From bebeebf08505186ee73844057139c9f7de48b493 Mon Sep 17 00:00:00 2001 From: Brave Okafor Date: Sat, 25 May 2024 12:49:21 +0200 Subject: [PATCH 1/3] feat: added helm-docs for generating chart parameters --- build/supabase-0.1.2.tgz | Bin 0 -> 38231 bytes charts/supabase/README.md | 533 +++++++++++++++++++++++++++++++ charts/supabase/README.md.gotmpl | 435 +++++++++++++++++++++++++ charts/supabase/values.yaml | 299 ++++++++++------- index.yaml | 15 +- 5 files changed, 1152 insertions(+), 130 deletions(-) create mode 100644 build/supabase-0.1.2.tgz create mode 100644 charts/supabase/README.md.gotmpl diff --git a/build/supabase-0.1.2.tgz b/build/supabase-0.1.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..f33eefffda8563269aeec754c0737494558e93fb GIT binary patch literal 38231 zcmV*QKwrNfiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMY8ciT9!0O+}UAMWwK%sKnAj~I2PZTGdlEPo{G>zPq(*->Ik zjwIVjdV19q2}_JAk|97l>Llmfr~O^~)Arzl-=C5w*@=lh9oqy@0IE=h0#H>zrY;Nx z1j|Qb!N8@dFj3aBPL)cfvcJ1ae^x3L|IfI~yT7wr+pQeb_SY)aTBWkT1}d5N zBqW&vVy;kNvP`%aRe%U94qvZmI--OjoMk!Z*|rhoUx5NJA70n$uEgy2LrAek#b zP%t!90n2x=v@VOJ>=V=c6aw*9K6{7 zCpz4DUita%aCco5Ca?~yiMWoZI;;ah*A-b5NJrN1tPWO6)zZ%TL!<16N;d!B35p5P zQUpLO|5q!u+TO08|9AGPIsdOB{RB>A1pkus-aRz=^4fM4s4% zY9(+ktFpGfj-Y5jTwe#^Cr~Vc*Vlb;FDnWdLSP~&0jvQ7-arGYA_S~3kX0}-6)fun zebBg*MTkliLPOP5@H6PKkKh(g!Hs5cWNlkx+@^zIHAsU!29}hxhqFx)x=r!8ZKKZy z!7Betf;WPxVA69UvPDh3kw>OMg(r{^kRTRh1xjED744o>`gl(V3xJ?%>Kiz%gF=D+ z%?INBL~&#NNfFf3p(x)>fuI8TSw>h^N4(rNxF5^n7+~QRBA^>kgc8M?b_WfB#}EiZ z?GA!F!H|Wa0ulS$)lwJUcpK~7LBo(G8}YYriYS_VO%oC!UTqGXxY{Sfr(awM;=l0E zZag`^+nEew?58!UEcOASK~REaK|wUHKZXc`8yPAR0uvKqGVOFjyOSj-0eA;hAm0EJ zk&#k_)5TW-lEsg64p!5^!SF+rStv--fJch1r;D& zR)MJlL7f5(kD(C`7z?rr4WiW;@RKPUP$EEDHvnndU?SW?fXG&a2n^{XQHYLT4qkP7 zeKJDLAVOZD!a>($6_a0xKr!Ue7(31I?h(KSajQR9PLZ0|05Z zR0r5F$;6S#ZiP|HfVzfctQk}1aHFhqbTB>3RFn%%k;Q2pv~JoOzAzwyDyErO7}Y^R z5imr!U_rhx6@`gZR0qHPzD`?FWKlTMOcmEbbsYf0wbmr%Q}@PHl#tJgdMHgVbSHr{L% zN!2hV3u4rlEb988^397~ns=0gAw(wQC7aoh$^@o~V2M{~-2hd?06`1{RpLD((}MJE z8wd=PjKB!0&>$n=$~XaSp%!2`(FwIEP}f4DYf>Z7PhFFGP&5r0PmeSe!_OS4_8@N1 zsiB#A9qd#p6-t4)(xRXXLs^lr43R}003<`xoxh5padyW4B1G<}%CxI#m~8*i6k#~= z5W_Il25M_6DH6=MM9`>%s?|4&UDgyky*pA&grU*8VDnrva2@RJ)^;ez+{uQfPM|fB zE;_ybX}8&<99{?IJHaR$rfRdwCxsO|z36oNbx^xDF=L9xue%z1KUVGTrI}7*4IFg%DmB@R$kx37Jn&0wOf9d_!~+ zw%^wU+3>g9>zxgbnxv;?0-%hwGD1q3pbr`)(ZFF9-ZbBbm$$YJcbZ~O;5q3BVp5CH znoU5KH{k2|PjtPYJ-!g|*adbnExY!rtX3*u?sF5q{b8c^Tq9EEpjLBbvBGT%Y%(3V zT4YJaaDv>hiUgIevL*c4T^>+6)M@ty+RflbR^UKZ2lfKP%NvlLUn3vaT$AmDDJaSm z7*NzE6R1j55@5~NBdnFfhCxLH)__7aRXmmv5D*Z^nu0`GGp!|G9BV}4kU2uc1W~6- zpihe{NF%!y0}2QtAdUr9WIqjz2zvodb#n<~>#ibWtk_Iwb!QtOQyh~noXe_wYYt(F z$g`^hXb2QTHy9dV!$JE-$p$--u}eaUx=E$T#QrjY6S`nlcb=ci_FzAm5Y1Lk zhX#@nCORIg=3l6RrKKJz0zz%K;vcrGAo)*N2hUGgpO~UW<~Xu6vm)q1LAo|%3_GgG zS`Z0n4puO+hD1S;)lpQ3CbHUPt2tsTIRF#kv+ENVWmqsq5FcG!USe61|D-*=fQATF zOq37s+>&^#;5kK2Tv=6e+%v4M;kw;vg zVi!n=>Vrc_I7n8Z1jf)H!(_S_1+xAVKN1BE*JTge7y9)tzFS;S`(jXX-Rtq_Ud3Xr zeyv9Rs7F*)tq+ZUtJAK7W4`=#jFF&n@ex+*qT6}h zJnB0YE)0$A{oQ4`l1BQ$ym*Hn&qARc@YD~tr zoA3Hoxn{fZ@~k;H>zwxLpg?frKJSE>-CvQ3Hk3!7OlVB`qysPI5qL{K3ef1)?G*4^*AVB)b~mm%L4)nrDRjh$SRc@&yVuEwlHjd}6n#fvaC<|pT1 zo*>jduN`X$Gt668=wbKgq&`1mu7l%7pXw#0cH_L+yJ#FWOXyB4iL5szMH2;fBz639 zaM>ekzr~gV!rB8tn#ihEfN4Ga?2CRm?zXPn3WN2%*E_4**IhqZzik772>flJ(<{$y z>%@E;+(ARWnHELC{*}xk3axR`8Z_Vao85NfELN>L?ex2s%>gOT#$KqD=zj%&HrL(= z`aOBQR==61iOX(l&^SBmTo2A#w4q--V2)cos?_ybr|rv&Iw;%-3WA;@udn;IzIod1 zTwV+aed_M}KrR(r6&lCqt@fbXIcxT8Lydu<@#WcF@bWkT6g^KY)b=Z0+dgnbKDuZP>CNH~Z7mfa_-k{aKYV}Dc%7oJ8yK0$nPHZLK0N)YK zRJGeY>RdIu?`N#$CV6<(d^3@6Ci2b16WC02A;R`%!hi_-Hxrf?f#=*&*!AuEHk{e6 zBHu&gdx*!lhln}~eb7CGOZU`_2i-kfoOXNt0fBk+s(Ie%)q!pf6c zlmYwfteT^N*<58B7eqJg_gn4L-oSr}pDR7N z(vvGaPeSQoel9M>hkfuXKi2m}Pg5;8x#p8=K0mbPv-=n|ALsNm{@^r26^AG)C;eu3 zaMWqHn@9b@+e>y#(`)ttf`TEA2V}to{SFvd(xG5gZMKh?U7po*kNn^VV!QS|_sQ9N zdh~fTXdTzVjWVt7)SQe9>m1Vqq}M#^Hv6QN0YPRRT3Mo88e%`MprxdwFJjeh%?l?cJZX(TBTg+1$}SQK-%C*`RT9);R6e zK~Xm}tPLa?VIZpz53s1SLhO3I-)Nonjv7RfbDyjow|j$j=eXIcgTlr}eioIhWw~1R zMAWi#hy`0En?Nl1)iLrdD+h@p0hXCQmfvsZ8rt`vp*^oW|9&;Jl^jkD&YS&)b?r#d zl`A2+5|S$+Pecjfkxy(rgr7+V{RLRDg&hVcn4+M|xh|6HB2P>g*?ZKdMVvPug-+7B z=(jrUUL6!g_wmu8bz|nbDLZLVGq(@T!CC9PMcr0+c6XjXx4k0zoo?f_X?Ymb0a?z; z{E|uUP|XFzTXJyG=)dCrvx+>lWEU;pZ?+rlK0SXz*c{St-R3E^XtF9xVoIT*!i6&6dJ;1PIQ&7Bk9xx!*u!6_T}W zfNo`-PAaHM%)6g7LXWCMO=0bFI8Jw)?cy*9dcKV&84!2hf zWS?}pM@@>!L9hS*tm$E-#&yrOK=ffR*FSUpGuJ;?<%e6Xb! zt?zRx!;)a&F_I@`yP;eY&NbmDrwLcXG~w3y=|#8m?)~6pi>PXaIw@H2W}S788fOEd zvGv~f`pxq}x6|p@LD^gCvez6m`;AkNOMsor@8qtVFE0ki&3^NU8>3rAbM+%vKXUaW zS3e#={h*PUZ#6a?x7tCz&8c#bs=1btYZ*^W%Xl7f-u9-`J{?#mWpz-{Zf**$jONi< zquc1WuA0nO?X(WcCNj$O@T^RDiT+cXP88ll>#+v*NCSPD!9Ma96}c=UWI|M~?z&oO z_XeFVjdXF===HZ7+ehujdDAIyadvsyYWM1voGxNRP|=NMOrWtXY6jZAh0~&7;_3UB%afC4mmZhZL3O`!n_Re82m8CevS*#s!CCXFc~%Ga zf}s*wp^glQP?QK3U8{jQlGV?_C4tL(np@)FN@V3VREQxe$y(Wf_hcO?GWlz%d~`ZO z0~aTPDvY2(O7ip0B1ODGq#DEss-iK~aS>r*B&(x>UEA9VR!~t8X;&T15i52NsSsop zk7+C>&_C;0K}u;{`raA9(3r?79a_mQPW2Q7Y0!KtoRb1?Fc>O=dh49>^4@!b;8}yS zfpv)RyO$B%CUOMZ2Y|8)u%JqC!t|RE7%cd+b_WfLPA;!#_lXp7nkag7OYVqV6tzha zE66Sd=sC5Go}c)#?e|;u6e`j`>w!X+_GuSng_%NHc70>T`jquA40t1d&b9VjYtOaz zr*UcRJWt|@*zXAnV+WyH@XA`@Zwuu5bFM!>G5tBpyWy;JdUDq2HmTt{zj&_h9MDK7 zRo>`>-Dor8|9LI!KH0FCvt}I(Y)RrBd#}|#J!=lwO|VB-bc$F3`OZ7XO;3@NW}|=E zZ4OS(8mEKKRkPb|krMR%BOXfckWR_a4BLx=um!d4W3$)G2kW4LKA(ein1xKQynbK>dshq)bJuTPM zay{({=xO}PxI0$MC(PK_In^^P6Y(NzWdS5egrjzx{9nb zhmrM=gT)BdgH~XECb`0qD;&APVZ92LudVsony;-H8!J1vT)DOK0?Ykco&w1}L$MY; zRBm_r&0YzA##yydsZ=WaySwyfrBd<#tnBRXuT^*VcXn&Lm4n*;TBW+XSFNpqN>&|+ zOD4jCu~u2QE&t%YlT<7g*ZX5Zy`}P(h<;f`SWpPdgD+n|>4?bq5|K6F+qb{1fB6FB z8&JAp*Ynh_*fM_QvH^ViwtgienMrB>!lxvl@lX>C2?*Ho(*E)VY|5$xKZk>(2AH6- zMSmeczkDeIvfO>kIXSx&!vBLYRLELX!n%@48wvbh+pSc5{J&Q_*vt8U73s^D@-OSn z&pK5ReS0mc-j&vWDRbsyPx*p^HD^ksZ~+vZY^ry?hJfoejAEu|M(?=T( z3`nWVaAYkYte>8bGj>ilWEJ0l!rxKx@2KE|#TrdNzrug@%sLl236IP5onWqnZ7F#hd#|Plp5%g2I0nKw(gror$!`L{nK8QA`(E0oKPc zR3;@fF4Jz;i8>&wqGC!RLn^UGLkb|Sqn~lWCD&}>qipE9HPCP0)&*VnInr>X*If#U ztIAjK$<#3PjXDU0xsyo6;gkWgW)2S}7K$}%gOQ9k|1gW8ePE{&p?G5KUJCC!Rm#Z5 z(9?4_Q-#f4zd#Q^Jc}Ka`?RnfC6K(uO8nT(w=8T1hwMnX(pD5O)jdX+9I(I^_%DT2 z00O-J(ChC*rx5+mw$IH<6HL(mcJ_AbFnI8uvnDx7*ldlHFDAE@FQxO=@kqIDGRF_e!hKNN{4%(snn0C z3h5P*FfJ;E&Buk6lXRd~r>4ZN{}R*{Z90J}rj9uCwh_PnSN9I~tKRj0r&8U?&wp2v zB3a2g&1J$xzOuGpg07?TU3L9dR;4;Pwr2=^5keB!s}QMVkBimF6bD=c@*7XmuRvwR z-a~!`s;o*-#bB3ICTlIJ$cLk9IAln!+bs8CwQYHUn4k;Pa~o!`3NFqBz!JxGe))yP z@tJERQDcdg=kC$%vouQ?7!PGK!ZpWf#!r1(FG)}Jq7B-6vF}MmPPVKOTtK^0lVglmtT^K2SmL}l?kX0EU zS>^<;p<6Z)B)=#P?eCV6lWlZaukIBEMVD3RFLM!R=EM?I@7%#KoMyQ#sVC27SZlP> z(942|%6l~5~sH32V$wJ$*p~Q!g(1aT3zY7hQy=FJ8^%Fyz)O{J2 z0m>UV?ZTU2ZUBSa=tLUw-@5Q7*hc_dGJ58k)V?LY;u|suilax{57 zJq|l$DNq z6%vdQ^7GYKUvEqm%L>p(0~r}mkfxwG2G2J6gxvx~o&806vIUBl>@PAIw|)hZ<^u-B zu?7m)f=om8+-QblKaMp(lqOs%l?uLENP$oXJHD@yrb1ue8Texhq>QK~+th+5#>lT! zTbgHH97jrAkR)|cq{yxAc-!Dov=BNQXlBVVAqC&Q)nf``VdP?)uw(K{zOL zdmoV71S^K1jv#n;3#Z%Q8J+B8KOZ~SqZsJR7YZj%@bVTSBx?kNrd~jN>yRD2EUYJq z3rxDcxrIlg*Sqd?kDq|t*9C;`HA8aCee2r;$$hK&`Q$z)-Jsb%%E|YTH1T{nI6QT;b z{02_lBxPTgL{R5kK9;Vm59z5IdER6N_(@v6PdlB{v*zHU+j-qQ>JM6>D{6!WWVc}l z3yM-UB3f%-p1%y=yQOTAMIVY)aYATj_2#0}>z{U;J^RU@%kEitXQ*n=oGG{J<+82m z6Rl^f&b9%rWo_$U_CCQ~f@~C6T}yawrRx_9MitXFRv;Xj&G4a7r=oy{7T!wM(qhh+ zJWf^KT3&yv$lXNDZeiBWc)hv2)qI{_nRQ3k3>?^X+FP>=jT;3;-fff!fS~ZOo^z^$ z{?Uc65AqGr46vCjAGX2@aW9}PZ<~JCqg42IR|-GmNrBa6h(Whsl&0gdpzCD=Dt6#U zdWOJan3X;vP4)Gh@fgc5iUuV8mIXULu9c8EWNk!2ik!c*O=`>PTob35hU$)2oc~*@BX95SxX7A{9!cnj2>iJ{eVhs&|DW~r zXq}~H%YDdoZ(=zVEvZG93zJjc?bkG4yUwq^`@h)xU(WknBb@sRILZHKcW>W+|GRr| zkl+8VBF!XE-1ort6)?METlD(Z5f}^H0yB^0jxKyM;kwls*8-NLq&ty6!B;Tc--W6e z%RE0oisgSxja$U{BL)8-RBC?v&)PvX=l@ltne9JZe9vCseiU{ejPqmnBBTgw&$X>7 z@`wgA>|&UI@`XF%G>F*LFm&*TX1!)2i`Yr*W+;@>@ISZQn_CPd@&A7Hz`y<<4liSrwqn7~;kl6n<-ynTc~aE+pONba zO-cSAI|qCI{eLBo|FN1B#(_(7{qS*UX1o6|uMg7Jj1C{9%94CN!eo2~ZXN{eBk}M^ z8evN34g%)U`E^7sVe`6laI)pz9IN!^V3I9&NPI zCb1Xs+^`p-7^e-VOosj%4$v%JHGH!gm&W{yM(&~UU7GmMC(v^bjYmShg*-H( zT(W*J^8HZW8K<3o_p&)~nTXGBlpb%89yCU$ChGr0P%y;tKo{`%kSuRMBcx0;2_7;7 z^WIswb-AmKio5yeOc1H z{dkY#C$9Y*Lukv1)3$fszgWpG4o$E=FZt5cji8^m>I3cNNGF!Hn{(5V$d4yO#|O{> zlIb|B5*L2__ZZx6*irB!@woArk-3x473al^7cYDz;#_UQM!X7ljOg~GeQx4ic;i#z)({Gv*?LYT+g7#ng`Tg%I z(k%DCbDMrI>)tnL_3gT;OK6G0oD-a)|s z<6tMZ|5!;%;{Ws(T3K6tCtSK`Z15d2t{=|UJ1m9pzckGF38*Cd@7)9c`)_*(2l@KH zlC+Thw=|r^`db>htblpd-10lU<+ta8GekDK@}sQ2!-_1$<~x?wPut#`UI#5`?QJvO zzZC;=b{p>m7(d|aLE-Cvme$|N_TQC*UH|@nubQv_D@oCY zIaynOhuP;W$M#zq&S?294VPs19U|)&xB8ZbkHqFXVRY#%zNO)#v-gfz#^$v4X5?C~ zt#`pYnG@_5?Gg)GEk@XkXJ!k_>`RX{eM)p}GI)SQL)I|@vWhhTKg)<(w$h&QJRr#i zos!cK(^gRjMFW&2O}vFh5vtgj>YA+LA^|Q9OH%n4P_};$RxXPs!rFuuFY>;WUpz0~ z!{J!dZczz+Qd|H$#nM81Q8Y9KW&}#nMt(>WdBpEuX6X_X6f93*46InI^6jW<)73L<@bPfLNy0uOeB6c)6Kvx$Pawf|lIOcy4|>?$t@dFpwEq za8u3f!R)sKkzRAxm+#N@<>EBAaeoX((sNMGV!NDx-zfo4^XCV?PXl+G^^RZWr28I7 z7k0w%2uw=p8PktzP?~n16utGHaYqu3=9NZnmxd*s><Ee&(?>pUf=@cUoBCNp`p@D*_U{qN3RWw#QD|FxUj zf376O-~Y0^-Xm+-^4oXLd-Ln8oeNw5TMfT>QKW9FpOiYkLHaj>7<|0P1MaQ*2RrtE z<~ZvX{_qxrpLI{E=DUl+AM8e>an^5kfwg! z?_cMD1V8Hz82DNLl?~Op(D95_ADIXm_6R(OwAMJdeGL-Fa3WYY=JW;)fq@9PA1UqRcHXLfjVoE_sM-Zlx@E($YI^G@*;a>-J)4tDi%Sz({I*+IHo7WCzhGIl7@qrbsV`TxagcJup%sI56vY&O3R?aDiarF;uZE3PjnsZuMUQt2C%@ zFn}As`fKTy4-8NvuASNC0>TC{rEJZ-gq z<;q8~2)KosJ{qWyOb-lIB87N?qi(a&Z-VB#ezVta;k(fmU2wtW%A%Gt#Ag zT(*x00w1soz2@7?X8UMvEEJ0&O_ZF?8#A7iabOZt+$YrCv^DoTem6-kMlZUp^G5eQ zc+-5pZI_T$1Pu(Ofq(%Kmk0|J9sf!BqkVaHW}~Uyx!$y5U2M6A!EejMFlKj&mu|It z&2AsG+Wk(_2zbZ0z*Xbyve^Th8!~HWV=EqoR8-84Jyy*@oGgK%JVMYQLkmS5sWHGr z7aGVCkW~yv(6G_wD@X4LDG`DN*b0}D08TXnelj7#1J+a7HnFks!-w2zA2;8HiEcXN zfdghBOP_&TD*3T<*=w~=!4Mk|f=#F1j17)$qz%RtFSE7lLHo9YU8fhF^YdoAZ_BA@ zxUC-8=lUUroq#dj zX8*F=?pdJi?`Mtn=_L{Wx}uNJC&kWa^uRL<>NET6ar5Y`(QSGT<$QDFSNGY9FjX`` z0w0m44&521p|CkxKLq{LL8E(m^;_lldYyc8mzzL5)}%nuYDm#B6eMUM)|Ne!H@w+OnQkEs0qM3LwK{o4IHL8_L#VJZP1y{w^2_0vv$C#_rrGFlR4b@bX4bXqp zYzH3e@68#l`+qhlM)bq$p(3lQp$WC{_q1UGvO$%jv*$ zx)4?`aXhuq@zmnR!{^*#)I1Ax)~?`ypR2FCp?%$r>#J+dANpo_NJl-T9r*P+=a&@S zJ@Vg2U%zU$T@&`S*$?R^0KMi}^QccRkOm`&*@EwqNhjUTIZz=kStT}o0H`e54t!*| z4}RwpD45~kz?Zf4YuvcVel2uhmgqcWLTWHHWknij!;er58N-IANCN|knjvj$gU;D; zu!9?RcDs2Ul8vW2+}I}M>s*9olXZ~g)3uI#h*(~i9` z`lo|#^Q?7DsZA#Y2q?Y5OBWa`iWboa`0k2_XHOF!{0 zz}}s=d!F!VR&{-%6H6b_jguQu*RPu0CNMO5WJnk`>R@8SuH+!i$JShXi$C9JcUtXN z&2FpDi+4L`O>ovZZM8wW(`{aywT|eH-h)9~qI&T8%)8Ae+ez03G-R|D4_r|m!J%_3?368dAyVE7E$7~TcCOpaZu)M<0A)Lk8R1!( z5g&IadKXT#I|xjbIwRYa*^wEqN!T+z`!9?2-Cat-_uXcr*K3`& zDgKVZ%l8q3b0gM+PCDFf=OO_>pg5Hs2}P5oN3m!fTaFAt#R%Mwq3WDnk|j$}ScG_f zVY4g>`43wiD#6d#q7v(C3bKSBev)y<%<%1bPT)Y0-8?F(wHw~{>`S-3TiR_$^N1}n$IVMX3}vE=%a>=ZqgmQt4q75Q!&tKUu6cCXZ!Q@h%V6>p{a+3~vmZ>Vb)k7j zb}jr&k=<8P>B~!Sg}2iML~(5#xlS&ftFIDWRqWMC6d^+P!KHO<2}wf(@8M;{(Pg8T z-FoA0bs$N~fIF0;%`MUnymM80-D$Nwixe&K+3k)>#(h`Ph970JuZN#;Nt30pwXBq{ zXZd=TuV?vsmak_^ThD$CENHIlyp-z{z1KTsyCVJtYkUo~FG!YhP8GHwx|WbTd-;$N zGNHHEuC*lMh^l!-@X+tJPEVU%5CVeW$h960penJG?SA7FwAx^E!*2+);XX^WX4FNu zbJRS(WQ$&`J}`@7ve4cCPGzTBd0u%@eO}w$sSQkB5-=RFov&jM;1jxu_pp&`$Q*$D z0ytRb*Y#LgnA}K+IExkq$>8R(TOrKY>i?SCct4pGZvSm_YbGY(N%4Pcf%snsdk2-= z{(BYaVeG#>PD~ltfQJVTVRP42XD9bx@uzV9&ocUdiunHl|Bt;j}O3@ZRG#pn4U!3e=CLaKl9hlX!%d#|LV?uVEx~(<^G>5Nwe~Q znCE{a_g{p0`Om*=VE+A?v%h;t8S=g_KygHa+)?gG5fHNCvjgD&>epJ5A$TGLu=Big zO=5vJoM3}dSa8Z)I#H4Kz#BEt(}pij2tS9igADLq#tuaO(-W5P@e9u%Ace?(`$RFT zXJ8WK|IYsIfnWdI-KpmCe-&w=_g|c|=NX=XaV#C3w;Q~G@<(CPKMLbuF7|DhV6mtt zVq!`z<)xSzro+>IH^xEA!q3O}`Sx+WBI6!ts>fuaDx`l?CX9PNllLldu1)NRh0xtY=_CS#6oG!8i@h_9%=~Z#i$nM9cHV zpNMf_KaQ7T(v3CUgE0=Q$M$Ya{K7To^D!P$rg}vt{H=zt2Um#b!@h6D;zW?uA|HV- zvpm)&uq;7UbFC7jysO*{ddGrqL%8w1z!MR^2^IZPguh^R4@USQXZUV}TcSVs^AX1{ z2d_H4e!Fq*_tK3%hm7eY%v z@(rLWY7(4}jQJZ2-&3G|hjdP0&Sg`MMhcyebSbJv(9Tnn5Rb%rGqXP#5_Q1ph8#1x zRlkYhI-Xt8(-=;R`3o8G_dgD%7IFhhu>aVv?p1yFKh>RDZvU~8H1qwBef8sb1ub~< zV+p1V{D8=}&n1kkF!J(*+Vy{-3Kaz3z>T3zz{VJ39o5Tp-6|=9DwPqI{#7YeYt>Sv zOme9OJTyv}`|WZ-zW@P&j~arJfIgQ=_P_3SOV!=dZrSS427l~8Q<0{?lA?_^H^{JE zPN-NgFqAg7oRZkJF$Ra=m^1>_yV3~a%?&4uJNdF2SIutgb4-dfx zHcZHSX7^(Ral^#pzIF@MO#^??KZrG-Gq)oQ1pv9!T7w-3Iv0)1}{rP%xme4KV5b z@8HnY$r92P8E7c|GujHu`Pj4}aebh)qLf zeOhN3^oM|^s^}p84jS^!^!0Ur^W#0P1B4A(9c|UYg`rJk1pjBKX$ln7fB4A2&dUrM z6XG89;b+`rU+i!$tem|~1BX_f68pL7OeL!dHl{8t2={`F>9i+1mn+&&(#dTHs6A#N z3RoP2O=x(iYfXGe(MU4wERLQVL9vgH{FpOL=tdmn%}s_r-xNJ`&_l>erX>&eNlDzH zAwYW@;OC!RoZ_LlXXF<0DDA*ufH}4TC1rFaD6+)(k0H(>ECsXWekq?agi~kB)3%KO zLfI}vx~3wy`MTF>m)Pteboc@$XjBIqEf&C(h>Q*JZEM>H2@nB;O;iWFm8w6!D(Bof z_yRWEF`qZ;V8b8tc>{d&R{!Qkf}`0wGhr)$P}fY@TAydMu!OZ9{kXXmGT6wWE-+Bn zFu&Q;)Wcyc&N%7)W%rCuJ=0LUO!x(mEip6o0f(f9C!1srbiu#~9NHxX5Y5L>BPr>!2&t_5xRwa_Qj2*Z-1+&CWCR>Q7N8u|9e zmbU{FIMIyhnLLs4`4Aj}>R!c@f3F$0(CD*RE$1{CIQRwZSHLecD!8Yts-0_+slX#a z9Fu9_7NcAuQPt&K(D{H>Q&D^?$laA-pw954TV=pnhlRb~3M&i_0n0Ak!YSHxKx~yJ zg1)(VOGWW-x7#l0zuo@+yNwC2oOO@emYYp!1iPk6UzRcvG_Gkj;#Pf|o~h$t+dXwW zh<0cAFzn9qAk>}V!J|8ak1%B7*{r|@#9A%gKrD{kt4Fw~4COvy89{BCQ4-RTM|F0sY;{O@_Ei#S`kpHJOQ)Y4hwCcFr{XAfD=g;)cpElxR zeLn-GqFg_t3oga;Gxbb(+J2ulP8N3i^s(#X^7?cQGnLb4MEUeSpCQas3Ym!udwiyX zv^s}RUy57*Gjjh-y#L<``hQj``TD<-6vb7`a{mnDx@CHQ+U?Ee{ApKPj_+rrOkdpf z(+2%GJU>&7G@aw84eGJ^ea0?bbGm)H$+&>mXL@a5L0?Q44i<35^pZH*6Vq2NJ4Z|( z;0*mRU6S>I+%TgV>JgY(y9Dm)t*l)K!hTZl!&`Tn^dcKmI#!rz zPOicReJQge*|6PTITO3~Imus4B&Z%1Qqqfmk$g(CT!)62j3G|ES-G>GuGoU!QE^vf zKyNpg+s}XZDQ^Ft)hhsr_kRcbf%E@^-2Q(hY1aM!yx0Fr-S-D>|NT3%)R+H(iZSm3 zR4Uah@BUNmlrw)FAO-&~{0czw{eR7W{+Gx9UQtTJ|FfOEXMFpg=5Qt3%m1kH{cv~x zYYF_H)hhrA{9mmF-v2qM?&SQxlC%i_ukI~?_$}L#*nhR}0)#d@$Ljzy!1*%M8v)^X zS>i|8c*T$NybTTFCy3%#>MdzestPwU1pr zxA{tM^F@&sYwzVL5oPNYUT7(HUWrtH+V))(9}C-dxmfXW*>&;ZrLyS?DVyG&%f}d{ ztyr+L+i@jAc`zHUMN-uIpT)b+R*GN$s|VG9{r7%#H@E*_fl!d2``o8>`KG zL(p|-l+f4;`SR1>%0pQ#4+S)~qD5d(gr){`S%)`*tgz2e9BZJ^g}Ne$WbuaT9U#BM zv8G7SKt$k`O=Of6O%xQy6m%HViBhm2OW@yZ&qF$0{`a#lfryyj%Ap?%krk~#jQ+Zw z?}6&ajoz!5oksWA4&X;BhkcEyY6biAR&~BwRsCqOLZe7NG|>nlTaZ;Le(!8#|>ci`Fy1hM*#nUuVHX=vPrw zkvXvqq`riQ_7%{0s0oJa{mkrJ{{7-(W_DX6l}A?xLZ6v#LlF9)m6=_J;zJ z#i&uaTlEr#BnMlej9{0uB2RnE*|R>3(0qvD6N&UTXxm^}Hjv!nUA3s`&_SqaDD0}J zUM`2qPYTm3Ki%eVG~0J$Rc2vl>^2O|#9m94*e=+5YM_3gU3M|9wUFe*CHqr zXyv=Azj<9TN3t5)zNi@}21`XzP?Vt{-YyqifmYHXEZDn+F&BWi0Pd{dS#Y_?3pSGy zd%=neqb~?@F8tYr2ckBaKo!?P;Z*AzCagPc{Q`>r$Q+r!6qZV?8Av49kzz8S%Z%i3 zf4+rNI#ax6UQ`M7H#n9h=vgZ~5pg_&6qU5_=<0MY|71zb?8~Jl}U~ z@$@Y%zQx3V2uCj_BsXHJUT6r9y3Jm{4$7ohs@Y0gi=It1dy&~X5BwC>1rYC zp{A>^qmOL1IvpArf_w?f>mo@_pU9{TRSngbOwUlC7IvC1kW;%F$WOI|> z;1%s%7c^3U7bGb-1+CCifeg}`6^rV^&~9V});U53x;a#2@$oWEl86@+8sjWR%(D^^ zqQ1+ssibGW+Prp;qUS$vHjW2)5kDUwvOC8!ivC5LOSKT#h{|d)aPXPyFP`t|CO5y# zkDlASK*ZGUS+)R{`$wup#A-Bps#zr#QD)|ECB;m3(2~tWcA;;kc^psOV6>nBeVvC5 z!WD(4G=kv7DpUuq=u>G(9Tin9{Mp6;xx@7ZyFxlBDah%@LN)~TpeaL=3aX$?u`I@r z)GiW1(uS2!Hp2}L@<1t%WyG%-IE}^9~TWA-OGTKMGQJI306NrUqB9h!NiK~x_ zB&!a}`Y4%Tw2f#C((FZK>^$&O5Qo&uhA8?d74!WN3P8wh2kVG^Y9A&Idf1d?tq#&G z+oWXddP)l{!uRvGkz!KWSjc8(g=$lgcU1FerSxtkgUw)WcljNsDEp7BV*jiq+kfm- z_Wkys2bKLi{^v^4EcPFZ#{S9N3M3}(4{d9xY7U9C3aUN0=_g z4+Zns;`>CJFwPm<$0FNu;`+EOK^Kha!^gcqJRgUg(Xo77WwMLo;{qBL!-uG-0uf}t z6>N*K!tbsEf-yog7m0?fV^nsG%{=Ai2nNK(>;nY?${%q4fgf;wGDQ55-fo^@p9fsT z51O?toAh><=A8hk0YprLkosgYSjK+tsbGCu(nPR(5cwoVo*a6NDhQ7tEFa$!eRm=GDzk*-3mfq&0=|LR$bH^0crhmTzL8pIe(H@p z@?{}&$iPKb_cqEE-_QoQG8{le5ShygG#K96s-v&5gN7AFUZagIDe9VgK8EZy0~2cY zm+5`yKhOLW=Cb`H?g=ELE;9{X2 z^RxXQF-4vK%j(F02xZ~`nh^h?7JUC_zqYrVpZ~8SC7u6=& zT@T%fL~#q8ka=!lUA+-hDZEFb9pGkD)iBsZaB>HYBWl z7|M!_Wr#{|%pv4wjHOc<^Ix~NoC^ScyRbPH&>J`nZ`>UtsNna#clEE}g8OVh28|$I z5M%;6V&advFL+dl?=|CAR!61V=d>03wx`8FhF|qKgkM59wn&6z8;2>)oLX!;u^w=+ z;lZ0C8V=q=#jzz;IBu|;2;N{$;T4G9G1id(UWHesId0`3EYedzZD1eRuG$%|^S9f2 z$um4BUX-c8bOZ79kPU@3M}7n^ z<7Uva8K#g|4eZ;&Pwi&XT>=aR@fNB9BYfWRu%5n1-P7PckIVAlVN{e9@g^FnHS8qE zoD8AC>RZc5=pHltFo^f6ouUuc8{<~U*o5X1Le3|Jky+LHAEp0g75jNDP5jrronZX0 z-2P)FX|DJmGsb>in%zer?z2a0OdIn#sA@W=Dz13X&oh4OIniPw^H|SeDS`hNj{Urr zg8%mp0`I>c?BwzPR+8q~|E(nMbCS``5;hr6A>Ok;h44Qi(1XYStmXW_lC)6#PwIc6 zrjP$g%DW;#+ST*;pXuX&`dnf{WVEM5RQ%8ILQ9GNnMn1g9siR%F)bMX)5VI9EB>e3 zM=L4*XGq!f@jv~(Vq39b)tTdeCPMj9;(yZhe|7#Jm4o2@&p~BxKVSb>k>Z?2v-bZ8 z@#b8b{|9YrHvbP=WjX#Ip)!7P{|^fGarl2Ejxe472LusQudEV3=f|HGvT zEa?Bi$Gw36heOV2{|{H0?EF7mKr?*9nM=n9bKCFGdOf5u82J zFesrD`{inGWv0r*xowmaYepF-401vWs*p@gI12vXK>);M7ev>)Qj7&1!yj zvR#}G&YS(lAePaeZSw4`Bp4T+ZX67fod_dp8gUpTI}yfZui1@(L9&y_5+jMM@$e#v zuzJ0-!FlI6Zd|?I*_Q9RH>lY>0*ijG<$iY-{WCqXA2#AuS@eguA8iC5|91bp56MUM z0L7SkXJMhvw9ggW;Iqx%ifr&{V?WHx=TYZB4{iTZ%k4i_l4d#onb-bfY3Dux`wve* zu(b9cVNt|F?LVGpYX6aVV)9V-A8!7CF#C^ce*e3Yl*Iq(Z)h^M|42G?%hvuQY+O&) z{zFz}ElUHCMEj3DKmYIV?NoC9UqxEX{)5bvnG8Tk1-C7L4InoGnZX2vVlCbV#8V{F z2qe7Ja;!j-N&m#{Kqx{MHw1C<Or!ur3zv$yZp|95tC`;V2RP_|o|0f?V1mudk*8=KJtgw|P-4M?bb&%g+T!hIxG zAcGUISNawq(PrkxNwfHOSTR3e=NuAE#IArmT3!(@S@p3j4omtrE2V+t2U+SCZ!A|FC^bB==v0?P(TK9r$i$8SL*K z*z#gcMz=}79C-sjdcTF}ElB`8yES&+b*@QlC;KH3Q85G&P8CZn3Jd+{X~uUjW57=) zbOn|~*2CVhgF*729v8XCDMG*N6e9oaNAI&T0ZX#~3i1En$@Rb0q=oFiteG;437A#K zWeVg0lN*AiHw3d07i$X^C>3Q67F}>D7GbGp!qc`3vvIPpX_${)AD4BQYnZ7F#3IV4 zw-F0ro>It6T-Z`96{H6<7K>Z|voZmTU;nGM-Ch6r@4-PWKmT1xisGtenSh0H-7>Af z?Dl3e1hcCx#}+J7rY~*|W`lkl7GbGInl3hw4eGJke#I_bbDDp-$(YIlOjc!l6k`QO z@{7_iXosb12#*Yi>eaoXpy;v+<1D9IH*F1H7!VPjcgjVYEQJTA_>wk|%}l{+B7*6} z#qV&STYV8sJa)(UDe(~`K#z^AlC81Um&Y1eB zG^BR;r18Hzj>d&;P$-JQ*T;Q5`|9hBsbX0H`e+~{0}9d<6vwV$FQBNq!nT0or7L*K zuRzj#z@RwRK;c@DG1I0ni>HCO>?~5Xtmt{fMX{m`kGRW5I z=bwT7&1w+9J3#>(U8{X-+lU~P(5CCNu5E32ATT@HMIY36>8*Kmwit<)M`z2Uvw_D< zwjU}w+w1H8pw~R=HbZ$lOUiw`$McddMb!w}d1?~ku|M3TV_%j;xR3WZo^q_*>~w2f zv<5ltz9-s69~L|Urw!L!y<>2s-52g1+s4H9#I|jFV%zB0ww;NcNhY>!Yhv5zljncl z^X0AT4_$p%*WFe7?zPui*Kb|hc;4fvwV@+mC(LFM8OwX-Y9Kgl=l=268p%se?pzeV zKu*&#Cb!=z;@8i;7md7sSAa%mP^o61Aj}(3^Zq?QwM6?GaO4K6b=IZW3*QSM&0j|) zR$^YqHsUlf3{c~w$m{?w*#(B`gP^_k=-h7ruP-%SzJud`1-G_==>=rMku!s??Cy8L zozM+Z_z`~-+yl(G2U^buJ>|p9n7>EXkF3XQ&e#c9G`xy&jcqTelddnbR?j9~@S&G~ zEnf1XPWQJgm=BGZuSkcd&;Mpsa>w#fK>oj=n8`>c$l*K8%dxETIq+;7P_2P%9r&`d zG;aT`e~^Yc?cUi6cKvAA>rf1_Xn7U$w0g=TVG)4WRSY4D&9&%R~(Q}I# zgo$^?;R~I_tVsIi=f$B6pw3ye{CW&!T(N6-XsBT2f0JVd3gg#NDSO$)lEyOX!K(@GitN6l33ZzF?W(l4F3tYPQ_(Kq*%1)h2l!t%;s3H&oXwdVenUj< z7IycTKUR>ft`8MSK4#o$sCm)r$=~bN4VGqrsa@aFRMNkT9s|SY*EIHN;<2t*2B<09 zlV=nc#Q4&%Xr`zZNExxZ|0eJswnWgY!=IwfOxKvDh4u?6aa7*6*VIKiPR6HN@;?sP z{5Zq+KJm>rn0Zqq-txY$@P1!u%rEB{_^1k<>0Zy#=fM-bO{*RiMU0nLwBJj?rQU{( zqAxvFl9tdcsa|NX_<%1b3hIw7C~&-|hX(Vzr0b6Otkp1jS^cSha~hc46H$kZ1$RU{ z0{~bGze}l3zFmv8Xy2d^I{}GefE~JH`#p8!p&1IV;#JRV0wP0Y&>J-B?*$hIdSw=p zpal9aru}Zq;if)F07<>H(a!pNP=B!OlEk>wR!BG){6-#Ht+Q^khduTioU3aQbvZMh z50I8(<`0J|qKPBme+|i|mj6*f;+xkSmDK|vB&7YBB(i9zjEFDB;$k==ggRoTqzwOF z02yPa0JyK6=Wm`eRmT78yX7~qIZ*2Kc+(4w2 zqTKroe~I3I>3{(h>$~yZ^FISVXY46@fV$FAyFl1wbaIf)9}`KS57t+Kr2*LBf`bNv z^r5$cKG{xg&%pPk-A{o3S8LXHmW(Z+Y7PrJQ1$m;;NQT5K%;r+poSYPeE4BQYT6%i zrfsESA=2EidG2~R@D%XjVYkkw`%y^y2rTLW88`nZv^d%mt0X?;N7ce;Z0fQHghM)hW)0kFoslbxXb9CV#+YhZm^f6~z5DP?Mz2$6<^ zKDbExOK>eLm2kl4M}AkA6CxfOWE7P!3$|o1JHc<{7@O!FOc_E<8bZWKZ12O)C-lH% z^uUbHUoe3|{eBetP6*}bF^WT{ysEa&5ZZGU1WnSiPbmlTPsB<%7QYiBft>k&1g#7m zE1ycIQ7mjjx{3+l-IYprsZ{@d*hCHy3fMYn-1;#@Rd|-zk_PkJP=g64LPDSn2J99| z`N-&VpC39?|6Wylpl!IyFsI)+R)x!ZH7`C67C%K1K-d>s9>L*|n~LZSjv7P3h`y6r zLeL7yHxt8mtyhs){o#$XNcPhLN#mG5TkEGmZm|mkO5=2~l7wW4i|6xb-zbdGfhf!o{VFapV69j!XZa z;As0TIL^g#3i9rG|4(pyb+sH(S0Z}NsY4#|(m3p6n|IcT-)OjnBbw;7jFgZ{w=dXwxr5u{v06n_V>iLbG6WeJ2l zO>*7I#}NNIo{$>5i^d}A77ZU+IMeey29gz6k`xe<=u|USP(*Sv1a;J~Xq66-?ji=l z|BytQZzM5vEL<}P>ydX(5FI=k<=d9Tn;w4~ib^SIN}2!z?pBpM&_yW$`(I?e6yF}7 zpCQfg7i$yBY|}e{NbSiPc%52;dntH~2-+prF(ZUwnSZH&CN%ryJ=ak1%n}EgJFMZ% zy;qR@3b;j?jr=g=zUcw>bR@q6>c~rXftkKPS>nKQ`(rpZgl18T-;GU#M{Wcc2w87H z6nBBv3@AV+V8QEW+;<#b@Ob{Hq3c{n>I)}(Q4DGBt8wC&XgYBq$D)UQ*xb z@I=!Hg;Gxw1}#utdb!aBsQ3Wf;e{Cla+O~l{s$5W0|6|m<}N@gcD}eBj)=`y0M;=e zss&;PpqOd70=)Spd-tIz3@p2PR%A{J+~|qsCdytBB>E*&227Z5dii+QD#gg~!}a{2 z>i42Y0(N6`eOVlR<=20G`w!&`eOzzpF#K1A_j}oST>|e)tst+)IP!7gZd~;;o>yTKr6_pz~|i#-ANhL)w`y?#&Cm_TGL2ci#ti?lta^ z*!u>T)baVDX-E!LWL`#IqUhkQnxk~jzS;*yCNw_6e{#c?@N+FSY(7YW96gXf21WjH zy`_)TOz-}4b=X_n{f@@&04&> zE+WzAJ6Y8T8+Rt$eCm*bdHeAhaSa~DEIl=xk!E#5*NSVddytxmuyB-S%AB+FHI-L1 z17u+Z%Ao=QoSs0BgnVEP>6H5yXV2^L{Pd?twcu76D=QAbyHb3^f0?EAQ;v^8H|~^5 zKJugI@2dse`%Ko(my3m9&vy)$IRa|i@3XXi$?;fDt-sOP+6q=*9_w%cO(GoK;{jz2 zK)#zD;Ndy2Qstjn0$ zf`p?VrJ!{D)Yg?Dc;99oRE@O7%qeFDGAr)ahuQB@v{y$IKZ)sX;S+RWw==!9*$@x+ z%l>vmaTggOg|6)zCB+4hw$BM^2YHw+sbSn)_exLCPdAU7P*Zze*d&OzUkF<(v8Wac zNdyGutoQx&D;(UoLBfllf!ZfgE&1TQB{5M@++VB5TvnyGZ4Ri zFzo`n49A`Ubkc@s{Y8wL@by{mwQiu;;qAlw$&iBE298&&E%(>3WLcBXq4#CfuZr@m z-?cz%lg};y=;rXfr26tvF1T8?7gX|oE6#%6oQo%2-fLE_@uz9T8y-SQ4_gmn2@q_A z)x^Dx?)a zh=HSVBtSxj@_i1kJh3X#Z^JmRwj0D4KEeBL0iGzhQhS!R3~R=2FAcR{p)p0??jPw^ zO)Y8r>lfls2Ze}PRnkWL>uf5Y%fY`X><76hGc1On{0yN}s|pn5b3r$E@80*GE#J@Y z#KPr|?$w)OrT@x#k4@p8$!#@xyhEY3?+j;n_(7*nSHkZ*KZ7S4m9K?of<|o+v_rrW z5zwngWn$*Lh4^u|bH6&8gbgykjNAlv(^sMgMp$T>e=Pk?iT#aWqPxol$YzO5hc{=# zzonK^zdE2iOk{=t<-D;DnX0$$dH=0$b%a|}-_Mq!%Ut=|r)>k-k^aNT z^$yz}jM|OA_q7aq8ulLE>2_f79^3j|SliMT~wW3n$ zO|O1)-io>YmA!YWetyY*`aWiFxD@+zxNX)0m`Al&w07`tzn-DoiodQbu5^5SJCgD8 zA~Wdf3b)n`UwMD1dU89iZ0vZ~=&E+5OAkNq#mr>zQ4L;ru8drA&L2EhRoNVVTt33579$}Wo)Ya*FbSS^19))(I0pW!JsQ)3@amsi zuN}z#YJk52+=b;~Q(cPb*TV$mn;P#cZ?YA4uZND3zsfsm4O$g9M!LSjSGJB0^FOUu zxO%Fu3?B_!JEoGGkYyGw^74FfIGz>4mZ~Z|ea!N9XstVzKk4;)uJZM}Y#+Zm*I$)7 z-tIq37?6P}+xfuPz0cIQ7U$Qegu*zvXP$r+rph9{PgU<{6%s)~z1A|K?XIC9TJ`B| zx9gBxy8DaV64^4ckFPCVKE5uz=s&G5A2V3~J*HfPT^7D(8=?sTG&-gS35m6K$^?W z41X>!;jiWICGs-t$nyW|%}l7!&iQZpMWOx6_uc;Z&t0v%8*uNTV+f zebA)u{xn*!RMqNjZ|l|gE(WrNE}_nxRAtNm19zVT>_L?2fz92l8N(mY<>BN0`D)LF zdVBK_`euCRMX$ivQ19|5{eyN?^xRJ)Y7zK4psW1@lp-Gpy$z_mJiay5NCKP7{kH?0 zdV(4CvI2&4K{|)s4-i3w3XW+h`pdP&)Cb73-B&1i2EX>r7SZT@Eht%LZh}lY0XtNy z{s&67yyR;~1Ljxb$v$5#^8#*=BaiUz9HR{%;M?_<5icb)%sJ8F>{zjZ@MS2k0LlGX zfrt0Hw$E<`P~^I&F_UHDy{db4ghm=W?B^9%LF#m^tY(O;f0xF zoCVmHzG#|14St!~IU~qXMJ);YPuW~D5v1FHbN-B!yA~(5XCf`Z;!0s!%`eLmgFFnR zCynZ9s(%!)*leIFrIJ8VD}!YszmB(uy-Ks}W`}sL{lLbxHK0roje#(FYf&7|3cy_p zTNrSejlfS0s0f2HB+;~r%NzAuhj1EA@pW8V7~1x^m`HxotyuvP)P=9NaFgE1UA`WQ zs`gXAkjj&h@Z6DE4QRvY+J6+=SX{1YSRNdm!L)>O#3KDLU`56>*%aTpPg58936H*u zCn~ne#X>YF&2FujY!ZXlZm}wV!cZ79@hZ%bF*qFhc~fB~4jw2(Qe6X#Yw^x>!P4fT zJ-gdCxHjF3JTQce$cBPI{C5wGBEvHW3L_Q*8+kkcrVLb^fgo9kdEnV~_iv&vpOk-6 z9#oOr2_f>$u$s90M;cg(J{M>?n;f`2-f+MxY_mkAd4hh*Qt=tyq zz*~fc7b!)xLsj~w0C$L0{!;0rDP(k9b8UqQ>21}wW&$&>T{jdBzu zfjSg`A{yiaQ`=i23z$(POfStrPOdAeqB+3{OGPy#!PoFY%SWvWqUOexo`koQ!u~^m;*a~s zpKh}Wk21Wuzo6Oz)BqCO3{nn6>cDs@)v=vM9+6#t`e+kJ6HD5#%0ZZ*0CIe#!SQAY zgDjj)QAhYfq-y3s{3(#4-=w(4#jq604x2%{q+O^$K$l`vRQ zw8%((5O`!St@7^+9CfXjGRfbTlFF@X=iy0^RuFSAXFofp%aIO`Bvm47266ERj7X%>4(;IGqwqN)E08-aLh zDVAmQ#q@;6G;Bnl0Er<5)cu4Em4ENpUwLwYciJ5dY{S&S z@*kd6f;1yWU&9M%xVd<1eb{mP0`|xP)4qJ*Ki)Z$r03q^0Xx9wLtK3Vox&EIR57E>Po@Un~|5wiZ`Mwd`V$?yM1`YaZoKwgR*F!0226$TCPj zn(zg$F5WBsDxnj)4oQyU66|{ollh(Z-Uh(?9O4+DwB&D>_|d zvgVoM*sT62@)&O9`k$A-KDN)pwaj4g;>@mp1~o+ z)u7canym3yu5XE%X&@@yqM1mbGUplX>zdN1?$88q=OE+cVR#NDXjD^rnA8Q}rqC;sr%U z{#>A1Rglqe042oF;%=NqsNqlM35v)gRDraFaTskG?}tc0ZCy!H&ook$csNj2)|;YH zD&Wu*73~P6eK8dg4U4cFZZo4ki8q6|V&BICwNIfSHdSzCfe07@bI-iFvnw<*q6W=0 z71gxi%qp^cE*Z!o5iXv-w(k=RV1ocUdVeABau3SoWw?Y4xD)!SW$zvn(8FYYgAAgH2RcX$;hY zM7NQ`z*u{{Lk+bN(oYlz^%B9lk>R_JSm#}s&kLut)8$z2iVXPAnz_!f|F~G&6JP-SNQUtKD=CHUaN-Z$^btpq)Es}ca-?Z{L1H= z-Ji3Jk#@M!M|;nsSXLbFqZg;*QDIFFksS{Ph(oX`l6hfKmgSfVMa8?6{{GR&FvjO( zs}r8|mTwoMpdR_w4oeKJEyn#z*WEUjAXrf)Nff@0&;`4j7#-f=H)BWk`kk&=Z^`Fx z?+)^-Q!^xie}RV~9^Q3XlAj75v){{xu%5erWYnU$R1U2NFMH|uZ#v;p)!hIrv#SF`Y*6) zu?doKUI`5=#&l{br$VpVL_7Jz-Cbf~WeWI=OMC11zE3w2NcKwYy(0+?vx|AqY9?7L zq;I3qj}EMr5pH}xYiQ}YW5F~&gH2Gjy^pfSo*w)d;CBb8n*6&1v>$aPMKuDR_r411 zcOvZD%p-iKZNm7cL<%TX7i!dpBRt8Lj-4u#3P4ho!ND5FIS+IxXq%yNPp8U6d(G#4 zWFm!1`q!iO?0emFt>*spEi(SEK~%&{J_c{#E75@JGWch<&nd-v4?lZXkO=WdorEP$ zM_{rspjpp^I%07~g!Mp>W^n$}<*fhW?>Zf2|LlpijJ4IdDh=Y9Nna z9SMLABjY~0xHNbNPE1?uTT3Q3N??q*VA4-UVe*HLC1I!>g-P!80gX1v$^;VtRnurr zWQtE%*4T`yfO?K@+67;hI|{KgXbLZ9}s#TpjE#L1nBGH*TULZBGzKA*e^Vp z*x6kIbwq8Bvbrff&$4X>*#DYWSJ*fr*7dQwl94!-Ta6nY;XCEsrIhg<(kOcA?AtJD zZvbb)ucZF_Ofo&f7v$r(=Vb`;gFj#Bw1L@k z@4)}=E9m$(0U&&iGvvV!5_&_fh56{4_yA}O!HDk)t_JP_yN*&OQUm|@3%w!6x`F2$ z_#?+t^J3%Ov8&%8#$$obeGjl+b))9+8Bir97)Y28%2twleoAJIdk;s8uB7`tZRXIz zEMBU{aQV^AJ**}9=&YR=BV#FNDD`dW=S3|=rgan=-E6C@pgp>x82cS47S20EC%8lK1-$5b z_gI%|F0ByPdWpVfUE1S!--WcSVd5wQo%I-v~oZWgXMDFP8GJjzS zS(;eL{omSV+iebOLuut%+1b*Px}=X3o0J=vCKkiIw}g@byhs;1!C(wHvJ+>K@#G$h zV616w1vTtEdl6_Ep)gm6Qft;eRV{jGNpKdW$%x4n zd!!MDvKgeiqN}jDMQtM<2alT+I$p=r>rZ3WCsg2LEFzJ7Y6x<=8@5o3C5v~<9U|vU8hD=z#<3?ISsH;wXK53#>f#yZ zDd1<+IldVqWLnj8Ki;8@i_4{Px&9*gyk(4Qh!16TFR z#8U16 z(mxdbTRg$wxWIfIJApe=x@aSZ!=-v}i|ewGZnkO~Av6}~V$R+sT;S?uwJyuvxnO0^ zO@L1v{#A9#%$rnpvXuh-O=4D#2Y$F_JgROU*ds(wY#Fu(E>S~w0{k&Ss)J5h7U~6C zvbcr~QRd3>h)qq(m^~%6Yu3YR+s*c`)R5vP)DZ2=Ky;XF!aL63#A|<0o!`%rV}~2@ z#Em6wrz7Wr9-Z2VKaCwPwgBrC-1T2H>f}g-y(MRUwE(q5M;cjlH67=H(nG|WiUdb%BGULtoW{C?DY>ii!=P1* zg9zdA!|o!~c;zf&aCg0!I`vPXQ5<@n%DaIg{eIDZDi`nYQViuxUe~2DXJJWglf{r; z=Z~5MEb$X&6=liv!zaT6SqWMo#2Y(mERr!}jf{B5@@i+2)IrxMBA>!0j%(?PZ^04{ zv+39P7V@&Q%~Ltq?`cnx_hbO^a*YbG{9bWJL^a_gG<^YtB&Acp51Ics7 zMLFlHIu;e4>=4xVztm@YmlgU=Mt6@#b`rln9?MV3!wfA-Q1@1b^*XB^4!q(=6q<+NJAHymT)n^bZN~!ljA*fZ^ z(7H#4y{5c$v$L{^oJ<+X1o?qN|E*yx5}qs>#p`=iA{l*wfkoAsskhG*j(-z~ia4m{ zslr%=%EE8Ar997vD;;>4cvA)%FWh)x;k+%P>a@zRrc#Kd(i2G9PN$;1gXlv=k%2Gp zrfsnzm#QZj??@+@?FP*dnLP8rhC)=;!-$&>+lTP!7Sz_u{hi&Iv-wLDrQj=Pp~r|! zkC>tCs+@3O0T%#-B8eLW?iIaqv0DfZ_<*hX{@Fv5jr7 z0E6$BhJ*|h>>6vOZd$BFmwCt9$;2jfF;CE&g%YPmHIiINB^O=5d+@}9#)wt7U5>|w z{BenkfJk~*i)9-VU8=6^S=cPGdB)qj;p)`aYXPrqPF^cx*m10ek7-`l#RK%I;g$l^ zy=IS>)B43&;TZqT*%ZiF2(8h0La!ODsr3vspTr|Z?}{mC1rZf_fNVj5B(!Osy4Hc4 z`K+z!ZBcJ%$rmIUZmh&VO*)2!XX9Gu$lZYNLmC-;w8Qe!YKPi-E1 z<1!Q*jf5~iUyKPi?&6P~@A)Ldq3hck@RK9R@`bS+Pg-X&hQ;EQG*570lha&?#DD3< z$In`jKOOEDCq8ac?t&kV%^2oSZ7 zwt}isdItL~npIbcQVpVP*r=t~6hl?{4*|aM5NR&8F$6^8LWo$5bS%0z1m7a27e5L< zZIQlA)1LX2UL*ZaCsXs;>!i#)(am8?-=4gR=AhB%NM0*52 z*U*T_xXI5b#5){jgZ(_AUu7ncN#ot5L`pdC_jQ3lZs?cD&qkvnYxCW|p4ZkThYZyo z|K_hS!_Jj}+$FwJ;Eu`(BuJfwDa`}SxRixd?&cE03+_?4e&7ee(kE3|ZF6?8SZVmr zn6}uQks(^j!><>)U?>D9G>fNs|FA$2&gCXQ1&hUz#N~ER zIgtm#mVZ4SL?vLRGc;KSCb=|gklGGsQg;pHQbx*YZ8k-XiuAN$l&g#mdN6HNR3gqbYU%%5~ml&#!3Irk{1GKW1 zX>67MVAjDNWXzfvR@O`)%ctrzT6%e(g#W^6saPYCHv4@vn-*`>EVRj!;5S=*PE=%T zU5)=knHeVUT9z@=0m{JRERYZzwliUlSmHs(>zC_NUMVbVgvI5wQ!)Pq5mGjG*_Oij zFQpZp7NueBPwl0}u5)Cbu3>E#&rPn^HZLa~$q%J2=?Yh$T;b!A1&-&H`#M8cZ>lNd zR%TD`3*_xT*=-{Iv7DcKR`=rjjr=%ISr#?Z;sm!`xK$OruCw-3Dbug~iz!v|;Oqh? zc3~5TluAhA@`l|(4a+TtjcppRRsrq9CQw<$l3lyTIo{~1J#yQ+RQ&c89aH2#R|uB} z86F<7QgGv3$?xYFEm1}$YsPrD(nFXS$~`dW;+y{sSlo@Ik=NF1MfSPAfo^LAP4|Gkl2uO;yzyMJEnLZVB-)WqzV|nhF(W6Ib z!vEKVA|Nt8hu{N&I*Hwn)0;;X#?I>b76Cb8c>qfxEH@)%9_YeC`4cJhW&Gwr9W5^f z%4r$2I(fC~y?)n9{mEY9McPgNa5N;>Pl=zadbyI_%bN>Sjl-%dteip4pcV z58^UQj&o5|T7-3-4BCTiQU5UEolVMDutu+z`~YPn6V78^U(o`>?-%G8h|LyA5*a1v zC&O50>WIkz`Q4u1+b@OToMAD3_V|H_X~$*|^KRL$E;(KyFHO#LFS5ybuKpnLvsTf3 zh-6RN`?w-~l7_|N6cFz(be_f1%BQai4DB%U7oGY5M^Ll0#VoW*n#iZrHZkt3f4#ae zKGu~+EOA=uzX<(XLpIUiNuNHD|BMTMMe#XpjJZ#XD@Kp{%Z1iva@?W2bkmrMK7#D%og6ICf$%-UWr7D%S0t}=w834G8}-IehsCT8#%BZ=A|!-ei~D?aV>Y!)2)r{tO*ia62xWUK48XXsz@ zQ9?Lr%7x7A?!`GIwc;)1>9ADO?wjQ~{;_8!())nNO(4q^+k|%0JKl9-(C~`a6(3r7~ ziNr4is3duvRulu*#(5-bl@1-NQXmS=^&JvZS}2iimI{&x;z1*rK^jIA>M(2(`cIddpH+ zr8iwuN(;JQc}Q=V8OHP?)=%`2`84TBifhVv^)ZJz5l54bbyB!t=cKG$ZX_)l;QzLN zbt>GA)Xv!-ZE~riGT--Amq&+K{gD`7Wal7l#|lr5^OiBnmjNf^kqzP043fK$wucm# zj;fHVd{$|+C&Fk|c_xhr&jH<;2vpx&1fGHi=JBh& zthZR)Ot7SC$Cd=#|5?7I(Md!YMOwj@EZ1#v%&%~Knt&u8wW77%_P6MKf5fV{J3m|H z=5G1Fg$ChuY;@GIYgA}UF>~WiuF|>D3$)9|5>4vG5n;vimKTupb3%W~G zzp*(}C@Ru~mjeB~y9edXvsB zo~&tCOVC*2>u0_j%$SIB(3wke#?N;uf^gllbK ztPGz?zn-t2=<$FX>+UXb!g@B~%~V1vpKAV_FF2`c=mqcJLWC^eYT<=M=FvQ24S|C0 zdRmiZ7|)x&#ZK+H;TOv1>1G0TQQmD(zf%_9^VFk)RyyBC$?eXzvB*+ma2@fr&XFvk z*&?NgC1|=PI4*zi29C{^eHYH=dQP84jRLiv;0m3qN7`aET2bnqrvd)>Qm50>nNy-_@9_t zu>p`L*F2y2H*k(l17F)Kk0Z}>Ga}UHIffu+IMV{w|a!M41%5T@H~3lG0RE1iFj1sCH_6)=kYLC^gu_z6`q*1#=vfiCCMjDmE7@^Tno?7V0<>(2X8FK_K^i)$ zI{N_kxf?!Oi}K#YS`5W_y}1C-J2r9DMJMO{xeR8*+34aBn5Z)Z8X_@bHK$!SG#^pQ zl^{m*?fw$a;YyWG-9r%rQGKstO`mnmEPly*n!u%gI&$>@tzjM-dx#$+RrLB7DxRe| zX%h#BdpOnIKg<5Yu`28T{(-dkgqkKsJrjZ>%@6k7Ym`tj`Exp>lKZt&b;nrskwpq# zH4)xu1j)Xov0_Fri~zW(Sa&#KMau@V;w@D!#d5Jx_pXJI5HwS5O-y81Lo20=F~a^L z@j*x|qr0^Kq)fT$yc5Uq-IsS`%yNJp7#1)7w4dcUJzv-}Ze8)(;<0ZTMd{kXtx|=Sg>?RhiifvFZ1i$ntZ7MLFv?}5LAabdmJM%lpRsn4(TXoDGSY3Y;23zU*LZ1_x&^WQ2 z7pNGtw$s5o$G-_X!9N#}VQ@A}D88KC?KJ1tjHupNje&HM=Y7vIfXpFnxI)0H8Hj2H z?o<+0|FT_1(%8K&zz2z~$pYOJ(4B+Fu&0&4+gh%Fb)UV^XIpPgCZQ`)hz~F8T0W1h z9MqAc09~>qA|N2Ng}8oB_pam%$;NNHVDeCq%_{^U`sE-Ij7UDs6TDqoeG7A>8mG1t z2pli0gZr?U$>ZOM^I1O&R#|k&)z@>s$JkZ#;)QKmpSqW*s%frXkjGorkl9MljW%a4 zP0ICtG%sLGdf>S{O6o4d+5Y(pADc_|%((&|*Ms?Xd~TL!Tf5F>E%cn$P_FUS-D(Vp zNK@7pr$J$AyWWZWB*&G}pxOJ_Lz_YTuyN&z1B&TgRJ>A%t`-I@HCyK}Ozgqh$!Ff# zBDd34FNeK{<#c)Ie0kRf{gPdgr!Kq8!%(Va2al~MA>3N#`15f>|1No4Z#w946kWT$ zT|H@&c7-)wRz=Iq_sB^aF7w?4GK9sUb)n$(((&bSEJ==_4}Fb`O-b4wx=gB32QCwGTbpnXde#w=DgOo5D! z7+lLJA)2)avmT8Nb+i*vixTShp-&-ES+C0FjPRAaW3e);^Z=fTKEyFwir}*V=J%V@Z zXq%Svlx7!=WSh&rNQwV_$;yw2PYyo&hjhGd1SSJ$C&!aKf8STykIS_tk7Ii~C7TbH zR|?mB1H&$S@~$yvzi^xQxQ)4yGV-s`u1{C4*T>%)(nzZgkap>s#TfltY85~3G?2%` zU>R$a%=Tod)!{lzew7wDusa=M&_n8JjLG!L(&@mJRyUgUw$kdsH8#(i?M7qN6B zcjKYd9x$vCY6C@AUu{dX$?K^R^^=oYP<(d-GoQ5jPG$zq{n^%Y`v)7Gf>54DzD7FA z#JJq|U!rr8*giFtvNTPImb^h->vz2_Bt<|PS`vu1ciK3NBnUkf4!fmvAvaBoV<60zSX2_-q47(tI*Rm0SjK0R0xnjvSkOuDh?- zor_C_37^7n_HBnn?p483o0hxuU+uDa#kWn9*UsXIqRC134S)Kni6q5fd);H<@4bgv z%P9<_Raf9muYZT(gD+Z_^h@u^W0*u=vRDkm8>&+br#*xbH=Hrhfz{@abdJK7QZk5) z$ugfc{^ofJaIAZZdeIeWDaRA2TTkX}Iv&zeS0o%(VkbI5nv#O0jiDgOFlA8Vtxc&C=LoFT33)M=3% zUd!CDX^lUsqP1taxOf!>-?J!gKDn*eVIwtW4256iIyILVZiOKFxksH=gdX8#Q^NPA z?0DQnr++i`I$Y*0kwe2)04qdnGvQqd7Sh;NDWz`T5hXi#Si537WyuVoUq2<2;=pY^ zCcM~l{It4gZ$)Lba^hgGm6jE%Glj$CzX#mx0T=uu6i%Kw_wue2#i3Y6H9|R!U`wKc zMuN6tsbsWtF^k?)x@))~Mb(yNH=8{hVHay@SSW4Lj^)NCB|FGqQ>H_ExE=Y?Tp$0r zV5i#VY(v#iPI1DLOR&kvxvmniWPaoKvQ)tx?G)UHhMPI2NfT`o7yz0b%FqXe*R$ns!= zHLgr=0}2il$f6x{L>HV-ig(Z2QPR!476b10ZZ2cOoFmHhh>!oO-EQ5f9|=oW^t(Oh zE*RR135g2V_s<^nD+2fJrMXgxSM0uzh)m-*p>=B@kmTCcq|ZvU+%ZGl>7j(DrvDqS z4*Zd~??1+=?Acn2!##Mr_@QF2H}p3cb8ahk6jPsbes!l=sPw@s zfWFIW;$#d&OCf!sfZ~x0gsE(RW_Ic=8*II(15{1AOTG__$b)gBL-*81JLY|MDe7b= zI8Wm{xR(_RGs&8j{KSpCVrK}I9&cyo6o>PQhQJJ!+GtY4D7KSUSB`K^_r(mG%}_9{ zEI;I4yF^c7a&AdKbK78%JKR{!!y(&(p<82SQIjER{7Rd+5SZk*9n^H;A&YQ z%l5rbJ!yzWuRzjcCVS1y^{8ir>^s!+ zF$+m^rgW4*hY8e(#m%bhor{-Ew3(G(%*(rfQW@d?rdTT1w`Nqbh=>QKB~#NlN;?&yjE|v#cWNi#)HA4v^`&BvK(+rAlz!?o zfo)8=8QtFuKcKeXBOH`)65Yw0RQjYR`)NQPNJny|YOZ&x(GnGlVCprd9Mi1sSuMOl zFBp}0MJ%EsqFXwu-Yzu}L@s-%fOVwGZ@2QW4Vq;3(N6#f8+X5WNe_l6hw73j2}rm2aVlGdJ^CPKyuT&$Q_Qw{heoO5B}~ z;t9tGoyEDj$M1XW^~QvL@(}VX%1*6n>1@CFn~&6~Vf^%YdAaSI+p(66M~*{^uT(@L z0@mp8`hJ|;IF!F(zSlod?J>uFX?*@`NrQgwIXD*9F~5ltUz?v*3cjJZwK$n=^at{r zCG+-1|A-GkO$>G4*`+S%Glk|pi5G+mR8PGy>H9&h1)6{okxk-=(```L{M%!=Wlm`s z(6wSBzee8O#~k;UY|X4+`T)+D$&@%-J!!nSxOikHkI&}=c$<%urvdc8Uzj6At9FK4 z>Q@i6)3;I9V4PNuJ|NC?Efm!cLydBv6y|wm+Z8EesGPdQh*Lae^805Vt_4z_g@Gjn zdxHDB()xhqCK&o8#d&3f6-|2?pPDpkyUsLN+CoE$Nc)}OH%n!8?^UFgl8El)JOXt8 z5t_?im1z}qQ)FqjVrHFsG0iMhIKyh|dgu_(LD7AP0Kzwctbh1Lfi5L|Qqt#?*?){s z@u(J`O@{y+$SCkilOlz&vs?`Qk$%$&yk;@@Z;e=GSO0(E9v1E?`id(>{Yh-&S{|CW za27;Mje1egmAyAA8EC-@e|?A$vzRj{{uo9<9SBJ83~BixL-#>Ims(c+N1Rh-#@;M6 zN%6ZVbf0W>Qb0Nbz*|H#H$Gq@0Hvt@F2c z%lxE-c&R4FtO{?b?=#E_WVKS#s5jY;VMl}k+F;lXAthPzum$M2@;9BR5&g-}GV-fV zetg%mVA^QjJqgdut!OozfX(&HIj=2Y#7w`Q&yjOwl{&)j{@t{dFuj>f%~J$LKH`_q z2;o0rd(2i??AmD-#Mykypd33ZS$TRI8`?p;pq;wnc+$CYVn|W zvpJ zaE~1i3ST})kHkL>(xI|zm#b;SkVBh((dDJ;^*fc0p5@%)8Cyr|IhO`{FpfYXtE~=8 z#e09K01%{TCEe91fAjqQI!yU6V$z&f_k3|-YJ8;d-8}yuu95rJeAu$gg3gHhh&lh$|M!?;r{~-6s^821*!u z(;RN84h&n1ZW9taX|ZGGWxV=HIqkf*DvPA_-9*~HD8i-&9faNgF#6n^=tS-#ih1qD8?)cGw z@WVRp&Wsy?|6G)wGRBBEWw?{Hj6z2IY;tU@(zHvKvDL(GOG+WSnNM%)D+W4YK}Ts# z@?A0#uK=7xf+jLE<}+OJ?Anya@IF_5V{kTpiB~&@qIbWk)36}CocSd|9s^k{mOzgT zX?aeDSowpUZO+Pv?domq?0WYgZJDam63yv2%>+|kV6PdMvXrpd(-wU{buxoXrDw06VI_a^?u_(@1Ws7 z{$#rVR=b&EZFPA2z&|Rz+)bnf9;3@3E~U4V*C3>M5eE2|YCeE$hRd z-el5-Xh>gZCJd+#XYw+2SoznxGT$N~GqQ?vv+@6h^pSJ{R&1DMk{5EZkywU(R-{1B z94UcyGoDs#U+YdH)6}Nw$5WVtYCas-60-%>#`nqFk*YbN|Ood`x-#(QIJ+27n z69xwMXwsKdD9B4mZUes@SO7*Gsr1$~ep4DI(W&o+A^Y_-7Bd6gB$s!Q4{((a)cGg! z4nhWeV*bvYHaG1yg2cA=w`|{Szs2F?+e%p=Bs?bxpY|4r30w@Wx48aXOKSWzmQt^0 zum8-ATsAk8N22dv_xN;h@OX47c#fArMC!@Kt^M#5(az$iSKzpgSIJ z^aFWM?dK~9kfrIFjnF=T5Vo7p7iK@c5WaHOXC|bMX$|Atc{c`^0}l$x_4f!xv}JW| zuvgwDnfrX>IE*XB_E-oHf;;nmOfnuG9q7*k5!Pv%CFwu;uxy*vBY#( z_M1r&ertk{;N5g%B%n_>q6f`^{;u+tpZ{Hzk67SxDjP42)7yQeiYAT12OM&7Ls2>r zJkN!^c=hD!Nh9-Tz8Y()RF@604UALbE-B1vYhx!mb<13p4W!^uT`iJ3tMP=*p2<#f zqpmnkQ}jM&gdi60F0~|oV9M@Ccwm`->~_K zco*P_bTBA_W^+N+`!dVC&6C}71kaq}jM8gg=y#(9y4M^!|Q5le$Y2SZgZC{OFK_`AC! zJA!9hMxK=WxNJ)~*`V$8Dxb@b^~z8c&y1vPps-dl|38V(iAYfU7FHpS;xxUKkeCl| z@*x;{^M;HaF|eY?Wp=!aPOqC@c;*BW9mwCEOp65$-r&-g1c^okRU#A-Ivh$hz&v&` z+t{>uE2iPR$@Cu*F|0hFvjyDBda5~CtZ>?$jEl{#d4tJZ@Xkq2x-Kv-oJaKp$0Jh32JXRg{YWS*PROx!HkkdEL)TN5xNQ8apm`ZNVm0apr5* z1S3WhM!hl&Z`b`lzc}Q&h&@mRkC<*A!B`M9Dj<AyS=!lCP#LFAt zbk!|)WJwm*y~qy1{*Jk%94r)-QjUCjI>buHNasmb`OF^yAZ4-sH$?uDzGotgEwSKD zKGiG01dj|3Y=Lz2ZU~MMOa1LWuGFV0nCNOzEPkD~IpDd?>%R_Rv+Nv~!Q7Hxf~1tP zmv$>*Bwq-Drh9W2V^$6GNGl_CMNk`r5kUqEK3V;$1gui49!xOIRDUKNU?ouBlTVCZ zAkw~)wp1u1&{Chtqf$duNU}e1#&*C?3RMb`aoWK!-2vtn^D;7*cGgPod>k4LYu=Xp z`M?>&nwe>(m1Y1Hp|X384?{w%{el9Q)UijE1E`X#2$tgtOHa4yA(BLtS(gf)pPi&M zXk^Qr+vEKQF_ME62>MLEWBW3XJ!jOqjPn9vzHZz(;5dHd_?i2~@SFQD3@?ncz-1dd zQ%t^kc;U!%RWB?-eCGN1(k#Gw*fi>@>n6$v^#SF-&NK$Rr)g1$Ib^_6+(fY|F+T7>jgHodJv?TbI!F6r3Jqs+_#VuC z0tHB*wzlX6XC87a8#$uN9gK59MIf(s`vvoVlwWZ@ZqLKN%?L7OpOK|wlDq@d4)K8&%%k>DpGR)MdHs2kIwo9F_ zIUELTB6n(|e=_2cCFeokZ%KU*B-)O=q&F_)`)*E?(`|3x$X+*9uu}xIBJTn!QWQ^Z ziUS|S@-&|r8Yk~IQMj?spA}VCJiea1ILYGBN;*Wzf{SGyd{C&-tGUmZ{yc^nNK3wh zv9~3IS|#(?_9t(~pzHAJr*)-Wb!A$H(k^{J1SB$}Rra#w7w3c?Y}+pCT~BSmaA`ID z&krtpip@}}#?Y}EM25ar~}jZ(y{B8t6zwl@QI#K6WiJA3*+Pc z7Yj{N;xeu7E+^;W5@6fXg{-Rtd7qn$gCfkk%}!tF)vkq?o60X@QU8&VJFP>7PIrgc zydw*Knfv*&52%}5x5V_XUmSenF>j6sk&#+QPt$#^hP3I+Vi6R1!(AiGjcyM+r^|QM zCudXqBV0aPM#6LElp=wF)9WgC41mjn!@&%uMRjr+H{^c*uP&s65fak2&KFeNyWx|9 zbQ>yFDHl=rGF*ehEYUTILRHmOp2|<{Y8)&dZ;!9ZvT#0rnG2BFTKZYDZy!vgx+88` z|FxWawAl1C38=op-IPtcrUICHDj|}$I~fDl!`t}zqo5rg+dX9h-o;T|#44ZTOe5k7 zZ90O5{xPR!mBi;xJ^p&-KF+~MC}juzP%G;$<{BQjl zUqdcW>leXvhJWTS0>1lGp|x7I0<7e8o$41Q_GaRXcV9K*1kBP2pie(apDPybD7VGy zHsei4iIxqR@F1nq-dj$fNkzF>p+}p zzDzW{>5(<{M%y_RMuN$;BnIv3-9TVYkwCXzyo5D*%2mX;5j6C0{~XjbDlT0X8&PWi zl*fU_B<)>!!{@T+;63<8(cPdPtp@XiivVrst6`NYu2vePZjP(rz^U3EI;0#$$WRK_ zD$>;TirB=ELmwJ9+u9aQPrOEV{@_)e6UjCk{HKe`?R3mTzj;uM2J`n_{3nyIjn82a z?TUd3e#ZRpUUgg;`+V_pgj$F$SSwwBynTj}vLws(g`zf(_Fh$tm1EB|PDpAI)g=`* zLDsnkpaoUe@Y3`z5k=8Fd*T=4G2Wk;$+{^|JvaUJvdnA0VOFk;-VnqsElMq-G2^=! znGvw7FMt!+E6g{#A0n#VVvM(v9vTIq#lo0zhIv0Wi$+%BwQDMve)@Tth{1J>YKEb* zu01eLmJAJ@^Hfz&D##EdGZqt1ZSs%-V!Fp%<@Z7e?^xrgU{fIybl%X6MyG|(aibva z_JMlm7=o8F$nIMg7l8)0R6*1QM^~S6R9A*CnUMC+e5)?4=a71wA(;jt3D|B zP-J?t$~cu4i1JEOG(#1=1Or;uvSD$p_0hb4d@r_-#}n>R^`6Iz4=8OP!*lSK@um>J$1xVmwMl*TMfI*6cWGF|azjnBt3F4um}8F|uo$(fnP)4J@-! z{X For this section we're using Minikube and Docker to create a Kubernetes cluster + +```bash +# Clone Repository +git clone https://github.com/supabase-community/supabase-kubernetes + +# Switch to charts directory +cd supabase-kubernetes/charts/supabase/ + +# Install the chart +helm install demo -f values.example.yaml . +``` + +The first deployment can take some time to complete (especially auth service). You can view the status of the pods using: + +```bash +kubectl get pod -l app.kubernetes.io/instance=demo + +NAME READY STATUS RESTARTS AGE +demo-supabase-analytics-xxxxxxxxxx-xxxxx 1/1 Running 0 47s +demo-supabase-auth-xxxxxxxxxx-xxxxx 1/1 Running 0 47s +demo-supabase-db-xxxxxxxxxx-xxxxx 1/1 Running 0 47s +demo-supabase-functions-xxxxxxxxxx-xxxxx 1/1 Running 0 47s +demo-supabase-imgproxy-xxxxxxxxxx-xxxxx 1/1 Running 0 47s +demo-supabase-kong-xxxxxxxxxx-xxxxx 1/1 Running 0 47s +demo-supabase-meta-xxxxxxxxxx-xxxxx 1/1 Running 0 47s +demo-supabase-realtime-xxxxxxxxxx-xxxxx 1/1 Running 0 47s +demo-supabase-rest-xxxxxxxxxx-xxxxx 1/1 Running 0 47s +demo-supabase-storage-xxxxxxxxxx-xxxxx 1/1 Running 0 47s +``` + +### Access with Minikube + +Assuming that you have enabled Minikube ingress addon, note down the Minikube IP address: +```shell +minikube ip +``` +Then, add the IP into your `/etc/hosts` file: +```bash +# This will redirect request for example.com to the minikube IP + example.com +``` +Open http://example.com in your browser. + +### Uninstall + +```Bash +# Uninstall Helm chart +helm uninstall demo + +# Backup and/or remove any Persistent Volume Claims that have keep annotation +kubectl delete pvc demo-supabase-storage-pvc +``` + +## Customize + +You should consider to adjust the following values in `values.yaml`: + +- `RELEASE_NAME`: Name used for helm release +- `STUDIO.EXAMPLE.COM` URL to Studio + +If you want to use mail, consider to adjust the following values in `values.yaml`: + +- `SMTP_ADMIN_MAIL` +- `SMTP_HOST` +- `SMTP_PORT` +- `SMTP_SENDER_NAME` + +### JWT Secret + +We encourage you to use your own JWT keys by generating a new Kubernetes secret and reference it in `values.yaml`: + +```yaml +secret: + jwt: + anonKey: + serviceKey: + secret: +``` + +> 32 characters long secret can be generated with `openssl rand 64 | base64` +> You can use the [JWT Tool](https://supabase.com/docs/guides/hosting/overview#api-keys) to generate anon and service keys. + +### SMTP Secret + +Connection credentials for the SMTP mail server will also be provided via Kubernetes secret referenced in `values.yaml`: + +```yaml +secret: + smtp: + username: + password: +``` + +### DB Secret + +DB credentials will also be stored in a Kubernetes secret and referenced in `values.yaml`: + +```yaml +secret: + db: + username: + password: + database: +``` + +The secret can be created with kubectl via command-line: + +> If you depend on database providers like [StackGres](https://stackgres.io/), [Postgres Operator](https://github.com/zalando/postgres-operator) or self-hosted Postgres instance, fill in the secret above and modify any relevant Postgres attributes such as port or hostname (e.g. `PGPORT`, `DB_HOST`) for any relevant deployments. Refer to [values.yaml](values.yaml) for more details. + +### Dashboard secret + +By default, a username and password is required to access the Supabase Studio dashboard. Simply change them at: + +```yaml +secret: + dashboard: + username: supabase + password: this_password_is_insecure_and_should_be_updated +``` + +### Analytics secret + +A new logflare secret API key is required for securing communication between all of the Supabase services. To set the secret, generate a new 32 characters long secret similar to the step [above](#jwt-secret). + +```yaml +secret: + analytics: + apiKey: your-super-secret-with-at-least-32-characters-long-logflare-key +``` + +### S3 secret + +Supabase storage supports the use of S3 object-storage. To enable S3 for Supabase storage: + +1. Set S3 key ID and access key: + ```yaml + secret: + s3: + keyId: your-s3-key-id + accessKey: your-s3-access-key + ``` +2. Set storage S3 environment variables: + ```yaml + storage: + environment: + # Set S3 endpoint if using external object-storage + # GLOBAL_S3_ENDPOINT: http://minio:9000 + STORAGE_BACKEND: s3 + GLOBAL_S3_PROTOCOL: http + GLOBAL_S3_FORCE_PATH_STYLE: true + AWS_DEFAULT_REGION: stub + ``` +3. (Optional) Enable internal minio deployment + ```yaml + minio: + enabled: true + ``` + +## How to use in Production + +We didn't provide a complete configuration to go production because of the multiple possibility. + +But here are the important points you have to think about: + +- Use a replicated version of the Postgres database. +- Add SSL to the Postgres database. +- Add SSL configuration to the ingresses endpoints using either the `cert-manager` or a LoadBalancer provider. +- Change the domain used in the ingresses endpoints. +- Generate a new secure JWT Secret. + +### Migration + +Migration from local development is made easy by adding migration scripts at `db.config` field. This will apply all of the migration scripts during the database initialization. For example: + +```yaml +db: + config: + 20230101000000_profiles.sql: | + create table profiles ( + id uuid references auth.users not null, + updated_at timestamp with time zone, + username text unique, + avatar_url text, + website text, + + primary key (id), + unique(username), + constraint username_length check (char_length(username) >= 3) + ); +``` + +To make copying scripts easier, use this handy bash script: + +```bash +#!/bin/bash + +for file in $1/*; do + clipboard+=" $(basename $file): |\n" + clipboard+=$(cat $file | awk '{print " "$0}') + clipboard+="\n" +done + +echo -e "$clipboard" +``` + +and pipe it to your system clipboard handler: + +```shell +# Using xclip as an example +./script.sh supabase/migrations | xclip -sel clipboard +``` + +## Troubleshooting + +### Ingress Controller and Ingress Class + +Depending on your Kubernetes version you might want to fill the `className` property instead of the `kubernetes.io/ingress.class` annotations. For example: + +```yml +kong: + ingress: + enabled: 'true' + className: "nginx" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / +``` + +### Testing suite + +Before creating a merge request, you can test the charts locally by using [helm/chart-testing](https://github.com/helm/chart-testing). If you have Docker and a Kubernetes environment to test with, simply run: + +```shell +# Run chart-testing (lint) +docker run -it \ + --workdir=/data \ + --volume $(pwd)/charts/supabase:/data \ + quay.io/helmpack/chart-testing:v3.7.1 \ + ct lint --validate-maintainers=false --chart-dirs . --charts . +# Run chart-testing (install) +docker run -it \ + --network host \ + --workdir=/data \ + --volume ~/.kube/config:/root/.kube/config:ro \ + --volume $(pwd)/charts/supabase:/data \ + quay.io/helmpack/chart-testing:v3.7.1 \ + ct install --chart-dirs . --charts . +``` + +### Version compatibility + +#### `0.0.x` to `0.1.x` + +* `supabase/postgres` is updated from `14.1` to `15.1`, which warrants backing up all your data before proceeding to update to the next major version. +* Intialization scripts for `supabase/postgres` has been reworked and matched closely to the [Docker Compose](https://github.com/supabase/supabase/blob/master/docker/docker-compose.yml) version. Further tweaks to the scripts are needed to ensure backward-compatibility. +* Migration scripts are now exposed at `db.config`, which will be mounted at `/docker-entrypoint-initdb.d/migrations/`. Simply copy your migration files from your local project's `supabase/migration` and populate the `db.config`. +* Ingress are now limited to `kong` & `db` services. This is by design to limit entry to the stack through secure `kong` service. +* `kong.yaml` has been modified to follow [Docker kong.yaml](https://github.com/supabase/supabase/blob/master/docker/volumes/api/kong.yml) template. +* `supabase/storage` does not comes with pre-populated `/var/lib/storage`, therefore an `emptyDir` will be created if persistence is disabled. This might be incompatible with previous version if the persistent storage location is set to location other than specified above. +* `supabase/vector` requires read access to the `/var/log/pods` directory. When run in a Kubernetes cluster this can be provided with a [hostPath](https://kubernetes.io/docs/concepts/storage/volumes/#hostpath) volume. + +## Parameters +### Secret parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "secret" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Database parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "db" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Studio parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "studio" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Auth parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "auth" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Rest parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "rest" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Realtime parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "realtime" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Meta parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "meta" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Storage parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "storage" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Image Proxy parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "imgproxy" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Kong parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "kong" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Analytics parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "analytics" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Vector parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "vector" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Functions parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "functions" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Minio parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "minio" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +---------------------------------------------- +{{ template "helm-docs.versionFooter" . }}. + +To update run `helm-docs -t README.md.gotmpl -o README.md -b for-the-badge`. diff --git a/charts/supabase/values.yaml b/charts/supabase/values.yaml index 62dbe13e..b3aeaedd 100644 --- a/charts/supabase/values.yaml +++ b/charts/supabase/values.yaml @@ -14,79 +14,91 @@ # |-- 13. Minio secret: - # jwt will be used to reference secret in multiple services: - # Anon & Service key: Studio, Storage, Kong - # JWT Secret: Analytics, Auth, Rest, Realtime, Storage + # -- JWT will be used to reference secret in multiple services. + # Anon & Service key for Studio, Storage, Kong. + # JWT Secret for Analytics, Auth, Rest, Realtime, Storage. + # @default -- The configuration is detailed below. jwt: anonKey: "" serviceKey: "" secret: "" - # specify existing secret, which takes precedence over variables above + # -- Specify an existing secret, which takes precedence over the above variables above secretRef: "" - # override secret keys for existing secret refs + # -- Override secret keys for existing secret refs + # @default -- The configuration is detailed below. secretRefKey: anonKey: anonKey serviceKey: serviceKey secret: secret - # database credentials - # these fields must be provided even if using external database + # -- Database credentials + # These fields must be provided even if using an external database + # @default -- The configuration is detailed below. db: username: "" password: "" database: "" - # specify existing secret, which takes precedence over variables above + # -- Specify an existing secret, which takes precedence over the above variables secretRef: "" - # override secret keys for existing secret refs + # -- Override secret keys for existing secret refs + # @default -- The configuration is detailed below. secretRefKey: username: username password: password database: database - # analytics Logflare API key + # -- Analytics Logflare API key + # @default -- The configuration is detailed below. analytics: apiKey: "" - # specify existing secret, which takes precedence over variable above + # -- Specify an existing secret, which takes precedence over the above variable secretRef: "" - # override secret keys for existing secret refs + # -- Override secret keys for existing secret refs secretRefKey: apiKey: apiKey - # smtp will be used to reference secret including smtp credentials + # -- SMTP will be used to reference secrets including SMTP credentials + # @default -- The configuration is detailed below. smtp: # username: "" # password: "" # specify existing secret, which takes precedence over variables above # secretRef: "" - # override secret keys for existing secret refs + # -- Override secret keys for existing secret refs + # @default -- The configuration is detailed below. secretRefKey: username: username password: password - # secret used to access the studio dashboard - # leave it empty to disable dashboard authentication + # -- Secret used to access the studio dashboard + # Leave it empty to disable dashboard authentication + # @default -- The configuration is detailed below. dashboard: # username: "" # password: "" # specify existing secret, which takes precedence over variables above # secretRef: "" - # override secret keys for existing secret refs + # -- Override secret keys for existing secret refs + # @default -- The configuration is detailed below. secretRefKey: username: username password: password - # S3 credentials for storage object bucket + # -- S3 credentials for storage object bucket + # @default -- The configuration is detailed below. s3: # keyId: "" # accessKey: "" # specify existing secret, which takes precedence over variables above # secretRef: "" - # override secret keys for existing secret refs + # -- Override secret keys for existing secret refs + # @default -- The configuration is detailed below. secretRefKey: keyId: keyId accessKey: accessKey -# Optional: Postgres Database +# -- Optional: Postgres Database # A standalone Postgres database configured to work with Supabase services. # You can spin up any other Postgres database container if required. # If so, make sure to adjust DB_HOST accordingly to point to the right database service. +# @default -- The configuration is detailed below. db: - # Enable database provisioning + # -- Enable database provisioning enabled: true image: repository: supabase/postgres @@ -99,17 +111,19 @@ db: livenessProbe: {} readinessProbe: {} serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} - podSecurityContext: {} + podSecurityContext: + {} # fsGroup: 2000 - securityContext: {} + securityContext: + {} # capabilities: # drop: # - ALL @@ -139,7 +153,8 @@ db: # items: # - key: my_secret.txt # path: name_of_file_in_container.txt - resources: {} + resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -167,12 +182,12 @@ db: nodeSelector: {} tolerations: [] affinity: {} - # Additional migration scripts can be defined here + # -- Additional migration scripts can be defined here config: {} # Studio Application studio: - # Enable studio provisioning + # -- Enable studio provisioning enabled: true image: repository: supabase/studio @@ -185,17 +200,19 @@ studio: livenessProbe: {} readinessProbe: {} serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template + # -- The name of the service account to use. + # -- If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} - podSecurityContext: {} + podSecurityContext: + {} # fsGroup: 2000 - securityContext: {} + securityContext: + {} # capabilities: # drop: # - ALL @@ -211,8 +228,8 @@ studio: STUDIO_PORT: "3000" SUPABASE_PUBLIC_URL: http://example.com NEXT_PUBLIC_ENABLE_LOGS: "true" - # Set value to bigquery to use Big Query backend for analytics - NEXT_ANALYTICS_BACKEND_PROVIDER: postgres # postgres, bigquery + # -- Set value to bigquery to use Big Query backend for analytics (postgres or bigquery) + NEXT_ANALYTICS_BACKEND_PROVIDER: postgres # postgres, bigquery # volumeMounts: # - name: volume_name # mountPath: /path/to/my/secret @@ -224,7 +241,8 @@ studio: # items: # - key: my_secret.txt # path: name_of_file_in_container.txt - resources: {} + resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -247,7 +265,7 @@ studio: # Auth Service auth: - # Enable auth provisioning + # -- Enable auth provisioning enabled: true image: repository: supabase/gotrue @@ -260,17 +278,19 @@ auth: livenessProbe: {} readinessProbe: {} serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} - podSecurityContext: {} + podSecurityContext: + {} # fsGroup: 2000 - securityContext: {} + securityContext: + {} # capabilities: # drop: # - ALL @@ -286,7 +306,7 @@ auth: DB_USER: supabase_auth_admin DB_PORT: 5432 DB_DRIVER: postgres - DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full API_EXTERNAL_URL: http://example.com GOTRUE_API_HOST: "0.0.0.0" GOTRUE_API_PORT: "9999" @@ -322,7 +342,8 @@ auth: # items: # - key: my_secret.txt # path: name_of_file_in_container.txt - resources: {} + resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -345,7 +366,7 @@ auth: # Rest Service rest: - # Enable postgrest provisioning + # -- Enable postgrest provisioning enabled: true image: repository: postgrest/postgrest @@ -357,17 +378,19 @@ rest: livenessProbe: {} readinessProbe: {} serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} - podSecurityContext: {} + podSecurityContext: + {} # fsGroup: 2000 - securityContext: {} + securityContext: + {} # capabilities: # drop: # - ALL @@ -383,7 +406,7 @@ rest: DB_USER: authenticator DB_PORT: 5432 DB_DRIVER: postgres - DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full PGRST_DB_SCHEMAS: public,storage,graphql_public PGRST_DB_ANON_ROLE: anon PGRST_DB_USE_LEGACY_GUCS: false @@ -399,7 +422,8 @@ rest: # items: # - key: my_secret.txt # path: name_of_file_in_container.txt - resources: {} + resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -422,7 +446,7 @@ rest: # Realtime Service realtime: - # Enable realtime provisioning + # -- Enable realtime provisioning enabled: true image: repository: supabase/realtime @@ -434,17 +458,19 @@ realtime: livenessProbe: {} readinessProbe: {} serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} - podSecurityContext: {} + podSecurityContext: + {} # fsGroup: 2000 - securityContext: {} + securityContext: + {} # capabilities: # drop: # - ALL @@ -459,7 +485,7 @@ realtime: # DB_HOST: DATABASE.NAMESPACE.svc.cluster.local DB_USER: supabase_admin DB_PORT: 5432 - DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full DB_AFTER_CONNECT_QUERY: "SET search_path TO _realtime" DB_ENC_KEY: supabaserealtime PORT: "4000" @@ -480,7 +506,8 @@ realtime: # items: # - key: my_secret.txt # path: name_of_file_in_container.txt - resources: {} + resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -503,7 +530,7 @@ realtime: # Meta Service meta: - # Enable meta provisioning + # -- Enable meta provisioning enabled: true image: repository: supabase/postgres-meta @@ -516,17 +543,19 @@ meta: livenessProbe: {} readinessProbe: {} serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} - podSecurityContext: {} + podSecurityContext: + {} # fsGroup: 2000 - securityContext: {} + securityContext: + {} # capabilities: # drop: # - ALL @@ -542,7 +571,7 @@ meta: DB_USER: supabase_admin DB_PORT: 5432 DB_DRIVER: postgres - DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full PG_META_PORT: "8080" # volumeMounts: # - name: volume_name @@ -555,7 +584,8 @@ meta: # items: # - key: my_secret.txt # path: name_of_file_in_container.txt - resources: {} + resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -578,7 +608,7 @@ meta: # Storage Service storage: - # Enable storage provisioning + # -- Enable storage provisioning enabled: true image: repository: supabase/storage-api @@ -591,17 +621,19 @@ storage: livenessProbe: {} readinessProbe: {} serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} - podSecurityContext: {} + podSecurityContext: + {} # fsGroup: 2000 - securityContext: {} + securityContext: + {} # capabilities: # drop: # - ALL @@ -617,10 +649,10 @@ storage: DB_USER: supabase_storage_admin DB_PORT: 5432 DB_DRIVER: postgres - DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full PGOPTIONS: -c search_path=storage,public FILE_SIZE_LIMIT: "52428800" - STORAGE_BACKEND: file # file, s3 + STORAGE_BACKEND: file # file, s3 FILE_STORAGE_BACKEND_PATH: /var/lib/storage TENANT_ID: stub REGION: stub @@ -642,7 +674,8 @@ storage: # items: # - key: my_secret.txt # path: name_of_file_in_container.txt - resources: {} + resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -673,7 +706,7 @@ storage: # imgproxy imgproxy: - # Enable imgproxy provisioning + # -- Enable imgproxy provisioning enabled: true image: repository: darthsim/imgproxy @@ -686,17 +719,19 @@ imgproxy: livenessProbe: {} readinessProbe: {} serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} - podSecurityContext: {} + podSecurityContext: + {} # fsGroup: 2000 - securityContext: {} + securityContext: + {} # capabilities: # drop: # - ALL @@ -722,7 +757,8 @@ imgproxy: # items: # - key: my_secret.txt # path: name_of_file_in_container.txt - resources: {} + resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -753,7 +789,7 @@ imgproxy: # Kong kong: - # Enable kong provisioning + # -- Enable kong provisioning enabled: true image: repository: kong @@ -766,17 +802,19 @@ kong: livenessProbe: {} readinessProbe: {} serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} - podSecurityContext: {} + podSecurityContext: + {} # fsGroup: 2000 - securityContext: {} + securityContext: + {} # capabilities: # drop: # - ALL @@ -802,7 +840,8 @@ kong: nginx.ingress.kubernetes.io/rewrite-target: / # cert-manager.io/cluster-issuer: "letsencrypt-staging" # kubernetes.io/tls-acme: "true" - tls: [] + tls: + [] # Define TLS secret for SSL termination. # This section can be left blank if using cluster certificate manager. # Otherwise, setting this in tandem with certificate manager will overwrite the secret name. @@ -825,7 +864,8 @@ kong: # items: # - key: my_secret.txt # path: name_of_file_in_container.txt - resources: {} + resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -848,7 +888,7 @@ kong: # Analytics analytics: - # Enable analytics provisioning + # -- Enable analytics provisioning enabled: true image: repository: supabase/logflare @@ -861,17 +901,19 @@ analytics: livenessProbe: {} readinessProbe: {} serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} - podSecurityContext: {} + podSecurityContext: + {} # fsGroup: 2000 - securityContext: {} + securityContext: + {} # capabilities: # drop: # - ALL @@ -892,7 +934,8 @@ analytics: LOGFLARE_SINGLE_TENANT: "true" LOGFLARE_SUPABASE_MODE: "true" FEATURE_FLAG_OVERRIDE: multibackend=true - # Enable Big Query backend for analytics + # -- Enable Big Query backend for analytics + # @default -- `{}` (See [values.yaml]) bigQuery: enabled: false projectId: google-project-id @@ -909,7 +952,8 @@ analytics: # items: # - key: my_secret.txt # path: name_of_file_in_container.txt - resources: {} + resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -932,7 +976,7 @@ analytics: # Vector vector: - # Enable vector provisioning + # -- Enable vector provisioning enabled: true image: repository: timberio/vector @@ -945,17 +989,19 @@ vector: livenessProbe: {} readinessProbe: {} serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} - podSecurityContext: {} + podSecurityContext: + {} # fsGroup: 2000 - securityContext: {} + securityContext: + {} # capabilities: # drop: # - ALL @@ -976,7 +1022,8 @@ vector: # items: # - key: my_secret.txt # path: name_of_file_in_container.txt - resources: {} + resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -999,7 +1046,7 @@ vector: # Functions functions: - # Enable functions provisioning + # -- Enable functions provisioning enabled: true image: repository: supabase/edge-runtime @@ -1012,17 +1059,19 @@ functions: livenessProbe: {} readinessProbe: {} serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} - podSecurityContext: {} + podSecurityContext: + {} # fsGroup: 2000 - securityContext: {} + securityContext: + {} # capabilities: # drop: # - ALL @@ -1038,7 +1087,7 @@ functions: DB_USERNAME: supabase_functions_admin DB_PORT: 5432 DB_DRIVER: postgresql - DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full # Mount user functions # volumeMounts: # - name: my_functions @@ -1051,7 +1100,8 @@ functions: # items: # - key: my_secret.ts # path: name_of_file_in_container.ts - resources: {} + resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -1086,17 +1136,19 @@ minio: livenessProbe: {} readinessProbe: {} serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} - podSecurityContext: {} + podSecurityContext: + {} # fsGroup: 2000 - securityContext: {} + securityContext: + {} # capabilities: # drop: # - ALL @@ -1119,7 +1171,8 @@ minio: # items: # - key: my_secret.ts # path: name_of_file_in_container.ts - resources: {} + resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following diff --git a/index.yaml b/index.yaml index e3b8437f..b2ccf5e1 100644 --- a/index.yaml +++ b/index.yaml @@ -2,16 +2,17 @@ apiVersion: v1 entries: supabase: - apiVersion: v2 - created: "2023-02-10T15:04:18.116554-05:00" + created: "2024-05-25T12:47:57.676069+02:00" description: The open source Firebase alternative. - digest: 79a75d1ca844b0551a9d0a084131273c63925c19f32513ad18fdc23e6f5854bf + digest: 9bc71bb5d7af59a7898b852d76e514422b2bb3859015d088dc46f30610035ca5 + icon: https://avatars.githubusercontent.com/u/54469796?s=280&v=4 name: supabase type: application urls: - - https://supabase-community.github.io/supabase-kubernetes/build/supabase-0.0.3.tgz - version: 0.0.3 + - https://supabase-community.github.io/supabase-kubernetes/build/supabase-0.1.2.tgz + version: 0.1.2 - apiVersion: v2 - created: "2023-02-10T15:04:18.113431-05:00" + created: "2024-05-25T12:47:57.673078+02:00" description: The open source Firebase alternative. digest: a0d6c0627c049642f3a9a1d068ecc4601d87c26d0326b47422223a7660424e31 name: supabase @@ -20,7 +21,7 @@ entries: - https://supabase-community.github.io/supabase-kubernetes/build/supabase-0.0.2.tgz version: 0.0.2 - apiVersion: v2 - created: "2023-02-10T15:04:18.111993-05:00" + created: "2024-05-25T12:47:57.671636+02:00" description: The open source Firebase alternative. digest: 651547b54edc5cfbac1ed39cb42fc574ee766ff8c1c61aa6cedef84d2faa358f name: supabase @@ -28,4 +29,4 @@ entries: urls: - https://supabase-community.github.io/supabase-kubernetes/build/supabase-0.0.1.tgz version: 0.0.1 -generated: "2023-02-10T15:04:18.110189-05:00" +generated: "2024-05-25T12:47:57.669934+02:00" From 4c334a373a867de1a60e36e3880cea82425afca6 Mon Sep 17 00:00:00 2001 From: Brave Okafor Date: Tue, 4 Jun 2024 18:04:15 +0200 Subject: [PATCH 2/3] fix: bump chart version ct-lint failing --- charts/supabase/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/supabase/Chart.yaml b/charts/supabase/Chart.yaml index b0bae589..92a3b4de 100644 --- a/charts/supabase/Chart.yaml +++ b/charts/supabase/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to From b5978a3139cf89b31e505423beec1a3cadcf8603 Mon Sep 17 00:00:00 2001 From: Brave Okafor Date: Wed, 5 Jun 2024 19:23:21 +0200 Subject: [PATCH 3/3] fix: debug yamllint errors (comment syntax) --- charts/supabase/Chart.yaml | 2 +- charts/supabase/values.yaml | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/charts/supabase/Chart.yaml b/charts/supabase/Chart.yaml index 92a3b4de..b8721409 100644 --- a/charts/supabase/Chart.yaml +++ b/charts/supabase/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.3 +version: 0.1.4 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/supabase/values.yaml b/charts/supabase/values.yaml index b3aeaedd..bb936e50 100644 --- a/charts/supabase/values.yaml +++ b/charts/supabase/values.yaml @@ -229,7 +229,7 @@ studio: SUPABASE_PUBLIC_URL: http://example.com NEXT_PUBLIC_ENABLE_LOGS: "true" # -- Set value to bigquery to use Big Query backend for analytics (postgres or bigquery) - NEXT_ANALYTICS_BACKEND_PROVIDER: postgres # postgres, bigquery + NEXT_ANALYTICS_BACKEND_PROVIDER: postgres # postgres, bigquery # volumeMounts: # - name: volume_name # mountPath: /path/to/my/secret @@ -306,7 +306,7 @@ auth: DB_USER: supabase_auth_admin DB_PORT: 5432 DB_DRIVER: postgres - DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full API_EXTERNAL_URL: http://example.com GOTRUE_API_HOST: "0.0.0.0" GOTRUE_API_PORT: "9999" @@ -406,7 +406,7 @@ rest: DB_USER: authenticator DB_PORT: 5432 DB_DRIVER: postgres - DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full PGRST_DB_SCHEMAS: public,storage,graphql_public PGRST_DB_ANON_ROLE: anon PGRST_DB_USE_LEGACY_GUCS: false @@ -485,7 +485,7 @@ realtime: # DB_HOST: DATABASE.NAMESPACE.svc.cluster.local DB_USER: supabase_admin DB_PORT: 5432 - DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full DB_AFTER_CONNECT_QUERY: "SET search_path TO _realtime" DB_ENC_KEY: supabaserealtime PORT: "4000" @@ -571,7 +571,7 @@ meta: DB_USER: supabase_admin DB_PORT: 5432 DB_DRIVER: postgres - DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full PG_META_PORT: "8080" # volumeMounts: # - name: volume_name @@ -649,10 +649,10 @@ storage: DB_USER: supabase_storage_admin DB_PORT: 5432 DB_DRIVER: postgres - DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full PGOPTIONS: -c search_path=storage,public FILE_SIZE_LIMIT: "52428800" - STORAGE_BACKEND: file # file, s3 + STORAGE_BACKEND: file # file, s3 FILE_STORAGE_BACKEND_PATH: /var/lib/storage TENANT_ID: stub REGION: stub @@ -1087,7 +1087,7 @@ functions: DB_USERNAME: supabase_functions_admin DB_PORT: 5432 DB_DRIVER: postgresql - DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full # Mount user functions # volumeMounts: # - name: my_functions