlIt
+IqRCOcT+j+rJwb7UTf+fep7isXyaraeGCXOH0eea43qlqm77urNwwGeIojXUo5qx/a3C7zH6
+qLnz+wjGkdH7KZWjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1Ud
+DgQWBBSa2AAwAOdrf4UY7ou2zooM+BHhuzAKBggqhkjOPQQDAwNpADBmAjEA3fjgV0dbp+YK
+w731gIqXNQ0biTxUhncoyqH0ed615jiw8GVwjH8CVMK//9ihPtnPAjEAxI2U/NxT0tydeBYf
+FTMjU1LjWjFdncquvRMpRA0nW6jnaJwS91g/LnICV6OPoRQuAAAAAgAlZXF1aWZheHNlY3Vy
+ZWdsb2JhbGVidXNpbmVzc2NhMSBbamRrXQAAAVbCSRhzAAVYLjUwOQAAApYwggKSMIIB+6AD
+AgECAgMMNRcwDQYJKoZIhvcNAQEFBQAwWjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0VxdWlm
+YXggU2VjdXJlIEluYy4xLTArBgNVBAMTJEVxdWlmYXggU2VjdXJlIEdsb2JhbCBlQnVzaW5l
+c3MgQ0EtMTAeFw05OTA2MjEwNDAwMDBaFw0yMDA2MjIwNDAwMDBaMFoxCzAJBgNVBAYTAlVT
+MRwwGgYDVQQKExNFcXVpZmF4IFNlY3VyZSBJbmMuMS0wKwYDVQQDEyRFcXVpZmF4IFNlY3Vy
+ZSBHbG9iYWwgZUJ1c2luZXNzIENBLTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALrn
+F5ACZbE0VTxJwlHV36fRN4/R54FzQVJgm52hFyZ4rcex6CaUMrXeM406L9vymnpac5ijXOn7
+inMbXOfDv4Bszan01ivA9/mZqmOisUcCD9TkUToSPGyKWlSEcNvBxZDPckXLqFnAzTOdP6OW
+64UzIRw+Hj5gbnacZ4XFyMNhAgMBAAGjZjBkMB8GA1UdIwQYMBaAFL6ooHRyUGtEt8kj2Puo
+/7NXa2hsMB0GA1UdDgQWBBS+qKB0clBrRLfJI9j7qP+zV2tobDAPBgNVHRMBAf8EBTADAQH/
+MBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOBgQCcszOjP2Ihxhj4bG0RJOx9
+p5kMB33tiBUw0c0K2eYHNUaTStZFJ7gowdhIrCMlc7QYGgsYiq6hiWRtDeFn+uDZ7REja6iW
+Ew9vjwoy5FxcmyOvkvSTAmq85obVs7P9yLt8a14rx0NuCPUCa/nSnrotqxsIpzm9CmJYzN+0
+IMUBrQAAAAIAGHZlcmlzaWduY2xhc3MyZzNjYSBbamRrXQAAAVbCSb5mAAVYLjUwOQAABB0w
+ggQZMIIDAQIQYXDLSYxfmEUp57Cm2VBbejANBgkqhkiG9w0BAQUFADCByjELMAkGA1UEBhMC
+VVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
+ZXR3b3JrMTowOAYDVQQLEzEoYykgMTk5OSBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
+emVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAyIFB1YmxpYyBQcmltYXJ5
+IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzMwHhcNOTkxMDAxMDAwMDAwWhcNMzYwNzE2
+MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYD
+VQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMTk5OSBWZXJpU2ln
+biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBD
+bGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzMwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvCg3C1SzbZ7kt5ZQn3aW+4LBNj7NhVjzW
+fMP0zT6Gy6KI4uHYpGnFteK/waZHUF5GOYvVlrq1bxS/EM4nE54FR5sxehPYH9nTAjeLrSxH
+8I6BBqcNMAzr9zwPIB3cckbupQLIW8PJVmlMxRjBkXsL1RMAm7zvw0g+RmAghSrVkLbNi6DM
+Mt23/UBVslAcVq7MjXdNxyBNpzF272iSipAeCIFWsq1po1LQyxzEIz0fmf5M6BZjjsYIjvYx
+9tL65XbdtRySo0nNzQHNaM2pabqj6x0NnKQgpsGgxdFGTBdt0qxmP5aM4ITUNv8iWcX5EWCo
+XwR98hr2JUJhD8RKuD6JAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBADQmFTzAjU1DSR296SGS
+12act97FuNDkXV92IsAm+YQ6OvmMtfvsYPHozgSwyN2nA48w85jfpOakMd/THAtG3HIgP67u
+BTykMz8LOaxweHNLmSvfMMJUsKg7VaH+FijNQr10boDbJ0SnzkRd1BuQmA0eQpSxACwE0HSj
+AgUiY2PNg7X7wW1ia2l1/V1wQbn1v3zfvsEycyIhi1iBexWRerrjZEiwf/s2JdqV0PEkFBfd
+GIBrRiM5VPWOYgkEHZSQppvmJeJCRaq4kK2+CI+pC0IYlM9yOeGxQ+Aoz7fnWmwTa0mz/+MY
+fImLM12sM9en+do6VclYEPmq71q2z0tL3yoAAAACABR1c2VydHJ1c3RlY2NjYSBbamRrXQAA
+AVbCSekZAAVYLjUwOQAAApMwggKPMIICFaADAgECAhBci5nFWpTF0nFW3s2JgMwmMAoGCCqG
+SM49BAMDMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxML
+SmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMl
+VVNFUlRydXN0IEVDQyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDAyMDEwMDAwMDBa
+Fw0zODAxMTgyMzU5NTlaMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEU
+MBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEu
+MCwGA1UEAxMlVVNFUlRydXN0IEVDQyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTB2MBAGByqG
+SM49AgEGBSuBBAAiA2IABBqsVFqp+Wgj53rVJG9TxlrYS6vG1bbR5nNxrt2c1gxh/dugiQO4
+BRTsV87uXT/iIbPO99SKeeCjg34tl9BhxPGZ3CWRY6t/MKO0cOLHoTOc878uXFOxX7N9Mn+K
+NON5eaNCMEAwHQYDVR0OBBYEFDrhCYbUzxnClnZ0SXbc4DXGY2OaMA4GA1UdDwEB/wQEAwIB
+BjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMDZnoRYI3OSXAEEdTr7hYwHP
+O6pCEWSgnZQ5AhF5XHsd+mS57hZCs7+KwgnE7OSxTQIxAOkqYUeMUkpLThhw9tZE1m71g7pt
+WL0k2VZI6u/EokaBiGo6RtGpm03JYdrRXVdqGAAAAAIAHmNlcnRwbHVzY2xhc3MzcHByaW1h
+cnljYSBbamRrXQAAAVbCSWTqAAVYLjUwOQAAA5kwggOVMIICfaADAgECAhEAv1zbtvIcbsBN
+63oCOzboeTANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBs
+dXMxHDAaBgNVBAMTE0NsYXNzIDNQIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcxMDAwWhcNMTkw
+NzA2MjM1OTU5WjA+MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxHDAaBgNVBAMT
+E0NsYXNzIDNQIFByaW1hcnkgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr
+N//rYJtBeGn1SViw3h9xaaYr465Qxqm8k+kgvuTEE4JW7/BDMgnKm3UDj3xP4eBPdp4LrWR6
+FDqanb8vFgtlHKnunLzjGmXLT4XqklZ1ZtZVQO/7zNY4P6sc70KNGYn2t5WGwqcd6fcp8SrZ
+ZXn8K/WOyhp3fp7orPlmv0X76BOdX7Zz5X17jvsSdF0fBl6FG6ZeGEQAurzTbtFSDgat6+61
+tMG7vOs4D0gikcdv0rhyO7p/wI1st7xHcyEqhf+s1iiiGdWXajq5rG1F7OZNw9uoXcVdgpis
+Slqq5isIDBB0vGL2OkkEZthRHCam2HWfnL+uYFE9XLyiT3uJZ81TAgMBAAGjgY0wgYowDwYD
+VR0TBAgwBgEB/wIBCjALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFIbh4YFxv2oS8QryAeTI+0DO
+aICJMBEGCWCGSAGG+EIBAQQEAwIAATA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vd3d3LmNl
+cnRwbHVzLmNvbS9DUkwvY2xhc3MzUC5jcmwwDQYJKoZIhvcNAQEFBQADggEBACWq4SJAwqSA
+PLeiXZmNH3pCNThmFxHfva/8FRGYGTPmBUKEVKhL67Cd2zfaFlJAEXRov+nJshCEtx1EAHkn
+HPVYBhcYMjW2MJdjxqY5G8juRhdixS7nCqOaijBjc6oUpU0KqHKT8EkREJB8GH2oIAXEwno1
+uhxaCuAueMiIsc9XAew94gYTNMCo3PqAgAXuBXa9nSvInVBva8VAUIT9XR3mkJwQ06TGuSga
+3rX4CnCqzt5QPQOA29iIxUgG5ANz3RbONtblm+p32rKWtWWnBF0jrveTsl6KUWRf2s+MPUFb
+3vmj6Sp8RxAf9jI8fnDp36HVLg2xGkW0vBLtKBfpHgIAAAACABlzd2lzc3NpZ25zaWx2ZXJn
+MmNhIFtqZGtdAAABVsJI0YEABVguNTA5AAAFwTCCBb0wggOloAMCAQICCE8b1C9Uuy9LMA0G
+CSqGSIb3DQEBBQUAMEcxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxITAf
+BgNVBAMTGFN3aXNzU2lnbiBTaWx2ZXIgQ0EgLSBHMjAeFw0wNjEwMjUwODMyNDZaFw0zNjEw
+MjUwODMyNDZaMEcxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxITAfBgNV
+BAMTGFN3aXNzU2lnbiBTaWx2ZXIgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
+AgoCggIBAMTxh3/TeDH3OMn4w5lDvMf3vDfnTnG6S4+lcx1cbpiuA1euODdDLxc9H8jOaBDB
+eK4ZAysQ+ix5g/bouWi5VfIERKc5+fwEix7xok0n+WF7urflohO262E+0GzR5vv6Xu0dtJ6g
+NVuhksvwSZL+hQoFPubZC+JPu9yVN/yR6TI1ItEfOk4nhZ2wFZQy2mENR01gQq6SR+iDWlBY
+6YqLuV2h3N2ZSh82Z7tI5IO2N+tIOq8PZ48XB+gEyu9qMYfUwLb5lHF7Z2S4tpFKQntlLjBq
+DPWQ7pXm8s2C7NmhSuz2skvlRYXmbXiTBC6cgm02qcQxZB+Ggwsq9DUKeMlVz0GwR+kwn5m+
+YagGhLkoel842RupOLCDf3PBwztIKoIPIZu4zKg1w4Qbg7M+vqSVaQE6iQB4BNnJ9JkZq1Z+
+W4uGORWRpBAsCTKAYLOTwCq2GAudfo1J8hBKf/nVRi8ZkqOZpyasu4w85g68Rwfcc1HxcGQv
+CPm0Rx0wbETqKTeFkmhmvIM4/ns5LtNQ8B/7XmC2qab6J0Hxmxhy8vWEdErJZ8RUrkhk34zR
+brAd4QePCB6ZnHHpTNil90cSH3TRUZ6G88KiI0ALc9tLpudzBozBoOnBWaxG+uYv+M9xnEZt
+ucQVjTh5A0VI78Rd1wjuhzkihrIND1hD93GpSC796tYfAgMBAAGjgawwgakwDgYDVR0PAQH/
+BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBegzcHkQbY6WzvLRZ29HMKY+oZY
+MB8GA1UdIwQYMBaAFBegzcHkQbY6WzvLRZ29HMKY+oZYMEYGA1UdIAQ/MD0wOwYJYIV0AVkB
+AwEBMC4wLAYIKwYBBQUHAgEWIGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vMA0G
+CSqGSIb3DQEBBQUAA4ICAQBzxoHgJ9ItD+CVMOKaQX9QLF9fYmGphmppGAx0SdZdhOpBUhhv
+WK1QViBqxr0oaViR3JERNak6HbwapWCe2B9/RZFp2X67eHLBBg8qzo+FcGGsoM0LuDkpVoQy
+Toa7PcQq2dcfcu7+UaEiQbFxAmMagrBiq15XEh/fy911oMBdeZCMG+BQ5t4x/ph7cF+lkNit
++AK2b9Ng3UBLIsU9rTp6nxoaR5F5M7qC3DJpA5ZuH0vwcf7jZ3Kgsb9ci+T6mSLHhLkbjSOX
+P+0l4M9lu/VhBO/dHrJaQSJaoZ9dLOhbyW2pDAx4qmDGVo8BWgxovGkZecQffpcFv8XpJFFe
+1NVLU+3ZI1o2A2WjwQOtQTDzRhuFkK9ltdWx5BZbeHUdl3ptWakqj3vew4eJEJlJc3jIPb1R
+NXQq1fF+aRsquzu9JbiaWj1yYZBmh+4M1k3UEXQLav4LA/yjVVeJ/krLrlsXBcjyjSMxUzjS
+LWo/grmNCGr3XkF0bsMRfgesKWCRPzjKVxANvTAvx6XmQaDargWHmqCkZWxMCQyJurjTucCT
+ijD6jeWaaxUBTmeq2mJWPoQIZtLENn2nPhD8iODUgOUAvarzTgajemr5YnLjCU/rmw4BI/Gf
+u3zc3GwRlyWy8rRjFNIGKmeMg/XO6gfYmmoe7OQKuypM6wlgOc7KYtgubgAAAAIAGmFmZmly
+bXRydXN0cHJlbWl1bWNhIFtqZGtdAAABVsJJ8v0ABVguNTA5AAAFSjCCBUYwggMuoAMCAQIC
+CG2MFEaxpgruMA0GCSqGSIb3DQEBDAUAMEExCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZp
+cm1UcnVzdDEcMBoGA1UEAwwTQWZmaXJtVHJ1c3QgUHJlbWl1bTAeFw0xMDAxMjkxNDEwMzZa
+Fw00MDEyMzExNDEwMzZaMEExCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEc
+MBoGA1UEAwwTQWZmaXJtVHJ1c3QgUHJlbWl1bTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
+AgoCggIBAMQS36lf/kHd3fWfiuP2rOE8eJq82PB/eqAzKtyNIFuuLW/nk9k2cGpoz45Ro4Vb
+ZwSgECRvXSiCwZdX2EgpE7bhvpFN34UMUxiaHiSiT4/wooULy/Qpf9KkWO4mTcmqqHua2fo4
+3kRXFeX4jMjZSOINFicdHsiDhSW3uqpVQcwDIkstkY2L5omvZsfp/yvpPKza0rPD4Wicifh6
+AFbe9FWVbPu6ZN1ii98LdzLrYswmmpu7qmKDTLQGejDIKb/tBk2XuRzEMSvVX7xTEhecmVcp
+ZndhITEHLiVJnRjy7vMrcYy1ujkHSXf87y6SkAWNLS93e+9DvzW7mtj5c6cs8tBX7ihOJl+P
+kGgJL7j43AbpLpo+UafRIsQKpzhIbLP5/32rhlfjutaFeHe6Q+pIf/bYviNtHr/RNmxYXPHu
+pBlUGvUD0nbm4Yy9PLPTSEviyPh/kqh2RpxCZT6kHsEHA1pGLbiX87fVslUh77rcTACX+xSV
+JzO/6ENHRtIImRZgO5p+0ubtOOrsAR48SFZJCcdMNwCeiA7Ac+FvZulyRzA+EOULA8maQgBs
+xZR+YcSK33+CGgtZxFkyd7O8YGlWOf20Bnss1mQ22b1I7YQffqUijyq4QvSCt9RTkHhOLRr9
+gW9E1zsBdJZC4ADiLmvqxe5yrLu//uqqqPjc9rJ5irZnAgMBAAGjQjBAMB0GA1UdDgQWBBSd
+wGemDCLZJvVFq6ZlUhEn2EWsYzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAN
+BgkqhkiG9w0BAQwFAAOCAgEAs1dNEGJOOuSs6rgcrzIjyLNJWlGcdiiNeapXRhfV9VL2t0To
+CES/GITSC4DNxRL9AFUFYYdB3LUknjzE2Mj7cJ4veJaDIDbefA9pE4ildTaYCKbG36zO41jW
+tz7euvPrNEDYooH1eD8v1aX82aLUXgQOF63+QfDlsnL6RIIzQugtWPdWjGI/ukKwnAxcfi5l
+JlxTTwCyeH6hDZktjbgdjqLEsP1g0DCkjsgEYqnE7TXeepftDjheki+TcKWpnG+nfRMdfsYI
+SLFeZ+tRCCXp5iVrUimRnNI5cwhX3pkGtFudEAbhwgCouBxKAgoU0MFByvuMNSF9gjjyqVSR
+GTWTlG1qOsWy0LuJhpPom8kPOqd6uKHweEb6/Dcv5YqE89/+BNmhaKAvJOIJlQbVlcrhJJbr
+fPaTBbvtc+kt0XU51+ck29hOX0OPntAUOb9VcEiZVzG0nO5KmAOWMB9gBu4bI/6BYCMaR2KF
+pcwZNIBvs6wa45/we0it1QHZZ7apcpPqLWa1srjkPTyy70yM6usHv6s1mlWGvBimtahetINs
+a2lA05/c8cNpa7nhbQn08apQdgp6fXoXoVWWQpkxCd1gEY0FMH7mjkbRnRTaxxfkBZaMxCS1
+G88UB7JA+KOeQYa8BNBrlsgqgDT9v+8Go91YxYU9Po/+ningtrgJaBkcGEMAAAACABJnbG9i
+YWxzaWduY2EgW2pka10AAAFWwkmJ6wAFWC41MDkAAAN5MIIDdTCCAl2gAwIBAgILBAAAAAAB
+FUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNp
+Z24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBD
+QTAeFw05ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYD
+VQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9i
+YWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZjc6j
+40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6scTHAH
+oT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlb
+Kk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgKOOvy
+JBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FG
+qkjWZCrXgzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQE
+AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzAN
+BgkqhkiG9w0BAQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLbl
+CKOzyj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE38Nf
+lNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymPAbEVtQwdpf5p
+LGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUadDKqC5JlR3XC321Y9YeRq
+4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJ
+KSZp4AAAAAIAFWR0cnVzdGNsYXNzM2NhMiBbamRrXQAAAVbCSTSeAAVYLjUwOQAABDcwggQz
+MIIDG6ADAgECAgMJg/MwDQYJKoZIhvcNAQELBQAwTTELMAkGA1UEBhMCREUxFTATBgNVBAoM
+DEQtVHJ1c3QgR21iSDEnMCUGA1UEAwweRC1UUlVTVCBSb290IENsYXNzIDMgQ0EgMiAyMDA5
+MB4XDTA5MTEwNTA4MzU1OFoXDTI5MTEwNTA4MzU1OFowTTELMAkGA1UEBhMCREUxFTATBgNV
+BAoMDEQtVHJ1c3QgR21iSDEnMCUGA1UEAwweRC1UUlVTVCBSb290IENsYXNzIDMgQ0EgMiAy
+MDA5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07JKz3pH73WbI/o6L9ZQRYk1
+OsZr2/7bAGio4AMRHTdQCJ9NSmiUNbNT0ZRjpyBWr95ReOwqPfNISFA+Ct9GVYsnbcMQTQ2R
+UkPYh+BdTja1IcpfOUAEX1t+zKPGK6lAHtk2hNZI85IeNEYgJMGkUY5KGu9QP2ldGX9Fw8cB
+j1HJI+hyrrS8Vgl/Esscsa8pkArJVcwP07Qa7Uc1WkrtnHMEIdCqvQwTtQDKJmzEawyUWpWU
+2lCa8f+lK2YxpMk4oN8dH7gJLvOn6GdSq5Uf4EY+2KTDylrFMYDoSJqflGn+Gd3Yc3yBypbe
+ju2zMgVlhDTm5v1XELVfdr8vsBANxQIDAQABo4IBGjCCARYwDwYDVR0TAQH/BAUwAwEB/zAd
+BgNVHQ4EFgQU/doUxJ8w3iG9HkI5/KtjI0ng8YQwDgYDVR0PAQH/BAQDAgEGMIHTBgNVHR8E
+gcswgcgwgYCgfqB8hnpsZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1Ql
+MjBSb290JTIwQ2xhc3MlMjAzJTIwQ0ElMjAyJTIwMjAwOSxPPUQtVHJ1c3QlMjBHbWJILEM9
+REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDBDoEGgP4Y9aHR0cDovL3d3dy5kLXRydXN0
+Lm5ldC9jcmwvZC10cnVzdF9yb290X2NsYXNzXzNfY2FfMl8yMDA5LmNybDANBgkqhkiG9w0B
+AQsFAAOCAQEAf5fbMMjfpJx9IXqAcM4UEmmIFJVgRAGssukwT5tQwmbYfo0wtXAx6eJpx/Nw
+2yAVhtAN8L6sAXWEzn6fTb+3YDuc88od4l5o2KOdl+VAYNI2If7QtLgX2nSjf9TfsJgCrG9r
+aywlJHKhZe4lWuXmMufy36tJ+vOQaSPbBNnnXFj8ZdSXvsz8LgrMJSo1BPhgkRV1PUH/Ix8Z
+yGzrglMEpuRMIk2NjLrOW3PsZFRQbdGcVftpwzbDjLw8haZrCiYN4JOYYK5+xiSXimFfkY5m
+kgmHNs2Lmy0+9lHUUNRZKL2D8swoe1OGbdgmiHDX6pHNPrnKwJBuWsZedGXXXP6j4gAAAAIA
+HWFmZmlybXRydXN0Y29tbWVyY2lhbGNhIFtqZGtdAAABVsJJei8ABVguNTA5AAADUDCCA0ww
+ggI0oAMCAQICCHd3BicmqbF8MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRQwEgYD
+VQQKDAtBZmZpcm1UcnVzdDEfMB0GA1UEAwwWQWZmaXJtVHJ1c3QgQ29tbWVyY2lhbDAeFw0x
+MDAxMjkxNDA2MDZaFw0zMDEyMzExNDA2MDZaMEQxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtB
+ZmZpcm1UcnVzdDEfMB0GA1UEAwwWQWZmaXJtVHJ1c3QgQ29tbWVyY2lhbDCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAPYbT2cHK6EV9QYiyx8BsuNzRQZESSy7SSUU1s7Dt6ss
+T8ZBMpRX+hKnWw7ijx8ehhmnqrUtuV8NisKvhTV5Mi27HGI38rFbSj3KzXFf6UK+lOjI3vki
+SGTG5avGK22tBfD61QvPmuXwUKSLO0elI1t6evgzP7jvmZfjIMHWKInPlPu5Re3jQBcR1HTw
+CzHiKyZqm0xXrqwgPrpFegXzvZtpFa59TiBjxDV2OgcCyTf9x0fu6PF2HXMV8pektch6edlC
+qit/XP7OJk+jZoE1r0S6VB4cMDJlneY8k15QTnrjOtRuzBr7+dI3riQqq1cDIigNSXV/tyja
+db+O49wOeTECAwEAAaNCMEAwHQYDVR0OBBYEFJ2TxlOLXsqvP58eD+WZlbwk9pSPMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBYrPQEDs3A
+Df8K/dS6Fl8pvXtomVhJ0rQdN01/J31GBl1DxoYuPnOyJn1Pk6m2xCqaqyGXFLHejNOriRXY
+ayTU8Rau2KRc1H9Rju0YAbGTY728+GGAmp6xzkJw4ql9BiV9J6H+b+yzHiTa40tVGgA7NbQ7
+2dddMP2BE4nywgYr7WfEjslDslxrFYkCvGL8TvK1M6qyb9MKolDj9jvoLkTC22Y4qTNWSPFt
+GzONDYw/YDed08ptfjR+DZ9ydosbn3L9UjVBRQKWLxyymnNJIbFJR0VHtO9qNBHJTZrMWbfW
+Ap5aTmW1lK4b3ymwFvG/AJ4HOhdktQS1IyGZCpU7l3zvAAAAAgALb2xkYWFpaW50ZXIAAAFi
+32LqHgAFWC41MDkAAAWpMIIFpTCCA42gAwIBAgIJAJqx8dKnCZZoMA0GCSqGSIb3DQEBCwUA
+MIG9MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMCkJlZG1pbnN0ZXIxEjAQ
+BgNVBAoMCU9wZW5FQ09NUDETMBEGA1UECwwKc2ltcGxlZGVtbzE6MDgGA1UEAwwxT3BlbkVD
+T01QIHNpbXBsZWRlbW8gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEnMCUGCSqGSIb3
+DQEJARYYc2ltcGxlZGVtb0BvcGVuZWNvbXAub3JnMB4XDTE2MTEyODIxMTQyNloXDTIxMTEy
+NzIxMTQyNlowga0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOSjETMBEGA1UEBwwKQmVkbWlu
+c3RlcjESMBAGA1UECgwJT3BlbkVDT01QMRMwEQYDVQQLDApzaW1wbGVkZW1vMSowKAYDVQQD
+DCFPcGVuRUNPTVAgc2ltcGxlZGVtbyBTZXJ2ZXIgQ0EgWDExJzAlBgkqhkiG9w0BCQEWGHNp
+bXBsZWRlbW9Ab3BlbmVjb21wLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALr4rivKQuRkYNf5Ig40e1nqj6s6LB1vgMOYbKfRziOFpPcUpsHPOhusHowiUsrU1vdFSzPz
+6Ej7PjlmNSg2Qka8YCn9kd6QgM7U0KcPJvIucBp+qjifH3EvP0jgDPhDeVRYxzV454dv5kQ9
+uCpswJP7YAnX51dkWeH8nwPUoagt31bOl9LXENSrgxEThxdLYMJnQJWk2CmVotXM4tT1dxyJ
+xFUrZ6uJCEAYw5VtlplqihHf8lHy+sWQavtsLz/4dc+sGeXSTfoIvoKvoh3uZ5gEhGV8yfJx
+k1veX5y5/AxP80vQ+smWYjTnQL5QQ57y4bciez4XVBmQSWimWtOi4e8CAwEAAaOBtTCBsjAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTqdsYgGNGubdJHq9
+tsaJhM9HE5wwcAYDVR0gBGkwZzBlBgRVHSAAMF0wWwYIKwYBBQUHAgIwTxpNSWYgeW91IHRy
+dXN0IHRoaXMgY2VydCB0aGVuIHdlIGhhdmUgYSBicmlkZ2UgdGhhdCB5b3UgbWlnaHQgYmUg
+aW50ZXJlc3RlZCBpbi4wDQYJKoZIhvcNAQELBQADggIBAKNNlRqFuE/JgV1BHyYK0xoSXH4a
+ZP/7IoHtDVcSaZAOOuFOUrwVMUbzRBebbb6RpFwt/X+NLFUGysd+XNLF7W7lzxKtmFNXn4Op
+NkBe0y5O7yurus8rERHzu3jiOSgVo+WzDlGpYSRnG3hI2qPWqD+Puzx/WwI8XUTuzEQQ3gUS
+yVFfXHpay3VpYmLZiLJ9WKY5SDw7Ie6Sxrju4Qm1HwnFY8wHZGcs2KMQzorJ1ZNQf523yUTg
+hbT0rKaSFaD8zugPtI2ONfFG/QgrkQXo78opzPsHnHwaSxGSiAgeLbwAUCvPNl27zr6k6+7T
+cNjV0VUivAs0OG3VEAdgi7UWYB+30KfWwHwEzGmvd4IAGqIqlqLcSVArN5z8JK1B5nfjQn5U
+rclU1vK+dnuiKE2X4rKuBTRYRFR/km+mj4koYFPKFHndmJl1uv2OCJK9l5CSIuKWeI1qv8BA
+SKqgNdoT/SKBXqxgYlCbo+j4IDjxrxChRO+e5vl9lA7INfRrbljCkUjfLRa+v2q9tWQ3+EQU
+wwnSrSfihh2Tj0Tksr6b8dDsvMlCdOKG1B+JPcEXORSFKNXVTEfjqpJG8s16kFAocWt3S6xO
+0k1tqbQp+3tWQgW2TGnX0rMZzB6NGRNfWhlYmq2zHgXkiCIZ26Ztgt/LNbwEvN3+VlLoz/Rd
++SKtlrfbAAAAAgAbdGhhd3RlcHJlbWl1bXNlcnZlcmNhIFtqZGtdAAABVsJIy3MABVguNTA5
+AAADOjCCAzYwggKfoAMCAQICEDYSIpbF4zilIKHSX0zXCVQwDQYJKoZIhvcNAQEFBQAwgc4x
+CzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93
+bjEdMBsGA1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
+b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
+QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05NjA4MDEw
+MDAwMDBaFw0yMTAxMDEyMzU5NTlaMIHOMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVy
+biBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5n
+IGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSEwHwYDVQQD
+ExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIgQ0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2Vy
+dmVyQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqB
+QWKPOO5JBFXW0O8cG5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn
+0LoNkgYUc9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
+jfRCTedAnRw3AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
+ZZCsiA9W2eYwNNQmx9BQ8ZLea9Q5iAkixqZjgwP3mXfYsuUYuF1j89Rz+2ycmXjxS3h9GSTD
+KwKE+Lwi2Yoi16D8ceyRhyDxuOyx5VWArD1SyDkOwvDABU/WgnWMvV/S3HaaBRLJr3LD3CV+
+pE2OF6Xgh3/hmlrhYNxkIzxCLk0AAAACABRzZWNvbWV2cm9vdGNhMSBbamRrXQAAAVbCSf1E
+AAVYLjUwOQAAA4EwggN9MIICZaADAgECAgEAMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNVBAYT
+AkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSowKAYDVQQLEyFT
+ZWN1cml0eSBDb21tdW5pY2F0aW9uIEVWIFJvb3RDQTEwHhcNMDcwNjA2MDIxMjMyWhcNMzcw
+NjA2MDIxMjMyWjBgMQswCQYDVQQGEwJKUDElMCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVt
+cyBDTy4sTFRELjEqMCgGA1UECxMhU2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBFViBSb290Q0Ex
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH/sV5sk4P6cukJ5qYiK+oDg9Qcp
+Q+qOCjQ2jRz6p7U5eP+Xdfcv5KprBIREyqbiaI79VVBiD6RxDs4HOC1ChVCtPJZvi9WiDs/e
+SYk91mQuOOUebLVXip7vSA7NemkWh0S1kOQGna6hBJdYee8gSoJrjCK/7B8P6YRx7fEO5LgY
+E8xWNl3Rmh5RazluYHaINAvzs9Gwncph4mQdwUYHuGPdHjNls44JVVI9tb3/B+utYVUYLKlp
+mEqqQMUzFGV0APmR3q8DSMVAVNwPhJBoIMWSltwu5QJFqsBfVPht6knPXWxLr++awlZcxjVW
+QmowX8Kr9uI9P7PJEY8xTNefSQIDAQABo0IwQDAdBgNVHQ4EFgQUNUr1Ta8/14I4rKtxZRd1
+jJ1Vk+YwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
+ggEBAKiH6ez4QGddw8Fmx0BLl/yHE5BaxO+gyl+Lt6e38da1ZLeKs7gbzNr7rGaIQc7o/OTb
+Hoim7SdQGwIwJEZ5/gSHcJdAc9HAwVcZmmmlJ5mrnWKE9lHBLMkjFdgot6slE7VG4YYC/yaM
+xIiSHVb+GWfyVeSAo2ucq3fhUXENINsQmtu9dnkHd5korZpe2rFPRCw1jqWWx/2D8FjGedaY
+fKiN/oY+BxaS4XvnHewzdn5CLkqF+ZGJaIQDgaWbmr7jN8VUq1Y7GC1BpAz4QtuZoOByb7td
+4RZPUwpk+U70v05UvXhsiOq/nBMkwnBpon8PyDytCMmwmECjKueIg+13j3QAAAACABh2ZXJp
+c2lnbmNsYXNzMWcyY2EgW2pka10AAAFWwkoD9QAFWC41MDkAAAMGMIIDAjCCAmsCEEzH6qqY
+PnHTkxD4PTqJkZIwDQYJKoZIhvcNAQEFBQAwgcExCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W
+ZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5j
+LiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
+ZXR3b3JrMB4XDTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVT
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMSBQdWJsaWMgUHJp
+bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBW
+ZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJp
+U2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq0Lq+Fi24
+g9TK0g+8djHKlNgdk4xWArzZbxpvUjZudVYKVdPfQ4chEWWKfo+9Id5rMj8bhDSVBZ1BNeuS
+65bdqlk/AVNtmU/t5eIqWpDBucSmFc/IReumXY6cPvBkJHalzasab7bYe1FhbqZ/h8jit+U0
+3EGI6glAvnOSPWvndQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAKlPww3HZ74sy9mozS11534V
+njty637rXC0Jh9ZrbWB85a7FkCMMXErQr7Fd88e2CtvgFZMN3QO8x3aKtd1Pw5sTdbgBwObJ
+W2uluIncrKTdcu1OofdPvAbT6shkdHvClUGcZXNY8ZCaPGqxmMnEh7zPRW1F4m4iP/68DzFc
+6PLZAAAAAgARY29tb2RvYWFhY2EgW2pka10AAAFWwkmpEwAFWC41MDkAAAQ2MIIEMjCCAxqg
+AwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRl
+ciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGlt
+aXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAw
+MFoXDTI4MTIzMTIzNTk1OVowezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFu
+Y2hlc3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQx
+ITAfBgNVBAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDF
+cCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRP
+n2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf04
+9vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZRrOme9Hg6jc8P2ULimAyrL58OAd7v
+n5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cmez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kC
+AwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQD
+AgEGMA8GA1UdEwEB/wQFMAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21v
+ZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwu
+Y29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUFAAOC
+AQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1QGE8mTgHj5rCl
+7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLzRt0vxuBqw8M0Ayx9lt1a
+wg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z8VlIMCFlA2zs6SFz
+7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsil2D4kF501KKaU73yqWjgom7C12yxow+ev+to
+51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbgAAAAIAGWdlb3Ry
+dXN0cHJpbWFyeWNhZzIgW2pka10AAAFWwknPogAFWC41MDkAAAKyMIICrjCCAjWgAwIBAgIQ
+PLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDELMAkGA1UEBhMCVVMxFjAUBgNVBAoT
+DUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3Ig
+YXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVow
+gZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg
+MjAwNyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMT
+LUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjB2MBAGByqG
+SM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcLSo17VDs6bl8VAsBQps8l
+L33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLaltJLtbCyf691DiaI8S0iRHVDsJt/W
+YC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVf
+NVdRVfslsq0DafwBo/q+EVXVMAoGCCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HT
+RqjySkwCY/tsXzjbLkGTqQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bW
+tsuRBmOiBuczrD6ogRLQy7rQkgu2npaqBA+KAAAAAgAUZ2xvYmFsc2lnbnIzY2EgW2pka10A
+AAFWwklt3gAFWC41MDkAAANjMIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcN
+AQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkds
+b2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4
+MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMK
+R2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8RgJDx7KKnQRfJMsuS+Fggkbh
+UqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ0mpiLx9e+pZo34knlTifBtc+
+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7
+v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+u
+IEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEA
+AaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o
+LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZURUm7lgAJ
+QayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5RcOO5LlXbKr8
+EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBovHd7NADdB
+j+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NX
+Sb7hLi18YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o
+2HLO02JQZR7rkpeDMdmztcpHWD9fAAAAAgAZdGhhd3RlcHJpbWFyeXJvb3RjYSBbamRrXQAA
+AVbCSY0HAAVYLjUwOQAABCQwggQgMIIDCKADAgECAhA0TtVXINXt7En0L8432yttMA0GCSqG
+SIb3DQEBBQUAMIGpMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMSgwJgYD
+VQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYDVQQLEy8oYykgMjAw
+NiB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UEAxMWdGhh
+d3RlIFByaW1hcnkgUm9vdCBDQTAeFw0wNjExMTcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIGp
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZp
+Y2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYDVQQLEy8oYykgMjAwNiB0aGF3dGUsIElu
+Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UEAxMWdGhhd3RlIFByaW1hcnkg
+Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKyg8PuAWdScx6TPnaFZ
+cwkQRQwNLG5o8WxbSGhJWTf8CzMZwnd/zBAtlTQc5utNCacc0rjJlzYCt4nUJF8GwMxElJSN
+AmJv61rdEY0omlyEkBB6Db10Zi9qOKDi1VRE6x0Hnwe6b+7p/U4LKfU+hKAB8Zyr+Bx+iaTo
+odhxZQ2jUXvuvNIiYA25W53fuvxRWwuvmLLpLukE6GKH3ivI107BTGQe3c+HWLpKT8poBx0c
+nUrG1S+RzHxxchzFwGfrMv3JklyU2oXAm79TfSsJ9IydkR+XalLL3gk2pHfYe4dQRNU+bilp
++zlJJh4JpYB7QC3r6CeFyf5h/X7mfJcd1Z0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHtbRc+vzst6/TGSGmq280brV0hQMA0GCSqGSIb3
+DQEBBQUAA4IBAQB5EcBLs5G2/PDpZ9QNbkW+VeiT0s4DP+3aJbAdV8seOnagTOxQduhkcgyk
+qfG4i9bWh4S7MuVBEcB32bNgnesb1dFuRESppgHsVWIdd7hcjkhJfJw7VxGsrXM3ji94XJBo
+R9lgYOb8Bz0iIBfE9xbpxNhy+chzfN8WLxWpPv1qJ7ah61q6mB/V401kCp0TyGG69Tkch7q4
+vXsif/b+rEB55awQbz2PG3l2i8Q3syEYhOU2AOtjIJm56f4zBLtByMEC+URjIJ6BzkLT1j8s
+dtNjnFndj6bhDqAuQfculUfPvP0z8/YLYX5+kSuBR8InMO6nEF03j1w5K+QE8HuNVoxoAAAA
+AgAVcXVvdmFkaXNyb290Y2EzIFtqZGtdAAABVsJJBmkABVguNTA5AAAGoTCCBp0wggSFoAMC
+AQICAgXGMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRp
+cyBMaW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwHhcNMDYxMTI0MTkxMTIz
+WhcNMzExMTI0MTkwNjQ0WjBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGlt
+aXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMgUm9vdCBDQSAzMIICIjANBgkqhkiG9w0BAQEFAAOC
+Ag8AMIICCgKCAgEAzFdCFlSc5pjT003u/u3Hn0M5SmWz6BaINNsNWZF0z5K4BECtAksxq7yN
+kWjYIA4aAeIae04XXeKKtz+ZGs3rYavCZaYft7e9t4/8/XCPC6BnvgGiWc9x5g8pdv+xVnlF
+Kx+eelTooyk1aKQBTw+kLjfvG7/jjxCocqtYV+dUhsjJ81vaLNpdjm48oz7a+4Ll3fJcsgUz
+b4o2ztATTv+/Sgw0TKbDIb1QBFXrsbud+0UeZBXeVQGMAna1y6E/Qmm8L71oQxZWiSo3YZH9
+pq5OwMsUZZQ3S5IG7wTQyJyI2wt7ga+xPSrEZTp4tu7cgLHS05mcOu5rWmuzjbfVzpzCvqVL
+Lxaxnmg7Bm+ufZ/43uzMKaeYoyVDL+/xXybhiE34Xm7X2RRuGTNppzuEiZPEU1UToVF4QPi4
+yaLue7pSQoOeFO0FUlpZVqeX/J0/CinY3E+RDhO83pWk34uZvqybM4jvtYGvG8YiU8j2x+6X
+FLDFfHhSyPDObndghKbpKnYg7VgBFzCT6RqL4HNj2WqSlElOtK1KhcSjIjD8Ce1oInOmiAxV
+IVjF4TqfKt3K4ZDg2XOrbIC46Atkk6CcjBn/s9IM7JEmh4qzouFwjywK5c1taFHr2j8Ff4sy
+5hNca/5fQOIiyLS0ZE/Wun1IPqhpDNe7hnHJc7g/O50lS9r/QOsCAwEAAaOCAZUwggGRMA8G
+A1UdEwEB/wQFMAMBAf8wgeEGA1UdIASB2TCB1jCB0wYJKwYBBAG+WAADMIHFMIGTBggrBgEF
+BQcCAjCBhhqBg0FueSB1c2Ugb2YgdGhpcyBDZXJ0aWZpY2F0ZSBjb25zdGl0dXRlcyBhY2Nl
+cHRhbmNlIG9mIHRoZSBRdW9WYWRpcyBSb290IENBIDMgQ2VydGlmaWNhdGUgUG9saWN5IC8g
+Q2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQuMC0GCCsGAQUFBwIBFiFodHRwOi8v
+d3d3LnF1b3ZhZGlzZ2xvYmFsLmNvbS9jcHMwCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTywBPg
+gkM+++4vZzKWNVzbuMsC0DBuBgNVHSMEZzBlgBTywBPggkM+++4vZzKWNVzbuMsC0KFJpEcw
+RTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1
+b1ZhZGlzIFJvb3QgQ0EgM4ICBcYwDQYJKoZIhvcNAQEFBQADggIBAE+toCxM+sDyb/dmVasj
+NO7nKdrDW7awg9nQ0OIh+/NgpztdYFMnopv2CCIq57+gcuWcJGoxsZB6J9uEEYknpndaONe/
+rIb87l2DvAbG0XdrD20kL0t6bKcHlsrjhJ+tiIsdqxaNW2YX2Rb0i4DS3fiydsP8OBOqDN5C
+aStu8zzrgCfb9aZEDZ9aVVkL1Q1SSMWun/IvgMXqMlA1EpcuweH/8SOIUTif8mZWducPUZel
+UgxNSVGVNj2/oksMEB2GmUyq83IRk+Tq9pvaqF2nTbeeAq5zAMjaIwPo+eoZdGIAlMsiIL6U
+p1m1gmq+mXl6qfJKJFL3dP26TuaoHQJusQ2ARMGu0yM3X7uFfCuSLuh+pYvdmeG/J28tXap7
+h/4K3Uv8jvUm5G5wQm4z7DGee5PB5MlpGj3Aa04ibe6rWE3G0EHBK+pPEode60XYbPWYAtOg
+2FWKBpkZoqB30TCerMx17oP1sGI5z2xX4kzSkQsOdSgbmr/9GkPxynf7O49huGkoFkIEXnAq
+HCHYj+G9I1stdECS2WMZDXPdabxiR7zgdCuy632+QRu1wEbFoSLLX07BKJLeGLrVKii7EYsX
+k5iZYJRcI89aJ5deCwUGkzceO2k266meYR2PMtqODNZ0PnsJJNoBd0fEO800jJn1yuElYTOy
+WRvibtc3V7YNqRLaAAAAAgAXc3RhcmZpZWxkY2xhc3MyY2EgW2pka10AAAFWwklDvgAFWC41
+MDkAAAQTMIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTczOTE2WhcN
+MzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hu
+b2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWt
+DBFk385N78gDGIc/oav7PKaf8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1Mv
+nsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSH
+o9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA1W4TNSNe
+35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0GA1UdDgQWBBS/X7fR
+zt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0fhvRbVazc1xDCDqmI56Fs
+pGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIElu
+Yy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqb
+AYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA
+2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq
+4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtel
+ttQKbfi3QBFGmh95DmK/D5fs4C8fF5QAAAACABdzdGFyZmllbGRyb290ZzJjYSBbamRrXQAA
+AVbCSZA1AAVYLjUwOQAAA+EwggPdMIICxaADAgECAgEAMA0GCSqGSIb3DQEBCwUAMIGPMQsw
+CQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMG
+A1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UEAxMpU3RhcmZpZWxk
+IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMDkwOTAxMDAwMDAwWhcNMzcx
+MjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcT
+ClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAw
+BgNVBAMTKVN0YXJmaWVsZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAve3BA/z2j/wCsW9bn0jZnXniorcDYVYYw0e2
+18o9NS6JQ/ehaZveihr9EyCctEl3MilW/bnsjN0i+nLcJ2GX7vZahOxuGbmJLNyEW9V0+2tf
+xYmlEFKJRlX0uHUc5n/kVK5L+FVyVwIZ+BdxWeseKAd0xZ1Ivmy09KSw82Q3eZLA7EZef+Ft
+U0xir80fC2O7Op37/HkAmGF0zyaCQGPzsnJqGQ2ZytQOdcw3+4uJwVnxYn9fs19lMPint012
+Wh52XjTA6JZWmYqz8H+kzb3cMjF8kc/gXxH4a6pJXNGZlNGi42NbCXa1VmLhS3QdltQm1AgE
+WdCYDg7m3vzD7B+Q8QIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+BjAdBgNVHQ4EFgQUfAwyH6fZMH/EfWijYqihzqsHWycwDQYJKoZIhvcNAQELBQADggEBABFZ
++iVPA2+UmTuaH4KFOdR2BZRe4SiTbWJdCcKgqNSwdTjxNGqd5J+KhiZR5izRxi1ulSBKkgHs
+uIpnezHiZy6MlQMmLkOdSjH2DrUMu7fiN38iugCjDntS+2u7O8TTeVFOzZD0ZwcZyDxGeg0B
+fcVY523mhTAXmiTEEOAE9+Dyf9SqCv9CHTftlOVkWRIgdzjTMj44gXWWc/poj7HLzh/F7Pqc
+fs9+sfEHLbb8v8qkv9CXBUq86hgoApC9VHgJIXHT0X0d2RawqWE90AoAIvzHe8sJZEULO0CB
+9318MvWYyliOfSrukFlzZPk2dF4lofVmBS5/ORWpKvtQi46FafQAAAACABZ2ZXJpc2lnbmNs
+YXNzM2NhIFtqZGtdAAABVsJJHnsABVguNTA5AAACQDCCAjwwggGlAhA8kTHLH/bQGw6auNBE
+vxK+MA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwg
+SW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1
+dGhvcml0eTAeFw05NjAxMjkwMDAwMDBaFw0yODA4MDIyMzU5NTlaMF8xCzAJBgNVBAYTAlVT
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp
+bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
+AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57GaIMtTpYXn
+Pb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAQclKpBRQZ
+MghB8MVrCsx+DyEZzeRn3F+pG+bK6HOdItiYbnMDYZHFfLBFQG5EnY2wsZZ0YS0NqUXSpJIq
+1pp1l24/U/1FmWAdqCtM+V6nCdh1MNfSZWA9Z9ZIVXVpP5H1SAtHaSJpgpa+ycg4hkp6LHMZ
+SGlOa3xlvw/8cM6IkAAAAAIAHWFmZmlybXRydXN0cHJlbWl1bWVjY2NhIFtqZGtdAAABVsJJ
+pesABVguNTA5AAACAjCCAf4wggGFoAMCAQICCHSXJYrHP3pUMAoGCCqGSM49BAMDMEUxCzAJ
+BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJtVHJ1c3Qg
+UHJlbWl1bSBFQ0MwHhcNMTAwMTI5MTQyMDI0WhcNNDAxMjMxMTQyMDI0WjBFMQswCQYDVQQG
+EwJVUzEUMBIGA1UECgwLQWZmaXJtVHJ1c3QxIDAeBgNVBAMMF0FmZmlybVRydXN0IFByZW1p
+dW0gRUNDMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEDTBeGxWdA9CheTW3OjySesoVHM1i85wm
+XAc95VT6o9bMEur0FF/ojhmrLy5I5qwYQ3is0DfDvbLNLOZH4hrmY7g9Li94xE/b9A+kaExV
+cmuVHU4YQpV4zDc8keKbZSspo0IwQDAdBgNVHQ4EFgQUmq8pesARNTUmUTAAw2r+QNWu1jww
+DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwMDZwAwZAIwFwnz
+h4hQWq/IwEK/R1/1bGqG4MQndOQ4U9cFfxs048Yvs8oJPDed1+e4RvH9oeJxAjBCWYdD1FHf
+utMJMlrOiH5XPZxfQmv1By218IKT+VlvrmT6WOWLHuNjvrWBzW8CjHkAAAACABZ2ZXJpc2ln
+bmNsYXNzMWNhIFtqZGtdAAABVsJJPbYABVguNTA5AAACQDCCAjwwggGlAhA/aR6BnPCaSvNz
+/7lIouTdMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBaFw0yODA4MDIyMzU5NTlaMF8xCzAJBgNVBAYT
+AlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEA5Rm/baNWYS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0NH8xlbgyw0FaE
+GIeaBpsQoXPftFg5a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR4k5FVmkfeAKA2txHkSm7
+NsljXMXg1y2He6G3MrB7MLoqLzGq7qNn2tsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBYFSk5
+PHej2lwlA3xg+u4JmTwnEHDIDAnms4fPCuIYljVizL+bJ3mJX8nECfTOtR3fKr3l24acaCXl
+MHy2iRX+Z9Gt4VCsPHxiS4+6hNcSFRsfyl0PwVKUKhGZ2nvPDDYT1TXcEBlZ6pTBAL91j9n6
+/XYE22K7kGoD2UY12fh8WwAAAAIAFmdlb3RydXN0Z2xvYmFsY2EgW2pka10AAAFWwkmTQgAF
+WC41MDkAAANYMIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYT
+AlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwg
+Q0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQGEwJVUzEWMBQG
+A1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM
++KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlC
+GDUUna2YRpIuT8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Q
+lz6cJmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+
+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKc
+eeoWMPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTAepho
+jYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjANBgkq
+hkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKInZ57QzxpeR+nBsqTP3UEa
+BU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfStQWVYrmm3ok9Nns4d0iXrKYgjy6m
+yQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcFPseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/
+IH2uSrW4nOQdtqvmlKXBx4Ot2/Unhw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0z
+X5IJL4hmXXeXxx12E6nV5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvm
+MwAAAAIAH2VxdWlmYXhzZWN1cmVlYnVzaW5lc3NjYTEgW2pka10AAAFWwkjXiAAFWC41MDkA
+AAKHMIICgzCCAeygAwIBAgICWeMwDQYJKoZIhvcNAQEFBQAwUzELMAkGA1UEBhMCVVMxHDAa
+BgNVBAoTE0VxdWlmYXggU2VjdXJlIEluYy4xJjAkBgNVBAMTHUVxdWlmYXggU2VjdXJlIGVC
+dXNpbmVzcyBDQS0xMB4XDTk5MDYyMTA0MDAwMFoXDTIwMDYyMjA0MDAwMFowUzELMAkGA1UE
+BhMCVVMxHDAaBgNVBAoTE0VxdWlmYXggU2VjdXJlIEluYy4xJjAkBgNVBAMTHUVxdWlmYXgg
+U2VjdXJlIGVCdXNpbmVzcyBDQS0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOLxm8
+F7d33pOpX1oNF080GgyY9CLZWdTEaEbwtDXFhQMgxq9FpSFRRUHrFlg2Mm/iUGJk+f1RnKok
+2fSdgyqHCiHTEjg0bI0Ablqg2ULuGiGV+VJMVVrFDzhPRvpt+C411h186+LwsHWAyKkTrL6I
+7zpuq18qOGICsBJ7/o+mAwIDAQABo2YwZDAfBgNVHSMEGDAWgBRKeDJSEdtZFjZe38EUNkBq
+R3xMoTAdBgNVHQ4EFgQUSngyUhHbWRY2Xt/BFDZAakd8TKEwDwYDVR0TAQH/BAUwAwEB/zAR
+BglghkgBhvhCAQEEBAMCAAcwDQYJKoZIhvcNAQEFBQADgYEAHKcbomcF4NP6lEGulFSDWLCy
+bLS2r85gp3byARQCjMJC4gA/ObfY02Mvuy0ipZCdw17C6sJCrMtn2/CxO5C4SCVOy/EdUKvV
+LTLPgtf1Nt1p4a9DjZ2F8qXmdXis4MAUOjfb6ROctB8qsSs6Rkb5u2NbT0jDQ1wVXl3PFz0M
+524AAAACABVzd2lzc2NvbXJvb3RjYTIgW2pka10AAAFWwkkMcAAFWC41MDkAAAXdMIIF2TCC
+A8GgAwIBAgIQHp4o6Ejy5e/DfEoeWhhntjANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJj
+aDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0YWwgQ2VydGlmaWNhdGUgU2Vy
+dmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3QgQ0EgMjAeFw0xMTA2MjQwODM4MTRaFw0z
+MTA2MjUwNzM4MTRaMGQxCzAJBgNVBAYTAmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UE
+CxMcRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9v
+dCBDQSAyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlUJOhJ1R5tMJ6HJaI2nb
+eHCOFvErjw0DzpPMLgAIe6szjPTpQOYXTKueuEcUMncy3SgM3hhLX3af+Dk7/E6J2HzFZ++r
+0rk0X2s682Q2zsKwzxNoysjL67XiPS4h3+os1OD5cJZM/2pYmLcX5BtS5X4HAB1f2uY+lQS3
+aYg5oUFgJWFLlTloYhyxCwWJwDaCFCE/rtuh/bxvHGCGtlOUSbkrRsVPACu/obvLP+DHVxxX
+6NZp+MEkUp2IVd3Chy50I9AU/SpHWrumnf2U5NGKpV+GY3aFy6//SSj8gO1MedK75MDvAe5Q
+QQg1I3ArqRa0jG6F6bYRzzHdUyYb3y1aSgJA/MTAtukxGggo5WDDH8SQjhBiYEQN7Aq+VRhx
+LKX0srwVYv8c474d2h5Xszx+zYIdkeNL6yxSNLCK/RJOlrDrcH+eOfdmQrGrrFLadkBXeyq9
+6G4DsguAhYidDMfCd7Camlf0uPoTXGiTOmekl9AbmbeGMktg2M7v0Ax/lZ9vh0+Hio5fCHyq
+W/xavqGRn1V9TrALacywlKinh/LTSlDcX3KwFnUey7QYYpqwpzmqm59m2I2mbJYV4+by+PGD
+Ymy7Velhk6M99bFXi08jsJvllGov34zflVEpYKELKeRcVVi3qPyZ7iVNTA6z00yPhOgpD/0Q
+VAKFyPnlw4vP5w8CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYwFDASBgdg
+hXQBUwIBBgdghXQBUwIBMBIGA1UdEwEB/wQIMAYBAf8CAQcwHQYDVR0OBBYEFE0mICKJS9PV
+pAqhb97iEoHF8TwuMB8GA1UdIwQYMBaAFE0mICKJS9PVpAqhb97iEoHF8TwuMA0GCSqGSIb3
+DQEBCwUAA4ICAQAyCrKkG8t9voJXiblqf/P0wS4RfbgZPnm3qKhyN2abGu2sEzsOv2LwnN+e
+e6FTSA5BesogpxcbtnjsQJHzQq0Qw1zv/2BZf82Fo4s9SBwlAjxnffUy6S8w5X2lejjQ82Yq
+Zh6NM4OKb3xuqFp1mrjX2lhIREeoTPpMSQpKwhI3qEAMw8jh0FcNlzKVxzqfl9NX+Ave5XLz
+o9v/tdhZsnPdTSpxsrpJ9csc1fV5yJmz/MFMdOO0vSk3FQQoHt5FRnDsr7p4DooqzgB53MBf
+GWcsa0vvaGgLQ+OswWIJ76bdZWGgr4RVSJFSHMYlkSrQwSIjYVmvRRGFHQEkNI/Ps/8XciAT
+woCqISxxOQ7Qj1zB09GOInJGTB2Wrk9xseEFKZZZ9LuedT3PDTcNYtsmjGOpI99nBjx8Oto0
+QuFmtEYE3saWmA9LSHokMnWRn6z3aOkquVVlzl1h0ydw2Df+n7mvoC5Wt6NlUe07qxS/TFED
+6F+KBZvuim6c779o+sjaC+NCydAXFJy3SuCvkychVSa1ZC+N8f+mQAWFBVzKBxlcCxMoTFh/
+wqXvRdpg065lYZ1Tg3TCrvJcwhbtkj6EPnNgiLx29CzP0H1907he0ZESEOnN3col49XtmS++
+dYFLJPlFRpTJKSFTnCZFqhMX5OfNeOI5wSsSnqaeG8XmDtkx2QAAAAIAEGFvbHJvb3RjYTIg
+W2pka10AAAFWwkm0pAAFWC41MDkAAAWoMIIFpDCCA4ygAwIBAgIBATANBgkqhkiG9w0BAQUF
+ADBjMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UE
+AxMtQW1lcmljYSBPbmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAy
+MDUyODA2MDAwMFoXDTM3MDkyOTE0MDgwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
+ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3QgQ2VydGlm
+aWNhdGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMxB
+RR3pPU0Q9oyxQcngXssNt79Hc9PwVU3dxgz6sWYFas14tNwC206B89enfHG8dWOgXeMHDEjs
+JcQDIPT/DjsS/5uN4cbVG7RtIuOx238hZK+GvFciKtZHgVdEglZTvYYUAQv8f3SkWq7xuhG1
+m1hagLQ3eAkzfDJHA1zEpYNI9FdWboE2JxhP7JsowtS013wMPgwr38oE18aO6lhOqKSlGBxs
+RZijQdEt0sdtjRnxrXm3gT+9BoInLRBYBbV4Bbkv2wxrkJB+FFk4u5QkE+XRnRTf04JNRvCA
+OVIyD+OEsnpD8l7eXz8d3eOyG6ChKiMDbi4BFYdcpnV1x5dhvt6G3NRI270qv0pV2uh9UPu0
+gBe4lL8BPeraunzgWGcXuVjgiIZGZ2ydEEdYMtA1fHkqkKJaEBEjNa0vzORKW6fIJ/KD3l67
+Xnfn6KVuY8INXWHQjNJsWiEOyiijzirplcdIz5ZvHZIlyMbGwcEMBawmxNJ10uEqZ8A9W6Wa
+6897GqidFEXlD6CaZd4vKL3Ob5Rmg0gp2OpljK+T2WSfVVcmv2/LNzGZo2C7HK2JNDJiuEMh
+BnIMoVxtRsX6Kc8w3onccVvdtjc+31D1uAclJuW8tf48ArO3+L5DwYcRlJ4jbBeKuIonDFRH
+8KmzwICMoCfrHRnjB453cMor9H124HhnAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYD
+VR0OBBYEFE1FwWg4u3OpaaEg5+31IqEjFNeeMB8GA1UdIwQYMBaAFE1FwWg4u3OpaaEg5+31
+IqEjFNeeMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAZ2sGuV9FOypLM7Pm
+G2tZTiLMubekJcmnxPBUlgtk87FYT15R/LKXeydlwuXK5w0MJXti4/qftIe3RUavg6WXSIyl
+vfEWK5t2LHo1YGwRgJfMqZJS5ivmae2p+DYtLHe/YUjRYwu5W1LtGLBDQiKmsXeu3mnFzccc
+obGlHBD7GL4acN3Bkku+KVqdPzW+5X1R+FXgJXUjhx5c3LqdsKyzadsXg8n33gy8CNyRnqjQ
+1xU3c6U1uPx+xURABsPr+CKAXEfOAuMRn0T//ZoyzH1kUQ7rVyZ2OuMeIjzCpjbdGe+n/BLz
+JsBZMYVMnNjP36TMzCmT/5RtdlwTCJfy7aULTd3oyWgOZtMADjMSW7yV5TKQqLPGbIOtd+6L
+fn6xqavT4fG2wLHqiMDn05DpKJKUe2h7lyoKZy2FAjgQ5ANh1NolNscIWC2hp1GvMApJ9aZp
+hwctREZ2jirlmjvXGKL8nDgQzMY70rUXOm/9riW99XJZZLF0KjhfGEzfz3EEWjbUvy+ZnOjZ
+urGV5gJLIaFb1cFPj65pbVPbAZO1XB4Y3WRayhgoPmMEEf0cjQAPuDffZ4qdZqkCapH/E8ov
+XYO8h5Ns3CRRFgQlZvqz2cK6Kb6aSDiCmfS/O0oxGfm/jiEzFMpPVF/7zvuPcX/9XhmgD0uR
+uMRUvAawRY8mkaKO/qkAAAACABVlcXVpZmF4c2VjdXJlY2EgW2pka10AAAFWwkkDbQAFWC41
+MDkAAAMkMIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
+UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNh
+dGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1MVowTjELMAkGA1UE
+BhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRp
+ZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6g
+mi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6fBeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0B
+CezhABRP/PvwDN1Dulsr4R+AcJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLj
+UA86iOe/FP3gx7kCAwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQG
+EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
+aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgwODIyMTY0
+MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwHQYD
+VR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQFMAMBAf8wGgYJKoZIhvZ9B0EA
+BA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUAA4GBAFjOKer89961zgK5F7WF0bnj4JXM
+JTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IW
+UrVnZ9NA2zsmWLIodz2uFHdh1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
+AAAAAgAVZ29kYWRkeWNsYXNzMmNhIFtqZGtdAAABVsJJ7FwABVguNTA5AAAEBDCCBAAwggLo
+oAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBH
+byBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTAeFw0wNDA2MjkxNzA2MjBaFw0zNDA2MjkxNzA2MjBaMGMxCzAJ
+BgNVBAYTAlVTMSEwHwYDVQQKExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsT
+KEdvIERhZGR5IENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+DQEBAQUAA4IBDQAwggEIAoIBAQDendfqVxhJoVvr119Ihuq+3f/k72cc9GVos1dxoF53u+2b
+SelwgD1WGGMIb9ryzNA/fwJUIlQQ2LKB1MB1PUt/x3fDPnirGgO1IGsvaiuxxYh+xLsesMHY
+RSdvqjdY94cm19gt9qkXtx9yNk6mFz9lmJLbKm5dov6I4Avef+WNFeHryzrV4hKiEy3Yjq9f
+Ej2gCAUItlylZTgERZkeo2BgdMVBpXJiG2LFH29fGkK+AlFlqK4jGGr8eAOpTX+Aw/qrWvyh
+QKTKGRb+ssjvXnMN7ne9mvZ5mLyxB2eiFQ3doFjGRHsKPmIoX7pBB1NYzxF+OHTF+P+1aZCP
+hHTqlxuvAgEDo4HAMIG9MB0GA1UdDgQWBBTSxLDSkdRMEXGzYcs9of7dqGrU4zCBjQYDVR0j
+BIGFMIGCgBTSxLDSkdRMEXGzYcs9of7dqGrU46FnpGUwYzELMAkGA1UEBhMCVVMxITAfBgNV
+BAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg
+MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
+BQUAA4IBAQAyS/Oyyj6R/BLGoQeMjnegMwYUXJAeGPcIpj0KGfmHgBFuaeSWFzD/NJFjcjju
+zBwBox2UKKQx9nrEVNf25TFYA6LMzmLblEVztb9FySS11YICrSN5aY24tk3Oz0zKMyPoHIiq
+nYtBbhbJIOWJns072nD3fpkmIBRUJatuc4XmmyGdCmyCDqj4wgz6EB5slu+HDcQPYYut7oMr
+lfiOkoRyOesg6oPtg82Xbgi8604mtnMr5NP2TP4mceJhEXRK/1cahw91SC7PUWkXoAISYZXV
+0UCyEEzuxKwQQ6alngrVlWKaDc+IgsUyDOQrn0XmDZ8onLG5KlpXrTcPrx1/272fAAAAAgAV
+Z29kYWRkeXJvb3RnMmNhIFtqZGtdAAABVsJKCpgABVguNTA5AAADyTCCA8UwggKtoAMCAQIC
+AQAwDQYJKoZIhvcNAQELBQAwgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMw
+EQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE
+AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjAeFw0wOTA5MDEw
+MDAwMDBaFw0zNzEyMzEyMzU5NTlaMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9u
+YTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAv
+BgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/cWII8fpZNPcbyRij94BJWOkigxOmxSBDATuE
+8eaFSZ8n6vaEG06gtNtwmMcyAbEFPgdO7vT6Ty9ZMCLnqxlWa+KAB/zzFnWAOVF75fk1tnRO
+qY2CE+S2P6kDg/qivooVan/eC8O2GRQFyurDqASUO0Z8Mg3zAGYiyI1pbTaMERi307IcYLQ4
++gKMztPdRgfeCj7rXXzIfPuwK1OkkmJpUSUFYRpEgYwsqUOWI9+sOoGaDinFHKnpXR62np4w
+CjnO8YiA+0tdzDLshWJDJTQCVicBkbQ7cCo/brHonIgBfZ/U+dtTbWCdvyznWKu4X0b8zsQb
+AzwJ60kxXGlGs+BHAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
+MB0GA1UdDgQWBBQ6moUHEGcotu/2vQVBbiDBlNoP3jANBgkqhkiG9w0BAQsFAAOCAQEAmdtd
+edX5l1lnA2HxfjsGMXUtoSCOT2WHtPemnLzY6S/Q21ruz3SMc7Q4QtoFe/gCdbj9pbHXrvbX
+3hPLUxB+ikbRl/q3LisRq5CwJ4D56J9a6Tefq+TfbLOFF5092SRPeZE11l8E64CDq5oCLbUQ
+9NiQxwRzQO1yJaCpn+yeq2gSmVfGjxI6CaS9RP0GFTfBm+Qyo+046Nhk8yx+FPwC6p/N/wdo
+F9sikDgteo3RVPFp418zyno9ewrjyn9fOeXidbrFdhgzzizwL0yt97Hnzk+oxJtKVAbFf33V
+CA/iHP5+F7isXvbUFrJDCQxN9qdrtJmEZcp6iOLiRL5c9+oc9QAAAAIAGHZlcmlzaWduY2xh
+c3MzZzVjYSBbamRrXQAAAVbCSVLhAAVYLjUwOQAABNcwggTTMIIDu6ADAgECAhAY2tGeJn3o
+u0ohWM3MaztKMA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVy
+aVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsT
+MShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBD
+BgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkgLSBHNTAeFw0wNjExMDgwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy
+dXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1
+dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFBy
+aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAK8kCAgpejWeYAyq50s7Ttx8vDxFHLsr4P4pAvlXCKNkhRUn9fGtyDGJ
+XSLoKqqmQrOP+LlVt7G3S7P+j34HV+zvQ9tmYhVhz2ANpNje+ODDYgg9VBPrScpZVIUm5SuP
+G5/r9aGRwjNJ2ENjalJL0o/ocFFN0Ylpe8dw9rPcEnTbe11LVtOWvxV3obD0oiXyrxySZxjl
+9AYE75C55ADk3Tq1Gf8CuvQ87uCL6zeL7PTXrPL28D2v3XWRMxkdHEDLdCQZIZPZFP6sKlLH
+j9UESeSNY0eIPGmDy/5HvSt+T8WVrg6d1NFDwGdz4xQIfuU/n3O4MwrPXT80h5aK7lPoJRUC
+AwEAAaOBsjCBrzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjBtBggrBgEFBQcB
+DARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq
+1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjAdBgNVHQ4E
+FgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQEFBQADggEBAJMkSjBfYs/YGpgv
+PercmS29d/aleSI47MSnoHgSrWIORXBkxeeXZi2YCX5fr9bMKGXyAaoIGkfe+fl8kloIaSAN
+2T5tbjwNbtjmBpFAGLn4we3f20Gq4JYgyc1kFTiByZTuooQpCxNvjtsM3SUC26SLGUTSQXoF
+aUpYT2DKfoJqCwKqJRc5tdt/54RlKpWKvYbeXoEWgy0QzN79qIIqbSgfDQvE5ecaJhnh9BFv
+ELWV/OdCBTLbzp1RXii2noXTW++lfUVAco63DmsOBvszNUhxuJ0ni8RlXw2GdpxEevaVXPZd
+MggzpFS2GD9oXPJCSoU4VINf0egs8qwR1qjtY2oAAAACABVxdW92YWRpc3Jvb3RjYTIgW2pk
+a10AAAFWwkkJcwAFWC41MDkAAAW7MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAw
+RTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1
+b1ZhZGlzIFJvb3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJ
+BgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9WYWRp
+cyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCaGMpLlA0ALa8D
+KYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxgFyo6dIMzMH1hVBHL7avg
+5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55JWpzmM+Yklvc/ulsrHHo1wtZn/qtm
+UIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeV
+ikvfj8ZaCuWw419eaxGrDPmF60Tp+ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQ
+Q7dsE/He3fbE+Ik/0XX1ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3Fsvb
+zSUr5R/7mp/iUcw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5h
+YIizPtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOh
+D7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR7hYQe7xF
+SkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuIyV77zGHcizN300QyNQli
+BJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQD
+AgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwz
+JQTU7tD2A8QZRtGUa6FJpEcwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExp
+bWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQAD
+ggIBAD4KFk2fBluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAX
+INzng/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2BlfF/n
+JrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acv
+vFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0Q
+ADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozchLsib9D45MY56QSIPMO661V6bYCZ
+JPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPRTUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYm
+Yjgahwz46P0u05B/B5EqHdZ+XIWDmbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh
+8zwc4bmCXF2gw+nYSL0ZohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GB
+UzGpn/Z9Yr9y4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t
++Oza8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0uAAAAAgAOY2VydHVtY2EgW2pka10AAAFW
+wkj6UwAFWC41MDkAAAMQMIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJ
+BgNVBAYTAlBMMRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1
+bSBDQTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBMMRsw
+GQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBDQTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/EjG+AanPIW1H4m9LcuwBc
+saD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWoePhzQ3ukYbDYWMzhbGZ+nPMJXlVj
+hNWo7/OxLjBos8Q82KxujZlakE403Daaj4GIULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZf
+ECYPCE/wpFcozo+47UX2bu4lXapuOb7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT
+7QqFiLpPKaVCjF62/IUgAKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lv
+zs2I1qsb2pY7HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC
+AQEAuI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQaTOs9
+qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTgxSvgGrZgFCds
+MneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1qCjqTE5s7FCMTY5w/0Ycn
+eeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5xO/fIR/RpbxXyEV6DHpx8Uq79AtoS
+qFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs6GAqm4VKQPNriiTsBhYscwAAAAIAG3N3aXNz
+c2lnbnBsYXRpbnVtZzJjYSBbamRrXQAAAVbCSM56AAVYLjUwOQAABcUwggXBMIIDqaADAgEC
+AghOsgBnDANdTzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dp
+c3NTaWduIEFHMSMwIQYDVQQDExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjAeFw0wNjEw
+MjUwODM2MDBaFw0zNjEwMjUwODM2MDBaMEkxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lz
+c1NpZ24gQUcxIzAhBgNVBAMTGlN3aXNzU2lnbiBQbGF0aW51bSBDQSAtIEcyMIICIjANBgkq
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyt+iAuLa+PwHFrHeYKrellxkH8cvfs9n+kRC1nZj
+la7rr3IgikVHhmJ4htYgOSb0rqP9I+elnLUiIRm3N5MiwFCcgnvU1QREXMu0wp+SviTYe2ci
+4mlf5QV41IfZcXAzJVO0hzspkCg2mlVEMGikg5d/DR6cdv8VnWCXAI2KhQPsgL7qLG4QUZLM
+ftWjM9jWSd5YKq/2FutLe5Ayl7m6nVjx+FdJBB6iXQZw3XHb+d2LmhuMzz2jTc7LfPa7nKD6
+Cc4jYrLpDR/iciiPn6xoIH1vO6iFMQl/C8foZenjeA4JZzCLNIL7XeDMnYFtYu4IHgQsTpvs
+/qlPX/1peO8JH6G0v/rz75AeTAWLHup6kXrD1+X7MLxsGxBYmPcaX9ApMgMTRk1haoVMUnQv
+Bh97EeKEl8aZ821/12eDfhNo2HEoWtjO3egQFJr+bSOHbo5acDzVjQkAp6q8sDE3bciEFB5b
+vUVjIGtLdIy92zoOwc9aFo+lmPJ2ibITEjsLd3esu+U8KUqScsphGiteTOKDdHf6NUh6hU2N
+mlPE33jKl5FIK0UrAfccGqLtGLoKvYP6b7yNV5M71NSmzh7xoLHOq/0rKJpPG9fDctukxL9d
+TPXde5Zp7miA5ueYuja3/m7tK70g+GUZ2lUJfiXc/mFicvl+GALvY7TQ+6/lO2OMZ48CAwEA
+AaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUUK/M
+B4cVR284xbRl0d6VqunfnMwwHwYDVR0jBBgwFoAUUK/MB4cVR284xbRl0d6VqunfnMwwRgYD
+VR0gBD8wPTA7BglghXQBWQEBAQEwLjAsBggrBgEFBQcCARYgaHR0cDovL3JlcG9zaXRvcnku
+c3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBAAiFpvUWDPxEGsFj4PlVRgj8cBxC
+KJaOt8XBQXVOCXF55W2WykuliGDQMHS4ygjctDCeQAcWa2WVdwGupLc1C4HacRWpdBc4e1jK
++S/7wGV2jVsBuX3egj1kuL4UdKMKVNMslRgXNfVRaz+PopZhOXhrS+WmoPhT31EQk2LngC/i
+0eC8jjZGdzPsuPuOmiyJTTERDyaeBLu3BI0L8rn8Wp07FrcvyJir/opQWS6jO/wpXYvBS8ni
+ihMdsb+7Qh1S3U7YFF4QxjEH73En9xs5CdyC6ouzlYZe/fXaXTGm4DG2lOZESXTFFuX3HwNh
+KMXIyxKgQkv5a4gIjbQyGPN1n8R/AE8FlZyjFwLDs1ObqiA5KStm+p2vXrOS0rWm4Rr5LUFp
+gRS0tLXtiT3O+6mdNUJEsRwUc4HPKgE1mjHVLY9thN+ATVfjP8WEddqJxjC764/LIgigrqrx
+A2w6S00JpQ5yxlZrIUJOIyUUaK52CnwMB3Bk+Zov9gU5JsYMjxl/Q15u9FsVL9thXeZnLz8I
+lPlgtJgx2nTxhJNxTV/7YFjR+8TBbYmiuyAfnXGRyzKbEz0+fZJSNaySlKLTGMJ8x+qvdgUW
+3Wcnwn4cByIh80AKGzQHRBPChGqO3xlav3/rHeIaONFcr0eSa4C1MKXJjdirMYEf38JmN9OT
+qYWGeWXSAAAAAgAYY2h1bmdod2FlcGtpcm9vdGNhIFtqZGtdAAABVsJJ2VIABVguNTA5AAAF
+tDCCBbAwggOYoAMCAQICEBXIvWVHXK+4lwBe5AbSvJ0wDQYJKoZIhvcNAQEFBQAwXjELMAkG
+A1UEBhMCVFcxIzAhBgNVBAoMGkNodW5naHdhIFRlbGVjb20gQ28uLCBMdGQuMSowKAYDVQQL
+DCFlUEtJIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMjIwMDIzMTI3WhcN
+MzQxMjIwMDIzMTI3WjBeMQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNv
+bSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOElD+6N24gzdWfNrR99Ok5tndMv
+FPNjdMsBIWo36oRQB0smWwlDbCGeasjVA/VgaY/M8CLkH+f3aiIxtywV8uD+AGpD/4dlxrUa
+wadMbSJwIYox8pd0iQkSJhyeytkSopU82ulnvwigZOPWQrdF75f09vXXtUoVAlh9mFhLYLzN
+1w2aEzNT0WH5etXXeLOaM/cAhs4dTZQ4r6jseFFwilwQg1Eh9xE9NIZe5UjNl4GCNUwZ7GX2
+a8UFoe5HE9azISeUEArZJDu6vkQTRjA/lzzY19dq7js44yvUlw65G+cHSX83Kvl3eM9U7VtG
+naOADpFDwdZbXxS6n6aNJEdAWb9yOLI2bDf/mdFdDlkKq2n3wLIERXpUAK6+U/a15+H4PKMx
+0qn+IVJkxaZn8HUHBpQUgVXGJ+QBjxfBanHXvkv7lFh9fhEzsUL3YmwY1s8JaD5/bPYej2Kt
+pWPbCacfIkJBHm+Zij7X+T9AenmwpQGS0p09CBWlEAEtszJ2qJUNs3qa+wcQeBFv4Y/Hug8l
+GnQq5RyYQZnfIYfolQZqCrNqR3Zl9jrPj2IXGXsKKM0a0oMeIccsv77/YWi3Zxu7eE2Nzmfl
+5MGOtyNm4p2QdTSYqTYripqUuZ3szIqx+CWJXFq2L4wfbXkkp1Jow4Q14maNYw4lTdUZsuZ5
+N6cinVQxAgMBAAGjajBoMB0GA1UdDgQWBBQeDPe2Z/LhkiYJRcBVOS53P0JKojAMBgNVHRME
+BTADAQH/MDkGBGcqBwAEMTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQURbDCxwpWfO5b
+eAyV+RhTwaYc2BAwDQYJKoZIhvcNAQEFBQADggIBAAmzg1NZAT6VSbnxgbr5diAjtSdgdNRq
+mTRebABT2Z/yprEkB0RqKsaljngS6EfZWBsTKl55m58KKmemJT8GaVZzw4pmSPspgVd0Bsqc
+6ijoOGcmK/HVtT9lk/g2XY6NjUAghxnq7yfAPbQ5DyV7aFB0VZwMWX1aPUGUJVII4EcsFTEZ
+1b8HVca7ErWX9F+DhbpxwdlsgRF2Cgqwv4KX9+o9+vrsLakolDtW3dJRLq7AvQgVjHdSNJbW
+m6zTHY5hDzV7m645aQtiYEAgNo+v+zbuLQhKHbi/m1z46qUboHOm2Phu4DMEX2iqJ4ft2cGQ
+nO2942o1r2PfqxjZuubpSupQig9hkx7iLRniMJQ1kl0OtgevGYCPR5BRSy5N3YXi0gpSChea
+/BqwUALlAaNjNyFMRMSbUZkRDnOcBo9ULqcoXkQ5h1YtN72FRJThDEssnMOShTRhyw+4m0pD
+Uv40On246SncdqnIMPgUcYDGHjZIdCJBXIeC6Bhxi0GJROd+WFuouI0T6adsw0ftsxqdYq6N
+guqUnt1ZEMOt3eJN4zHVx+zo8rD+kh4WChr82fP4J7bJvh20bGSQf/TkxFvXN65CDt2kGm98
+iFTFFm7hemgu+Dq/DaQ8iTt4p05jgwQhCGeN8oJJ0Fv9sc0Pg4TUPiCF90o9K5z9KgoJTeqB
++BGcAAAAAgAXcXVvdmFkaXNyb290Y2EzZzMgW2pka10AAAFWwknI3wAFWC41MDkAAAVkMIIF
+YDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQELBQAwSDELMAkG
+A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlz
+IFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00MjAxMTIyMDI2MzJaMEgxCzAJBgNV
+BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBS
+b290IENBIDMgRzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJen
+MioKVjZ/aEzHs286IxSR/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIy
+C0TeytuMrKNuFoM7pmRLMon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBD
+GzXRU7Ox7sWTaYI+FrUoRqHe6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+cra1A
+dHkrAj80//ogaX3T7mH1urPnMNA3I4ZyYUUpSFlob3emLoG+B01vr87ERRORFHAGjx+f+Idp
+sQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3UVDmrJqMz6nWB2i3ND0/kA9HvFZcba5DFApCTZgIh
+sUfei5pKgLlVj7WiL8DWM2fafsSntARE60f75li59wzweyuxwHApw0BiLTtIadwjPEjrewl5
+qW3aqDCYz4ByA4imW0aucnl8CAMhZa634RylsSqiMd5mBPfAdOhx3v89WcyWJhKLhZVXGqtr
+dQtEPREoPHtht+KPZ0/l7DxMYIBpVzgeAVuNVejH38DMdyM0SXV89pgR6y3e7UEuFAUCf+D+
+IOs15xGsIs5XPd7JMG0QA4XN8f+MFrXBsj6IbGB/kE+V9/YtrQE5BwT6dYB9v0lQ7e/JxHwc
+64B+27bQ3RP+ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwIBBjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZIhvcNAQELBQADggIB
+ADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3pxKGmPc+FSkNrV
+vjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnIFUBhynLWcKzSt/Ac5IYp
+8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5WvvoxXqA/4Ti2Tk08HS6IT7SdEQTXlm
+66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFgu/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9Du
+DcpmvJRPpq3t/O5jrFc/ZSXPsoaP0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nx
+oGibIh6BJpsQBJFxwAYf3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBC
+H/MyJnmDhPbl8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG
+2vd+DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HNPlop
+NLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ywaZWWDYWGWV
+jUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0AAAAAgAUcXVvdmFkaXNyb290Y2EgW2pka10A
+AAFWwkmfoAAFWC41MDkAAAXUMIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/
+MQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9v
+dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMzMzNaMH8x
+CzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUwIwYDVQQLExxSb290
+IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290IENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1
+lVO6V/z68mcLOhrfEYBklbTRvM16z/Ypli4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVR
+HnAEdOLB1Dqr1607BxgFjv2DrOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1V
+Nk7feVcxKh7YWWVJWCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sg
+QUSj7cugF+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU
+xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCCAk4wPQYI
+KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVvdmFkaXNvZmZzaG9y
+ZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREwggENMIIBCQYJKwYBBAG+WAAB
+MIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNlIG9uIHRoZSBRdW9WYWRpcyBSb290IENl
+cnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4g
+YXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRp
+ZmljYXRpb24gcHJhY3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGlj
+eS4wIgYIKwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T
+KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rqy+/foYGE
+pIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUwIwYDVQQL
+ExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290
+IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCLMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG
+9w0BAQUFAAOCAQEAitQUtf70mpKnGdSkfnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+Np
+GA7O+0dQoE7/8CQfvbLO9Sf87C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIg
+R13VRH56FmjffU1RcHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDW
+XcG31a0ymQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW
+xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOKSnQ2+QAA
+AAIAFmFkZHRydXN0Y2xhc3MxY2EgW2pka10AAAFWwkj9XAAFWC41MDkAAAQcMIIEGDCCAwCg
+AwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1
+c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVz
+dCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMwMTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQsw
+CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRU
+UCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUG
+W2ulCDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6ntGO0
+/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyldI+Yrsj5wAYi
+56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJchPXQhI2U0K7t4WaPW4XY5
+mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC+Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/
+Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0OBBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsG
+A1UdDwQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tER
+CSG+wa9J/RB7oWmkZzBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAb
+BgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAx
+IENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X7f1y
+FqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz43J8KiOavD7/
+KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MYeDdXL+gzB2ffHsdrKpV2
+ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJlpz/+0WatC7xrmYbvP33zGDLKe8bj
+q2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOAWiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6
+tkD9xOQ14R0WHNC8K47WcdkAAAACACNkaWdpY2VydGhpZ2hhc3N1cmFuY2VldnJvb3RjYSBb
+amRrXQAAAVbCSRVuAAVYLjUwOQAAA8kwggPFMIICraADAgECAhACrFwmagtAm48LefKuRiV3
+MA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMx
+GTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNz
+dXJhbmNlIEVWIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBsMQsw
+CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
+cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxszlc+b71LvlLS0ypt/lgT/JzSVJtnEq
+w9WUNGeiChywX2mmQLHEt7KP0JikqUFZOtPclNY823Q4pErMTSWC90qlUxI47vNJbXGRfmO2
+q6Zfw6SE+E9iUb74xezbOJLjBuUIkQzEKEFV+8taiRV+ceg1v01yCT2+OjhQW3cxG42zxyRF
+mqesbQAUWgS3uhPrUQqYQUEiTmVhh4FBUKZ5XIneGUpX1S7mXRxTLH6YzRoGFqRoc9A0BBNc
+oXHTWnxV215k4TeHMFYE5RG0KYAS8Xk5iKICEXwnZreIt3jyygqoOKsKZMK/Zl2VhMGhJR6H
+XRpQCyASzEG7bgtROLhLywIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUsT7DaQP4v0cB1JgmGggC72NkK8MwHwYDVR0jBBgwFoAUsT7DaQP4
+v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQEFBQADggEBABwaBpfc15yfPIhmBghXIdshR/gq
+Z6q/GDJ2QBBXwYrzetkRZY41+p78RbWe2UwxS7iR6EMsjrN4ztvjU3lx1uUhlAHaVYeaJGT2
+imbM3pw3zag0sWmbI8ieeCIrcEPjVUcxYRnvWMWFL04w9qAxFiPI5+JlFjPLvxoboD34yl6L
+MYtgCIktDAZcUrfE+QqY0RVfnxK+fDZjOL1EpH/kJisKxJdpDemM4sAQV7jIdhKRVfJIadi8
+KgJbD0TUIDHb9LpwJl2QYJ68SxcJL7TLHkNoyQcnwdJc9+ohuWgSnDycv578gFybY83sR6ol
+J2egN/MAgn1U16n46S4To3foH0oAAAACABdxdW92YWRpc3Jvb3RjYTFnMyBbamRrXQAAAVbC
+SeLKAAVYLjUwOQAABWQwggVgMIIDSKADAgECAhR4WF8urSwZS+M3BzU0Eyi1ltRlkzANBgkq
+hkiG9w0BAQsFADBIMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEe
+MBwGA1UEAxMVUXVvVmFkaXMgUm9vdCBDQSAxIEczMB4XDTEyMDExMjE3Mjc0NFoXDTQyMDEx
+MjE3Mjc0NFowSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc
+BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
+AgoCggIBAKC+UBCO6fJsQLQEnIW5McrcLeQRqQQ8G1XB51gwHSS0w++F3ows4cE934LmT61H
+h2zsW0nBStW7j+yHrH+CmobsPQOZUgHSNZ6s2vBTyWY81KwCAdok0zuoAkavpBzj+HNYdrf2
+DpANtfDPzPr5xkzlw4YwCo0XfjXrxd+7DpzAjYfjiDiFZ/o+x6vgE5wFGJjPk/WxkrT8I9PP
+1cQnSeCePJsIo4tdKiHg/DmqU9p9fs8aCVO8XQUEz6FKj4t2gg2h+NLHFHdbkDYHgZs+BvpS
+XmPFpgD+pelSG1K1kjlyAwlivbBgFm6m3SXCA2bd8wTRQOJOi4b0b+WDoCeEXgTB9ZC9MD3E
+76hpvDibpKSW0WLaacABlq7LxFE06gyq/yGOWY9KXORhmqfS6Sp4jVE9OhXuolmOqVzexfmQ
+IuWIRXHdkZlsep89PZh8Xva+FmigXq4LI/xaD6oidi3JoRAd5NNEI5CIn8Yq5tf1mrNYHi8w
+iQgbVKK1mCPsCHcclV1h0cuJnF+iSpGa7yGqSRYIqL1hKDHJdK2F9tnFsYvR5RAyTV+LIDo8
+SR8zhVkN28sJdUNpc/trcX3w38RMfcajLsiVectzoo5OTST7XuQEvnIbpictSVqZetdcCSC3
+f5S5T/ENHF6IQhsRt+eR255s9GrfjAaYA63MKO+lR/NTAgMBAAGjQjBAMA8GA1UdEwEB/wQF
+MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSjl9bzXqIQ4atFnzwXZDzuAXCczDAN
+BgkqhkiG9w0BAQsFAAOCAgEAGPpbdfw+esdfd8fK389fwxLEQF3UMqq4atfVFRVGmCOl5pBb
+GJlM461Co4IxNojN6fvEBJZIiwHHjQHPWzMGlkZmdB1P7cG2ubQNYcxjftcud4yWHCojaGuF
+V3ZwMxP+4U+mI3cY+hqM6L1lyc8/9MkX3OvHvMAELi1GL2lmwxuP/uw+08qUv3YKJQ2pewIc
+qdA7XwvAgTo9ZOG/py1OvU3E2CnGIhjQxaxyAoI/qjqiOiKXMd0IY8N1FLlgKC1baOAWqWaC
+I1H161PYMZt76bedS+uIFs/5XTiKSTCP7fHrGfR3GjEYTWdUbC9vZfnbPewh7F709IvKYGVU
+0XFk9Pmmo4EzNjNx8KR4X06tgyHeNEmN6FmsnfJ2WjbyE/Sv4AnHYSps9+CdrruGSihvLu60
+ec2QM8Ozdvr18GydAZD6npD2nHLPR9rDH+Q1IFPyVNHfYYOmAuIlON6FMi1ec5BSXULEzj1L
+4fkZhB3VolDMQftBFMO91slao2NmAoC9BTo7R5zsACZM9YhRv6gjfxgHsAvtiyahZNNhSutc
+n96zr2cDsx/dbV1paGmrXjrsfGm8xzuFTp4VubQVT8OVeljXyWzpbLnzKWNetCzwLT3tWmXg
+qVtAwkiZgW2eHwYqPBK0iw+boiTwpo3WeuBLtmSWY5WEwkrNHC4khzNg5cMAAAACAB1jZXJ0
+cGx1c2NsYXNzMnByaW1hcnljYSBbamRrXQAAAVbCSYPHAAVYLjUwOQAAA5YwggOSMIICeqAD
+AgECAhEAhb1L89ja42n2lNdfw6VEIzANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJGUjER
+MA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNzIDIgUHJpbWFyeSBDQTAeFw05OTA3
+MDcxNzA1MDBaFw0xOTA3MDYyMzU5NTlaMD0xCzAJBgNVBAYTAkZSMREwDwYDVQQKEwhDZXJ0
+cGx1czEbMBkGA1UEAxMSQ2xhc3MgMiBQcmltYXJ5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA3FCW0BL4NdIIeHq2UnD9b+7PuRHLXXfh7Ol+BI3WzG9zQ1dgrDMKROwD
+XxyAJJHlqJFWEoL34Cv0265hLokQjWtsurMCvdU2xUg3I+LwWjdSMxcS4tFgTb4vQRHj9hcl
+DIuRwBuZe5lWDa/u0rxHV+N5SXs0iSckhN6x7OlYTv5O31q+Qa2sCMUYDu/SU+5s0J0SARON
+3IBi95WpRIhKcU5gVZ7bIxl5VgcMP2MLXLDivn4V/JQzWEE4dMThj4vfJqwftYs7t0NZa7Ak
+pm2Qi8Ry6l0zmLfL3l5775TxGz7KySHBxZgCqqL2W3eb9X6WVTQcZ2nA8ULjR6z8KBxmVQID
+AQABo4GMMIGJMA8GA1UdEwQIMAYBAf8CAQowCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTjcy3f
+yw4oDN7ds6TKebiOu+gwiTARBglghkgBhvhCAQEEBAMCAQYwNwYDVR0fBDAwLjAsoCqgKIYm
+aHR0cDovL3d3dy5jZXJ0cGx1cy5jb20vQ1JML2NsYXNzMi5jcmwwDQYJKoZIhvcNAQEFBQAD
+ggEBAKdUz4hEGcvf1H8A31YzYrX3UQGQ68M/0YhE6SRd7+cUvSC3mjwA/m2f25Dc1/Ri1otw
+XeflBEipaHzJ8ULzbH/FenwdUYi60go+J13eLVFO0xNkaeQu49PnmwmZpuCVm84a13++PM5S
+sxEVwQ8XzQO7nCUVuqJ2ifwG8RjQk0sOfIK3pfT2X/7tQKadhHQ5udwehRbaKRuGIwDJu4l+
+boCIHi8UtAMkqDJvA5pHLDC+VsanQgJwG+pA2LoFA3AHpJb//UgzCuHcpYGQm03dfefnss1c
+yGqV+KX2jcRdeAi+ewbWSc8ZNlAjLgjmngVNRxjVFumx1rYQ1buXv6KOtFQAAAACABBhb2xy
+b290Y2ExIFtqZGtdAAABVsJJt/MABVguNTA5AAADqDCCA6QwggKMoAMCAQICAQEwDQYJKoZI
+hvcNAQEFBQAwYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0FtZXJpY2EgT25saW5lIEluYy4x
+NjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+MTAeFw0wMjA1MjgwNjAwMDBaFw0zNzExMTkyMDQzMDBaMGMxCzAJBgNVBAYTAlVTMRwwGgYD
+VQQKExNBbWVyaWNhIE9ubGluZSBJbmMuMTYwNAYDVQQDEy1BbWVyaWNhIE9ubGluZSBSb290
+IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCoL+ikaQYDR8PpKpj/GaJwmsZQsn6l32hNG3wPtpdofS2mi5fpZIbJo++ghr9gZZxL
+VIjCSMVKOb8U41lV5Rm0dMi0BTlcFqXilQXgEq5Zi6IzaFgcptQVt9if19xxq36av5uOMw8i
+/R8u5wc272I5xd3LuiUUI94Mxj08zoII5mY+2lE7FjqjBX+g3IfVnPxyqaB9eOS3MVUeZbvU
+YbAhYO0QMnLFkiUe+JBKGHhH334wNz5QG9sc02uahlMHsO+sBnj4hJn+IY1MgLYMgvZmcHka
+00+jz/HPRrBLDz7diGK4jKkJKDt6x5fhHuX0n8DAriSgyKHZD9Z7JoJpMj2nAgMBAAGjYzBh
+MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFACt2aP2efZudKl/Mz2BF9dMzzPeMB8GA1Ud
+IwQYMBaAFACt2aP2efZudKl/Mz2BF9dMzzPeMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0B
+AQUFAAOCAQEAfIrRHxg3guC4sKPtVpXIYmGcBaLNwmImYc0QFtfMtGU00BGKraipBWbvdPNt
+X52Zr/aL++tSsgWYom8qxVS9Jb1frsiG6kYswbO9welJcBgWlwgTjCDgGy46R8se5AAwlVv0
+RaPAGrABTqu9wCNuYz+ASsUH7dzib8fBYvHjctYEyHRnC/qIq6EByG/wFK/Smc1Rk37tLjjH
+vc5GUD1y43klnZuIKxAg3aW4Mp+N4CnfIXSGgtsvgjDGxzWGs/mWX0bbDEX981DDb8bDSK1G
+puEnRwodDpu2wnd/Y/LgfRq+/ODf18enbLD5rro8/XS0EehYDYC806iAOpntdcxGewAAAAIA
+EWNvbW9kb3JzYWNhIFtqZGtdAAABVsJIyGkABVguNTA5AAAF3DCCBdgwggPAoAMCAQICEEyq
++crbY2/gH/dO2FsDhp0wDQYJKoZIhvcNAQEMBQAwgYUxCzAJBgNVBAYTAkdCMRswGQYDVQQI
+ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9E
+TyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9y
+aXR5MB4XDTEwMDExOTAwMDAwMFoXDTM4MDExODIzNTk1OVowgYUxCzAJBgNVBAYTAkdCMRsw
+GQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoT
+EUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTd
+xc9EZ3SZKzejfSNwAHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+
+XPmT5jR62RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onr
+ayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt4Q08RWD8
+MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIqm1y9TBsoilwie7Sr
+mNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/vOldxJuvRZnio1oktLqpVj3P
+b6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT8dm74YlguIwoVqwUHZwK53Hrzw7dPamW
+oUi9PPevtQ0iTMARgexWO/bTouJbt7IEIlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31Bq
+VUa/oKMoYX9w0MOiqiwhqkfOKJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKI
+f6MzOi5cHkERgWPOGHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09
+XiidnMy/s1Hap0flhFMCAwEAAaNCMEAwHQYDVR0OBBYEFLuvfgI9+qbxPISOre44mOzZMjLU
+MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4ICAQAK
+8dVGhLeuUbtssk1BFACTTJzL5cBUz6AljgL5/bCiDfUgmDwTLaxWorDWfhGS6S66ni6acrG9
+GURsYTWimrQWEmlajOHXPqQa6C8D9K5hHRAbKqSLesX+BabhwNbI/p6ujyu6PZn42HMJWEZu
+ppz01yfTldo3g3Ic03PgokeZAzhd1Ul5ACkcx+ybIBwHJGlXeLI5/DqEoLWcfI2/LpNiJ7c5
+2hcYrr08CWj/hJs81dYLA+NXnhT30etPyL2HI7e2SUN5hVy665ILocboaKhMFrEamQroUyyS
+u6EJGHUMZah7yyO3GsIohcMb/9ArYu+kewmRmGeMFAHNaAZqYyF1A4CIim6BxoXyqaQt5/Sl
+JBBHg8rN9I15WLEGm+caKtmdAdeUfe0DSsrw2+ipAT71VpnJHo5JPbvlCbngT0mSPRaCQMzM
+WcbmOu0SLmk8bJWx/aode3+Gvh4OMkb7+xOPdX9Mi0tGY/4ANEBwwcO5od2mcOIEs0G86YCR
+6mSceuEiA6mcbm8OZU9sh4de826g+XWlm0DoU7InnUq5wHchjf+H8t68jO8X37dJC9HybjAL
+Gg5Odu0R/PXpVrJ9v8dtCpOMpdDAth2+Ok6UotdubAvCinz6IPPE5OXNDajLkZKxfIXstRRp
+Zg6C583OyC2mUX8hwTVThQZKXZ+tuxtfdAAAAAIAFWtleW5lY3Rpc3Jvb3RjYSBbamRrXQAA
+AVbCSa4jAAVYLjUwOQAAA+kwggPlMIICzaADAgECAhIRIbwnbFVHr1hO79TO1imyooUwDQYJ
+KoZIhvcNAQELBQAwTDELMAkGA1UEBhMCRlIxEjAQBgNVBAoTCUtFWU5FQ1RJUzENMAsGA1UE
+CxMEUk9PVDEaMBgGA1UEAxMRS0VZTkVDVElTIFJPT1QgQ0EwHhcNMDkwNTI2MDAwMDAwWhcN
+MjAwNTI2MDAwMDAwWjBMMQswCQYDVQQGEwJGUjESMBAGA1UEChMJS0VZTkVDVElTMQ0wCwYD
+VQQLEwRST09UMRowGAYDVQQDExFLRVlORUNUSVMgUk9PVCBDQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMb9sxeFoa0mG5VpNSE9pIj63ttgNkAXacIUY/u42cJ0FTcunNAg
+zWmNhDKihUwUtJvyJbNUKoM/Lb4P8ztk0f+gUO93TztO4T8LZIWaulh+0sNi02QlotSylzx3
+XWMqM5L8zYINm1SVh/W164zNW9HKMC/JiEa1zQ0RtBiP7tGhPl0V6CjP38OQm2zM0QxFd7M6
+64qQHemvZGqJe6k9Q3T65GciofvcTcT1YsnKJbTJgGAzqd17oAK/liUKXslfKXu0F4GLbYEZ
+0NmDXAWPQWkaaUOAn6iv4OmMkYsnK6ImYM0P8qSjAoOOGIHCF4pDFflt8x0QpFqcRGEjIXrY
++9ECAwEAAaOBwDCBvTASBgNVHRMBAf8ECDAGAQH/AgEEMA4GA1UdDwEB/wQEAwIBBjBXBgNV
+HR8EUDBOMEygSqBIhkZodHRwOi8vdHJ1c3RjZW50ZXItY3JsLmNlcnRpZmljYXQyLmNvbS9L
+ZXluZWN0aXMvS0VZTkVDVElTX1JPT1RfQ0EuY3JsMB0GA1UdDgQWBBTvtyOX0KiRf6bPpiHA
+NJ/Md0Hh0DAfBgNVHSMEGDAWgBTvtyOX0KiRf6bPpiHANJ/Md0Hh0DANBgkqhkiG9w0BAQsF
+AAOCAQEAGjFpmULC5UCFop+Sw2PUjyE5qBkh/nr8w01A8yvoS6xbTFmTxtx+C698X5WFa73H
+b7rBvvjGOmdLk8YFaT4kLfAbkcY+P+xCGJNsAySKbvkgZyt8bas0ySoiMw3XfY/u0jZkQsg1
+mm4ZYcuNZ/Bop9AkBebDF7pFrnxDtYB4A00gcwX8QxCdNWlCdZQlgiumO5AY3sGpr/Mtlb+V
+p88Yl+FZ4qKvGhZhDfcTcVOTN/08rwAdbIsUr0aWjLZSfMwtTs3h6UsK7pr+epjnKbob2hy6
+3GvNBA4mQKnrczz+UKgRJ1W9245L708Y7RX/vYaYZu6aJXE0bFDxslHLZp1NKQAAAAIAFWJ1
+eXBhc3NjbGFzczJjYSBbamRrXQAAAVbCSTesAAVYLjUwOQAABV0wggVZMIIDQaADAgECAgEC
+MA0GCSqGSIb3DQEBCwUAME4xCzAJBgNVBAYTAk5PMR0wGwYDVQQKDBRCdXlwYXNzIEFTLTk4
+MzE2MzMyNzEgMB4GA1UEAwwXQnV5cGFzcyBDbGFzcyAyIFJvb3QgQ0EwHhcNMTAxMDI2MDgz
+ODAzWhcNNDAxMDI2MDgzODAzWjBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwUQnV5cGFzcyBB
+Uy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMiBSb290IENBMIICIjANBgkq
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA18de98EH1Hf7QyH09PVp5O4yAdujhh/kWQ2653WD
+UuvqHGEVSLsdB8qMrrDclp3qw2CShoIoc5xWBv9LZPAMKjdJteXPDHzu8Uq7czBl89Uvg7Z+
+4+f1nqtg+dPxnZJ0iuQclqxbgOm19DGHo1H8x36hb45Td9SXwVUzkj4YL3XUrYZJy5WvVAZs
+2AYTjVv/4SYZWcAkuoFxeZBEUGgklF+4sxHxKUFho0HLIzbVwfEyUBBOf/SGk+yE0468S79c
+AU4HPdwUipQKpOpz+wtR6BMHGPoO8SvRVBV9POH3tBlCZ2Jed+CiVey22WkX1TqvRO1KxZ7k
+eid85XXXqssl599rCtsPTZNOqKDNey7yWQFqtw24B4F+izgbOOYKV5k97iHoo/UMFt2L7DSO
+nCocABUXjWiD0nCfGAjNEWjVyWtSzcRGj9y189hXcx7plDkEv9PeON60U+xpHKJ+xI/kG3Ct
+8qL5+/cWZGZpn0lRouIVGGcGSn/VbLVNszPgYetdvumYDzLXHUs8LloBUpEJ8t/qjdgGQGOq
+EeT+wzeeFFI/9OLM8mGT0f1na9dSrr9oq0BDoFc1U3jwU/hhQgdkxtdvm0w4DWOsYq82i6Jz
+Cg31Ib10qk3qcgNJ28dfHWJjx/3dkewz7vVttG4waN7I1iawdV57tAcgmKF2MrhNbE8CAwEA
+AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUyYB34GKSgvVGnPO690zD3rijrTkw
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQBTXyH1urA6UjkskrBsAMnvziDv
+BvKWnumkdH96Fvy39bb7FRs/q6bAcl0QsXHuvE/jrawDbS5xLq/E462jvQwRp7T/SrJ7EBAf
+p1dBssCu9CxZ1kcQiPMhUSkwymCGr0arHe06W7CU3kTjQQiiwewd1v1PttZH0BQLyubKtXt3
+fkEfXoPHtow5lrA/loFBb2CQ4uj5+yJx2X2zPUa/tISvkBwPjxJqr+/uHnquAkqKFyt2/qxU
+iSQsTz+2sqdOjKiRl/spxntcLbnLZra3qFsSUYW1CX5ieHD+qWpgth0OeQz9yuokgHLDlz/y
+d6tDIgrH67YMhIIsgGtBigjA66Vr35kSy4rVXoAMkeAmCDZIxfo4ETX/JYMt8nq/2v2O/qXL
+RSwfxIhTrncO2Zp2xY4sHaO61ewyrsCqrPfRek3r1AfiSPcijrCkn2rOjrKyYPSjItAj65Ra
+emndD79AV6xrWVDZo5nhbv6NAXknIxXekp17CU1a50tIMFoY5gpt5o/g0rvm33xuIYLBaDlN
+tJhYZmLMSpBew/onBLF5FXSZzL6tIN4mYBzrVlGmo+rkoz+n/2Hc8VpNbDIjQ+6sqO7uShIJ
+PF1xwr55+sKHaB0L/VxpzAbQmn1UmSrJORoZr0sqQ/NjXVpY4i/jHeSp1tAK0J6/14EJ8cnH
+Jg2smBZWoAAAAAIAFHNlY29tc2Nyb290Y2EyIFtqZGtdAAABVsJJcO4ABVguNTA5AAADezCC
+A3cwggJfoAMCAQICAQAwDQYJKoZIhvcNAQELBQAwXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoT
+HFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11
+bmljYXRpb24gUm9vdENBMjAeFw0wOTA1MjkwNTAwMzlaFw0yOTA1MjkwNTAwMzlaMF0xCzAJ
+BgNVBAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScwJQYD
+VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTIwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDQFTlSsVKzusVZgsRdUq46Q2WAS8fylrzbNpfWpmSMqF7w4woc99+X
+PUuu9l3sIbVBq825fnafvvk+NjSgO8H2MRFFdJM9V4DF+YmZyuWratS12kGQEMHW1kKJwr/0
+OBKVTFQF9zbkRYN7FGXW3AxN0d5+DKs7xBW+OlamWm92aVKpernI62qaXVLQLQprNRYJEITQ
+aso6BgA3R+R+V08/i+tnuIiqxb5TVbKRxH25sIUZBngu22Ea+oX1SpGh5xbVjqI535S4cB8o
+P4v8QF5jgzyDKhqZa8/eWWo7/G8W1x/9ShDrToIWOqwnDFPxrdUksGsDUMEtPBbdRDQnGnX7
+AgMBAAGjQjBAMB0GA1UdDgQWBBQKhal3ZQWYfECB+A+XLDjxCuw8zzAOBgNVHQ8BAf8EBAMC
+AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEATDqjRKy5RbHHk37ICwpC
+32TqHO5ZbAi6iV9qykqVnnqPB8XaRXKCcQ460sxvp7ShI7v2JJ/LF/6Mps7C0tvMjfxx/AMp
+wWxdM19ktmU7iW8Ydnj13KJIHxk/jpPr8foX7s1O4wQSVdbl5N37PgV84h1exqe8l09oOvXp
+LgpDtq9XXGJofLf9o4qEoKxivisJhzTwagG7mylWPP4AN88jbPFOqrZ0RhJske401eyakedE
+vpAxctVJAvYC5fQf63zZllWp/+yK+ZlH/zVaAqoEy4pbh3Epkb2ktHoNvZr1VyMAByEXP0o5
+0QVJC6e2N4GlXYyqM16BKHynfSfrAK6NNwAAAAIACm9sZGFhaXJvb3QAAAFi32KkWwAFWC41
+MDkAAAZFMIIGQTCCBCmgAwIBAgIJANSi/bsXEOI5MA0GCSqGSIb3DQEBCwUAMIG9MQswCQYD
+VQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMCkJlZG1pbnN0ZXIxEjAQBgNVBAoMCU9w
+ZW5FQ09NUDETMBEGA1UECwwKc2ltcGxlZGVtbzE6MDgGA1UEAwwxT3BlbkVDT01QIHNpbXBs
+ZWRlbW8gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEnMCUGCSqGSIb3DQEJARYYc2lt
+cGxlZGVtb0BvcGVuZWNvbXAub3JnMB4XDTE2MTEyODIxMTQyNVoXDTI2MTEyNjIxMTQyNVow
+gb0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOSjETMBEGA1UEBwwKQmVkbWluc3RlcjESMBAG
+A1UECgwJT3BlbkVDT01QMRMwEQYDVQQLDApzaW1wbGVkZW1vMTowOAYDVQQDDDFPcGVuRUNP
+TVAgc2ltcGxlZGVtbyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MScwJQYJKoZIhvcN
+AQkBFhhzaW1wbGVkZW1vQG9wZW5lY29tcC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
+ggIKAoICAQDLgdDTCZX5xlMFIo+tjj5DItAwbutQE3NMchx/CRIuYwRCBOEO0yOsAdnZAuhe
+Yrjv/Dw4wKNzcvtIlYbfiPsGWVvx5j6+xoGBLLwIOnDyzD2B62uCvMs947MAuiqpPojPwDDb
+9fF5EIhlC+cBzSYKm7D5ihYxmUCnh9yHIPEMq0IoVj2illlKeCTLW+bZKeaKoWdkFxyyzykO
+oMFgZTUm01EhDIt1DHTve675Qq80UgzrZdSK6Zjv3wLV7tkJSGmCkbUELpxsTLKYuaGUkE0m
+5n3SMUcvBDa6WNQpWlUbZlTwWotOrxfNGib3nGiqyCmQXrVvuuBDzmZifZaJpBGiiGiOxp0j
+79E/OZkfk/9V3Hvfy78Ss9H5uhf/ACGKsUq9nN25u+Wpz7EzAQm/OBubBrBCMP/8pm+y1jCf
+Q6Bwd0Nm48KrJkTeySkferISNmpQZ2dyZXQVXMarbRfagQ6XdJw6EVnDwydVzb5LAqam3JUX
+jsHIj7Gv2DmXwJtwV+cnKB/OxRsP/JWwlyC9pFGy17HWc7EwPqXm1UNdDM36UaoBDzsh3DcI
+vg5+BOOtYPmiZ2+CMD2JxAXmtCMAmQA1mSsW7beTuHKy+7EdCAWcregE60PE3w2lG8n50YSX
+b0WZ2IaQUsBhhpZmu6VVTEcoi5eMglI6QyO21y0oKPYWPQIDAQABo0IwQDAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmmQFQD3oWZUOVE81Qc9WSfcyqwww
+DQYJKoZIhvcNAQELBQADggIBAE1ArwZwMVVJe1Pjp1R9+Q766Qhzh4EN9RFCsktCcf4pB23l
+PtFhMhIZJP5eZKLB4MUIvtmleU+DmOWfjcEcgauMrc9Ihacra+IRJsr4JQjQSDHoEgl/yR6V
+Ud9vbGH66ElIg9nP7XWAE6h5DTAxA8X1qyUOVGsKAps2uhBwNtl8RdX6GrZahkSOUMOq3H4w
+yEEPQlpU2AewZqOUp0vdbQ/is6cbJh6dgxFrSzBti/MKj/EPM6yJwlO+RfGlJmEI7J7bLEYI
+eNssLnv6FGiOgyWQ+gmwVK827F4Jwoght2BCcNsG/oPkAPbdw4yRIyi92QSWMEBKibECypQE
+a1DYvfHWGQLQifGzFuJTOca9vgu2B/BQ+0Ii4DqMS8hc2rw1CAD5zHAT/BIgAKM6ygL5Oyvr
+j8AQLgOkjhFh0HFKneh4j7wBtibpmDnBoSv227PAtdytCoRgivjhmF5BRyx7BswcTEtZHWHx
+D/i2wlMEGNqGbcRmCCy9hhCxitAz70aq3Y/pC46n7w5bOmvJAp9D+WmTJ9PdpDjiwCXCkMD3
+QaTuUV1W3Zr4mLLj6gRLb6ycgDrsqXnY6/JB/AOdgxFK9q1vjhm02FAABIa+kL10CKPuRdlE
+/GsWl03WKMeT5bY3MTO3odsNXhKWA19hwUAp0gnljuFHPX7jWwruZ1eD8mQvAAAAAgARZW50
+cnVzdGV2Y2EgW2pka10AAAFWwkjuQgAFWC41MDkAAASVMIIEkTCCA3mgAwIBAgIERWtQVDAN
+BgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4x
+OTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVy
+ZW5jZTEfMB0GA1UECxMWKGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVz
+dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEy
+NzIwNTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYD
+VQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2Ux
+HzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9v
+dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFoNu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWI
+sMn/MYszA9u3g3s+IIRe7bJWKKf44LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQ
+gFA/CYqEAOwwCj0Yzfv9KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KK
+jbHjKYD+JXGIrb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+
+5pPi94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOBsDCB
+rTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAigA8yMDA2MTEy
+NzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRokORnpKZTgMeGZqTx90tD
++4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uEvW0wHQYJKoZIhvZ9B0EABBAwDhsI
+VjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8Zynty
+TtSx29CW+1RaGSwMCPeyvIWonX9tO1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47Rg
+xRzwIkSNcUesyBrJ6ZuaAGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72D
+QnNSi6q7pynP9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM
+++v/eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m0vdX
+cDazv/wor3ElhVsT/h5/WrQ8AAAAAgAYdmVyaXNpZ25jbGFzczNnM2NhIFtqZGtdAAABVsJJ
+W+wABVguNTA5AAAEHjCCBBowggMCAhEAm34GSaM+YrnV7pBIcSnvVzANBgkqhkiG9w0BAQUF
+ADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
+ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMTk5OSBWZXJpU2lnbiwgSW5j
+LiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz
+IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzMwHhcNOTkxMDAx
+MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT
+aWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEo
+YykgMTk5OSBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYD
+VQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5IC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLupxS/HgfGh5v
+GzdzvfjJa5QSME/wNkf10JEK9RfIpWHBFkBN+4phkOV2IMERBn2rLG6m9RFBjvotrSphWaRn
+JkzQ6LxSW3AgBFjResmkabyDF2StBYu80FjOjYz16/BCSQudlydnMm7hrpMVHHC8IE0vGN6S
+iOhshVcRGul+4yYRVKJFllWDyjCJ6NzYo+0qgD9/eWVXPhUgZggvlZO/qkcvqEaX8BLi/sIK
+K1Hmdua3RrfiDabMqMNMWVWJ5uhTXBzqnfBiFgunyV8M8N7Cds6v92ry+kGmojMUyeV6Y9Oe
+YjfVhWWeDuZTJHQbXh0SU1vHLOeDSTsVropouVeXAgMBAAEwDQYJKoZIhvcNAQEFBQADggEB
+ABEUlsGrkgj3Py/Jsv7kWp9k3tshT4aZNHY2V93QFS/FrX8VHzdicz7U51/OFwPbNfor265g
+CV8eX49uuws96loTHgxgb7XAtSMiLgcLy6l0y0e7HcHXpWvML9JC/Undp4nPU7raAFoov4Lf
++LoTHVCGgv2OMI8pRrAePTXaOGIWGEqt5rZRbN6vYusB0B4k/nqPEhoSaLj7ZpkUFEVcrueu
+aReBK1o3yV4q9MbioVxUm6ZUAM/w8cHHmDAaOzYW26Nu6v2tssLa7wJHE4rA8bMxrU8c4U+c
+rw8Mnfd4Ddj0NVaA2rdtF4+dHoFk4f7FRbqta7kKek5PS4TuS/F93REAAAACABxjZXJ0dW10
+cnVzdGVkbmV0d29ya2NhIFtqZGtdAAABVsJJZ94ABVguNTA5AAADvzCCA7swggKjoAMCAQIC
+AwREwDANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBU
+ZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9y
+aXR5MSIwIAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMB4XDTA4MTAyMjEyMDcz
+N1oXDTI5MTIzMTEyMDczN1owfjELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVj
+aG5vbG9naWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+eTEiMCAGA1UEAxMZQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAOP7faNyusLwyRSH9WsBTuFuQAe6bSddf/dbLbNax1Ffq6QypmGH
+tm4PhtIwApf412lXoRg5XWpkecYBWaw8MUo4fNIE0kso6CBfOweizE1z2/OuT8dW1Vqnlon6
+86to1COGWSfPCSe8rG5ygxwwct/gounS4XR1Gb0qnnsVVAQb10M5rVUoxeIau/TA5K44STPM
+doWfOUXSpJ7yEoxR+HzkLX/1rF/rFp+xLdG6zJFCd0wlyZA4b9vwzPuOHpdZPtVgTuYFKO1J
+eRNLukjbL/ly0znK/h/YNHL1tEDPMQHD7N4RLRddH7hQ0V4Zp2neBzMoylCV+adUy1SGUEWp
++UkCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUCHbNywf/JPbFze27kLzi
+hDdGdfcwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCmqK0izgE9pqP/YtBI
+nYtecrB4ROPcHK8J/SNI+r0qxLlVBLUQo40n3guCY9Du3gw3eUFbIrKwmkFcpnDg1NB3yyPT
+AOBsVi/haQ0N2aq/IYFQ2QalqP+VN9Cq/uKz9ZktRYSK5UIJ13QCL/eJ2JnpvCfUR426DUYc
+d88UpBy5pDHEnCh0AzT/MxkmpekNdLc+l8Z26CeWo2bd4a7yQVvKmFaDc3DkhhrSMUG6L74t
+E1p2b07oToEOP1sDIqASvmZYEUrLA8S0KiotlhfgOVS8SNN2J52aLQamyew50qvbn5oLJwI1
+KbFAlef56JxViBlG1rc09X7OOZrZOPFR908sAAAAAgAcdXRudXNlcmZpcnN0aGFyZHdhcmVj
+YSBbamRrXQAAAVbCSPFHAAVYLjUwOQAABHgwggR0MIIDXKADAgECAhBEvgyLUAAktBHTNir+
+ZQr9MA0GCSqGSIb3DQEBBQUAMIGXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNV
+BAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAf
+BgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTEfMB0GA1UEAxMWVVROLVVTRVJGaXJz
+dC1IYXJkd2FyZTAeFw05OTA3MDkxODEwNDJaFw0xOTA3MDkxODE5MjJaMIGXMQswCQYDVQQG
+EwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVU
+aGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNv
+bTEfMB0GA1UEAxMWVVROLVVTRVJGaXJzdC1IYXJkd2FyZTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALH3wzg/tKh/zzmCUWfQbZ/S/1jz558r7A2JVJm5OJkW9+AheUjCu2F0
+EpYdPGpy1TwQZzo57SsTzWbrlQkzpGyXsejG7MF1eZxGXo2r0Gr9uSpVFxBUsxnwmvbxsV22
+p2374HEXa6KI+wDf/hoxdwyaAXqxMuMrAQc4bsOlXiO8RZt7UMHJMI/b5St601v7M0AeoNWY
+F7yLh8OJ012gjrKqqvaOaYgGxfqJIfMInWkuCTObKQ1GD4zMSTSwaVG9+QbNaK1mTLw+rGG9
+CogOyN897nwETJ0KXmuR1u7H7SiNq02HiXPQbqTQHhaLFOF2RAN/Y6zkzUmcxZL0qzKhSFsC
+AwEAAaOBuTCBtjALBgNVHQ8EBAMCAcYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoXJf
+JhsomEOVXQc31YWWnUvSw0UwRAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC51c2VydHJ1
+c3QuY29tL1VUTi1VU0VSRmlyc3QtSGFyZHdhcmUuY3JsMDEGA1UdJQQqMCgGCCsGAQUFBwMB
+BggrBgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHMA0GCSqGSIb3DQEBBQUAA4IBAQBHGQ/e
+dMaZl6/8rShedY7rLWfuTnsr1wz/9t7LVaIK4UxUZZNga58SnK1egyzrWq7A5C30AGMduMBs
+8s9Ju02TbwamCiKySWIITv/IyBSyiBZd5wHkEpXlRTSzi2m9z7SFj3VRnn06ODoUSBLG+6c7
+Go0NgkAH6AQIkKGJyxlQ38ocAbwdBBl7EHaXO+6QkMrEDh8WbnXvM/jTb1seluPgdHd0e4qi
+bi3ddtY5MILwq5xS8irHr0lefsdo5YKByGon+SeIKtVYUJUf8DscV7t9FDliK5rJlJIqoyIM
+/4kmfV8jK0fXFR2pap5RDSpRnoH51DtecBJ/EDKcHrud+GaoAAAAAgAXZHRydXN0Y2xhc3Mz
+Y2EyZXYgW2pka10AAAFWwkoAlwAFWC41MDkAAARHMIIEQzCCAyugAwIBAgIDCYP0MA0GCSqG
+SIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV
+BAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZa
+Fw0yOTExMDUwODUwNDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgx
+KjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfSegpnljgJ9hBO
+lSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM03TP1YtHhzRnp7hhP
+TFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6ZqQTMFexgaDbtCHu39b+T7WYx
+g4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lRp75mpoo6Kr3HGrHhFPC+Oh25z1uxav60
+sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pu
+re3511H3a6UCAwEAAaOCASQwggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxi
+EyoZLsyvcop9NteaHNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGB
+hn9sZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xh
+c3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0
+aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQtdHJ1c3QubmV0L2Ny
+bC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDkuY3JsMA0GCSqGSIb3DQEBCwUA
+A4IBAQA07XtaPKSUiO8aEXUHL7P+PPoeUSbrh/Yp3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt
+77JLvyAoJUnRpjZ3NOhk31KxEcdzes05nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23P
+b0iUMkZv53GMoKaEGTcH8gNFCSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR
+10M9p9OB0/DJT7naxpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2B
+iYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1AAAAAgAbZ2xv
+YmFsc2lnbmVjY3Jvb3RjYXI1IFtqZGtdAAABVsJI9FEABVguNTA5AAACIjCCAh4wggGkoAMC
+AQICEWBZSeAmLrtV+Qp3inH5SthsMAoGCCqGSM49BAMDMFAxJDAiBgNVBAsTG0dsb2JhbFNp
+Z24gRUNDIFJvb3QgQ0EgLSBSNTETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xv
+YmFsU2lnbjAeFw0xMjExMTMwMDAwMDBaFw0zODAxMTkwMzE0MDdaMFAxJDAiBgNVBAsTG0ds
+b2JhbFNpZ24gRUNDIFJvb3QgQ0EgLSBSNTETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UE
+AxMKR2xvYmFsU2lnbjB2MBAGByqGSM49AgEGBSuBBAAiA2IABEdFDpb7fV2/6TnRIfifC7bV
+ex6SOkhZHPBiMS3Aeij+Gqdcs7bMl+dF1Fj60XdtQ6LAh2U0Ch963es8M6HFnU2kb0GVOH/J
+HoTr0Z5JkoeUhww6hUpmn51Zk02XYQaGSqNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
+/wQFMAMBAf8wHQYDVR0OBBYEFD3mKUib6gfKIURKJt5u3tKD0J9ZMAoGCCqGSM49BAMDA2gA
+MGUCMQDlaRLJbtvGMboJQeGX+Pv9muJ9EsntfGTTywUli1bZoOdeXU4Lg5xbdimgCSYhamIC
+MHHStY9c6jvheAmFqHWSO8hc/UjvDXQiqAjibsVJzscMvKdhafH3O+Eqy/kr82aQNwAAAAIA
+H3N0YXJmaWVsZHNlcnZpY2Vzcm9vdGcyY2EgW2pka10AAAFWwkmiwgAFWC41MDkAAAPzMIID
+7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
+B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNo
+bm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRp
+ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVow
+gZgxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxl
+MSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFy
+ZmllbGQgU2VydmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20pOsgP
+fTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpWriu2dBTr
+z/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1KTs9DkTvnVtYAcMtS7nt9
+rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufehRhJfGZOozptqbXuNC66DQO4M99H
+67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUc
+dUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+HQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaE
+d2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/he
+yNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1zqwub
+dQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkdiEDPfUYd/x7H
+4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jzaYyWf/Wi3
+MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6AAAAAgAgdHRlbGVzZWNnbG9i
+YWxyb290Y2xhc3MyY2EgW2pka10AAAFWwklV9AAFWC41MDkAAAPHMIIDwzCCAqugAwIBAgIB
+ATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBF
+bnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50
+ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0
+MDE0WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVt
+cyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD
+ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nzHoqv
+NK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTNuUk/
+9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzpesVs
+qXFP6st4vGCvx9702cu+fjOlbpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHm
+BiiRqiDFt1MmUUOyCxGVWOHAD3bZwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+G
+PgNeGYtEotXHAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G
+A1UdDgQWBBS/WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsf
+dOhyNsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPACuvxh
+I+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVwIEoHNN/q/xWA
+5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6g1XqfMIpiRvpb7PO4gWE
+yS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN9noHV8cigwUtPJslJj0Ys6lDfMjI
+q2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6FuwgAAAAIAGWFkZHRydXN0cXVhbGlm
+aWVkY2EgW2pka10AAAFWwkmxZwAFWC41MDkAAAQiMIIEHjCCAwagAwIBAgIBATANBgkqhkiG
+9w0BAQUFADBnMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsT
+FEFkZFRydXN0IFRUUCBOZXR3b3JrMSMwIQYDVQQDExpBZGRUcnVzdCBRdWFsaWZpZWQgQ0Eg
+Um9vdDAeFw0wMDA1MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcxCzAJBgNVBAYTAlNFMRQw
+EgYDVQQKEwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIzAh
+BgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwqxBb/4Oxx64r1EW7t
+Tw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G87B4pfYOQnrjfxvM0PC3KP0q
+6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i2O+tCBGaKZnhqkRFmhJePp1tUvznoD1o
+L/BLcHwTOK28FSXx1s6rosAx1i+f4P8UWfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLE
+O+GRwVY18BTcZTYJbqukB8c10cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QID
+AQABo4HUMIHRMB0GA1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYw
+DwYDVR0TAQH/BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6Fr
+pGkwZzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRU
+cnVzdCBUVFAgTmV0d29yazEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlmaWVkIENBIFJvb3SC
+AQEwDQYJKoZIhvcNAQEFBQADggEBABmrder4i2VhlRO6aQTvhsoToMeqT2QbPxj2qC0sVY8F
+tzDqQmodwCVRLae/DLPt7wh/bDxGGuoYQ992zPlmhpwsaPXpF/gxsxjE1kh9I0xowX67ARRv
+xdlu3rsEQmr49lx95dr6h+sNNVJn0J6XdgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q
+8rKFYqa0p9m9N5xotS1WfbC3P6CxB9bpT9zeRXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw
+3F369nJad9Jjzc9YiQBCYz95OdBEsIJuQRno3eDBiFrRHnGTHyQwdOUeqN48Jzd/g66ed8/w
+MLH/S5noxqEAAAACABpkaWdpY2VydGdsb2JhbHJvb3RjYSBbamRrXQAAAVbCSYbZAAVYLjUw
+OQAAA7MwggOvMIICl6ADAgECAhAIO+BWkEJGsaF1aslZkcdKMA0GCSqGSIb3DQEBBQUAMGEx
+CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
+Y2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMB4XDTA2MTExMDAw
+MDAwMFoXDTMxMTExMDAwMDAwMFowYTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0
+IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEgMB4GA1UEAxMXRGlnaUNlcnQgR2xv
+YmFsIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiO+ERct6opNOj
+V6pQoo8Ld5DJoqXuEs6WWwEJIMwBk6dOMLdT90PEaQBXneKNIt2HBkAAgQnOzhuDv9/NO3FG
+4tZmxwWzdicWj3ueHpV97rdIowja1q96DDkGZX9KXR+8F/irvu4o13R/eniZWYVoblwjMku/
+TsDoWm3jcL93EL/8AfaF2ahEEFgyqXUY1dGivkfiJ2r0mjP4SQhgi9RftDqEv6GqSkx9Ps9P
+X2x2XqBLN5Ge3CLmbc4UGo5qy/7NsxRkF8dbKZ4yv/Lu+tMLQtSrt0Ey2gzU7/iB1buNWD+1
+G+hJKKJw2jEE3feyFvJMCk4HqO1KPV61f6OQw68nAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIB
+hjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAfBgNV
+HSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTANBgkqhkiG9w0BAQUFAAOCAQEAy5w3qkgT
+Egr63UScT1Kw9N+uBPV5eQijJBj8SyuEwC251cf+9MEfWMu4bZx6dOeYKasRteNwoKHNTIiZ
+k4yRcOKrDxy+k6n/Y9XkB2DTo7+dWwnx1Y7jU/SOY/o/p9u0Zt9iZtbRbkGN8i216ndKn51Y
+4itZwEAj7S0ogkU+eVSSJpjggEioN+/w1nlgFt6s6A7NbqxEFzgvSdrhRT4quTZTzzpQBvcu
+6MRXSWxhIRjVBK14PCw6gGun668VFOnYicG5OGzikWyK/2S5dyVXMMAbJKPh3OnfR3y1tCQI
+BTDsLb0Lv0W/ULmp8+uYARKtyIjGmDRfjQo8xunVlZVt3udPoMwa+5HNtuCXcGFXXPQXABoM
+
diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
new file mode 100644
index 0000000000..0e0f339e11
--- /dev/null
+++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
@@ -0,0 +1,163 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+
+
+{{- define "common.certInitializer._aafConfigVolumeName" -}}
+ {{ include "common.fullname" . }}-aaf-config
+{{- end -}}
+
+{{- define "common.certInitializer._aafAddConfigVolumeName" -}}
+ {{ print "aaf-add-config" }}
+{{- end -}}
+
+{{/*
+ common templates to enable cert initialization for applictaions
+
+ In deployments/jobs/stateful include:
+ initContainers:
+ {{ include "common.certInitializer.initContainer" . | nindent XX }}
+
+ containers:
+ volumeMounts:
+ {{- include "common.certInitializer.volumeMount" . | nindent XX }}
+ volumes:
+ {{- include "common.certInitializer.volume" . | nindent XX}}
+*/}}
+{{- define "common.certInitializer._initContainer" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
+{{- $initName := default "certInitializer" -}}
+{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}}
+{{- $subchartDot := mergeOverwrite (fromJson (toJson $dot)) (dict "Chart" (set (fromJson (toJson .Chart)) "Name" $initRoot.nameOverride) "Values" $initRoot) }}
+- name: {{ include "common.name" $dot }}-aaf-readiness
+ image: "{{ $dot.Values.global.readinessRepository }}/{{ $dot.Values.global.readinessImage }}"
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - aaf-locate
+ - --container-name
+ - aaf-cm
+ - --container-name
+ - aaf-service
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+- name: {{ include "common.name" $dot }}-aaf-config
+ image: {{ (default $dot.Values.repository $dot.Values.global.repository) }}/{{ $dot.Values.global.aafAgentImage }}
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: {{ $initRoot.mountPath }}
+ name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
+ - mountPath: /opt/app/aaf_config/cert/truststoreONAPall.jks.b64
+ name: aaf-agent-certs
+ subPath: truststoreONAPall.jks.b64
+ - mountPath: /opt/app/aaf_config/cert/truststoreONAP.p12.b64
+ name: aaf-agent-certs
+ subPath: truststoreONAP.p12.b64
+{{- if $initRoot.aaf_add_config }}
+ - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
+ mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh
+ subPath: aaf-add-config.sh
+{{- end }}
+ command:
+ - sh
+ - -c
+ - |
+ #!/usr/bin/env bash
+ /opt/app/aaf_config/bin/agent.sh
+{{- if $initRoot.aaf_add_config }}
+ /opt/app/aaf_config/bin/aaf-add-config.sh
+{{- end }}
+ env:
+ - name: APP_FQI
+ value: "{{ $initRoot.fqi }}"
+ - name: aaf_locate_url
+ value: "https://aaf-locate.{{ $dot.Release.Namespace}}:8095"
+ - name: aaf_locator_container
+ value: "oom"
+ - name: aaf_locator_container_ns
+ value: "{{ $dot.Release.Namespace }}"
+ - name: aaf_locator_fqdn
+ value: "{{ $initRoot.fqdn }}"
+ - name: aaf_locator_app_ns
+ value: "{{ $initRoot.app_ns }}"
+ - name: DEPLOY_FQI
+ {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "login") | indent 6 }}
+ - name: DEPLOY_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "password") | indent 6 }}
+ #Note: want to put this on Nodes, eventually
+ - name: cadi_longitude
+ value: "{{ default "52.3" $initRoot.cadi_longitude }}"
+ - name: cadi_latitude
+ value: "{{ default "13.2" $initRoot.cadi_latitude }}"
+ #Hello specific. Clients don't don't need this, unless Registering with AAF Locator
+ - name: aaf_locator_public_fqdn
+ value: "{{ $initRoot.public_fqdn | default "" }}"
+{{- end -}}
+
+{{- define "common.certInitializer._volumeMount" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
+- mountPath: {{ $initRoot.mountPath }}
+ name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
+{{- end -}}
+
+{{- define "common.certInitializer._volumes" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
+{{- $subchartDot := mergeOverwrite (fromJson (toJson $dot)) (dict "Chart" (set (fromJson (toJson .Chart)) "Name" $initRoot.nameOverride) "Values" $initRoot) }}
+- name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
+ emptyDir:
+ medium: Memory
+{{- if $initRoot.aaf_add_config }}
+- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
+ configMap:
+ name: {{ include "common.fullname" $subchartDot }}-add-config
+ defaultMode: 0700
+- name: aaf-agent-certs
+ configMap:
+ name: {{ include "common.fullname" $subchartDot }}-certs
+ defaultMode: 0700
+
+{{- end -}}
+{{- end -}}
+
+{{- define "common.certInitializer.initContainer" -}}
+{{- $dot := default . .dot -}}
+ {{- if $dot.Values.global.aafEnabled }}
+ {{ include "common.certInitializer._initContainer" . }}
+ {{- end -}}
+{{- end -}}
+
+{{- define "common.certInitializer.volumeMount" -}}
+{{- $dot := default . .dot -}}
+ {{- if $dot.Values.global.aafEnabled }}
+ {{- include "common.certInitializer._volumeMount" . }}
+ {{- end -}}
+{{- end -}}
+
+{{- define "common.certInitializer.volumes" -}}
+{{- $dot := default . .dot -}}
+ {{- if $dot.Values.global.aafEnabled }}
+ {{- include "common.certInitializer._volumes" . }}
+ {{- end -}}
+{{- end -}}
diff --git a/kubernetes/nbi/templates/configmap-aaf-add-config.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml
index fe099b140d..a89a33152b 100644
--- a/kubernetes/nbi/templates/configmap-aaf-add-config.yaml
+++ b/kubernetes/common/certInitializer/templates/configmap.yaml
@@ -1,6 +1,5 @@
-{{ if .Values.global.aafEnabled }}
{{/*
-# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies, Orange
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -15,14 +14,19 @@
# limitations under the License.
*/}}
-{{- if .Values.aafConfig.addconfig -}}
+{{ if .Values.aaf_add_config }}
apiVersion: v1
kind: ConfigMap
-{{- $suffix := "aaf-add-config" }}
+{{- $suffix := "add-config" }}
metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
data:
- aaf-add-config.sh: |-
- /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
- {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop
-{{- end -}}
-{{- end -}}
+ aaf-add-config.sh: |
+ {{ tpl .Values.aaf_add_config . | indent 4 }}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "certs" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }}
+data:
+{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/common/certInitializer/templates/secret.yaml b/kubernetes/common/certInitializer/templates/secret.yaml
new file mode 100644
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/common/certInitializer/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml
new file mode 100644
index 0000000000..b55ba5e2f3
--- /dev/null
+++ b/kubernetes/common/certInitializer/values.yaml
@@ -0,0 +1,42 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global:
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ aafEnabled: true
+
+pullPolicy: Always
+
+secrets:
+ - uid: deployer-creds
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aafDeployFqi }}'
+ password: '{{ .Values.aafDeployPass }}'
+ passwordPolicy: required
+
+aafDeployFqi: "changeme"
+fqdn: ""
+app_ns: "org.osaaf.aaf"
+fqi: ""
+fqi_namespace: ""
+public_fqdn: "aaf.osaaf.org"
+aafDeployFqi: "deployer@people.osaaf.org"
+aafDeployPass: demo123456!
+cadi_latitude: "38.0"
+cadi_longitude: "-72.0"
+aaf_add_config: ""
+mountPath: "/opt/app/osaaf"
diff --git a/kubernetes/common/common/templates/_aafconfig.tpl b/kubernetes/common/common/templates/_aafconfig.tpl
index 0c78cc11b9..e90f8aea5d 100644
--- a/kubernetes/common/common/templates/_aafconfig.tpl
+++ b/kubernetes/common/common/templates/_aafconfig.tpl
@@ -76,6 +76,13 @@
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
- name: {{ include "common.name" $dot }}-aaf-config
image: {{ (default $dot.Values.repository $dot.Values.global.repository) }}/{{ $dot.Values.global.aafAgentImage }}
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
@@ -121,6 +128,13 @@
#Hello specific. Clients don't don't need this, unless Registering with AAF Locator
- name: aaf_locator_public_fqdn
value: "{{ $aafRoot.public_fqdn | default "" }}"
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
{{- end -}}
{{- end -}}
diff --git a/kubernetes/common/dgbuilder/requirements.yaml b/kubernetes/common/dgbuilder/requirements.yaml
index 7d56bf28ef..4735901dfa 100644
--- a/kubernetes/common/dgbuilder/requirements.yaml
+++ b/kubernetes/common/dgbuilder/requirements.yaml
@@ -15,4 +15,4 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local' \ No newline at end of file
+ repository: 'file://../common'
diff --git a/kubernetes/common/elasticsearch/components/curator/requirements.yaml b/kubernetes/common/elasticsearch/components/curator/requirements.yaml
index ff65593469..e9a5a5f61a 100644
--- a/kubernetes/common/elasticsearch/components/curator/requirements.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/requirements.yaml
@@ -15,4 +15,4 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local' \ No newline at end of file
+ repository: 'file://../../../common'
diff --git a/kubernetes/common/elasticsearch/components/data/requirements.yaml b/kubernetes/common/elasticsearch/components/data/requirements.yaml
index 6a61926e9e..a1f72ffc60 100644
--- a/kubernetes/common/elasticsearch/components/data/requirements.yaml
+++ b/kubernetes/common/elasticsearch/components/data/requirements.yaml
@@ -15,4 +15,4 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local' \ No newline at end of file
+ repository: 'file://../../../common'
diff --git a/kubernetes/common/elasticsearch/components/master/requirements.yaml b/kubernetes/common/elasticsearch/components/master/requirements.yaml
index 6a61926e9e..a1f72ffc60 100644
--- a/kubernetes/common/elasticsearch/components/master/requirements.yaml
+++ b/kubernetes/common/elasticsearch/components/master/requirements.yaml
@@ -15,4 +15,4 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local' \ No newline at end of file
+ repository: 'file://../../../common'
diff --git a/kubernetes/common/elasticsearch/requirements.yaml b/kubernetes/common/elasticsearch/requirements.yaml
index 84fa71c6e6..8a02fef7b7 100644
--- a/kubernetes/common/elasticsearch/requirements.yaml
+++ b/kubernetes/common/elasticsearch/requirements.yaml
@@ -15,7 +15,7 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
- name: master
version: ~6.x-0
repository: 'file://components/master'
@@ -27,4 +27,3 @@ dependencies:
version: ~6.x-0
repository: 'file://components/curator'
condition: elasticsearch.curator.enabled,curator.enabled
-
diff --git a/kubernetes/common/etcd/requirements.yaml b/kubernetes/common/etcd/requirements.yaml
index facbc4434e..e90e615d73 100644
--- a/kubernetes/common/etcd/requirements.yaml
+++ b/kubernetes/common/etcd/requirements.yaml
@@ -15,4 +15,4 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
diff --git a/kubernetes/common/mongo/requirements.yaml b/kubernetes/common/mongo/requirements.yaml
index f99477141f..6ba617e990 100644
--- a/kubernetes/common/mongo/requirements.yaml
+++ b/kubernetes/common/mongo/requirements.yaml
@@ -15,4 +15,4 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
diff --git a/kubernetes/common/music/charts/music-cassandra/requirements.yaml b/kubernetes/common/music/charts/music-cassandra/requirements.yaml
index 38536fcd78..0a80d654d0 100644
--- a/kubernetes/common/music/charts/music-cassandra/requirements.yaml
+++ b/kubernetes/common/music/charts/music-cassandra/requirements.yaml
@@ -15,4 +15,4 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local' \ No newline at end of file
+ repository: 'file://../../../common'
diff --git a/kubernetes/common/music/requirements.yaml b/kubernetes/common/music/requirements.yaml
index a7089ea6b3..1c428d214e 100644
--- a/kubernetes/common/music/requirements.yaml
+++ b/kubernetes/common/music/requirements.yaml
@@ -15,4 +15,4 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
diff --git a/kubernetes/common/network-name-gen/requirements.yaml b/kubernetes/common/network-name-gen/requirements.yaml
index 8152196ab5..8c2277c210 100644
--- a/kubernetes/common/network-name-gen/requirements.yaml
+++ b/kubernetes/common/network-name-gen/requirements.yaml
@@ -15,12 +15,12 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
- name: mariadb-galera
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../mariadb-galera'
condition: global.mariadbGalera.localCluster
- name: mariadb-init
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../mariadb-init'
condition: not global.mariadbGalera.localCluster
diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml
index 0defa97c26..a9f2a5bbd4 100644
--- a/kubernetes/common/network-name-gen/values.yaml
+++ b/kubernetes/common/network-name-gen/values.yaml
@@ -73,7 +73,7 @@ mariadb-init:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-apps-ms-neng:0.6.3
+image: onap/ccsdk-apps-ms-neng:0.7.1
pullPolicy: IfNotPresent
# application configuration
diff --git a/kubernetes/common/postgres/requirements.yaml b/kubernetes/common/postgres/requirements.yaml
index 76afd96b98..6f898b6171 100644
--- a/kubernetes/common/postgres/requirements.yaml
+++ b/kubernetes/common/postgres/requirements.yaml
@@ -15,4 +15,4 @@
dependencies:
- name: common
version: ~6.x-0
- repository: '@local'
+ repository: 'file://../common'
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index 5fcd916989..a9cac8beac 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -107,7 +107,7 @@ mongo:
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.5
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.6
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties
index 59f64bd99c..3f5b1b4336 100644
--- a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties
@@ -69,10 +69,10 @@ DB.host: {{ .Values.postgres.service.name2 }}
#DB.schema: {{ .Values.postgres.config.pgDatabase }}
# postgres user name
-#DB.user: {{ .Values.postgres.config.pgUserName }}
+DB.user: ${PG_USER}
# postgres user password
-DB.cred: {{ .Values.postgres.config.pgUserPassword }}
+DB.cred: ${PG_PASSWORD}
#####################################################
diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
index ea2720f9ce..a957acee9e 100644
--- a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
@@ -23,6 +23,25 @@ spec:
spec:
{{- if or .Values.global.aafEnabled .Values.PG.enabled }}
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: PG_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: {{ include "common.name" . }}-config-input
+ - mountPath: /config
+ name: {{ include "common.name" . }}-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
{{- if .Values.global.aafEnabled }}
- name: {{ include "common.name" . }}-aaf-readiness
command:
@@ -155,10 +174,13 @@ spec:
- name: localtime
hostPath:
path: /etc/localtime
- - name: {{ include "common.name" . }}-config
+ - name: {{ include "common.name" . }}-config-input
configMap:
name: {{ include "common.fullname" . }}-config
- name: {{ include "common.name" . }}-aaf-config-vol
emptyDir: {}
+ - name: {{ include "common.name" . }}-config
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml
index e15a152a21..25f5e7ad60 100644
--- a/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml
@@ -28,3 +28,5 @@ type: Opaque
data:
aaf-deploy-password: {{ index .Values.aafConfig.aafDeployPass | b64enc | quote }}
{{- end }}
+---
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml
index 3a18787826..d975dbaad2 100644
--- a/kubernetes/dmaap/components/dmaap-bc/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml
@@ -22,6 +22,22 @@ global:
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ envsubstImage: dibi/envsubst
+
+secrets:
+ - uid: pg-root-pass
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-dmaap-bc-pg-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dmaap-bc-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ password: '{{ .Values.postgres.config.pgRootpassword }}'
+ policy: generate
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-dmaap-bc-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "dmaap-bc-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
#################################################################
# Application configuration defaults.
@@ -114,9 +130,8 @@ postgres:
config:
pgUserName: dmaap_admin
pgDatabase: dmaap
- pgPrimaryPassword: onapdemodb
- pgUserPassword: onapdemodb
- pgRootPassword: onapdemodb
+ pgUserExternalSecret: *pgUserCredsSecretName
+ pgRootPasswordExternalSecret: *pgRootPassSecretName
persistence:
mountSubPath: dbc/data
mountInitPath: dbc
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
index 5c32d9950d..8b44e160ba 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
@@ -144,6 +144,7 @@ service:
type: NodePort
name: dmaap-dr-node
useNodePortExt: true
+ both_tls_and_plain: true
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
ports:
diff --git a/kubernetes/multicloud/charts/multicloud-k8s/values.yaml b/kubernetes/multicloud/charts/multicloud-k8s/values.yaml
index 3c7b1d3a65..f0bfedb43a 100644
--- a/kubernetes/multicloud/charts/multicloud-k8s/values.yaml
+++ b/kubernetes/multicloud/charts/multicloud-k8s/values.yaml
@@ -27,7 +27,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/k8s:0.5.0
+image: onap/multicloud/k8s:0.6.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/nbi/requirements.yaml b/kubernetes/nbi/requirements.yaml
index 4bd4fd863e..7ce343627a 100644
--- a/kubernetes/nbi/requirements.yaml
+++ b/kubernetes/nbi/requirements.yaml
@@ -20,6 +20,9 @@ dependencies:
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
- name: mongo
version: ~6.x-0
repository: '@local'
diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml
index 1b4195c733..22dd4a1ded 100644
--- a/kubernetes/nbi/templates/deployment.yaml
+++ b/kubernetes/nbi/templates/deployment.yaml
@@ -33,7 +33,7 @@ spec:
name: {{ include "common.fullname" . }}
spec:
{{- if .Values.global.aafEnabled }}
- initContainers: {{ include "common.aaf-config" . | nindent 6 }}
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
{{- end }}
containers:
- name: {{ include "common.name" . }}
@@ -49,11 +49,11 @@ spec:
args:
- -c
- |
- export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0)
+ export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export JAVA_OPTS="-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
- -Dserver.ssl.key-store={{ .Values.aafConfig.credsPath }}/org.onap.nbi.p12 \
+ -Dserver.ssl.key-store={{ .Values.certInitializer.credsPath }}/org.onap.nbi.p12 \
-Dserver.ssl.key-store-type=PKCS12 \
- -Djavax.net.ssl.trustStore={{ .Values.aafConfig.credsPath }}/org.onap.nbi.trust.jks \
+ -Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/org.onap.nbi.trust.jks \
-Dserver.ssl.key-store-password=$cadi_keystore_password_p12 \
-Djavax.net.ssl.trustStoreType=jks\
-Djava.security.egd=file:/dev/./urandom -Dserver.port=8443"
@@ -122,7 +122,7 @@ spec:
value: "msb-discovery.{{ include "common.namespace" . }}"
- name: MSB_DISCOVERY_PORT
value: "10081"
- volumeMounts: {{ include "common.aaf-config-volume-mountpath" . | nindent 12 }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -148,7 +148,7 @@ spec:
# name: esr-server-logs
# - mountPath: /usr/share/filebeat/data
# name: esr-server-filebeat
- volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml
index 6381d83e27..4fe092e603 100644
--- a/kubernetes/nbi/values.yaml
+++ b/kubernetes/nbi/values.yaml
@@ -36,7 +36,8 @@ global:
#################################################################
# AAF part
#################################################################
-aafConfig:
+certInitializer:
+ nameOverride: nbi-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
# aafDeployCredsExternalSecret: some secret
@@ -45,13 +46,16 @@ aafConfig:
public_fqdn: nbi.onap.org
cadi_longitude: "0.0"
cadi_latitude: "0.0"
- credsPath: /opt/app/osaaf/local
app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
+aafConfig:
permission_user: 1000
permission_group: 999
- addconfig: true
- secret_uid: &aaf_secret_uid nbi-aaf-deploy-creds
-
#################################################################
# Secrets metaconfig
@@ -63,12 +67,6 @@ secrets:
externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
login: '{{ .Values.config.db.userName }}'
password: '{{ .Values.config.db.userPassword }}'
- - uid: *aaf_secret_uid
- type: basicAuth
- externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
- login: '{{ .Values.aafConfig.aafDeployFqi }}'
- password: '{{ .Values.aafConfig.aafDeployPass }}'
- passwordPolicy: required
subChartsOnly:
enabled: true
diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml
index 0126c6e06b..3552b2e2f6 100644
--- a/kubernetes/policy/charts/drools/values.yaml
+++ b/kubernetes/policy/charts/drools/values.yaml
@@ -82,7 +82,7 @@ ingress:
# Default installation values to be overridden
server:
- jvmOpts: -server -Xms1024m -Xmx2048m
+ jvmOpts: -server -XshowSettings:vm
aaf:
enabled: "false"
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties
index f2c2cd7765..c7e4ad197e 100644
--- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties
+++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties
@@ -50,4 +50,4 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome
javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory
javax.persistence.jdbc.user=${SQL_USER}
-javax.persistence.jdbc.password=${SQL_PASSWORD}
+javax.persistence.jdbc.password=${SQL_PASSWORD_BASE64}
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml
index 9ac5d68a89..bd126b810b 100644
--- a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml
+++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml
@@ -35,7 +35,7 @@ spec:
- sh
args:
- -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: RESTSERVER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
@@ -45,6 +45,10 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "login") | indent 10 }}
- name: API_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "password") | indent 10 }}
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
name: pdpxconfig
@@ -59,11 +63,6 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
- env:
- - name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
- - name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
diff --git a/kubernetes/portal/charts/portal-app/values.yaml b/kubernetes/portal/charts/portal-app/values.yaml
index 8d18fd0dbd..01bc0dab93 100644
--- a/kubernetes/portal/charts/portal-app/values.yaml
+++ b/kubernetes/portal/charts/portal-app/values.yaml
@@ -32,7 +32,7 @@ global:
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-app:3.2.0
+image: onap/portal-app:3.2.1
pullPolicy: Always
#AAF local config
diff --git a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
index 13b319c76a..7502e9322a 100644
--- a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
+++ b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
@@ -78,7 +78,7 @@ update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7ML
/*
Replace spaces with underscores for role names to match AAF role names
*/
-UPDATE fn_role SET role_name= REPLACE(role_name, ' ', '_') WHERE active_yn= 'Y';
+UPDATE fn_role SET role_name= REPLACE(role_name, ' ', '_') WHERE active_yn= 'Y' AND role_id NOT IN (999);
/*
diff --git a/kubernetes/robot b/kubernetes/robot
-Subproject c81062626b69160145baac5e6a5d670cb67211f
+Subproject 1bc31c7d76408bdf2267bf72bf3b1b1e18e2367
diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/charts/sdc-be/values.yaml
index e0af28fd86..a0e9b539e6 100644
--- a/kubernetes/sdc/charts/sdc-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-be/values.yaml
@@ -28,8 +28,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-backend:1.6.4
-backendInitImage: onap/sdc-backend-init:1.6.4
+image: onap/sdc-backend:1.6.5
+backendInitImage: onap/sdc-backend-init:1.6.5
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/charts/sdc-cs/values.yaml
index 6c63927cf5..3cef2cf49e 100644
--- a/kubernetes/sdc/charts/sdc-cs/values.yaml
+++ b/kubernetes/sdc/charts/sdc-cs/values.yaml
@@ -28,8 +28,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.6.4
-cassandraInitImage: onap/sdc-cassandra-init:1.6.4
+image: onap/sdc-cassandra:1.6.5
+cassandraInitImage: onap/sdc-cassandra-init:1.6.5
pullPolicy: Always
diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/charts/sdc-fe/values.yaml
index e5d41eb897..8754d0fc87 100644
--- a/kubernetes/sdc/charts/sdc-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-fe/values.yaml
@@ -28,7 +28,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-frontend:1.6.4
+image: onap/sdc-frontend:1.6.5
pullPolicy: Always
config:
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
index 4cfebbf72f..0471c031a6 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
@@ -28,8 +28,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-onboard-backend:1.6.4
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.4
+image: onap/sdc-onboard-backend:1.6.5
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.5
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
index 8bab2c84ea..05793d4f5b 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
@@ -28,8 +28,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-backend:1.6.4
-configInitImage: onap/workflow-init:1.6.4
+image: onap/sdc-workflow-backend:1.7.0
+configInitImage: onap/sdc-workflow-init:1.7.0
pullPolicy: Always
initJob:
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
index 359c33ab61..aaa7795709 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
@@ -28,7 +28,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-frontend:1.6.4
+image: onap/sdc-workflow-frontend:1.7.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/Makefile b/kubernetes/sdnc/Makefile
index d634a8c506..e4b5dda95d 100644
--- a/kubernetes/sdnc/Makefile
+++ b/kubernetes/sdnc/Makefile
@@ -18,8 +18,8 @@ OUTPUT_DIR := $(ROOT_DIR)/../dist
PACKAGE_DIR := $(OUTPUT_DIR)/packages
SECRET_DIR := $(OUTPUT_DIR)/secrets
-EXCLUDES :=
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
+EXCLUDES := dist resources templates charts
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@@ -48,4 +48,4 @@ clean:
@rm -f *tgz */charts/*tgz
@rm -rf $(PACKAGE_DIR)
%:
- @: \ No newline at end of file
+ @:
diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties
index eff236a962..6d5afef190 100644
--- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties
+++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties
@@ -2,7 +2,7 @@ TransportType=HTTPNOAUTH
Latitude =50.000000
Longitude =-100.000000
Version =1.0
-ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events
Environment =TEST
Partner =
routeOffer=MR1
@@ -32,4 +32,4 @@ sessionstickinessrequired=NO
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
sdnc.odl.user=${ODL_USER}
sdnc.odl.password=${ODL_PASSWORD}
-sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
+sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties
index 944b63f4c2..fcb56e08c3 100644
--- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties
+++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties
@@ -2,7 +2,7 @@ TransportType=HTTPNOAUTH
Latitude =50.000000
Longitude =-100.000000
Version =1.0
-ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events
Environment =TEST
Partner =
routeOffer=MR1
@@ -32,4 +32,4 @@ sessionstickinessrequired=NO
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
sdnc.odl.user=${ODL_USER}
sdnc.odl.password=${ODL_PASSWORD}
-sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
+sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties
index b670d436c0..a03871d428 100644
--- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties
+++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties
@@ -2,7 +2,7 @@ TransportType=HTTPNOAUTH
Latitude =50.000000
Longitude =-100.000000
Version =1.0
-ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events
Environment =TEST
Partner =
routeOffer=MR1
@@ -30,6 +30,6 @@ AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000
AFT_DME2_EP_READ_TIMEOUT_MS=50000
sessionstickinessrequired=NO
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
-sdnc.odl.user=$(ODL_USER}
+sdnc.odl.user=${ODL_USER}
sdnc.odl.password=${ODL_PASSWORD}
-sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
+sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
diff --git a/kubernetes/sdnc/charts/dmaap-listener/values.yaml b/kubernetes/sdnc/charts/dmaap-listener/values.yaml
index 51f7afeeb5..bcbad0d68e 100644
--- a/kubernetes/sdnc/charts/dmaap-listener/values.yaml
+++ b/kubernetes/sdnc/charts/dmaap-listener/values.yaml
@@ -56,7 +56,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-dmaap-listener-image:1.8.1
+image: onap/sdnc-dmaap-listener-image:1.8.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml
index c08e53a84a..d0455d5647 100644
--- a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml
+++ b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml
@@ -56,7 +56,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ansible-server-image:1.8.1
+image: onap/sdnc-ansible-server-image:1.8.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml
index 2fa7071827..71ebb69819 100644
--- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml
+++ b/kubernetes/sdnc/charts/sdnc-portal/values.yaml
@@ -73,7 +73,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/admportal-sdnc-image:1.8.1
+image: onap/admportal-sdnc-image:1.8.2
config:
dbFabricDB: mysql
dbFabricUser: admin
diff --git a/kubernetes/sdnc/charts/ueb-listener/values.yaml b/kubernetes/sdnc/charts/ueb-listener/values.yaml
index a02a38531c..7a19b12865 100644
--- a/kubernetes/sdnc/charts/ueb-listener/values.yaml
+++ b/kubernetes/sdnc/charts/ueb-listener/values.yaml
@@ -62,7 +62,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ueb-listener-image:1.8.1
+image: onap/sdnc-ueb-listener-image:1.8.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/components/Makefile b/kubernetes/sdnc/components/Makefile
new file mode 100644
index 0000000000..4e737638a6
--- /dev/null
+++ b/kubernetes/sdnc/components/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# FIXME OOM-765
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
diff --git a/kubernetes/sdnc/sdnc-prom/Chart.yaml b/kubernetes/sdnc/components/sdnc-prom/Chart.yaml
index 54fb337f04..54fb337f04 100644
--- a/kubernetes/sdnc/sdnc-prom/Chart.yaml
+++ b/kubernetes/sdnc/components/sdnc-prom/Chart.yaml
diff --git a/kubernetes/sdnc/sdnc-prom/requirements.yaml b/kubernetes/sdnc/components/sdnc-prom/requirements.yaml
index e4c7240290..e4c7240290 100644
--- a/kubernetes/sdnc/sdnc-prom/requirements.yaml
+++ b/kubernetes/sdnc/components/sdnc-prom/requirements.yaml
diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/ensureSdncActive.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh
index fb24653129..fb24653129 100755
--- a/kubernetes/sdnc/sdnc-prom/resources/bin/ensureSdncActive.sh
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh
diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/ensureSdncStandby.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh
index 8dd84bd3ea..8dd84bd3ea 100755
--- a/kubernetes/sdnc/sdnc-prom/resources/bin/ensureSdncStandby.sh
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh
diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/prom.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh
index c93ba24bd7..c93ba24bd7 100755
--- a/kubernetes/sdnc/sdnc-prom/resources/bin/prom.sh
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh
diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.cluster b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.cluster
index bdfa1a440b..bdfa1a440b 100755
--- a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.cluster
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.cluster
diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.dnsswitch b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.dnsswitch
index 209352c4e3..209352c4e3 100755
--- a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.dnsswitch
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.dnsswitch
diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.failover b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover
index e78b7eeee3..e78b7eeee3 100755
--- a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.failover
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.failover
diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.monitor b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor
index 0042ac368a..0042ac368a 100755
--- a/kubernetes/sdnc/sdnc-prom/resources/bin/sdnc.monitor
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/sdnc.monitor
diff --git a/kubernetes/sdnc/sdnc-prom/resources/bin/switchVoting.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh
index f13196e7e8..f13196e7e8 100755
--- a/kubernetes/sdnc/sdnc-prom/resources/bin/switchVoting.sh
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh
diff --git a/kubernetes/sdnc/sdnc-prom/resources/config/config.json b/kubernetes/sdnc/components/sdnc-prom/resources/config/config.json
index 54f95c140c..54f95c140c 100644
--- a/kubernetes/sdnc/sdnc-prom/resources/config/config.json
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/config/config.json
diff --git a/kubernetes/sdnc/sdnc-prom/resources/config/healthchecks.json b/kubernetes/sdnc/components/sdnc-prom/resources/config/healthchecks.json
index ea8ceccc0c..ea8ceccc0c 100644
--- a/kubernetes/sdnc/sdnc-prom/resources/config/healthchecks.json
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/config/healthchecks.json
diff --git a/kubernetes/sdnc/sdnc-prom/templates/configmap.yaml b/kubernetes/sdnc/components/sdnc-prom/templates/configmap.yaml
index 927bb1e5be..927bb1e5be 100644
--- a/kubernetes/sdnc/sdnc-prom/templates/configmap.yaml
+++ b/kubernetes/sdnc/components/sdnc-prom/templates/configmap.yaml
diff --git a/kubernetes/sdnc/sdnc-prom/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml
index 7492b5501e..7492b5501e 100644
--- a/kubernetes/sdnc/sdnc-prom/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml
diff --git a/kubernetes/sdnc/sdnc-prom/templates/pv.yaml b/kubernetes/sdnc/components/sdnc-prom/templates/pv.yaml
index bef2d6a85f..bef2d6a85f 100644
--- a/kubernetes/sdnc/sdnc-prom/templates/pv.yaml
+++ b/kubernetes/sdnc/components/sdnc-prom/templates/pv.yaml
diff --git a/kubernetes/sdnc/sdnc-prom/templates/pvc.yaml b/kubernetes/sdnc/components/sdnc-prom/templates/pvc.yaml
index 9933852f16..9933852f16 100644
--- a/kubernetes/sdnc/sdnc-prom/templates/pvc.yaml
+++ b/kubernetes/sdnc/components/sdnc-prom/templates/pvc.yaml
diff --git a/kubernetes/sdnc/sdnc-prom/values.yaml b/kubernetes/sdnc/components/sdnc-prom/values.yaml
index 7216e81abf..7216e81abf 100644
--- a/kubernetes/sdnc/sdnc-prom/values.yaml
+++ b/kubernetes/sdnc/components/sdnc-prom/values.yaml
diff --git a/kubernetes/sdnc/templates/configmap.yaml b/kubernetes/sdnc/templates/configmap.yaml
index 087ed30055..cd39425073 100644
--- a/kubernetes/sdnc/templates/configmap.yaml
+++ b/kubernetes/sdnc/templates/configmap.yaml
@@ -78,3 +78,16 @@ metadata:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Get "resources/env.yaml") . | indent 2 }}
+
+{{ if .Values.global.aafEnabled }}
+{{- if .Values.aafConfig.addconfig -}}
+---
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "aaf-add-config" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+ aaf-add-config.sh: |-
+ cd /opt/app/osaaf/local && /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.aafConfig.credsPath }}/.pass 2>&1
+{{- end -}}
+{{- end -}}
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index 4511ca9125..58ca866fca 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -92,54 +92,7 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
{{ if .Values.global.aafEnabled }}
- - name: {{ include "common.name" . }}-aaf-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - aaf-locate
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-aaf
- image: {{ .Values.global.repository }}/{{ .Values.aaf_init.agentImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: {{ .Values.certpersistence.certPath }}
- name: {{ include "common.fullname" . }}-certs
- command:
- - bash
- - -c
- - |
- /opt/app/aaf_config/bin/agent.sh &&
- cd /opt/app/osaaf/local &&
- /opt/app/aaf_config/bin/agent.sh local showpass | grep cadi_keystore_password= | cut -d= -f 2 > /opt/app/osaaf/local/.pass 2>&1
- env:
- - name: APP_FQI
- value: "{{ .Values.aaf_init.fqi }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:8095"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_fqdn
- value: "{{ .Values.aaf_init.fqdn }}"
- - name: aaf_locator_app_ns
- value: "{{ .Values.aaf_init.app_ns }}"
- - name: DEPLOY_FQI
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 12 }}
- - name: DEPLOY_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 12 }}
- - name: cadi_longitude
- value: "{{ .Values.aaf_init.cadi_longitude }}"
- - name: cadi_latitude
- value: "{{ .Values.aaf_init.cadi_latitude }}"
+{{ include "common.aaf-config" . | indent 6 }}
{{ end }}
- name: {{ include "common.name" . }}-chown
image: "busybox"
@@ -147,8 +100,9 @@ spec:
volumeMounts:
- mountPath: {{ .Values.persistence.mdsalPath }}
name: {{ include "common.fullname" . }}-data
- - mountPath: {{ .Values.certpersistence.certPath }}
- name: {{ include "common.fullname" . }}-certs
+{{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config-volume-mountpath" . | indent 10 }}
+{{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -197,6 +151,9 @@ spec:
- name: JAVA_HOME
value: "{{ .Values.config.javaHome}}"
volumeMounts:
+ {{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config-volume-mountpath" . | indent 10 }}
+ {{- end }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -237,8 +194,6 @@ spec:
name: {{ include "common.fullname" . }}-data
- mountPath: /var/log/onap
name: logs
- - mountPath: {{ .Values.certpersistence.certPath }}
- name: {{ include "common.fullname" . }}-certs
- mountPath: {{ .Values.config.odl.salConfigDir }}/{{ .Values.config.odl.salConfigVersion}}/sal-clustering-config-{{ .Values.config.odl.salConfigVersion}}-akkaconf.xml
name: properties
subPath: akka.conf
@@ -298,17 +253,13 @@ spec:
- name: properties
emptyDir:
medium: Memory
- - name: {{ include "common.fullname" . }}-certs
- {{ if .Values.certpersistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-certs
- {{ else }}
- emptyDir: {}
- {{ end }}
{{ if not .Values.persistence.enabled }}
- name: {{ include "common.fullname" . }}-data
emptyDir: {}
{{ else }}
+ {{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config-volumes" . | indent 8 }}
+ {{- end }}
volumeClaimTemplates:
- metadata:
name: {{ include "common.fullname" . }}-data
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index f0d70e2c33..96ea6e33fd 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -24,6 +24,7 @@ global:
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ aafAgentImage: onap/aaf/aaf_agent:2.1.15
persistence:
mountPath: /dockerdata-nfs
aafEnabled: true
@@ -69,7 +70,7 @@ secrets:
password: '{{ .Values.config.odlPassword }}'
# For now this is left hardcoded but should be revisited in a future
passwordPolicy: required
- - uid: aaf-creds
+ - uid: &aaf_secret_uid aaf-creds
type: basicAuth
externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
login: '{{ .Values.aaf_init.deploy_fqi }}'
@@ -118,7 +119,7 @@ secrets:
# application images
repository: nexus3.onap.org:10001
pullPolicy: Always
-image: onap/sdnc-image:1.8.1
+image: onap/sdnc-image:1.8.2
# flag to enable debugging - application support required
@@ -194,6 +195,20 @@ config:
numberGGLogFiles: 10
# dependency / sub-chart configuration
+aafConfig:
+ addconfig: true
+ fqdn: "sdnc"
+ app_ns: "org.osaaf.aaf"
+ fqi: "sdnc@sdnc.onap.org"
+ fqi_namespace: org.onap.sdnc
+ public_fqdn: "sdnc.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "38.0"
+ cadi_longitude: "-72.0"
+ secret_uid: *aaf_secret_uid
+ credsPath: /opt/app/osaaf/local
+
aaf_init:
agentImage: onap/aaf/aaf_agent:2.1.15
app_ns: "org.osaaf.aaf"
diff --git a/kubernetes/vnfsdk/resources/config/configuration.xml b/kubernetes/vnfsdk/resources/config/configuration.xml
new file mode 100644
index 0000000000..6bd4e1c8eb
--- /dev/null
+++ b/kubernetes/vnfsdk/resources/config/configuration.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright 2017 Huawei Technologies Co., Ltd.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE configuration
+PUBLIC "//mybatis.org//DTD Config 3.0//EN"
+"http://mybatis.org/dtd/mybatis-3-config.dtd">
+<configuration>
+ <environments default="development">
+ <environment id="development">
+ <transactionManager type="JDBC" />
+ <dataSource type="UNPOOLED">
+ <property name="driver" value="org.postgresql.Driver" />
+ <property name="url" value="jdbc:postgresql://{{ .Values.postgres.service.name }}:{{ .Values.postgres.service.externalPort }}/marketplaceDB" />
+ <property name="username" value="${PG_USER}" />
+ <property name="password" value="${PG_PASSWORD}" />
+ </dataSource>
+ </environment>
+ </environments>
+ <mappers>
+ <mapper resource="mybatis/sql/MarketplaceMapper.xml" />
+ </mappers>
+</configuration>
diff --git a/kubernetes/vnfsdk/templates/configmap.yaml b/kubernetes/vnfsdk/templates/configmap.yaml
index 44d5f41f15..0c39e6e685 100644
--- a/kubernetes/vnfsdk/templates/configmap.yaml
+++ b/kubernetes/vnfsdk/templates/configmap.yaml
@@ -23,4 +23,4 @@ metadata:
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/marketplace_tables_postgres.sql").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/vnfsdk/templates/deployment.yaml b/kubernetes/vnfsdk/templates/deployment.yaml
index bd187db286..3f4d6c43eb 100644
--- a/kubernetes/vnfsdk/templates/deployment.yaml
+++ b/kubernetes/vnfsdk/templates/deployment.yaml
@@ -35,6 +35,25 @@ spec:
spec:
initContainers:
- command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: PG_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: init-data-input
+ - mountPath: /config
+ name: init-data
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
+ - command:
- /root/ready.py
args:
- --container-name
@@ -54,9 +73,10 @@ spec:
name: {{ include "common.name" . }}
resources:
{{ include "common.resources" . | indent 12 }}
- env:
- - name: POSTGRES_SERVICE_HOST
- value: "$(VNFSDK_DBSET_SERVICE_HOST)"
+ volumes:
+ - mountPath: /service/webapps/ROOT/WEB-INF/classes/mybatis/configuration/configuration.xml
+ name: init-data
+ subPath: configuration.xml
readinessProbe:
tcpSocket:
port: {{ .Values.service.internalPort }}
@@ -64,3 +84,10 @@ spec:
periodSeconds: {{ .Values.readiness.periodSeconds }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+ volumes:
+ - name: init-data-input
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: init-data
+ emptyDir:
+ medium: Memory
diff --git a/kubernetes/vnfsdk/templates/job.yaml b/kubernetes/vnfsdk/templates/job.yaml
index 2ec7b95772..1d0dd29f59 100644
--- a/kubernetes/vnfsdk/templates/job.yaml
+++ b/kubernetes/vnfsdk/templates/job.yaml
@@ -51,13 +51,15 @@ spec:
image: "{{ .Values.postgresRepository }}/{{ .Values.postgresImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
+ - name: PGUSER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
- name: PGPASSWORD
- value: "{{ .Values.postgres.config.pgUserPassword }}"
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
command:
- /bin/sh
- -c
- |
- psql -U {{ .Values.postgres.config.pgUserName }} -h $(VNFSDK_DBPRI_SERVICE_HOST) -f /aaa/init/marketplace_tables_postgres.sql
+ psql -h $(VNFSDK_DBPRI_SERVICE_HOST) -f /aaa/init/marketplace_tables_postgres.sql
volumeMounts:
- name: init-data
mountPath: /aaa/init/marketplace_tables_postgres.sql
diff --git a/kubernetes/vnfsdk/templates/secrets.yaml b/kubernetes/vnfsdk/templates/secrets.yaml
new file mode 100644
index 0000000000..b143034d8f
--- /dev/null
+++ b/kubernetes/vnfsdk/templates/secrets.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+# #
+# # Licensed under the Apache License, Version 2.0 (the "License");
+# # you may not use this file except in compliance with the License.
+# # You may obtain a copy of the License at
+# #
+# # http://www.apache.org/licenses/LICENSE-2.0
+# #
+# # Unless required by applicable law or agreed to in writing, software
+# # distributed under the License is distributed on an "AS IS" BASIS,
+# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# # See the License for the specific language governing permissions and
+# # limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml
index 28dea47cfc..82bef2d4eb 100644
--- a/kubernetes/vnfsdk/values.yaml
+++ b/kubernetes/vnfsdk/values.yaml
@@ -22,6 +22,22 @@ global:
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ envsubstImage: dibi/envsubst
+
+secrets:
+ - uid: pg-root-pass
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-vnfsdk-pg-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "vnfsdk-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ password: '{{ .Values.postgres.config.pgRootpassword }}'
+ policy: generate
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-vnfsdk-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "vnfsdk-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
#################################################################
# Application configuration defaults.
@@ -50,9 +66,8 @@ postgres:
config:
pgUserName: postgres
pgDatabase: postgres
- pgPrimaryPassword: postgres
- pgUserPassword: postgres
- pgRootPassword: postgres
+ pgUserExternalSecret: *pgUserCredsSecretName
+ pgRootPasswordExternalSecret: *pgRootPassSecretName
# flag to enable debugging - application support required
debugEnabled: false